From c4fbdf1b786f130ab955ac333604f51d448ea0b2 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 25 Dec 2022 19:37:35 -0500 Subject: [PATCH 001/226] Run core/format.go --- app/dns/dnscommon.go | 2 +- core/context.go | 7 ++-- infra/conf/shadowsocks.go | 10 +++--- infra/conf/transport_internet.go | 4 +-- proxy/shadowsocks_2022/inbound.go | 1 - proxy/shadowsocks_2022/inbound_multi.go | 1 - proxy/vless/encoding/encoding.go | 47 ++++++++++++++----------- proxy/vless/inbound/inbound.go | 12 +++---- proxy/vless/outbound/outbound.go | 8 ++--- proxy/vmess/validator.go | 4 ++- transport/internet/kcp/kcp.go | 5 +-- transport/internet/quic/dialer.go | 4 +-- transport/internet/quic/hub.go | 4 +-- transport/internet/sockopt_darwin.go | 5 +-- transport/internet/sockopt_linux.go | 20 +++++------ transport/internet/tls/grpc.go | 5 +-- transport/internet/websocket/ws.go | 3 +- transport/internet/xtls/xtls.go | 1 - 18 files changed, 76 insertions(+), 67 deletions(-) diff --git a/app/dns/dnscommon.go b/app/dns/dnscommon.go index fa3ac406789a..df1b17afc8c4 100644 --- a/app/dns/dnscommon.go +++ b/app/dns/dnscommon.go @@ -7,8 +7,8 @@ import ( "time" "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/core" diff --git a/core/context.go b/core/context.go index d28ac7e328af..50427964a59a 100644 --- a/core/context.go +++ b/core/context.go @@ -26,7 +26,8 @@ func MustFromContext(ctx context.Context) *Instance { return x } -/* toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. +/* + toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. It is unsupported to use this function to create a context that is suitable to invoke Xray's internal component in third party code, you shouldn't use //go:linkname to alias of this function into your own package and @@ -34,7 +35,6 @@ use this function in your third party code. For third party code, usage enabled by creating a context to interact with Xray's internal component is unsupported, and may break at any time. - */ func toContext(ctx context.Context, v *Instance) context.Context { if FromContext(ctx) != v { @@ -43,7 +43,8 @@ func toContext(ctx context.Context, v *Instance) context.Context { return ctx } -/*ToBackgroundDetachedContext create a detached context from another context +/* +ToBackgroundDetachedContext create a detached context from another context Internal API */ func ToBackgroundDetachedContext(ctx context.Context) context.Context { diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go index d35aa3ab26e5..4b94c8e8b329 100644 --- a/infra/conf/shadowsocks.go +++ b/infra/conf/shadowsocks.go @@ -107,7 +107,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Email = v.Email return config, nil } - + if v.Cipher == "" { return nil, newError("shadowsocks 2022 (multi-user): missing server method") } @@ -120,7 +120,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Method = v.Cipher config.Key = v.Password config.Network = v.NetworkList.Build() - + for _, user := range v.Users { if user.Cipher != "" { return nil, newError("shadowsocks 2022 (multi-user): users must have empty method") @@ -145,10 +145,10 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { return nil, newError("shadowsocks 2022 (relay): all users must have relay address") } config.Destinations = append(config.Destinations, &shadowsocks_2022.RelayDestination{ - Key: user.Password, - Email: user.Email, + Key: user.Password, + Email: user.Email, Address: user.Address.Build(), - Port: uint32(user.Port), + Port: uint32(user.Port), }) } return config, nil diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index efbe40756c59..62afaaafb08f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -533,7 +533,7 @@ type SocketConfig struct { DialerProxy string `json:"dialerProxy"` TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` - TCPCongestion string `json:"tcpCongestion"` + TCPCongestion string `json:"tcpCongestion"` } // Build implements Buildable. @@ -582,7 +582,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { DialerProxy: c.DialerProxy, TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, - TcpCongestion: c.TCPCongestion, + TcpCongestion: c.TCPCongestion, }, nil } diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 52b0a798e050..55bdda9ffc8d 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -11,7 +11,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 91342c764678..662a171c3fe7 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -15,7 +15,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index e1987d981aba..9a1ec42565ae 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -31,10 +31,12 @@ const ( Version = byte(0) ) -var tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} -var tlsClientHandShakeStart = []byte{0x16, 0x03} -var tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} -var tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +var ( + tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} + tlsClientHandShakeStart = []byte{0x16, 0x03} + tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} + tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +) var addrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4), @@ -247,9 +249,10 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c } // XtlsRead filter and read xtls protocol -func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, - counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, - isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32) error { +func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, + counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, + isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterUUID := true @@ -326,9 +329,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } // XtlsWrite filter and write xtls protocol -func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, - ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32) error { +func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, + ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterTlsApplicationData := true @@ -354,7 +358,7 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate buffer[i] = XtlsPadding(b, command, userUUID, ctx) break } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 0 { - //maybe tls 1.1 or 1.0 + // maybe tls 1.1 or 1.0 filterTlsApplicationData = false buffer[i] = XtlsPadding(b, 0x01, userUUID, ctx) break @@ -399,8 +403,9 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate } // XtlsFilterTls filter and recognize tls 1.3 and other info -func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32, ctx context.Context) { +func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, ctx context.Context, +) { for _, b := range buffer { *numberOfPacketToFilter-- if b.Len() >= 6 { @@ -411,8 +416,8 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *isTLS = true if b.Len() >= 79 && *remainingServerHello >= 79 { sessionIdLen := int32(b.Byte(43)) - cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3) - *cipher = uint16(cipherSuite[0]) << 8 | uint16(cipherSuite[1]) + cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3) + *cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1]) } else { newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } @@ -431,7 +436,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt v, ok := Tls13CipherSuiteDic[*cipher] if !ok { v = "Old cipher: " + strconv.FormatUint(uint64(*cipher), 16) - } else if (v != "TLS_AES_128_CCM_8_SHA256") { + } else if v != "TLS_AES_128_CCM_8_SHA256" { *enableXtls = true } newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) @@ -582,9 +587,9 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, } var Tls13CipherSuiteDic = map[uint16]string{ - 0x1301 : "TLS_AES_128_GCM_SHA256", - 0x1302 : "TLS_AES_256_GCM_SHA384", - 0x1303 : "TLS_CHACHA20_POLY1305_SHA256", - 0x1304 : "TLS_AES_128_CCM_SHA256", - 0x1305 : "TLS_AES_128_CCM_8_SHA256", + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8aa337c30904..347f67103748 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -493,8 +493,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } case "", "none": if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { - return newError(account.ID.String() + " is not able to use " + vless.XRV + - ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + return newError(account.ID.String() + " is not able to use " + vless.XRV + + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() @@ -542,11 +542,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.ReadCounter } - //TODO enable splice + // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) } @@ -600,7 +600,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 6dde2736d2a5..d7ed63fae521 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -220,7 +220,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte userUUID := account.ID.Bytes() timeoutReader, ok := clientReader.(buf.TimeoutReader) if ok { - multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond*500) + multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond * 500) if err1 == nil { if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) @@ -250,7 +250,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer @@ -287,8 +287,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { if requestAddons.Flow != vless.XRS { ctx = session.ContextWithInbound(ctx, nil) diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go index 30c44af7b279..c638a23b1cc5 100644 --- a/proxy/vmess/validator.go +++ b/proxy/vmess/validator.go @@ -252,7 +252,9 @@ func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error { return ErrNotFound } -/* ShouldShowLegacyWarn will return whether a Legacy Warning should be shown +/* + ShouldShowLegacyWarn will return whether a Legacy Warning should be shown + Not guaranteed to only return true once for every inbound, but it is okay. */ func (v *TimedUserValidator) ShouldShowLegacyWarn() bool { diff --git a/transport/internet/kcp/kcp.go b/transport/internet/kcp/kcp.go index 242dce949ed5..1a486faaa269 100644 --- a/transport/internet/kcp/kcp.go +++ b/transport/internet/kcp/kcp.go @@ -1,8 +1,9 @@ // Package kcp - A Fast and Reliable ARQ Protocol // // Acknowledgement: -// skywind3000@github for inventing the KCP protocol -// xtaci@github for translating to Golang +// +// skywind3000@github for inventing the KCP protocol +// xtaci@github for translating to Golang package kcp //go:generate go run github.com/xtls/xray-core/common/errors/errorgen diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 9e12513ef3c3..0e4c6a6b759f 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -140,8 +140,8 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add } quicConfig := &quic.Config{ - ConnectionIDLength: 12, - KeepAlivePeriod: 0, + ConnectionIDLength: 12, + KeepAlivePeriod: 0, HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 5d7e2b95395d..27a7e7e0d69a 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -106,8 +106,8 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti quicConfig := &quic.Config{ ConnectionIDLength: 12, KeepAlivePeriod: 0, - HandshakeIdleTimeout: time.Second * 8, - MaxIdleTimeout: time.Second * 300, + HandshakeIdleTimeout: time.Second * 8, + MaxIdleTimeout: time.Second * 300, MaxIncomingStreams: 32, MaxIncomingUniStreams: -1, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/sockopt_darwin.go b/transport/internet/sockopt_darwin.go index 87a524cb4374..5a50efa73ca9 100644 --- a/transport/internet/sockopt_darwin.go +++ b/transport/internet/sockopt_darwin.go @@ -1,11 +1,12 @@ package internet import ( - "github.com/xtls/xray-core/common/net" - "golang.org/x/sys/unix" "os" "syscall" "unsafe" + + "github.com/xtls/xray-core/common/net" + "golang.org/x/sys/unix" ) const ( diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index a5a832984ad5..c805e2e3ddce 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -78,11 +78,11 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { @@ -128,11 +128,11 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { diff --git a/transport/internet/tls/grpc.go b/transport/internet/tls/grpc.go index ede921b7c58d..a698196b9209 100644 --- a/transport/internet/tls/grpc.go +++ b/transport/internet/tls/grpc.go @@ -3,11 +3,12 @@ package tls import ( "context" gotls "crypto/tls" - utls "github.com/refraction-networking/utls" - "google.golang.org/grpc/credentials" "net" "net/url" "strconv" + + utls "github.com/refraction-networking/utls" + "google.golang.org/grpc/credentials" ) // grpcUtlsInfo contains the auth information for a TLS authenticated connection. diff --git a/transport/internet/websocket/ws.go b/transport/internet/websocket/ws.go index 553871006341..85c5ffb014ed 100644 --- a/transport/internet/websocket/ws.go +++ b/transport/internet/websocket/ws.go @@ -1,4 +1,5 @@ -/*Package websocket implements WebSocket transport +/* +Package websocket implements WebSocket transport WebSocket transport implements an HTTP(S) compliable, surveillance proof transport method with plausible deniability. */ diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go index 10e678de842e..452780d2a4d2 100644 --- a/transport/internet/xtls/xtls.go +++ b/transport/internet/xtls/xtls.go @@ -2,7 +2,6 @@ package xtls import ( xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" ) From 3db7d44fc20ee6a3e08c55eb234554e04e936696 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 25 Dec 2022 19:44:05 -0500 Subject: [PATCH 002/226] Update v1.7.0 and denpendencies --- core/core.go | 2 +- go.mod | 10 +++++----- go.sum | 11 +++++++++++ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/core/core.go b/core/core.go index a999ce7f07f0..31c1f845d7d9 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.6.6" + version = "1.7.0" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 008d0c9c2c17..fa3808c42dbb 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 github.com/lucas-clemente/quic-go v0.31.1 - github.com/marten-seemann/qtls-go1-18 v0.1.3 + github.com/marten-seemann/qtls-go1-18 v0.1.4 github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 @@ -39,16 +39,16 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20221203041831-ce31453925ec // indirect + github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect github.com/klauspost/compress v1.15.13 // indirect github.com/klauspost/cpuid/v2 v2.2.2 // indirect github.com/kr/pretty v0.3.1 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect - github.com/onsi/ginkgo/v2 v2.6.0 // indirect + github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect + github.com/onsi/ginkgo/v2 v2.6.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 // indirect + golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index c1d896f67334..3379b20a2aa0 100644 --- a/go.sum +++ b/go.sum @@ -79,6 +79,8 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= +github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -112,8 +114,12 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= +github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= +github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= +github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= +github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= @@ -124,7 +130,10 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= +github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= +github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -215,6 +224,8 @@ golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= +golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= From 3b2ff95a9ba5bf9715df3d1af9bd229b730121b5 Mon Sep 17 00:00:00 2001 From: thank243 Date: Fri, 30 Dec 2022 11:34:49 +0800 Subject: [PATCH 003/226] update: release.yml (#1464) * update: release.yml * update: release.yml --- .github/workflows/release.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71fb20009da1..07856a60d042 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,18 +169,16 @@ jobs: command: | cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') - for i in "${LIST[@]}" - do - INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) - LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases/latest" | jq -r ".tag_name" || echo "latest")" - FILE_NAME="${INFO[2]}.dat" - echo -e "Downloading https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat..." - curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } - done + + wget -O ./build_assets/geoip.dat "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/geoip.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geoip.dat does not match cloud one."; exit 1; } + + wget -O ./build_assets/geosite.dat "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/geosite.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geosite.dat does not match cloud one."; exit 1; } - name: Create ZIP archive shell: bash From 11ec77bc768a07a727d5f5836aa9fe4c8e20421c Mon Sep 17 00:00:00 2001 From: Senis John Date: Fri, 30 Dec 2022 12:27:01 +0800 Subject: [PATCH 004/226] update: release.yml Replace old download URL --- .github/workflows/release.