feat: implement anytls client and server

[anytls]

Server

• https://github.com/anytls/anytls-go (Protocol Specification)
• https://github.com/anytls/sing-box

Client config

mixed-port: 7890
proxies:
  - name: anytls-out
    type: anytls
    server: "<your-server>"
    port: 443
    password: "<your-password>"
    client-fingerprint: chrome
    udp: true
    idle-session-check-interval: 30 # seconds
    idle-session-timeout: 30 # seconds
    # sni: ""
    # alpn:
    #   - h2
    #   - http/1.1
    # skip-cert-verify: true
rules:
  - MATCH,anytls-out

Why we need this protocol?

This is a concise and clear "Any in TLS" proxy protocol. This means you can ship anything on top of TLS without having to worry about firewalls identifying it due to some side-channel leak. It provides functions for modifying packet length characteristics, which are not available in previous protocols.

It is well known that simpler protocols, such as Trojan, are already fully recognized by the GFW due to the side-channel leak so-called "TLS in TLS problem". Even with multiplexing or hard-coded padding, it still produce very fixed packet length characteristics (when you carry TLS on it).

We also took the handshake RTT into consideration, so we implemented connection reuse, but it is not like sing-mux or other earlier mux, because it only carries one stream on a single connection at the same time, so there is no head-of-line blocking problem.

All in all, this is a protocol with clear semantics, forward-looking design, and excellent performance. We hope to add it to mihomo.

[wwqgtxx]

Perhaps you could consider adding an inbound implementation for the protocol as well (which shouldn't be too difficult from your reference implementation)

[anytls]

Perhaps you could consider adding an inbound implementation for the protocol as well (which shouldn't be too difficult from your reference implementation)

Sure. Tomorrow I will start implementing inbound.

[anytls]

Server config:

listeners:
  - name: anytls-in
    type: anytls
    port: 10000
    listen: 0.0.0.0
    users:
      username1: password1
      username2: password2
    certificate: ./server.crt
    private-key: ./server.key
    padding-scheme: ""

[wwqgtxx]

Please add the configuration file example to docs/config.yaml.

[anytls]

Please cherry-pick this, it fixes some bugs with sending padding.

anytls/anytls-go@3bf7cfa

[wwqgtxx]

Please cherry-pick this, it fixes some bugs with sending padding.

anytls/anytls-go@3bf7cfa

You can continue to send relevant PR

[zxggg566]

Server config:

listeners:
  - name: anytls-in
    type: anytls
    port: 10000
    listen: 0.0.0.0
    users:
      username1: password1
      username2: password2
    certificate: ./server.crt
    private-key: ./server.key
    padding-scheme: ""

老哥 padding-scheme: "" 该怎么填呢？我瞧着格式跟anytls文档有点不一样