Minimalistic TUIC client implementation as a reference
Download the latest binary from releases.
Or install from crates.io:
bash
cargo install tuic-client
Run the TUIC client with configuration file:
bash
tuic-client -c PATH/TO/CONFIG
``` { // Settings for the outbound TUIC proxy "relay": { // Set the TUIC proxy server address // Format: "HOST:PORT" // The HOST must be a common name in the certificate // If the "ip" field in the "relay" section is not set, the HOST is also used for DNS resolving "server": "example.com:443",
// Set the user UUID
"uuid": "00000000-0000-0000-0000-000000000000",
// Set the user password
"password": "PASSWORD",
// Optional. The IP address of the TUIC proxy server, for overriding DNS resolving
// If not set, the HOST in the "server" field is used for DNS resolving
"ip": "127.0.0.1",
// Optional. A list of certificates for TLS handshake
// System native certificates are also loaded by default
// When using self-signed certificates, the full certificate chain must be provided
"certificates": ["PATH/TO/CERTIFICATE_1", "PATH/TO/CERTIFICATE_2"],
// Optional. Set the UDP packet relay mode
// Can be:
// - "native": native UDP characteristics
// - "quic": lossless UDP relay using QUIC streams, additional overhead is introduced
// Default: "native"
"udp_relay_mode": "native",
// Optional. Congestion control algorithm, available options:
// "cubic", "new_reno", "bbr"
// Default: "cubic"
"congestion_control": "cubic",
// Optional. Application layer protocol negotiation
// Default being empty (no ALPN)
"alpn": ["h3", "spdy/3.1"],
// Optional. Enable 0-RTT QUIC connection handshake on the client side
// This is not impacting much on the performance, as the protocol is fully multiplexed
// WARNING: Disabling this is highly recommended, as it is vulnerable to replay attacks. See https://blog.cloudflare.com/even-faster-connection-establishment-with-quic-0-rtt-resumption/#attack-of-the-clones
// Default: false
"zero_rtt_handshake": false,
// Optional. Disable SNI (Server Name Indication) in TLS handshake
// The server name used in SNI is the same as the HOST in the "server" field
// Default: false
"disable_sni": false,
// Optional. Set the timeout for establishing a connection to the TUIC proxy server
// Default: "8s"
"timeout": "8s",
// Optional. Set the interval for sending heartbeat packets for keeping the connection alive
// Default: "3s"
"heartbeat": "3s",
// Optional. Disable loading system native certificates
// Default: false
"disable_native_certs": false,
// Optional. Maximum number of bytes to transmit to a peer without acknowledgment
// Should be set to at least the expected connection latency multiplied by the maximum desired throughput
// Default: 8MiB * 2
"send_window": 16777216,
// Optional. Maximum number of bytes the peer may transmit without acknowledgement on any one stream before becoming blocked
// Should be set to at least the expected connection latency multiplied by the maximum desired throughput
// Default: 8MiB
"receive_window": 8388608,
// Optional. Interval between UDP packet fragment garbage collection
// Default: 3s
"gc_interval": "3s",
// Optional. How long the server should keep a UDP packet fragment. Outdated fragments will be dropped
// Default: 15s
"gc_lifetime": "15s"
},
// Settings for the local inbound socks5 server
"local": {
// Local socks5 server address
"server": "[::]:1080",
// Optional. Set the username for socks5 authentication
"username": "USERNAME",
// Optional. Set the password for socks5 authentication
"password": "PASSWORD",
// Optional. Set if the listening socket should be dual-stack
// If this option is not set, the socket behavior is platform dependent
"dual_stack": true,
// Optional. Maximum packet size the socks5 server can receive from external, in bytes
// Default: 1500
"max_packet_size": 1500
},
// Optional. Set the log level
// Default: "warn"
"log_level": "warn"
} ```
This TUIC client implementation is intended to be minimalistic. It is mainly used as a reference and verification of the TUIC protocol specification.
This implementation only contains the most basic requirements of a functional TUIC protocol client. It does not includes any advanced features, such as outbound control, obfuscation, etc. If you want them, try other implementations, or implement them yourself.
GNU General Public License v3.0