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07856a60d042..56a58f3396e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,16 +169,17 @@ jobs: command: | cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - - wget -O ./build_assets/geoip.dat "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat" - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/geoip.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geoip.dat does not match cloud one."; exit 1; } - - wget -O ./build_assets/geosite.dat "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat" - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/geosite.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geosite.dat does not match cloud one."; exit 1; } + LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') + for i in "${LIST[@]}" + do + INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) + FILE_NAME="${INFO[2]}.dat" + echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." + curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } + done - name: Create ZIP archive shell: bash From eaf401eda93ea97f95136e480f465dba8b652275 Mon Sep 17 00:00:00 2001 From: Nanyu <42733664+cross-hello@users.noreply.github.com> Date: Tue, 3 Jan 2023 23:52:11 +0800 Subject: [PATCH 005/226] add file soft link path resolve support (#1482) * add file soft link path resolve * add configuration file soft link path resolve support --- common/platform/filesystem/file.go | 8 ++++++-- infra/conf/serial/builder.go | 7 ++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/common/platform/filesystem/file.go b/common/platform/filesystem/file.go index e10bfc11156e..e8ee46b07467 100644 --- a/common/platform/filesystem/file.go +++ b/common/platform/filesystem/file.go @@ -3,7 +3,7 @@ package filesystem import ( "io" "os" - + "path/filepath" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/platform" ) @@ -11,7 +11,11 @@ import ( type FileReaderFunc func(path string) (io.ReadCloser, error) var NewFileReader FileReaderFunc = func(path string) (io.ReadCloser, error) { - return os.Open(path) + resolved_path,err:=filepath.EvalSymlinks(path) + if err!= nil{ + return nil,err + } + return os.Open(resolved_path) } func ReadFile(path string) ([]byte, error) { diff --git a/infra/conf/serial/builder.go b/infra/conf/serial/builder.go index 443dbdb07528..fc9a0c3cb8d8 100644 --- a/infra/conf/serial/builder.go +++ b/infra/conf/serial/builder.go @@ -2,6 +2,7 @@ package serial import ( "io" + "path/filepath" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/infra/conf" @@ -10,7 +11,11 @@ import ( func BuildConfig(files []string, formats []string) (*core.Config, error) { cf := &conf.Config{} - for i, file := range files { + for i, file_ := range files { + file, err := filepath.EvalSymlinks(file_) + if err != nil { + return nil, err + } newError("Reading config: ", file).AtInfo().WriteToLog() r, err := confloader.LoadConfig(file) if err != nil { From c0ceebe709b98c6f13b1be87c22edee23a68e6be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jan 2023 00:11:07 +0000 Subject: [PATCH 006/226] Bump github.com/sagernet/sing from 0.1.1 to 0.1.2 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.1 to 0.1.2. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.1...v0.1.2) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 15 ++------------- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index fa3808c42dbb..3a7e531843ea 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.1 + github.com/sagernet/sing v0.1.2 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 3379b20a2aa0..a12f0e1f6788 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,6 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= -github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= @@ -112,12 +110,8 @@ github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbr github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= -github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= -github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -128,11 +122,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= -github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= @@ -157,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.1 h1:wtCGreL9UNtoLcDvSLoZQWf1dtqmLWogbcwRAD9nz4E= -github.com/sagernet/sing v0.1.1/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4= +github.com/sagernet/sing v0.1.2 h1:rp5AqY23P0klk2IaLEI0/WJsD8FTVlv9TaI2QSL6TDA= +github.com/sagernet/sing v0.1.2/go.mod h1:bvmen56QnVbMrWy+nr5nsbz7U5MUPuY0L0S/XfhCsTs= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= @@ -222,8 +213,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= -golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= From 6f61021f7a7337b2997c442495cb8654d145cf8f Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 6 Jan 2023 05:37:16 +0000 Subject: [PATCH 007/226] XTLS Vision processes struct TLS Conn's input and rawInput Fixes https://github.com/XTLS/Xray-core/issues/1444 --- proxy/vless/encoding/encoding.go | 12 ++++++++++++ proxy/vless/inbound/inbound.go | 15 ++++++++++++++- proxy/vless/outbound/outbound.go | 17 ++++++++++++++++- 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 9a1ec42565ae..dea27044ac2c 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -250,6 +250,7 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c // XtlsRead filter and read xtls protocol func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, + input *bytes.Reader, rawInput *bytes.Buffer, counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { @@ -301,6 +302,17 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } else if currentCommand == 2 { filterUUID = false shouldSwitchToDirectCopy = true + // XTLS Vision processes struct TLS Conn's input and rawInput + if inputBuffer, err := buf.ReadFrom(input); err == nil { + if !inputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, inputBuffer) + } + } + if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil { + if !rawInputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) + } + } } else if currentCommand != 0 { newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 347f67103748..aa63a95b9862 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -3,12 +3,15 @@ package inbound //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "bytes" "context" "io" + "reflect" "strconv" "strings" "syscall" "time" + "unsafe" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -441,6 +444,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var netConn net.Conn var rawConn syscall.RawConn + var input *bytes.Reader + var rawInput *bytes.Buffer allowNoneFlow := false accountFlow := account.Flow flows := strings.Split(account.Flow, ",") @@ -462,11 +467,15 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() case protocol.RequestCommandTCP: if requestAddons.Flow == vless.XRV { + var t reflect.Type + var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else if _, ok := iConn.(*xtls.Conn); ok { @@ -474,6 +483,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true xtlsConn.SHOW = xtls_show @@ -545,7 +558,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index d7ed63fae521..c84d5b4c6b27 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -3,9 +3,12 @@ package outbound //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "bytes" "context" + "reflect" "syscall" "time" + "unsafe" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -130,6 +133,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var netConn net.Conn var rawConn syscall.RawConn + var input *bytes.Reader + var rawInput *bytes.Buffer allowUDP443 := false switch requestAddons.Flow { case vless.XRO + "-udp443", vless.XRD + "-udp443", vless.XRS + "-udp443", vless.XRV + "-udp443": @@ -147,21 +152,31 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte requestAddons.Flow = "" case protocol.RequestCommandTCP: if requestAddons.Flow == vless.XRV { + var t reflect.Type + var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if utlsConn, ok := iConn.(*tls.UConn); ok { netConn = utlsConn.Conn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(utlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(utlsConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true xtlsConn.SHOW = xtls_show @@ -287,7 +302,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { if requestAddons.Flow != vless.XRS { From 6a85682716952bdceabdea61ab10c0e1b120108f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jan 2023 00:12:37 +0000 Subject: [PATCH 008/226] Bump golang.org/x/crypto from 0.4.0 to 0.5.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 3a7e531843ea..30dd98b76748 100644 --- a/go.mod +++ b/go.mod @@ -22,10 +22,10 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 go.starlark.net v0.0.0-20221205180719-3fd0dac74452 - golang.org/x/crypto v0.4.0 - golang.org/x/net v0.4.0 + golang.org/x/crypto v0.5.0 + golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.3.0 + golang.org/x/sys v0.4.0 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.4.0 // indirect google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect diff --git a/go.sum b/go.sum index a12f0e1f6788..5af27fb9c9b7 100644 --- a/go.sum +++ b/go.sum @@ -210,8 +210,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -235,8 +235,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -264,16 +264,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From 9bc1564b0a4475a4ed5db4a0c52e14f1cf80daab Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 6 Jan 2023 21:10:47 -0500 Subject: [PATCH 009/226] Update v1.7.1 and dependencies --- core/core.go | 2 +- go.mod | 12 ++++++------ go.sum | 12 ++++++++++++ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/core/core.go b/core/core.go index 31c1f845d7d9..11d197159dcc 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.0" + version = "1.7.1" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 30dd98b76748..6b6ea871e26e 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 - go.starlark.net v0.0.0-20221205180719-3fd0dac74452 + go.starlark.net v0.0.0-20230105143730-d7da88764354 golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 @@ -40,20 +40,20 @@ require ( github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect - github.com/klauspost/compress v1.15.13 // indirect - github.com/klauspost/cpuid/v2 v2.2.2 // indirect + github.com/klauspost/compress v1.15.14 // indirect + github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect github.com/onsi/ginkgo/v2 v2.6.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect + golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.4.0 // indirect - google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect + golang.org/x/tools v0.5.0 // indirect + google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 5af27fb9c9b7..a2d1a48d3126 100644 --- a/go.sum +++ b/go.sum @@ -94,9 +94,13 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= +github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= +github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -202,6 +206,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= +go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= +go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -215,6 +221,8 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= +golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -290,6 +298,8 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= +golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -310,6 +320,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= +google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 8c0d3c02570a73cd55f4f61025701bad7cb63c08 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 11:01:53 +0000 Subject: [PATCH 010/226] XTLS Vision supports acceptProxyProtocol (test needed) Fixes https://github.com/XTLS/Xray-core/issues/1339 --- proxy/vless/inbound/inbound.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index aa63a95b9862..b623fe6e8f5e 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -13,6 +13,7 @@ import ( "time" "unsafe" + "github.com/pires/go-proxyproto" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" @@ -471,6 +472,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader + } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } From ff5ce767dffd976a2fd529e87d3e41c6273e4da5 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 15:11:23 +0000 Subject: [PATCH 011/226] Revert "add file soft link path resolve support (#1482)" (#1495) This reverts commit eaf401eda93ea97f95136e480f465dba8b652275. --- common/platform/filesystem/file.go | 8 ++------ infra/conf/serial/builder.go | 7 +------ 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/common/platform/filesystem/file.go b/common/platform/filesystem/file.go index e8ee46b07467..e10bfc11156e 100644 --- a/common/platform/filesystem/file.go +++ b/common/platform/filesystem/file.go @@ -3,7 +3,7 @@ package filesystem import ( "io" "os" - "path/filepath" + "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/platform" ) @@ -11,11 +11,7 @@ import ( type FileReaderFunc func(path string) (io.ReadCloser, error) var NewFileReader FileReaderFunc = func(path string) (io.ReadCloser, error) { - resolved_path,err:=filepath.EvalSymlinks(path) - if err!= nil{ - return nil,err - } - return os.Open(resolved_path) + return os.Open(path) } func ReadFile(path string) ([]byte, error) { diff --git a/infra/conf/serial/builder.go b/infra/conf/serial/builder.go index fc9a0c3cb8d8..443dbdb07528 100644 --- a/infra/conf/serial/builder.go +++ b/infra/conf/serial/builder.go @@ -2,7 +2,6 @@ package serial import ( "io" - "path/filepath" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/infra/conf" @@ -11,11 +10,7 @@ import ( func BuildConfig(files []string, formats []string) (*core.Config, error) { cf := &conf.Config{} - for i, file_ := range files { - file, err := filepath.EvalSymlinks(file_) - if err != nil { - return nil, err - } + for i, file := range files { newError("Reading config: ", file).AtInfo().WriteToLog() r, err := confloader.LoadConfig(file) if err != nil { From 1bf3a632ca2cdcc498d96d00191a009b1d8c5c22 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 17:51:40 +0000 Subject: [PATCH 012/226] v1.7.2 --- core/core.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/core.go b/core/core.go index 11d197159dcc..f8c9320efd69 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.1" + version = "1.7.2" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." From ed960cc885e0116249c212d218f3bfd30eb8d3d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 01:01:27 +0000 Subject: [PATCH 013/226] Bump github.com/sagernet/sing from 0.1.2 to 0.1.3 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.2 to 0.1.3. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.2...v0.1.3) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 16 ++-------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 6b6ea871e26e..c756411f6753 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.2 + github.com/sagernet/sing v0.1.3 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index a2d1a48d3126..f05ffb04be3f 100644 --- a/go.sum +++ b/go.sum @@ -92,13 +92,9 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= -github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= -github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -152,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.2 h1:rp5AqY23P0klk2IaLEI0/WJsD8FTVlv9TaI2QSL6TDA= -github.com/sagernet/sing v0.1.2/go.mod h1:bvmen56QnVbMrWy+nr5nsbz7U5MUPuY0L0S/XfhCsTs= +github.com/sagernet/sing v0.1.3 h1:G1vs7GIS7fMUvnHUvKVvOvuUrfoKRf0y+qoDhnv3Ezw= +github.com/sagernet/sing v0.1.3/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= @@ -204,8 +200,6 @@ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= -go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= @@ -219,8 +213,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= -golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -296,8 +288,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= -golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -318,8 +308,6 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= -google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= From 7b8ff0111416a269d0a3a64018ef56bc91610cb7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 9 Jan 2023 08:51:51 +0000 Subject: [PATCH 014/226] Make sure that 0 <= b.start <= b.end Fixes https://github.com/XTLS/Xray-core/issues/1501 --- common/buf/buffer.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/common/buf/buffer.go b/common/buf/buffer.go index 370d4a3196f8..82795b98c766 100644 --- a/common/buf/buffer.go +++ b/common/buf/buffer.go @@ -160,6 +160,19 @@ func (b *Buffer) BytesTo(to int32) []byte { return b.v[b.start : b.start+to] } +// Check makes sure that 0 <= b.start <= b.end. +func (b *Buffer) Check() { + if b.start < 0 { + b.start = 0 + } + if b.end < 0 { + b.end = 0 + } + if b.start > b.end { + b.start = b.end + } +} + // Resize cuts the buffer at the given position. func (b *Buffer) Resize(from, to int32) { if from < 0 { @@ -173,6 +186,7 @@ func (b *Buffer) Resize(from, to int32) { } b.end = b.start + to b.start += from + b.Check() } // Advance cuts the buffer at the given position. @@ -181,6 +195,7 @@ func (b *Buffer) Advance(from int32) { from += b.Len() } b.start += from + b.Check() } // Len returns the length of the buffer content. From 717518cb5f55ef0f091cdad84614a4facaeb3dd8 Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Mon, 9 Jan 2023 19:14:03 +0800 Subject: [PATCH 015/226] Refine the logic of security type AUTO (#1509) --- common/protocol/headers.