Watfaq · ibigbug · Jan 9, 2025 · Jan 8, 2025
diff --git a/clash/tests/data/config/ss.yaml b/clash/tests/data/config/ss.yaml
@@ -3,7 +3,6 @@ port: 8888
 socks-port: 8889
 mixed-port: 8899
 
-
 dns:
   enable: true
   listen: 127.0.0.1:53533
@@ -17,14 +16,14 @@ dns:
   enhanced-mode: fake-ip # or fake-ip
   fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
   # use-hosts: true # lookup hosts and return IP record
-  
+
   # Hostnames in this list will not be resolved with fake IPs
   # i.e. questions to these domain names will always be answered with their
   # real IP addresses
   # fake-ip-filter:
   #   - '*.lan'
   #   - localhost.ptlogin2.qq.com
-  
+
   # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
   # All DNS questions are sent directly to the nameserver, without proxies
   # involved. Clash answers the DNS question with the first result gathered.
@@ -61,12 +60,19 @@ proxies:
     password: "password"
     udp: true
 
+  - name: ss-2022
+    type: ss
+    server: 127.0.0.1
+    port: 8390
+    cipher: 2022-blake3-aes-256-gcm
+    password: 3SYJ/f8nmVuzKvKglykRQDSgg10e/ADilkdRWrrY9HU=:4w0GKJ9U3Ox7CIXGU4A3LDQAqP6qrp/tUi/ilpOR9p4=
+
 proxy-groups:
   - name: "udp-relay"
     type: relay
     proxies:
-     - ss-01
-     - ss-02  
+      - ss-01
+      - ss-02
+      - ss-2022
 rules:
-  - MATCH, udp-relay
-...
+  - MATCH, ss-2022
diff --git a/clash/tests/data/docker/ss/config.json b/clash/tests/data/docker/ss/config.json
@@ -0,0 +1,22 @@
+{
+    "servers": [
+        {
+            // AEAD-2022
+            "server": "::",
+            "mode": "tcp_and_udp",
+            "server_port": 8390,
+            "method": "2022-blake3-aes-256-gcm",
+            "password": "3SYJ/f8nmVuzKvKglykRQDSgg10e/ADilkdRWrrY9HU=",
+            // For Server (OPTIONAL)
+            // Support multiple users with Extensible Identity Header
+            // https://github.com/Shadowsocks-NET/shadowsocks-specs/blob/main/2022-2-shadowsocks-2022-extensible-identity-headers.md
+            "users": [
+                {
+                    "name": "username",
+                    // User's password must have the same length as server's password
+                    "password": "4w0GKJ9U3Ox7CIXGU4A3LDQAqP6qrp/tUi/ilpOR9p4="
+                }
+            ],
+        }
+    ],
+}
diff --git a/clash_lib/src/proxy/shadowsocks/datagram.rs b/clash_lib/src/proxy/shadowsocks/datagram.rs
@@ -12,11 +12,13 @@ use futures::{
     Sink, SinkExt, Stream, StreamExt,
 };
 use shadowsocks::{
-    relay::udprelay::{DatagramReceive, DatagramSend},
+    relay::udprelay::{
+        options::UdpSocketControlData, DatagramReceive, DatagramSend,
+    },
     ProxySocket,
 };
 use tokio::io::ReadBuf;
-use tracing::{debug, instrument};
+use tracing::{debug, error, instrument};
 
 use crate::{
     common::errors::new_io_error,
@@ -32,16 +34,23 @@ pub struct OutboundDatagramShadowsocks<S> {
     flushed: bool,
     pkt: Option<UdpPacket>,
     buf: Vec<u8>,
+
+    ss_control: UdpSocketControlData,
 }
 
 impl<S> OutboundDatagramShadowsocks<S> {
     pub fn new(inner: ProxySocket<S>, remote_addr: SocketAddr) -> Self {
+        let mut ss_control = UdpSocketControlData::default();
+        ss_control.client_session_id = rand::random::<u64>();
+
         Self {
             inner,
             flushed: true,
             pkt: None,
             remote_addr,
             buf: vec![0u8; 65535],
+
+            ss_control,
         }
     }
 }
@@ -87,6 +96,8 @@ where
             ref mut pkt,
             ref remote_addr,
             ref mut flushed,
+
+            ref mut ss_control,
             ..
         } = *self;
 
@@ -97,14 +108,31 @@ where
             let addr: shadowsocks::relay::Address =
                 (pkt.dst_addr.host(), pkt.dst_addr.port()).into();
 
-            let n = ready!(inner.poll_send_to(*remote_addr, &addr, data, cx))?;
+            let n = ready!(inner.poll_send_to_with_ctrl(
+                *remote_addr,
+                &addr,
+                ss_control,
+                data,
+                cx
+            ))?;
 
             debug!(
                 "send udp packet to remote ss server, len: {}, remote_addr: {}, \
                  dst_addr: {}",
                 n, remote_addr, addr
             );
 
+            ss_control.packet_id = match ss_control.packet_id.checked_add(1) {
+                Some(id) => id,
+                None => {
+                    error!("packet_id overflow, closing socket");
+                    return Poll::Ready(Err(io::Error::new(
+                        io::ErrorKind::Other,
+                        "packet_id overflow",
+                    )));
+                }
+            };
+
             let wrote_all = n == data.len();
             *pkt_container = None;
             *flushed = true;