Summary

• Adds a new tooska outbound that embeds the goBrrrr TCP proxy scanner. It sweeps configured target IPs/CIDRs for working SOCKS5 / HTTP CONNECT proxies, scores each ip:port in [-10, +10] (dnstt-style), persists scores via the cache file, and tunnels traffic through the best-scored hits.
• A fresh background sweep fires on every dial; a scanGate coalesces concurrent kicks. Dial failures distinguish proxy-fault (penalize score) from destination-fault (leave score alone) so transient destination outages don't crater the pool.
• Capped target expansion at 1M endpoints to prevent OOM from misconfigured wide CIDRs.

Components

• protocol/hiddify/tooska/scanner/ — vendored goBrrrr: TCP dial sweep, 3-byte Tier-C fingerprint, deep SOCKS5+TLS validation against www.google.com:443 /generate_204, deep HTTP validation against example.com.
• protocol/hiddify/tooska/ — pool (hit/miss scoring with floor/ceiling clamping, negative-score-resets-on-hit), candidate expansion, bootstrap + post-connect scan loops, score-then-tunnel routing.
• option/tooska.go, constant/proxy.go, include/registry.go — TooskaOutboundOptions and registration.

Config example

{
  "type": "tooska",
  "tag": "tooska-out",
  "targets": ["10.0.0.0/24", "203.0.113.5:1080"],
  "ports": [1080, 8080, 3128],
  "concurrency": 256,
  "pool_size": 16
}

Test plan

• go build ./... — clean
• go test ./protocol/hiddify/tooska/... — 24 tests pass (parseCandidates: CIDR expansion, dedup, IPv6 bracketed/bare, port range, cap enforcement; pool: clamps, negative-reset-on-hit, ordering, scanGate mutex)
• Live test: configure against a known-good proxy IP — pool fills, dial succeeds, post-connect rescan triggers
• Live test: configure with a few bad endpoints mixed in — scores converge to -10 and they stop being tried
• Live test: kill a working proxy mid-session — destination-fault path leaves score intact, proxy-fault path on next dial deducts

🤖 Generated with Claude Code