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/common/protocol/headers.go b/common/protocol/headers.go index 1dcc467e5bb1..8806ee803f71 100644 --- a/common/protocol/headers.go +++ b/common/protocol/headers.go @@ -3,6 +3,8 @@ package protocol import ( "runtime" + "golang.org/x/sys/cpu" + "github.com/xtls/xray-core/common/bitmask" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/uuid" @@ -79,9 +81,21 @@ type CommandSwitchAccount struct { ValidMin byte } +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) + func (sc *SecurityConfig) GetSecurityType() SecurityType { if sc == nil || sc.Type == SecurityType_AUTO { - if runtime.GOARCH == "amd64" || runtime.GOARCH == "s390x" || runtime.GOARCH == "arm64" { + if hasAESGCMHardwareSupport { return SecurityType_AES128_GCM } return SecurityType_CHACHA20_POLY1305 From 32ce7cd7308414a72d2e6cd0e5a46d4b6de79eca Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 8 Jan 2023 21:57:24 -0500 Subject: [PATCH 016/226] Add new uTLS fingerprints - correct safari - new format is the variable name in https://github.com/refraction-networking/utls/blob/master/u_common.go#L163 - notable ones "HelloChrome_106_Shuffle", "Hello360_Auto", "HelloQQ_Auto" --- transport/internet/tls/tls.go | 42 ++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index f1291e81c6e7..392df808703b 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -114,8 +114,48 @@ func copyConfig(c *tls.Config) *utls.Config { var Fingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, - "safari": &utls.HelloIOS_Auto, + "safari": &utls.HelloSafari_Auto, "randomized": &utls.HelloRandomized, + // This is a bit lame, but it seems there is no good way to reflect variables from Golang package + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_auto": &utls.HelloFirefox_Auto, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellofirefox_99": &utls.HelloFirefox_99, + "hellofirefox_102": &utls.HelloFirefox_102, + "hellofirefox_105": &utls.HelloFirefox_105, + "hellochrome_auto": &utls.HelloChrome_Auto, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "hellochrome_83": &utls.HelloChrome_83, + "hellochrome_87": &utls.HelloChrome_87, + "hellochrome_96": &utls.HelloChrome_96, + "hellochrome_100": &utls.HelloChrome_100, + "hellochrome_102": &utls.HelloChrome_102, + "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, + "helloios_auto": &utls.HelloIOS_Auto, + "helloios_11_1": &utls.HelloIOS_11_1, + "helloios_12_1": &utls.HelloIOS_12_1, + "helloios_13": &utls.HelloIOS_13, + "helloios_14": &utls.HelloIOS_14, + "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, + "helloedge_auto": &utls.HelloEdge_Auto, + "helloedge_85": &utls.HelloEdge_85, + "helloedge_106": &utls.HelloEdge_106, + "hellosafari_auto": &utls.HelloSafari_Auto, + "hellosafari_16_0": &utls.HelloSafari_16_0, + "hello360_auto": &utls.Hello360_Auto, + "hello360_7_5": &utls.Hello360_7_5, + "hello360_11_0": &utls.Hello360_11_0, + "helloqq_auto": &utls.HelloQQ_Auto, + "helloqq_11_1": &utls.HelloQQ_11_1, } type Interface interface { From 620eb63c1b837d8c00324aa62152bb79d8971820 Mon Sep 17 00:00:00 2001 From: aeeq <398425861@163.com> Date: Mon, 9 Jan 2023 22:26:23 +0800 Subject: [PATCH 017/226] Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494) * Update sockopt_linux.go add Interface Name * Update config.pb.go add Interface Name * Update transport_internet.go add Interface Name * Update config.pb.go * update config.proto add interface * Update config.pb.go --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 56 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 6 ++++ 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 62afaaafb08f..610e252e163c 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -534,6 +534,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + Interface string `json:"interface"` } // Build implements Buildable. @@ -583,6 +584,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + Interface: c.Interface, }, nil } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 1cd5cfa34944..716bdaaa0b67 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.9 // source: transport/internet/config.proto package internet @@ -425,6 +425,7 @@ type SocketConfig struct { TcpKeepAliveInterval int32 `protobuf:"varint,10,opt,name=tcp_keep_alive_interval,json=tcpKeepAliveInterval,proto3" json:"tcp_keep_alive_interval,omitempty"` TcpKeepAliveIdle int32 `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"` TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` + Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` } func (x *SocketConfig) Reset() { @@ -543,6 +544,13 @@ func (x *SocketConfig) GetTcpCongestion() string { return "" } +func (x *SocketConfig) GetInterface() string { + if x != nil { + return x.Interface + } + return "" +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -595,7 +603,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xe8, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0x86, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -630,27 +638,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x64, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, - 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x0a, - 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, - 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, - 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, - 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, - 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, - 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, - 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, - 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, - 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, - 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, - 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, - 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, + 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, + 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, + 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, + 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, + 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, + 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, + 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, + 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, + 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, + 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 8b81302f662a..bcd905a6324a 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -98,4 +98,6 @@ message SocketConfig { int32 tcp_keep_alive_idle = 11; string tcp_congestion = 12; + + string interface = 13; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index c805e2e3ddce..a5b7a49f7601 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -46,6 +46,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set SO_MARK").Base(err) } } + + if config.Interface != "" { + if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { + return newError("failed to set Interface").Base(err) + } + } if isTCPSocket(network) { tfo := config.ParseTFOValue() From 0d5c62e44d1aabdb864f3244f8a6b7ecd69204d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Jan 2023 00:13:54 +0000 Subject: [PATCH 018/226] Bump google.golang.org/grpc from 1.51.0 to 1.52.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c756411f6753..96bf50d90be4 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 - google.golang.org/grpc v1.51.0 + google.golang.org/grpc v1.52.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index f05ffb04be3f..2847d92e872d 100644 --- a/go.sum +++ b/go.sum @@ -316,8 +316,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From f536359367380ac63af54913e411775f2731ae77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Jan 2023 00:24:21 +0000 Subject: [PATCH 019/226] Bump github.com/sagernet/sing from 0.1.3 to 0.1.5 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.3 to 0.1.5. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.3...v0.1.5) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 96bf50d90be4..7a70a46accae 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.3 + github.com/sagernet/sing v0.1.5 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 2847d92e872d..3d95c26f661f 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.3 h1:G1vs7GIS7fMUvnHUvKVvOvuUrfoKRf0y+qoDhnv3Ezw= -github.com/sagernet/sing v0.1.3/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.5 h1:1ZHE4cqqds8559RPqzmHiXkOYWyXkNDiULFr00+LxG8= +github.com/sagernet/sing v0.1.5/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 7added2693c4c314bfb9fa5de8f929d17f5e66c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Jan 2023 00:08:41 +0000 Subject: [PATCH 020/226] Bump github.com/sagernet/sing from 0.1.5 to 0.1.6 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.5 to 0.1.6. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7a70a46accae..65b22a64aa4d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.5 + github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 3d95c26f661f..47b5da5cc791 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.5 h1:1ZHE4cqqds8559RPqzmHiXkOYWyXkNDiULFr00+LxG8= -github.com/sagernet/sing v0.1.5/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= +github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 77d2f9edd7c3badb4738abdae5bda16c29ea287a Mon Sep 17 00:00:00 2001 From: MP <112455607+asiaqa@users.noreply.github.com> Date: Tue, 17 Jan 2023 11:18:58 +0800 Subject: [PATCH 021/226] Revise the Code per XTLS#1515 (#1536) * Use buf.FromBytes(make([]byte, 0, buf.Size)) to create `first` Fixes https://github.com/XTLS/Xray-core/issues/1515 * Update server.go * Update inbound.go Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- proxy/trojan/server.go | 5 ++--- proxy/vless/inbound/inbound.go | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 618fbe10ca82..6309bbc6596e 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -155,9 +155,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con return newError("unable to set read deadline").Base(err).AtWarning() } - first := buf.New() - defer first.Release() - + first := buf.FromBytes(make([]byte, buf.Size)) + first.Clear() firstLen, err := first.ReadFrom(conn) if err != nil { return newError("failed to read first request").Base(err) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index b623fe6e8f5e..86b09e04f685 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -188,9 +188,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError("unable to set read deadline").Base(err).AtWarning() } - first := buf.New() - defer first.Release() - + first := buf.FromBytes(make([]byte, buf.Size)) + first.Clear() firstLen, _ := first.ReadFrom(connection) newError("firstLen = ", firstLen).AtInfo().WriteToLog(sid) From 3fb67f065ab1a4558d16833746e953ea35081d54 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 20 Jan 2023 23:36:08 -0500 Subject: [PATCH 022/226] Add fingerprint xray_random (#1540) * Add fingerprint xray_random xray_random means to pick a random uTLS fingerprint at the core startup This way, the fingerprint is stable for a user for some days. While there is no identifiable signature for the whole xray community * Fingerprint "random" refine Exclude old fingerprint from RNG --- transport/internet/grpc/dial.go | 2 +- transport/internet/http/dialer.go | 2 +- transport/internet/tcp/dialer.go | 2 +- transport/internet/tls/tls.go | 66 ++++++++++++++++++++------ transport/internet/websocket/dialer.go | 2 +- 5 files changed, 56 insertions(+), 18 deletions(-) diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 9836d93a9bf4..04f81e340a3e 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -122,7 +122,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in if tlsConfig != nil { var transportCredential credentials.TransportCredentials - if fingerprint, exists := tls.Fingerprints[tlsConfig.Fingerprint]; exists { + if fingerprint, exists := tls.GetFingerprint(ctx, tlsConfig.Fingerprint); exists { transportCredential = tls.NewGrpcUtls(tlsConfig.GetTLSConfig(), fingerprint) } else { // Fallback to normal gRPC TLS transportCredential = credentials.NewTLS(tlsConfig.GetTLSConfig()) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 5c4cbdfd95e9..6fef71c54c17 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -75,7 +75,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } var cn tls.Interface - if fingerprint, ok := tls.Fingerprints[tlsConfigs.Fingerprint]; ok { + if fingerprint, ok := tls.GetFingerprint(ctx, tlsConfigs.Fingerprint); ok { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) } else { cn = tls.Client(pconn, tlsConfig).(*tls.Conn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index 296c7d8df2e5..b08fd4b2f88d 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -22,7 +22,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { tlsConfig := config.GetTLSConfig(tls.WithDestination(dest)) - if fingerprint, ok := tls.Fingerprints[config.Fingerprint]; ok { + if fingerprint, ok := tls.GetFingerprint(ctx, config.Fingerprint); ok { conn = tls.UClient(conn, tlsConfig, fingerprint) if err := conn.(*tls.UConn).Handshake(); err != nil { return nil, err diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 392df808703b..9baf4054f333 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -1,17 +1,23 @@ package tls import ( + "context" + "crypto/rand" "crypto/tls" + "math/big" utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/session" ) //go:generate go run github.com/xtls/xray-core/common/errors/errorgen var _ buf.Writer = (*Conn)(nil) +var XrayRandom *utls.ClientHelloID + type Conn struct { *tls.Conn } @@ -111,29 +117,63 @@ func copyConfig(c *tls.Config) *utls.Config { } } +func GetFingerprint(ctx context.Context, config string) (*utls.ClientHelloID, bool) { + if XrayRandom == nil { + // lazy init + for k, v := range FingerprintsForRNG { + Fingerprints[k] = v + } + big, err := rand.Int(rand.Reader, big.NewInt(int64(len(FingerprintsForRNG)))) + if err != nil { + newError("failed to generate xray random fingerprint").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + var i = int(big.Int64()) + count := 0 + for k, v := range FingerprintsForRNG { + if count == i { + newError("xray random fingerprint: ", k).WriteToLog(session.ExportIDToError(ctx)) + XrayRandom = v + break + } + count++ + } + } + if config == "random" { + return XrayRandom, true + } + fingerprint, ok := Fingerprints[config] + return fingerprint, ok +} + var Fingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "randomized": &utls.HelloRandomized, // This is a bit lame, but it seems there is no good way to reflect variables from Golang package - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + // We don't RNG for go, randomized, or fingerprints that is more than 4 years old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_11_1": &utls.HelloIOS_11_1, + "hello360_7_5": &utls.Hello360_7_5, +} + +var FingerprintsForRNG = map[string]*utls.ClientHelloID{ "hellofirefox_auto": &utls.HelloFirefox_Auto, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellochrome_auto": &utls.HelloChrome_Auto, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, @@ -141,7 +181,6 @@ var Fingerprints = map[string]*utls.ClientHelloID{ "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "helloios_auto": &utls.HelloIOS_Auto, - "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, @@ -152,7 +191,6 @@ var Fingerprints = map[string]*utls.ClientHelloID{ "hellosafari_auto": &utls.HelloSafari_Auto, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_auto": &utls.Hello360_Auto, - "hello360_7_5": &utls.Hello360_7_5, "hello360_11_0": &utls.Hello360_11_0, "helloqq_auto": &utls.HelloQQ_Auto, "helloqq_11_1": &utls.HelloQQ_11_1, diff --git a/transport/internet/websocket/dialer.go b/transport/internet/websocket/dialer.go index a8f712647adc..a0ac6811f99a 100644 --- a/transport/internet/websocket/dialer.go +++ b/transport/internet/websocket/dialer.go @@ -86,7 +86,7 @@ func dialWebSocket(ctx context.Context, dest net.Destination, streamSettings *in protocol = "wss" tlsConfig := config.GetTLSConfig(tls.WithDestination(dest), tls.WithNextProto("http/1.1")) dialer.TLSClientConfig = tlsConfig - if fingerprint, exists := tls.Fingerprints[config.Fingerprint]; exists { + if fingerprint, exists := tls.GetFingerprint(ctx, config.Fingerprint); exists { dialer.NetDialTLSContext = func(_ context.Context, _, addr string) (gonet.Conn, error) { // Like the NetDial in the dialer pconn, err := internet.DialSystem(ctx, dest, streamSettings.SocketSettings) From fb212905bdeaeac1ba4440453d22fa75bbd0ccd1 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 26 Jan 2023 22:43:58 -0500 Subject: [PATCH 023/226] XTLS Vision checks outer TLS version (#1554) --- proxy/vless/inbound/inbound.go | 4 ++++ proxy/vless/outbound/outbound.go | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 86b09e04f685..76051288d4f2 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -5,6 +5,7 @@ package inbound import ( "bytes" "context" + gotls "crypto/tls" "io" "reflect" "strconv" @@ -470,6 +471,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var t reflect.Type var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + } netConn = tlsConn.NetConn() if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index c84d5b4c6b27..a4c70a2b365c 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -5,11 +5,13 @@ package outbound import ( "bytes" "context" + gotls "crypto/tls" "reflect" "syscall" "time" "unsafe" + utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" @@ -261,6 +263,15 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var err error if rawConn != nil && requestAddons.Flow == vless.XRV { + if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + } + } else if utlsConn, ok := iConn.(*tls.UConn); ok { + if utlsConn.ConnectionState().Version != utls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() + } + } var counter stats.Counter if statConn != nil { counter = statConn.WriteCounter From f571aa72df21dc5b90fd7aa59a4e93728b5ec0d1 Mon Sep 17 00:00:00 2001 From: mra9776 Date: Fri, 27 Jan 2023 07:49:49 +0330 Subject: [PATCH 024/226] uTLS PinnedPeerCertificateChainSha256 (#1556) * Add tests for utls PinnedPeerCertificateChain * Fix utls not checking PinnedPeerCertificate Co-authored-by: ahmadi --- testing/scenarios/tls_test.go | 313 ++++++++++++++++++++++++++++++++++ transport/internet/tls/tls.go | 7 +- 2 files changed, 317 insertions(+), 3 deletions(-) diff --git a/testing/scenarios/tls_test.go b/testing/scenarios/tls_test.go index cac1d49933af..0b752ecf8c63 100644 --- a/testing/scenarios/tls_test.go +++ b/testing/scenarios/tls_test.go @@ -928,3 +928,316 @@ func TestSimpleTLSConnectionPinned(t *testing.T) { t.Fatal(err) } } + +func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + certHash[1] += 1 + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { + t.Fatal(err) + } +} + +func TestUTLSConnectionPinned(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Fingerprint: "random", + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { + t.Fatal(err) + } +} + +func TestUTLSConnectionPinnedWrongCert(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + certHash[1] += 1 + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Fingerprint: "random", + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { + t.Fatal(err) + } +} diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 9baf4054f333..728480f85cc0 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -111,9 +111,10 @@ func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) ne func copyConfig(c *tls.Config) *utls.Config { return &utls.Config{ - RootCAs: c.RootCAs, - ServerName: c.ServerName, - InsecureSkipVerify: c.InsecureSkipVerify, + RootCAs: c.RootCAs, + ServerName: c.ServerName, + InsecureSkipVerify: c.InsecureSkipVerify, + VerifyPeerCertificate: c.VerifyPeerCertificate, } } From 915690b9efe9c8735834e61c7ec5c5d7f23ab32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Jan 2023 00:09:42 +0000 Subject: [PATCH 025/226] Bump google.golang.org/grpc from 1.52.0 to 1.52.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.52.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.52.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 65b22a64aa4d..ad08bd91991f 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 - google.golang.org/grpc v1.52.0 + google.golang.org/grpc v1.52.3 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 47b5da5cc791..926411041f92 100644 --- a/go.sum +++ b/go.sum @@ -316,8 +316,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 15bb23e4ecbd0e929336600694b35f880db88cf4 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 28 Jan 2023 00:39:36 -0500 Subject: [PATCH 026/226] XTLS Vision rejects Mux except for XUDP (#1567) * Xtls vision reject vless-tcp-tls+Mux * Address review comment --- proxy/vless/inbound/inbound.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 76051288d4f2..d4ea246d3da7 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -154,6 +154,19 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) { return handler, nil } +func isMuxAndNotXUDP(request *protocol.RequestHeader, first *buf.Buffer) bool { + if request.Command != protocol.RequestCommandMux { + return false + } + if first.Len() < 7 { + return true + } + firstBytes := first.Bytes() + return !(firstBytes[2] == 0 && // ID high + firstBytes[3] == 0 && // ID low + firstBytes[6] == 2) // Network type: UDP +} + // Close implements common.Closable.Close(). func (h *Handler) Close() error { return errors.Combine(common.Close(h.validator)) @@ -513,7 +526,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "", "none": - if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { + if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { return newError(account.ID.String() + " is not able to use " + vless.XRV + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } From b70912799bdb84caae4cd7ea44108875d91adaf7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 30 Jan 2023 04:35:30 +0000 Subject: [PATCH 027/226] Generate *.pb.go files with protoc v3.21.12 https://github.com/protocolbuffers/protobuf/releases/tag/v21.12 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 go run ./infra/vprotogen --- app/commander/config.pb.go | 2 +- app/dispatcher/config.pb.go | 2 +- app/dns/config.pb.go | 2 +- app/dns/fakedns/fakedns.pb.go | 2 +- app/log/command/config.pb.go | 2 +- app/log/command/config_grpc.pb.go | 2 +- app/log/config.pb.go | 2 +- app/metrics/config.pb.go | 2 +- app/observatory/command/command.pb.go | 2 +- app/observatory/command/command_grpc.pb.go | 2 +- app/observatory/config.pb.go | 2 +- app/policy/config.pb.go | 2 +- app/proxyman/command/command.pb.go | 2 +- app/proxyman/command/command_grpc.pb.go | 2 +- app/proxyman/config.pb.go | 2 +- app/reverse/config.pb.go | 2 +- app/router/command/command.pb.go | 2 +- app/router/command/command_grpc.pb.go | 2 +- app/router/config.pb.go | 2 +- app/stats/command/command.pb.go | 2 +- app/stats/command/command_grpc.pb.go | 2 +- app/stats/config.pb.go | 2 +- common/log/log.pb.go | 2 +- common/net/address.pb.go | 2 +- common/net/destination.pb.go | 2 +- common/net/network.pb.go | 2 +- common/net/port.pb.go | 2 +- common/protocol/headers.pb.go | 2 +- common/protocol/server_spec.pb.go | 2 +- common/protocol/user.pb.go | 2 +- common/serial/typed_message.pb.go | 2 +- core/config.pb.go | 2 +- proxy/blackhole/config.pb.go | 2 +- proxy/dns/config.pb.go | 2 +- proxy/dokodemo/config.pb.go | 2 +- proxy/freedom/config.pb.go | 2 +- proxy/http/config.pb.go | 2 +- proxy/loopback/config.pb.go | 2 +- proxy/mtproto/config.pb.go | 2 +- proxy/shadowsocks/config.pb.go | 2 +- proxy/shadowsocks_2022/config.pb.go | 2 +- proxy/socks/config.pb.go | 2 +- proxy/trojan/config.pb.go | 2 +- proxy/vless/account.pb.go | 2 +- proxy/vless/encoding/addons.pb.go | 2 +- proxy/vless/inbound/config.pb.go | 2 +- proxy/vless/outbound/config.pb.go | 2 +- proxy/vmess/account.pb.go | 2 +- proxy/vmess/inbound/config.pb.go | 2 +- proxy/vmess/outbound/config.pb.go | 2 +- proxy/wireguard/config.pb.go | 2 +- transport/global/config.pb.go | 2 +- transport/internet/config.pb.go | 2 +- transport/internet/domainsocket/config.pb.go | 2 +- transport/internet/grpc/config.pb.go | 2 +- transport/internet/grpc/encoding/stream.pb.go | 2 +- transport/internet/grpc/encoding/stream_grpc.pb.go | 2 +- transport/internet/headers/http/config.pb.go | 2 +- transport/internet/headers/noop/config.pb.go | 2 +- transport/internet/headers/srtp/config.pb.go | 2 +- transport/internet/headers/tls/config.pb.go | 2 +- transport/internet/headers/utp/config.pb.go | 2 +- transport/internet/headers/wechat/config.pb.go | 2 +- transport/internet/headers/wireguard/config.pb.go | 2 +- transport/internet/http/config.pb.go | 2 +- transport/internet/kcp/config.pb.go | 2 +- transport/internet/quic/config.pb.go | 2 +- transport/internet/tcp/config.pb.go | 2 +- transport/internet/tls/config.pb.go | 2 +- transport/internet/udp/config.pb.go | 2 +- transport/internet/websocket/config.pb.go | 2 +- transport/internet/xtls/config.pb.go | 2 +- 72 files changed, 72 insertions(+), 72 deletions(-) diff --git a/app/commander/config.pb.go b/app/commander/config.pb.go index 7777de4188c2..1ebbe094fb7d 100644 --- a/app/commander/config.pb.go +++ b/app/commander/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/commander/config.proto package commander diff --git a/app/dispatcher/config.pb.go b/app/dispatcher/config.pb.go index a4777b9db339..04e8d7a373eb 100644 --- a/app/dispatcher/config.pb.go +++ b/app/dispatcher/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dispatcher/config.proto package dispatcher diff --git a/app/dns/config.pb.go b/app/dns/config.pb.go index 3d7f537e1753..7474c04a43f4 100644 --- a/app/dns/config.pb.go +++ b/app/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dns/config.proto package dns diff --git a/app/dns/fakedns/fakedns.pb.go b/app/dns/fakedns/fakedns.pb.go index 13f7bb35160b..8cf02aee889b 100644 --- a/app/dns/fakedns/fakedns.pb.go +++ b/app/dns/fakedns/fakedns.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dns/fakedns/fakedns.proto package fakedns diff --git a/app/log/command/config.pb.go b/app/log/command/config.pb.go index b8b5635014c7..ceda9127625a 100644 --- a/app/log/command/config.pb.go +++ b/app/log/command/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/log/command/config.proto package command diff --git a/app/log/command/config_grpc.pb.go b/app/log/command/config_grpc.pb.go index 7908855b1804..653c395c5480 100644 --- a/app/log/command/config_grpc.pb.go +++ b/app/log/command/config_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/log/command/config.proto package command diff --git a/app/log/config.pb.go b/app/log/config.pb.go index 95b5468efb4d..a70d2923d6ba 100644 --- a/app/log/config.pb.go +++ b/app/log/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/log/config.proto package log diff --git a/app/metrics/config.pb.go b/app/metrics/config.pb.go index 614f2d85fe6d..24c5629efe60 100644 --- a/app/metrics/config.pb.go +++ b/app/metrics/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/metrics/config.proto package metrics diff --git a/app/observatory/command/command.pb.go b/app/observatory/command/command.pb.go index 743ca7c23ec9..c5ffdce54690 100644 --- a/app/observatory/command/command.pb.go +++ b/app/observatory/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/observatory/command/command.proto package command diff --git a/app/observatory/command/command_grpc.pb.go b/app/observatory/command/command_grpc.pb.go index 0cbd99210c17..2a3da93ecae8 100644 --- a/app/observatory/command/command_grpc.pb.go +++ b/app/observatory/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/observatory/command/command.proto package command diff --git a/app/observatory/config.pb.go b/app/observatory/config.pb.go index 2c9a5bc8e84d..a6d36eada1a9 100644 --- a/app/observatory/config.pb.go +++ b/app/observatory/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/observatory/config.proto package observatory diff --git a/app/policy/config.pb.go b/app/policy/config.pb.go index 45b3082cd130..66da6d116a7c 100644 --- a/app/policy/config.pb.go +++ b/app/policy/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/policy/config.proto package policy diff --git a/app/proxyman/command/command.pb.go b/app/proxyman/command/command.pb.go index 4408c93e4b7c..5730955c53fd 100644 --- a/app/proxyman/command/command.pb.go +++ b/app/proxyman/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/proxyman/command/command.proto package command diff --git a/app/proxyman/command/command_grpc.pb.go b/app/proxyman/command/command_grpc.pb.go index 2b3344f7b563..979b101f35a9 100644 --- a/app/proxyman/command/command_grpc.pb.go +++ b/app/proxyman/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/proxyman/command/command.proto package command diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index d7ff274ce430..2dfe29310489 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/proxyman/config.proto package proxyman diff --git a/app/reverse/config.pb.go b/app/reverse/config.pb.go index aebf9f9c9915..c54782809716 100644 --- a/app/reverse/config.pb.go +++ b/app/reverse/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/reverse/config.proto package reverse diff --git a/app/router/command/command.pb.go b/app/router/command/command.pb.go index 598ea2d05034..41c52388ee92 100644 --- a/app/router/command/command.pb.go +++ b/app/router/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/router/command/command.proto package command diff --git a/app/router/command/command_grpc.pb.go b/app/router/command/command_grpc.pb.go index 3b830dfbf535..50c6de29e811 100644 --- a/app/router/command/command_grpc.pb.go +++ b/app/router/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/router/command/command.proto package command diff --git a/app/router/config.pb.go b/app/router/config.pb.go index f425fe260205..0089a1a8f83c 100644 --- a/app/router/config.pb.go +++ b/app/router/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/router/config.proto package router diff --git a/app/stats/command/command.pb.go b/app/stats/command/command.pb.go index ac995f702504..005722b66ffd 100644 --- a/app/stats/command/command.pb.go +++ b/app/stats/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/stats/command/command.proto package command diff --git a/app/stats/command/command_grpc.pb.go b/app/stats/command/command_grpc.pb.go index b38fadce268a..38e9d3fbfc5f 100644 --- a/app/stats/command/command_grpc.pb.go +++ b/app/stats/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/stats/command/command.proto package command diff --git a/app/stats/config.pb.go b/app/stats/config.pb.go index b8146ff4b5ef..99c573b5c2d2 100644 --- a/app/stats/config.pb.go +++ b/app/stats/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/stats/config.proto package stats diff --git a/common/log/log.pb.go b/common/log/log.pb.go index 43f9e4250395..321ae16bd944 100644 --- a/common/log/log.pb.go +++ b/common/log/log.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/log/log.proto package log diff --git a/common/net/address.pb.go b/common/net/address.pb.go index fb996502f3d9..5757a0184dc6 100644 --- a/common/net/address.pb.go +++ b/common/net/address.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/address.proto package net diff --git a/common/net/destination.pb.go b/common/net/destination.pb.go index f0c77b991356..2d557b84617b 100644 --- a/common/net/destination.pb.go +++ b/common/net/destination.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/destination.proto package net diff --git a/common/net/network.pb.go b/common/net/network.pb.go index 9ca8415063fd..699557f74113 100644 --- a/common/net/network.pb.go +++ b/common/net/network.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/network.proto package net diff --git a/common/net/port.pb.go b/common/net/port.pb.go index 395b3e6b7ec2..cae70bc9e525 100644 --- a/common/net/port.pb.go +++ b/common/net/port.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/port.proto package net diff --git a/common/protocol/headers.pb.go b/common/protocol/headers.pb.go index 3a3f64c4620c..4096d56f9c3c 100644 --- a/common/protocol/headers.pb.go +++ b/common/protocol/headers.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/headers.proto package protocol diff --git a/common/protocol/server_spec.pb.go b/common/protocol/server_spec.pb.go index e06b8a65966c..ea12a4bb2827 100644 --- a/common/protocol/server_spec.pb.go +++ b/common/protocol/server_spec.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/server_spec.proto package protocol diff --git a/common/protocol/user.pb.go b/common/protocol/user.pb.go index d1cdf5be57b9..bc3b2bf88142 100644 --- a/common/protocol/user.pb.go +++ b/common/protocol/user.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/user.proto package protocol diff --git a/common/serial/typed_message.pb.go b/common/serial/typed_message.pb.go index bb21f7019945..7bdbbf3a34f8 100644 --- a/common/serial/typed_message.pb.go +++ b/common/serial/typed_message.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/serial/typed_message.proto package serial diff --git a/core/config.pb.go b/core/config.pb.go index c6f8c6c70cbd..2364674d4d4f 100644 --- a/core/config.pb.go +++ b/core/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: core/config.proto package core diff --git a/proxy/blackhole/config.pb.go b/proxy/blackhole/config.pb.go index 029876259b7b..54d2279e211a 100644 --- a/proxy/blackhole/config.pb.go +++ b/proxy/blackhole/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/blackhole/config.proto package blackhole diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go index 6fcc0027a6a5..653fe141755a 100644 --- a/proxy/dns/config.pb.go +++ b/proxy/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/dns/config.proto package dns diff --git a/proxy/dokodemo/config.pb.go b/proxy/dokodemo/config.pb.go index e71b87a99cbe..82eb0704a4af 100644 --- a/proxy/dokodemo/config.pb.go +++ b/proxy/dokodemo/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/dokodemo/config.proto package dokodemo diff --git a/proxy/freedom/config.pb.go b/proxy/freedom/config.pb.go index e25bc943feb8..5c95bce7eb8e 100644 --- a/proxy/freedom/config.pb.go +++ b/proxy/freedom/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/freedom/config.proto package freedom diff --git a/proxy/http/config.pb.go b/proxy/http/config.pb.go index e2613cda6fad..813a56c8d370 100644 --- a/proxy/http/config.pb.go +++ b/proxy/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/http/config.proto package http diff --git a/proxy/loopback/config.pb.go b/proxy/loopback/config.pb.go index 2fc1234cf3de..c13c14af0a55 100644 --- a/proxy/loopback/config.pb.go +++ b/proxy/loopback/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/loopback/config.proto package loopback diff --git a/proxy/mtproto/config.pb.go b/proxy/mtproto/config.pb.go index 9f30cc559a64..425c76726c61 100644 --- a/proxy/mtproto/config.pb.go +++ b/proxy/mtproto/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/mtproto/config.proto package mtproto diff --git a/proxy/shadowsocks/config.pb.go b/proxy/shadowsocks/config.pb.go index bd44bed7a997..5e89e40f8690 100644 --- a/proxy/shadowsocks/config.pb.go +++ b/proxy/shadowsocks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/shadowsocks/config.proto package shadowsocks diff --git a/proxy/shadowsocks_2022/config.pb.go b/proxy/shadowsocks_2022/config.pb.go index ff3fae7d7f65..50626f7a4b00 100644 --- a/proxy/shadowsocks_2022/config.pb.go +++ b/proxy/shadowsocks_2022/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/shadowsocks_2022/config.proto package shadowsocks_2022 diff --git a/proxy/socks/config.pb.go b/proxy/socks/config.pb.go index 8ca080837ff7..3cb7d172cc8a 100644 --- a/proxy/socks/config.pb.go +++ b/proxy/socks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/socks/config.proto package socks diff --git a/proxy/trojan/config.pb.go b/proxy/trojan/config.pb.go index eaa71eff8f9a..17b485dae062 100644 --- a/proxy/trojan/config.pb.go +++ b/proxy/trojan/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/trojan/config.proto package trojan diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index 50ce9378110d..ea425c735197 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/account.proto package vless diff --git a/proxy/vless/encoding/addons.pb.go b/proxy/vless/encoding/addons.pb.go index 170cf13559e2..a5b97f814128 100644 --- a/proxy/vless/encoding/addons.pb.go +++ b/proxy/vless/encoding/addons.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/encoding/addons.proto package encoding diff --git a/proxy/vless/inbound/config.pb.go b/proxy/vless/inbound/config.pb.go index e69d7bf1fbad..4061e1209d89 100644 --- a/proxy/vless/inbound/config.pb.go +++ b/proxy/vless/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/inbound/config.proto package inbound diff --git a/proxy/vless/outbound/config.pb.go b/proxy/vless/outbound/config.pb.go index 14839ba74771..4d1b7938f88b 100644 --- a/proxy/vless/outbound/config.pb.go +++ b/proxy/vless/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/outbound/config.proto package outbound diff --git a/proxy/vmess/account.pb.go b/proxy/vmess/account.pb.go index bd3ad96e7861..0f2f6159cb00 100644 --- a/proxy/vmess/account.pb.go +++ b/proxy/vmess/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/account.proto package vmess diff --git a/proxy/vmess/inbound/config.pb.go b/proxy/vmess/inbound/config.pb.go index 0b381be0e21f..fc7bf36f00c6 100644 --- a/proxy/vmess/inbound/config.pb.go +++ b/proxy/vmess/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/inbound/config.proto package inbound diff --git a/proxy/vmess/outbound/config.pb.go b/proxy/vmess/outbound/config.pb.go index 6e2d00a792e1..700127a8ee0b 100644 --- a/proxy/vmess/outbound/config.pb.go +++ b/proxy/vmess/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/outbound/config.proto package outbound diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go index 149fa9589c35..e290af8a0e30 100644 --- a/proxy/wireguard/config.pb.go +++ b/proxy/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.9 +// protoc v3.21.12 // source: proxy/wireguard/config.proto package wireguard diff --git a/transport/global/config.pb.go b/transport/global/config.pb.go index 78e97b1e199a..eb0fcd0df130 100644 --- a/transport/global/config.pb.go +++ b/transport/global/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/global/config.proto package global diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 716bdaaa0b67..67bf9f5aebfe 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.9 +// protoc v3.21.12 // source: transport/internet/config.proto package internet diff --git a/transport/internet/domainsocket/config.pb.go b/transport/internet/domainsocket/config.pb.go index 40cebd5965a4..23628e02739f 100644 --- a/transport/internet/domainsocket/config.pb.go +++ b/transport/internet/domainsocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/domainsocket/config.proto package domainsocket diff --git a/transport/internet/grpc/config.pb.go b/transport/internet/grpc/config.pb.go index f45f090a2ed0..9a94984d4905 100644 --- a/transport/internet/grpc/config.pb.go +++ b/transport/internet/grpc/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/grpc/config.proto package grpc diff --git a/transport/internet/grpc/encoding/stream.pb.go b/transport/internet/grpc/encoding/stream.pb.go index 65ca0859aaf7..c605613d65dd 100644 --- a/transport/internet/grpc/encoding/stream.pb.go +++ b/transport/internet/grpc/encoding/stream.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/grpc/encoding/stream.proto package encoding diff --git a/transport/internet/grpc/encoding/stream_grpc.pb.go b/transport/internet/grpc/encoding/stream_grpc.pb.go index fa1d195090dc..ab75a5d84dda 100644 --- a/transport/internet/grpc/encoding/stream_grpc.pb.go +++ b/transport/internet/grpc/encoding/stream_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: transport/internet/grpc/encoding/stream.proto package encoding diff --git a/transport/internet/headers/http/config.pb.go b/transport/internet/headers/http/config.pb.go index 6ba64c5386e8..382ced8447f6 100644 --- a/transport/internet/headers/http/config.pb.go +++ b/transport/internet/headers/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/http/config.proto package http diff --git a/transport/internet/headers/noop/config.pb.go b/transport/internet/headers/noop/config.pb.go index 81f254a2e5da..534b3701b3c1 100644 --- a/transport/internet/headers/noop/config.pb.go +++ b/transport/internet/headers/noop/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/noop/config.proto package noop diff --git a/transport/internet/headers/srtp/config.pb.go b/transport/internet/headers/srtp/config.pb.go index b9992d37776b..5c0f9cfff712 100644 --- a/transport/internet/headers/srtp/config.pb.go +++ b/transport/internet/headers/srtp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/srtp/config.proto package srtp diff --git a/transport/internet/headers/tls/config.pb.go b/transport/internet/headers/tls/config.pb.go index e24daf8e916a..7867f69c253a 100644 --- a/transport/internet/headers/tls/config.pb.go +++ b/transport/internet/headers/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/tls/config.proto package tls diff --git a/transport/internet/headers/utp/config.pb.go b/transport/internet/headers/utp/config.pb.go index a0ce40125c1b..c7658b0b3f5d 100644 --- a/transport/internet/headers/utp/config.pb.go +++ b/transport/internet/headers/utp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/utp/config.proto package utp diff --git a/transport/internet/headers/wechat/config.pb.go b/transport/internet/headers/wechat/config.pb.go index 928678ff0f12..1b624b592178 100644 --- a/transport/internet/headers/wechat/config.pb.go +++ b/transport/internet/headers/wechat/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/wechat/config.proto package wechat diff --git a/transport/internet/headers/wireguard/config.pb.go b/transport/internet/headers/wireguard/config.pb.go index d10072a4f448..8d3be7a1df9e 100644 --- a/transport/internet/headers/wireguard/config.pb.go +++ b/transport/internet/headers/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/wireguard/config.proto package wireguard diff --git a/transport/internet/http/config.pb.go b/transport/internet/http/config.pb.go index cef7700253ba..f87a59e8c476 100644 --- a/transport/internet/http/config.pb.go +++ b/transport/internet/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/http/config.proto package http diff --git a/transport/internet/kcp/config.pb.go b/transport/internet/kcp/config.pb.go index 3af1ffa09686..0e10dac46895 100644 --- a/transport/internet/kcp/config.pb.go +++ b/transport/internet/kcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/kcp/config.proto package kcp diff --git a/transport/internet/quic/config.pb.go b/transport/internet/quic/config.pb.go index 15f1436eed9b..36aa03da31ad 100644 --- a/transport/internet/quic/config.pb.go +++ b/transport/internet/quic/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/quic/config.proto package quic diff --git a/transport/internet/tcp/config.pb.go b/transport/internet/tcp/config.pb.go index 1a73b054bee0..c2b949dea992 100644 --- a/transport/internet/tcp/config.pb.go +++ b/transport/internet/tcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/tcp/config.proto package tcp diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go index 3718ead284e3..d038de6bf6bd 100644 --- a/transport/internet/tls/config.pb.go +++ b/transport/internet/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/tls/config.proto package tls diff --git a/transport/internet/udp/config.pb.go b/transport/internet/udp/config.pb.go index d58b8b69d851..c01b0e6076cf 100644 --- a/transport/internet/udp/config.pb.go +++ b/transport/internet/udp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/udp/config.proto package udp diff --git a/transport/internet/websocket/config.pb.go b/transport/internet/websocket/config.pb.go index 6e60f5a811e7..9ba5c1c828c9 100644 --- a/transport/internet/websocket/config.pb.go +++ b/transport/internet/websocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/websocket/config.proto package websocket diff --git a/transport/internet/xtls/config.pb.go b/transport/internet/xtls/config.pb.go index c6a6df53c320..edb1f3ff79d8 100644 --- a/transport/internet/xtls/config.pb.go +++ b/transport/internet/xtls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/xtls/config.proto package xtls From 74416570d4913952e2b878296cf8e78e2701ff23 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Tue, 31 Jan 2023 18:02:12 +0000 Subject: [PATCH 028/226] Format VLESS inbound.go and outbound.go --- proxy/vless/inbound/inbound.go | 8 ++++---- proxy/vless/outbound/outbound.go | 15 ++++++--------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index d4ea246d3da7..5b0833ca08b5 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -485,16 +485,13 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } netConn = tlsConn.NetConn() if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() // 8192 > 4096, there is no need to process pc's bufReader } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { @@ -504,6 +501,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index a4c70a2b365c..82505911944a 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -158,16 +158,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if utlsConn, ok := iConn.(*tls.UConn); ok { - netConn = utlsConn.Conn.NetConn() - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } + netConn = utlsConn.NetConn() t = reflect.TypeOf(utlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(utlsConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { @@ -175,6 +169,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) @@ -265,11 +262,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if rawConn != nil && requestAddons.Flow == vless.XRV { if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } } else if utlsConn, ok := iConn.(*tls.UConn); ok { if utlsConn.ConnectionState().Version != utls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() } } var counter stats.Counter From dc72cf2c780f31138a2f1da3bae386e8d2e53a4c Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 1 Feb 2023 12:58:17 +0000 Subject: [PATCH 029/226] Refine fingerprints Fixes https://github.com/XTLS/Xray-core/issues/1577 --- infra/conf/transport_internet.go | 3 + transport/internet/grpc/dial.go | 2 +- transport/internet/http/dialer.go | 2 +- transport/internet/tcp/dialer.go | 2 +- transport/internet/tls/tls.go | 97 ++++++++++++++------------ transport/internet/websocket/dialer.go | 2 +- 6 files changed, 59 insertions(+), 49 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 610e252e163c..f0b067d89663 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -379,6 +379,9 @@ func (c *TLSConfig) Build() (proto.Message, error) { config.CipherSuites = c.CipherSuites config.PreferServerCipherSuites = c.PreferServerCipherSuites config.Fingerprint = strings.ToLower(c.Fingerprint) + if config.Fingerprint != "" && tls.GetFingerprint(config.Fingerprint) == nil { + return nil, newError(`unknown fingerprint: `, config.Fingerprint) + } config.RejectUnknownSni = c.RejectUnknownSNI if c.PinnedPeerCertificateChainSha256 != nil { diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 04f81e340a3e..afc270bdc2de 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -122,7 +122,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in if tlsConfig != nil { var transportCredential credentials.TransportCredentials - if fingerprint, exists := tls.GetFingerprint(ctx, tlsConfig.Fingerprint); exists { + if fingerprint := tls.GetFingerprint(tlsConfig.Fingerprint); fingerprint != nil { transportCredential = tls.NewGrpcUtls(tlsConfig.GetTLSConfig(), fingerprint) } else { // Fallback to normal gRPC TLS transportCredential = credentials.NewTLS(tlsConfig.GetTLSConfig()) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 6fef71c54c17..a192bddd8c54 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -75,7 +75,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } var cn tls.Interface - if fingerprint, ok := tls.GetFingerprint(ctx, tlsConfigs.Fingerprint); ok { + if fingerprint := tls.GetFingerprint(tlsConfigs.Fingerprint); fingerprint != nil { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) } else { cn = tls.Client(pconn, tlsConfig).(*tls.Conn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index b08fd4b2f88d..5606cd8dfedc 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -22,7 +22,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { tlsConfig := config.GetTLSConfig(tls.WithDestination(dest)) - if fingerprint, ok := tls.GetFingerprint(ctx, config.Fingerprint); ok { + if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil { conn = tls.UClient(conn, tlsConfig, fingerprint) if err := conn.(*tls.UConn).Handshake(); err != nil { return nil, err diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 728480f85cc0..b3cde8017427 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -1,7 +1,6 @@ package tls import ( - "context" "crypto/rand" "crypto/tls" "math/big" @@ -9,15 +8,12 @@ import ( utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/session" ) //go:generate go run github.com/xtls/xray-core/common/errors/errorgen var _ buf.Writer = (*Conn)(nil) -var XrayRandom *utls.ClientHelloID - type Conn struct { *tls.Conn } @@ -118,58 +114,51 @@ func copyConfig(c *tls.Config) *utls.Config { } } -func GetFingerprint(ctx context.Context, config string) (*utls.ClientHelloID, bool) { - if XrayRandom == nil { - // lazy init - for k, v := range FingerprintsForRNG { - Fingerprints[k] = v - } - big, err := rand.Int(rand.Reader, big.NewInt(int64(len(FingerprintsForRNG)))) - if err != nil { - newError("failed to generate xray random fingerprint").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - var i = int(big.Int64()) - count := 0 - for k, v := range FingerprintsForRNG { - if count == i { - newError("xray random fingerprint: ", k).WriteToLog(session.ExportIDToError(ctx)) - XrayRandom = v - break - } - count++ +func init() { + bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints)))) + stopAt := int(bigInt.Int64()) + i := 0 + for _, v := range ModernFingerprints { + if i == stopAt { + PresetFingerprints["random"] = v + break } + i++ + } +} + +func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { + if name == "" { + return + } + if fingerprint = PresetFingerprints[name]; fingerprint != nil { + return } - if config == "random" { - return XrayRandom, true + if fingerprint = ModernFingerprints[name]; fingerprint != nil { + return } - fingerprint, ok := Fingerprints[config] - return fingerprint, ok + if fingerprint = OtherFingerprints[name]; fingerprint != nil { + return + } + return } -var Fingerprints = map[string]*utls.ClientHelloID{ +var PresetFingerprints = map[string]*utls.ClientHelloID{ + // Recommended preset options in GUI clients "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, + "ios": &utls.HelloIOS_Auto, + "android": &utls.HelloAndroid_11_OkHttp, + "edge": &utls.HelloEdge_Auto, + "360": &utls.Hello360_Auto, + "qq": &utls.HelloQQ_Auto, + "random": nil, "randomized": &utls.HelloRandomized, - // This is a bit lame, but it seems there is no good way to reflect variables from Golang package - // We don't RNG for go, randomized, or fingerprints that is more than 4 years old - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, - "helloios_11_1": &utls.HelloIOS_11_1, - "hello360_7_5": &utls.Hello360_7_5, } -var FingerprintsForRNG = map[string]*utls.ClientHelloID{ +var ModernFingerprints = map[string]*utls.ClientHelloID{ + // One of these will be chosen as `random` at startup "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, @@ -197,6 +186,24 @@ var FingerprintsForRNG = map[string]*utls.ClientHelloID{ "helloqq_11_1": &utls.HelloQQ_11_1, } +var OtherFingerprints = map[string]*utls.ClientHelloID{ + // Golang, randomized, and fingerprints that are more than 4 years old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_11_1": &utls.HelloIOS_11_1, + "hello360_7_5": &utls.Hello360_7_5, +} + type Interface interface { net.Conn Handshake() error diff --git a/transport/internet/websocket/dialer.go b/transport/internet/websocket/dialer.go index a0ac6811f99a..5017cb5006be 100644 --- a/transport/internet/websocket/dialer.go +++ b/transport/internet/websocket/dialer.go @@ -86,7 +86,7 @@ func dialWebSocket(ctx context.Context, dest net.Destination, streamSettings *in protocol = "wss" tlsConfig := config.GetTLSConfig(tls.WithDestination(dest), tls.WithNextProto("http/1.1")) dialer.TLSClientConfig = tlsConfig - if fingerprint, exists := tls.GetFingerprint(ctx, config.Fingerprint); exists { + if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil { dialer.NetDialTLSContext = func(_ context.Context, _, addr string) (gonet.Conn, error) { // Like the NetDial in the dialer pconn, err := internet.DialSystem(ctx, dest, streamSettings.SocketSettings) From bf35e9dcd6391fac01f348d420d062d5640262f1 Mon Sep 17 00:00:00 2001 From: pocketW <104479902+pocketW@users.noreply.github.com> Date: Fri, 20 Jan 2023 22:42:49 +1100 Subject: [PATCH 030/226] fix: handle error raised by dispatcher --- transport/internet/udp/dispatcher.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/transport/internet/udp/dispatcher.go b/transport/internet/udp/dispatcher.go index dda26e6eefed..a8d9c6f50acb 100644 --- a/transport/internet/udp/dispatcher.go +++ b/transport/internet/udp/dispatcher.go @@ -51,12 +51,12 @@ func (v *Dispatcher) RemoveRay(dest net.Destination) { } } -func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *connEntry { +func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) (*connEntry, error) { v.Lock() defer v.Unlock() if entry, found := v.conns[dest]; found { - return entry + return entry, nil } newError("establishing new connection for ", dest).WriteToLog() @@ -67,7 +67,12 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *c v.RemoveRay(dest) } timer := signal.CancelAfterInactivity(ctx, removeRay, time.Minute) - link, _ := v.dispatcher.Dispatch(ctx, dest) + + link, err := v.dispatcher.Dispatch(ctx, dest) + if err != nil { + return nil, newError("failed to dispatch request to ", dest).Base(err) + } + entry := &connEntry{ link: link, timer: timer, @@ -75,14 +80,18 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *c } v.conns[dest] = entry go handleInput(ctx, entry, dest, v.callback) - return entry + return entry, nil } func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination, payload *buf.Buffer) { // TODO: Add user to destString newError("dispatch request to: ", destination).AtDebug().WriteToLog(session.ExportIDToError(ctx)) - conn := v.getInboundRay(ctx, destination) + conn, err := v.getInboundRay(ctx, destination) + if err != nil { + newError("failed to get inbound").Base(err).WriteToLog(session.ExportIDToError(ctx)) + return + } outputStream := conn.link.Writer if outputStream != nil { if err := outputStream.WriteMultiBuffer(buf.MultiBuffer{payload}); err != nil { From f176ec54eefc254734c686721bc49661db350aa7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 05:50:21 +0000 Subject: [PATCH 031/226] v1.7.3 --- README.md | 2 +- app/dns/nameserver_quic.go | 2 +- common/protocol/quic/qtls_go118.go | 2 +- common/protocol/quic/sniff.go | 2 +- core/core.go | 2 +- go.mod | 29 +++++++------ go.sum | 66 ++++++++++++++---------------- transport/internet/quic/conn.go | 2 +- transport/internet/quic/dialer.go | 6 +-- transport/internet/quic/hub.go | 6 +-- 10 files changed, 56 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index cd57eed8109e..7579cb91645e 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ This repo relies on the following third-party projects: - In production: - [ghodss/yaml](https://github.com/ghodss/yaml) - [gorilla/websocket](https://github.com/gorilla/websocket) - - [lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) + - [quic-go/quic-go](https://github.com/quic-go/quic-go) - [pelletier/go-toml](https://github.com/pelletier/go-toml) - [pires/go-proxyproto](https://github.com/pires/go-proxyproto) - [refraction-networking/utls](https://github.com/refraction-networking/utls) diff --git a/app/dns/nameserver_quic.go b/app/dns/nameserver_quic.go index e1c005ead43e..a362ec849a32 100644 --- a/app/dns/nameserver_quic.go +++ b/app/dns/nameserver_quic.go @@ -7,7 +7,7 @@ import ( "sync/atomic" "time" - "github.com/lucas-clemente/quic-go" + "github.com/quic-go/quic-go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/common/protocol/quic/qtls_go118.go b/common/protocol/quic/qtls_go118.go index ce5169b550c3..e701adfa65ae 100644 --- a/common/protocol/quic/qtls_go118.go +++ b/common/protocol/quic/qtls_go118.go @@ -3,7 +3,7 @@ package quic import ( "crypto/cipher" - "github.com/marten-seemann/qtls-go1-18" + "github.com/quic-go/qtls-go1-20" ) type ( diff --git a/common/protocol/quic/sniff.go b/common/protocol/quic/sniff.go index 0065742cc844..71c144282d61 100644 --- a/common/protocol/quic/sniff.go +++ b/common/protocol/quic/sniff.go @@ -7,7 +7,7 @@ import ( "encoding/binary" "io" - "github.com/lucas-clemente/quic-go/quicvarint" + "github.com/quic-go/quic-go/quicvarint" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" diff --git a/core/core.go b/core/core.go index f8c9320efd69..2cc31ed16e4a 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.2" + version = "1.7.3" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index ad08bd91991f..49d8a74402e3 100644 --- a/go.mod +++ b/go.mod @@ -1,27 +1,27 @@ module github.com/xtls/xray-core -go 1.19 +go 1.20 require ( - github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 + github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.6.0 github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/lucas-clemente/quic-go v0.31.1 - github.com/marten-seemann/qtls-go1-18 v0.1.4 github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 + github.com/quic-go/qtls-go1-20 v0.1.0 + github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.0 github.com/sagernet/sing v0.1.6 - github.com/sagernet/sing-shadowsocks v0.1.0 + github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 - go.starlark.net v0.0.0-20230105143730-d7da88764354 + github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 + go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 @@ -39,22 +39,21 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect - github.com/klauspost/compress v1.15.14 // indirect + github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f // indirect + github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/kr/pretty v0.3.1 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect - github.com/onsi/ginkgo/v2 v2.6.1 // indirect + github.com/onsi/ginkgo/v2 v2.8.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/quic-go/qtls-go1-18 v0.2.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 // indirect + golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 926411041f92..9488b1877d6f 100644 --- a/go.sum +++ b/go.sum @@ -20,7 +20,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -35,8 +34,8 @@ github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJn github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= +github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= +github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= @@ -77,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= -github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f h1:gl1DCiSk+mrXXBGPm6CEeS2MkJuMVzAOrXg34oVj1QI= +github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -92,28 +91,19 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= -github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= +github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbrWuja2YR4= -github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= -github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= -github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= @@ -122,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= -github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= +github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI= +github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU= +github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -132,7 +122,6 @@ github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoU github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8= github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -141,17 +130,23 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= +github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= +github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= +github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= +github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= +github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo= github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= -github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= -github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= +github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= +github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= @@ -196,12 +191,12 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZkK09m7aETNBNzhT6t15M= -github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= +github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= +github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= -go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= +go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= +go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -213,8 +208,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= -golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -308,8 +303,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= -google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 h1:p0kMzw6AG0JEzd7Z+kXqOiLhC6gjUQTbtS2zR0Q3DbI= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -331,8 +326,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/transport/internet/quic/conn.go b/transport/internet/quic/conn.go index a349eb42d542..11bee7c543a9 100644 --- a/transport/internet/quic/conn.go +++ b/transport/internet/quic/conn.go @@ -7,7 +7,7 @@ import ( "syscall" "time" - "github.com/lucas-clemente/quic-go" + "github.com/quic-go/quic-go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 0e4c6a6b759f..0b9483ce8c75 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -6,9 +6,9 @@ import ( "sync" "time" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/logging" - "github.com/lucas-clemente/quic-go/qlog" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/logging" + "github.com/quic-go/quic-go/qlog" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/task" diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 27a7e7e0d69a..9b6481c52732 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -5,9 +5,9 @@ import ( "io" "time" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/logging" - "github.com/lucas-clemente/quic-go/qlog" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/logging" + "github.com/quic-go/quic-go/qlog" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol/tls/cert" From 53833c2323e1a3d1b1145480aac732da41e2e93d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 05:59:58 +0000 Subject: [PATCH 032/226] Update workflows to use Go 1.20 --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56a58f3396e9..4dd47aac41eb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19 + go-version: 1.20 check-latest: true - name: Get project dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6a04c3fc04ce..4aeb4e751fbd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19 + go-version: 1.20 check-latest: true - name: Checkout codebase uses: actions/checkout@v3 From b57d3fa8696653b99329cb435bffb8856d15a8db Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 06:26:07 +0000 Subject: [PATCH 033/226] 1.20 -> '1.20' --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4dd47aac41eb..8d529d33fb6e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.20 + go-version: '1.20' check-latest: true - name: Get project dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4aeb4e751fbd..ffdc64cbdbe5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.20 + go-version: '1.20' check-latest: true - name: Checkout codebase uses: actions/checkout@v3 From fa7300e9101c885eba03971b2eb0db5ed77b0063 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 3 Feb 2023 23:29:46 +0800 Subject: [PATCH 034/226] Add warning on using old version of XTLS And checks param `fingerprint` also --- infra/conf/transport_internet.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index f0b067d89663..c52a1658c21e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -458,6 +458,7 @@ type XTLSConfig struct { MaxVersion string `json:"maxVersion"` CipherSuites string `json:"cipherSuites"` PreferServerCipherSuites bool `json:"preferServerCipherSuites"` + Fingerprint string `json:"fingerprint"` RejectUnknownSNI bool `json:"rejectUnknownSni"` PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` } @@ -487,6 +488,9 @@ func (c *XTLSConfig) Build() (proto.Message, error) { config.MaxVersion = c.MaxVersion config.CipherSuites = c.CipherSuites config.PreferServerCipherSuites = c.PreferServerCipherSuites + if c.Fingerprint != "" { + return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`) + } config.RejectUnknownSni = c.RejectUnknownSNI if c.PinnedPeerCertificateChainSha256 != nil { @@ -500,6 +504,8 @@ func (c *XTLSConfig) Build() (proto.Message, error) { } } + newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog() + return config, nil } From 00c95761189162504ebc2c0df3266e9395c7e40d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 4 Feb 2023 21:27:13 +0800 Subject: [PATCH 035/226] Use go:linkname in qtls_go118.go Once and for all, whatever --- common/protocol/quic/qtls_go118.go | 20 +++++++++++--------- go.mod | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/common/protocol/quic/qtls_go118.go b/common/protocol/quic/qtls_go118.go index e701adfa65ae..bfa5e245741b 100644 --- a/common/protocol/quic/qtls_go118.go +++ b/common/protocol/quic/qtls_go118.go @@ -1,16 +1,18 @@ package quic import ( + "crypto" "crypto/cipher" - - "github.com/quic-go/qtls-go1-20" -) - -type ( - // A CipherSuiteTLS13 is a cipher suite for TLS 1.3 - CipherSuiteTLS13 = qtls.CipherSuiteTLS13 + _ "crypto/tls" + _ "unsafe" ) -func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { - return qtls.AEADAESGCMTLS13(key, fixedNonce) +type CipherSuiteTLS13 struct { + ID uint16 + KeyLen int + AEAD func(key, fixedNonce []byte) cipher.AEAD + Hash crypto.Hash } + +//go:linkname AEADAESGCMTLS13 crypto/tls.aeadAESGCMTLS13 +func AEADAESGCMTLS13(key, nonceMask []byte) cipher.AEAD diff --git a/go.mod b/go.mod index 49d8a74402e3..021bd587a7d8 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,6 @@ require ( github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 - github.com/quic-go/qtls-go1-20 v0.1.0 github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.0 github.com/sagernet/sing v0.1.6 @@ -46,6 +45,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-18 v0.2.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.0 // indirect + github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect From c3faa8b7ac76f909e6ddc284b510f967ca121b31 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 6 Feb 2023 01:45:09 -0500 Subject: [PATCH 036/226] Insert padding with empty content to camouflage VLESS header (#1610) This only affects the Vision client for protocols expecting server to send data first. The change is compatible with existing version of Vision server. --- proxy/vless/encoding/encoding.go | 24 +++++++++++++++--------- proxy/vless/outbound/outbound.go | 7 +++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index dea27044ac2c..1e8aaa922c39 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -506,25 +506,31 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu // XtlsPadding add padding to eliminate length siganature during tls handshake func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer { - var length int32 = 0 - if b.Len() < 900 { + var contantLen int32 = 0 + var paddingLen int32 = 0 + if b != nil { + contantLen = b.Len() + } + if contantLen < 900 { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } - length = int32(l.Int64()) + 900 - b.Len() + paddingLen = int32(l.Int64()) + 900 - contantLen } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) *userUUID = nil } - newbuffer.Write([]byte{command, byte(b.Len() >> 8), byte(b.Len()), byte(length >> 8), byte(length)}) - newbuffer.Write(b.Bytes()) - newbuffer.Extend(length) - newError("XtlsPadding ", b.Len(), " ", length, " ", command).WriteToLog(session.ExportIDToError(ctx)) - b.Release() - b = nil + newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) + if (b != nil) { + newbuffer.Write(b.Bytes()) + b.Release() + b = nil + } + newbuffer.Extend(paddingLen) + newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer } diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 82505911944a..f001a6b33c9f 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -249,6 +249,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } } else if err1 != buf.ErrReadTimeout { return err1 + } else if requestAddons.Flow == vless.XRV { + mb := make(buf.MultiBuffer, 1) + mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1) + newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx)) + if err := serverWriter.WriteMultiBuffer(mb); err != nil { + return err + } } } else { newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx)) From f32921df307d80063fddcd5e6aa11d95f57f394e Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 14:51:15 +0800 Subject: [PATCH 037/226] Refine randomized But we should avoid using it unless we have to, see https://github.com/refraction-networking/utls/pull/157#issuecomment-1417156797 --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/tls/tls.go | 23 +++++++++++++++-------- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 021bd587a7d8..b292f17ef51e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 - github.com/refraction-networking/utls v1.2.0 + github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c diff --git a/go.sum b/go.sum index 9488b1877d6f..23d380e8734e 100644 --- a/go.sum +++ b/go.sum @@ -138,8 +138,8 @@ github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV5 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= -github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo= -github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ= +github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 h1:vNEcNapWFwnYJTBcVkHJa8VrdL40PNDLDbSGVY+ZV7I= +github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index b3cde8017427..1a880b9850fc 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -12,6 +12,13 @@ import ( //go:generate go run github.com/xtls/xray-core/common/errors/errorgen +type Interface interface { + net.Conn + Handshake() error + VerifyHostname(host string) error + NegotiatedProtocol() (name string, mutual bool) +} + var _ buf.Writer = (*Conn)(nil) type Conn struct { @@ -125,6 +132,13 @@ func init() { } i++ } + weights := utls.DefaultWeights + weights.TLSVersMax_Set_VersionTLS13 = 1 + weights.FirstKeyShare_Set_CurveP256 = 0 + randomized := utls.HelloRandomized + randomized.Seed, _ = utls.NewPRNGSeed() + randomized.Weights = &weights + PresetFingerprints["randomized"] = &randomized } func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { @@ -154,7 +168,7 @@ var PresetFingerprints = map[string]*utls.ClientHelloID{ "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, - "randomized": &utls.HelloRandomized, + "randomized": nil, } var ModernFingerprints = map[string]*utls.ClientHelloID{ @@ -203,10 +217,3 @@ var OtherFingerprints = map[string]*utls.ClientHelloID{ "helloios_11_1": &utls.HelloIOS_11_1, "hello360_7_5": &utls.Hello360_7_5, } - -type Interface interface { - net.Conn - Handshake() error - VerifyHostname(host string) error - NegotiatedProtocol() (name string, mutual bool) -} From 9046eda5ce902300a4c41deddc60ea899f8da654 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 14:59:14 +0800 Subject: [PATCH 038/226] Add callClose to UDP Dispatcher Fixes https://github.com/XTLS/Xray-core/issues/1611 --- transport/internet/udp/dispatcher.go | 39 ++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/transport/internet/udp/dispatcher.go b/transport/internet/udp/dispatcher.go index a8d9c6f50acb..48b90b63bec6 100644 --- a/transport/internet/udp/dispatcher.go +++ b/transport/internet/udp/dispatcher.go @@ -31,6 +31,7 @@ type Dispatcher struct { conns map[net.Destination]*connEntry dispatcher routing.Dispatcher callback ResponseCallback + callClose func() error } func NewDispatcher(dispatcher routing.Dispatcher, callback ResponseCallback) *Dispatcher { @@ -79,7 +80,7 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) (* cancel: removeRay, } v.conns[dest] = entry - go handleInput(ctx, entry, dest, v.callback) + go handleInput(ctx, entry, dest, v.callback, v.callClose) return entry, nil } @@ -102,8 +103,13 @@ func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination, } } -func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback) { - defer conn.cancel() +func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback, callClose func() error) { + defer func() { + conn.cancel() + if callClose != nil { + callClose() + } + }() input := conn.link.Reader timer := conn.timer @@ -144,7 +150,12 @@ func DialDispatcher(ctx context.Context, dispatcher routing.Dispatcher) (net.Pac done: done.New(), } - d := NewDispatcher(dispatcher, c.callback) + d := &Dispatcher{ + conns: make(map[net.Destination]*connEntry), + dispatcher: dispatcher, + callback: c.callback, + callClose: c.Close, + } c.dispatcher = d return c, nil } @@ -162,16 +173,22 @@ func (c *dispatcherConn) callback(ctx context.Context, packet *udp.Packet) { } func (c *dispatcherConn) ReadFrom(p []byte) (int, net.Addr, error) { + var packet *udp.Packet +s: select { case <-c.done.Wait(): - return 0, nil, io.EOF - case packet := <-c.cache: - n := copy(p, packet.Payload.Bytes()) - return n, &net.UDPAddr{ - IP: packet.Source.Address.IP(), - Port: int(packet.Source.Port), - }, nil + select { + case packet = <-c.cache: + break s + default: + return 0, nil, io.EOF + } + case packet = <-c.cache: } + return copy(p, packet.Payload.Bytes()), &net.UDPAddr{ + IP: packet.Source.Address.IP(), + Port: int(packet.Source.Port), + }, nil } func (c *dispatcherConn) WriteTo(p []byte, addr net.Addr) (int, error) { From 229e2513b54ef39a13a04755c81fa2b7e149f644 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 07:57:05 +0000 Subject: [PATCH 039/226] Bump golang.org/x/sys from 0.4.0 to 0.5.0 (#1626) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b292f17ef51e..39dbe520ae4a 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.4.0 + golang.org/x/sys v0.5.0 google.golang.org/grpc v1.52.3 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index 23d380e8734e..6190e8ae8310 100644 --- a/go.sum +++ b/go.sum @@ -259,8 +259,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 48ff0d92c910b1f5864c9b1cadaf1aca8fce56e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 07:58:18 +0000 Subject: [PATCH 040/226] Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#1625) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 39dbe520ae4a..4569ae1830db 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 - google.golang.org/grpc v1.52.3 + google.golang.org/grpc v1.53.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 6190e8ae8310..13223adfe5b4 100644 --- a/go.sum +++ b/go.sum @@ -311,8 +311,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= -google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= +google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 15999e5c2aa92abe063cea03803d06b29e37e25b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 17:20:24 +0800 Subject: [PATCH 041/226] v1.7.5 --- core/core.go | 2 +- go.mod | 6 +++--- go.sum | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/core/core.go b/core/core.go index 2cc31ed16e4a..a49250077845 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.3" + version = "1.7.5" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 4569ae1830db..fab45706be29 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f // indirect + github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/onsi/ginkgo/v2 v2.8.0 // indirect @@ -48,12 +48,12 @@ require ( github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect + golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 // indirect + google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 13223adfe5b4..dfb76620debf 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f h1:gl1DCiSk+mrXXBGPm6CEeS2MkJuMVzAOrXg34oVj1QI= -github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U= +github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -208,8 +208,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE= -golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= +golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -303,8 +303,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 h1:p0kMzw6AG0JEzd7Z+kXqOiLhC6gjUQTbtS2zR0Q3DbI= -google.golang.org/genproto v0.0.0-20230131230820-1c016267d619/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 4d2e2b24d3a23e90c66ff6f750caca75b0638d97 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 15 Feb 2023 16:07:12 +0000 Subject: [PATCH 042/226] THE NEXT FUTURE becomes THE REALITY NOW Thank @yuhan6665 for testing --- core/core.go | 10 +- go.mod | 19 +- go.sum | 40 +-- infra/conf/transport_internet.go | 211 +++++++++++- main/commands/all/commands.go | 1 + main/commands/all/x25519.go | 63 ++++ main/distro/all/all.go | 1 + proxy/trojan/server.go | 7 + proxy/vless/inbound/inbound.go | 15 +- proxy/vless/outbound/outbound.go | 9 +- transport/internet/domainsocket/dial.go | 3 + transport/internet/domainsocket/listener.go | 41 ++- transport/internet/http/dialer.go | 15 +- transport/internet/reality/config.go | 45 +++ transport/internet/reality/config.pb.go | 300 ++++++++++++++++++ transport/internet/reality/config.proto | 27 ++ .../internet/reality/errors.generated.go | 9 + transport/internet/reality/reality.go | 269 ++++++++++++++++ transport/internet/tcp/dialer.go | 5 + transport/internet/tcp/hub.go | 47 +-- 20 files changed, 1054 insertions(+), 83 deletions(-) create mode 100644 main/commands/all/x25519.go create mode 100644 transport/internet/reality/config.go create mode 100644 transport/internet/reality/config.pb.go create mode 100644 transport/internet/reality/config.proto create mode 100644 transport/internet/reality/errors.generated.go create mode 100644 transport/internet/reality/reality.go diff --git a/core/core.go b/core/core.go index a49250077845..8ab199364c8d 100644 --- a/core/core.go +++ b/core/core.go @@ -12,13 +12,19 @@ package core //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "fmt" "runtime" "github.com/xtls/xray-core/common/serial" ) var ( - version = "1.7.5" + Version_x byte = 1 + Version_y byte = 7 + Version_z byte = 5 +) + +var ( build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." @@ -27,7 +33,7 @@ var ( // Version returns Xray's version as a string, in the form of "x.y.z" where x, y and z are numbers. // ".z" part may be omitted in regular releases. func Version() string { - return version + return fmt.Sprintf("%v.%v.%v", Version_x, Version_y, Version_z) } // VersionStatement returns a list of strings representing the full version info. diff --git a/go.mod b/go.mod index fab45706be29..ecf8e3548452 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 - github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 + github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c @@ -20,9 +20,10 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 + github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 - golang.org/x/crypto v0.5.0 - golang.org/x/net v0.5.0 + golang.org/x/crypto v0.6.0 + golang.org/x/net v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 google.golang.org/grpc v1.53.0 @@ -41,19 +42,19 @@ require ( github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/onsi/ginkgo/v2 v2.8.0 // indirect + github.com/onsi/ginkgo/v2 v2.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-18 v0.2.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.0 // indirect github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect - golang.org/x/mod v0.7.0 // indirect - golang.org/x/text v0.6.0 // indirect + golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 // indirect + golang.org/x/tools v0.6.0 // indirect + google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index dfb76620debf..c2d2af911912 100644 --- a/go.sum +++ b/go.sum @@ -112,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI= -github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU= -github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= +github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU= +github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= +github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -138,8 +138,8 @@ github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV5 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= -github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 h1:vNEcNapWFwnYJTBcVkHJa8VrdL40PNDLDbSGVY+ZV7I= -github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= +github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= +github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -193,6 +193,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= +github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 h1:H7I3fhMXA0GKSysu+KcSNMdX/o4MBElWR02/NIwhmpY= +github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= @@ -205,18 +207,18 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= -golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= +golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= -golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -230,8 +232,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -267,8 +269,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= -golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -283,8 +285,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= -golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -303,8 +305,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index c52a1658c21e..d71795283e41 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -2,13 +2,17 @@ package conf import ( "encoding/base64" + "encoding/hex" "encoding/json" "math" "net/url" + "runtime" "strconv" "strings" + "syscall" "github.com/golang/protobuf/proto" + "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform/filesystem" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" @@ -18,6 +22,7 @@ import ( "github.com/xtls/xray-core/transport/internet/http" "github.com/xtls/xray-core/transport/internet/kcp" "github.com/xtls/xray-core/transport/internet/quic" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" @@ -509,6 +514,170 @@ func (c *XTLSConfig) Build() (proto.Message, error) { return config, nil } +type REALITYConfig struct { + Show bool `json:"show"` + Dest json.RawMessage `json:"dest"` + Type string `json:"type"` + Xver uint64 `json:"xver"` + ServerNames []string `json:"serverNames"` + PrivateKey string `json:"privateKey"` + MinClientVer string `json:"minClientVer"` + MaxClientVer string `json:"maxClientVer"` + MaxTimeDiff uint64 `json:"maxTimeDiff"` + ShortIds []string `json:"shortIds"` + + Fingerprint string `json:"fingerprint"` + ServerName string `json:"serverName"` + PublicKey string `json:"publicKey"` + ShortId string `json:"shortId"` + SpiderX string `json:"spiderX"` +} + +func (c *REALITYConfig) Build() (proto.Message, error) { + config := new(reality.Config) + config.Show = c.Show + var err error + if c.Dest != nil { + var i uint16 + var s string + if err = json.Unmarshal(c.Dest, &i); err == nil { + s = strconv.Itoa(int(i)) + } else { + _ = json.Unmarshal(c.Dest, &s) + } + if c.Type == "" && s != "" { + switch s[0] { + case '@', '/': + c.Type = "unix" + if s[0] == '@' && len(s) > 1 && s[1] == '@' && (runtime.GOOS == "linux" || runtime.GOOS == "android") { + fullAddr := make([]byte, len(syscall.RawSockaddrUnix{}.Path)) // may need padding to work with haproxy + copy(fullAddr, s[1:]) + s = string(fullAddr) + } + default: + if _, err = strconv.Atoi(s); err == nil { + s = "127.0.0.1:" + s + } + if _, _, err = net.SplitHostPort(s); err == nil { + c.Type = "tcp" + } + } + } + if c.Type == "" { + return nil, newError(`please fill in a valid value for "dest"`) + } + if c.Xver > 2 { + return nil, newError(`invalid PROXY protocol version, "xver" only accepts 0, 1, 2`) + } + if len(c.ServerNames) == 0 { + return nil, newError(`empty "serverNames"`) + } + if c.PrivateKey == "" { + return nil, newError(`empty "privateKey"`) + } + if config.PrivateKey, err = base64.RawURLEncoding.DecodeString(c.PrivateKey); err != nil || len(config.PrivateKey) != 32 { + return nil, newError(`invalid "privateKey": `, c.PrivateKey) + } + if c.MinClientVer != "" { + config.MinClientVer = make([]byte, 3) + var u uint64 + for i, s := range strings.Split(c.MinClientVer, ".") { + if i == 3 { + return nil, newError(`invalid "minClientVer": `, c.MinClientVer) + } + if u, err = strconv.ParseUint(s, 10, 8); err != nil { + return nil, newError(`"minClientVer[`, i, `]" should be lesser than 256`) + } else { + config.MinClientVer[i] = byte(u) + } + } + } + if c.MaxClientVer != "" { + config.MaxClientVer = make([]byte, 3) + var u uint64 + for i, s := range strings.Split(c.MaxClientVer, ".") { + if i == 3 { + return nil, newError(`invalid "maxClientVer": `, c.MaxClientVer) + } + if u, err = strconv.ParseUint(s, 10, 8); err != nil { + return nil, newError(`"maxClientVer[`, i, `]" should be lesser than 256`) + } else { + config.MaxClientVer[i] = byte(u) + } + } + } + if len(c.ShortIds) == 0 { + return nil, newError(`empty "shortIds"`) + } + config.ShortIds = make([][]byte, len(c.ShortIds)) + for i, s := range c.ShortIds { + config.ShortIds[i] = make([]byte, 8) + if _, err = hex.Decode(config.ShortIds[i], []byte(s)); err != nil { + return nil, newError(`invalid "shortIds[`, i, `]": `, s) + } + } + config.Dest = s + config.Type = c.Type + config.Xver = c.Xver + config.ServerNames = c.ServerNames + config.MaxTimeDiff = c.MaxTimeDiff + } else { + if c.Fingerprint == "" { + return nil, newError(`empty "fingerprint"`) + } + if config.Fingerprint = strings.ToLower(c.Fingerprint); tls.GetFingerprint(config.Fingerprint) == nil { + return nil, newError(`unknown "fingerprint": `, config.Fingerprint) + } + if config.Fingerprint == "hellogolang" { + return nil, newError(`invalid "fingerprint": `, config.Fingerprint) + } + if c.PublicKey == "" { + return nil, newError(`empty "publicKey"`) + } + if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { + return nil, newError(`invalid "publicKey": `, c.PublicKey) + } + if c.ShortId == "" { + return nil, newError(`empty "shortId"`) + } + config.ShortId = make([]byte, 8) + if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { + return nil, newError(`invalid "shortId": `, c.ShortId) + } + if c.SpiderX == "" { + return nil, newError(`empty "spiderX"`) + } + if c.SpiderX[0] != '/' { + return nil, newError(`invalid "spiderX": `, c.SpiderX) + } + config.SpiderY = make([]int64, 10) + u, _ := url.Parse(c.SpiderX) + q := u.Query() + parse := func(param string, index int) { + if q.Get(param) != "" { + s := strings.Split(q.Get(param), "-") + if len(s) == 1 { + config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) + config.SpiderY[index+1], _ = strconv.ParseInt(s[0], 10, 64) + } else { + config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) + config.SpiderY[index+1], _ = strconv.ParseInt(s[1], 10, 64) + } + } + q.Del(param) + } + parse("p", 0) // padding + parse("c", 2) // concurrency + parse("t", 4) // times + parse("i", 6) // interval + parse("r", 8) // return + u.RawQuery = q.Encode() + config.SpiderX = u.String() + config.ServerName = c.ServerName + } + return config, nil +} + type TransportProtocol string // Build implements Buildable. @@ -598,19 +767,20 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { } type StreamConfig struct { - Network *TransportProtocol `json:"network"` - Security string `json:"security"` - TLSSettings *TLSConfig `json:"tlsSettings"` - XTLSSettings *XTLSConfig `json:"xtlsSettings"` - TCPSettings *TCPConfig `json:"tcpSettings"` - KCPSettings *KCPConfig `json:"kcpSettings"` - WSSettings *WebSocketConfig `json:"wsSettings"` - HTTPSettings *HTTPConfig `json:"httpSettings"` - DSSettings *DomainSocketConfig `json:"dsSettings"` - QUICSettings *QUICConfig `json:"quicSettings"` - SocketSettings *SocketConfig `json:"sockopt"` - GRPCConfig *GRPCConfig `json:"grpcSettings"` - GUNConfig *GRPCConfig `json:"gunSettings"` + Network *TransportProtocol `json:"network"` + Security string `json:"security"` + TLSSettings *TLSConfig `json:"tlsSettings"` + XTLSSettings *XTLSConfig `json:"xtlsSettings"` + REALITYSettings *REALITYConfig `json:"realitySettings"` + TCPSettings *TCPConfig `json:"tcpSettings"` + KCPSettings *KCPConfig `json:"kcpSettings"` + WSSettings *WebSocketConfig `json:"wsSettings"` + HTTPSettings *HTTPConfig `json:"httpSettings"` + DSSettings *DomainSocketConfig `json:"dsSettings"` + QUICSettings *QUICConfig `json:"quicSettings"` + SocketSettings *SocketConfig `json:"sockopt"` + GRPCConfig *GRPCConfig `json:"grpcSettings"` + GUNConfig *GRPCConfig `json:"gunSettings"` } // Build implements Buildable. @@ -660,6 +830,21 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type } + if strings.EqualFold(c.Security, "reality") { + if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "domainsocket" { + return nil, newError("REALITY only supports TCP, H2 and DomainSocket for now.") + } + if c.REALITYSettings == nil { + return nil, newError(`REALITY: Empty "realitySettings".`) + } + ts, err := c.REALITYSettings.Build() + if err != nil { + return nil, newError("Failed to build REALITY config.").Base(err) + } + tm := serial.ToTypedMessage(ts) + config.SecuritySettings = append(config.SecuritySettings, tm) + config.SecurityType = tm.Type + } if c.TCPSettings != nil { ts, err := c.TCPSettings.Build() if err != nil { diff --git a/main/commands/all/commands.go b/main/commands/all/commands.go index da50a8456c05..9b8b49e0258a 100644 --- a/main/commands/all/commands.go +++ b/main/commands/all/commands.go @@ -15,5 +15,6 @@ func init() { // cmdConvert, tls.CmdTLS, cmdUUID, + cmdX25519, ) } diff --git a/main/commands/all/x25519.go b/main/commands/all/x25519.go new file mode 100644 index 000000000000..4ab1d09d5b23 --- /dev/null +++ b/main/commands/all/x25519.go @@ -0,0 +1,63 @@ +package all + +import ( + "crypto/rand" + "encoding/base64" + "fmt" + "io" + + "github.com/xtls/xray-core/main/commands/base" + "golang.org/x/crypto/curve25519" +) + +var cmdX25519 = &base.Command{ + UsageLine: `{{.Exec}} x25519 [-i "private key (base64.RawURLEncoding)"]`, + Short: `Generate key pair for x25519 key exchange`, + Long: ` +Generate key pair for x25519 key exchange. + +Random: {{.Exec}} x25519 + +From private key: {{.Exec}} x25519 -i "private key (base64.RawURLEncoding)" +`, +} + +func init() { + cmdX25519.Run = executeX25519 // break init loop +} + +var input_base64 = cmdX25519.Flag.String("i", "", "") + +func executeX25519(cmd *base.Command, args []string) { + var output string + var err error + var privateKey []byte + var publicKey []byte + if len(*input_base64) > 0 { + privateKey, err = base64.RawURLEncoding.DecodeString(*input_base64) + if err != nil { + output = err.Error() + goto out + } + if len(privateKey) != curve25519.ScalarSize { + output = "Invalid length of private key." + goto out + } + } + if privateKey == nil { + privateKey = make([]byte, curve25519.ScalarSize) + if _, err = io.ReadFull(rand.Reader, privateKey); err != nil { + output = err.Error() + goto out + } + } + if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil { + output = err.Error() + goto out + } + output = fmt.Sprintf("Private key: %v\nPublic key: %v", + base64.RawURLEncoding.EncodeToString(privateKey), + base64.RawURLEncoding.EncodeToString(publicKey)) +out: + fmt.Println(output) +} diff --git a/main/distro/all/all.go b/main/distro/all/all.go index f92542d5c54e..7fb7307128fc 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -56,6 +56,7 @@ import ( _ "github.com/xtls/xray-core/transport/internet/http" _ "github.com/xtls/xray-core/transport/internet/kcp" _ "github.com/xtls/xray-core/transport/internet/quic" + _ "github.com/xtls/xray-core/transport/internet/reality" _ "github.com/xtls/xray-core/transport/internet/tcp" _ "github.com/xtls/xray-core/transport/internet/tls" _ "github.com/xtls/xray-core/transport/internet/udp" diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 6309bbc6596e..30b52ad35a7b 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -24,6 +24,7 @@ import ( "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/features/stats" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" @@ -411,6 +412,12 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + cs := realityConn.ConnectionState() + name = cs.ServerName + alpn = cs.NegotiatedProtocol + newError("realName = " + name).AtInfo().WriteToLog(sid) + newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } name = strings.ToLower(name) alpn = strings.ToLower(alpn) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 5b0833ca08b5..a7863051fa09 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -26,7 +26,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/common/task" - core "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/dns" feature_inbound "github.com/xtls/xray-core/features/inbound" "github.com/xtls/xray-core/features/policy" @@ -34,6 +34,7 @@ import ( "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -246,6 +247,12 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + cs := realityConn.ConnectionState() + name = cs.ServerName + alpn = cs.NegotiatedProtocol + newError("realName = " + name).AtInfo().WriteToLog(sid) + newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } name = strings.ToLower(name) alpn = strings.ToLower(alpn) @@ -494,10 +501,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() + return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index f001a6b33c9f..e532dfb68c79 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -22,13 +22,14 @@ import ( "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/common/task" "github.com/xtls/xray-core/common/xudp" - core "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -164,8 +165,12 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte netConn = utlsConn.NetConn() t = reflect.TypeOf(utlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(utlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.UConn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() + return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go index 556c48e36170..2a7727eec147 100644 --- a/transport/internet/domainsocket/dial.go +++ b/transport/internet/domainsocket/dial.go @@ -9,6 +9,7 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -30,6 +31,8 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil + } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + return reality.UClient(conn, config, ctx, dest) } return conn, nil diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go index a8185d6b8ee9..9c05c95f03be 100644 --- a/transport/internet/domainsocket/listener.go +++ b/transport/internet/domainsocket/listener.go @@ -10,9 +10,11 @@ import ( "strings" goxtls "github.com/xtls/go" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -20,13 +22,14 @@ import ( ) type Listener struct { - addr *net.UnixAddr - ln net.Listener - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - config *Config - addConn internet.ConnHandler - locker *fileLocker + addr *net.UnixAddr + ln net.Listener + tlsConfig *gotls.Config + xtlsConfig *goxtls.Config + realityConfig *goreality.Config + config *Config + addConn internet.ConnHandler + locker *fileLocker } func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) { @@ -64,6 +67,9 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { ln.xtlsConfig = config.GetXTLSConfig() } + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + ln.realityConfig = config.GetREALITYConfig() + } go ln.run() @@ -91,14 +97,19 @@ func (ln *Listener) run() { newError("failed to accepted raw connections").Base(err).AtWarning().WriteToLog() continue } - - if ln.tlsConfig != nil { - conn = tls.Server(conn, ln.tlsConfig) - } else if ln.xtlsConfig != nil { - conn = xtls.Server(conn, ln.xtlsConfig) - } - - ln.addConn(stat.Connection(conn)) + go func() { + if ln.tlsConfig != nil { + conn = tls.Server(conn, ln.tlsConfig) + } else if ln.xtlsConfig != nil { + conn = xtls.Server(conn, ln.xtlsConfig) + } else if ln.realityConfig != nil { + if conn, err = reality.Server(conn, ln.realityConfig); err != nil { + newError(err).AtInfo().WriteToLog() + return + } + } + ln.addConn(stat.Connection(conn)) + }() } } diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index a192bddd8c54..25ede63fb543 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -14,6 +14,7 @@ import ( "github.com/xtls/xray-core/common/net/cnc" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/pipe" @@ -40,8 +41,9 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in httpSettings := streamSettings.ProtocolSettings.(*Config) tlsConfigs := tls.ConfigFromStreamSettings(streamSettings) - if tlsConfigs == nil { - return nil, newError("TLS must be enabled for http transport.").AtWarning() + realityConfigs := reality.ConfigFromStreamSettings(streamSettings) + if tlsConfigs == nil && realityConfigs == nil { + return nil, newError("TLS or REALITY must be enabled for http transport.").AtWarning() } sockopt := streamSettings.SocketSettings @@ -74,6 +76,10 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } + if realityConfigs != nil { + return reality.UClient(pconn, realityConfigs, ctx, dest) + } + var cn tls.Interface if fingerprint := tls.GetFingerprint(tlsConfigs.Fingerprint); fingerprint != nil { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) @@ -99,7 +105,10 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } return cn, nil }, - TLSClientConfig: tlsConfigs.GetTLSConfig(tls.WithDestination(dest)), + } + + if tlsConfigs != nil { + transport.TLSClientConfig = tlsConfigs.GetTLSConfig(tls.WithDestination(dest)) } if httpSettings.IdleTimeout > 0 || httpSettings.HealthCheckTimeout > 0 { diff --git a/transport/internet/reality/config.go b/transport/internet/reality/config.go new file mode 100644 index 000000000000..f7938db52800 --- /dev/null +++ b/transport/internet/reality/config.go @@ -0,0 +1,45 @@ +package reality + +import ( + "time" + + "github.com/xtls/reality" + "github.com/xtls/xray-core/transport/internet" +) + +func (c *Config) GetREALITYConfig() *reality.Config { + config := &reality.Config{ + Show: c.Show, + Type: c.Type, + Dest: c.Dest, + Xver: byte(c.Xver), + + PrivateKey: c.PrivateKey, + MinClientVer: c.MinClientVer, + MaxClientVer: c.MaxClientVer, + MaxTimeDiff: time.Duration(c.MaxTimeDiff) * time.Millisecond, + + NextProtos: nil, // should be nil + SessionTicketsDisabled: true, + } + config.ServerNames = make(map[string]bool) + for _, serverName := range c.ServerNames { + config.ServerNames[serverName] = true + } + config.ShortIds = make(map[[8]byte]bool) + for _, shortId := range c.ShortIds { + config.ShortIds[*(*[8]byte)(shortId)] = true + } + return config +} + +func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config { + if settings == nil { + return nil + } + config, ok := settings.SecuritySettings.(*Config) + if !ok { + return nil + } + return config +} diff --git a/transport/internet/reality/config.pb.go b/transport/internet/reality/config.pb.go new file mode 100644 index 000000000000..a140d9ab6a10 --- /dev/null +++ b/transport/internet/reality/config.pb.go @@ -0,0 +1,300 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.12 +// source: transport/internet/reality/config.proto + +package reality + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Config struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Show bool `protobuf:"varint,1,opt,name=show,proto3" json:"show,omitempty"` + Dest string `protobuf:"bytes,2,opt,name=dest,proto3" json:"dest,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + Xver uint64 `protobuf:"varint,4,opt,name=xver,proto3" json:"xver,omitempty"` + ServerNames []string `protobuf:"bytes,5,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"` + PrivateKey []byte `protobuf:"bytes,6,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + MinClientVer []byte `protobuf:"bytes,7,opt,name=min_client_ver,json=minClientVer,proto3" json:"min_client_ver,omitempty"` + MaxClientVer []byte `protobuf:"bytes,8,opt,name=max_client_ver,json=maxClientVer,proto3" json:"max_client_ver,omitempty"` + MaxTimeDiff uint64 `protobuf:"varint,9,opt,name=max_time_diff,json=maxTimeDiff,proto3" json:"max_time_diff,omitempty"` + ShortIds [][]byte `protobuf:"bytes,10,rep,name=short_ids,json=shortIds,proto3" json:"short_ids,omitempty"` + Fingerprint string `protobuf:"bytes,21,opt,name=Fingerprint,proto3" json:"Fingerprint,omitempty"` + ServerName string `protobuf:"bytes,22,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` + PublicKey []byte `protobuf:"bytes,23,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + ShortId []byte `protobuf:"bytes,24,opt,name=short_id,json=shortId,proto3" json:"short_id,omitempty"` + SpiderX string `protobuf:"bytes,25,opt,name=spider_x,json=spiderX,proto3" json:"spider_x,omitempty"` + SpiderY []int64 `protobuf:"varint,26,rep,packed,name=spider_y,json=spiderY,proto3" json:"spider_y,omitempty"` +} + +func (x *Config) Reset() { + *x = Config{} + if protoimpl.UnsafeEnabled { + mi := &file_transport_internet_reality_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_transport_internet_reality_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. +func (*Config) Descriptor() ([]byte, []int) { + return file_transport_internet_reality_config_proto_rawDescGZIP(), []int{0} +} + +func (x *Config) GetShow() bool { + if x != nil { + return x.Show + } + return false +} + +func (x *Config) GetDest() string { + if x != nil { + return x.Dest + } + return "" +} + +func (x *Config) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *Config) GetXver() uint64 { + if x != nil { + return x.Xver + } + return 0 +} + +func (x *Config) GetServerNames() []string { + if x != nil { + return x.ServerNames + } + return nil +} + +func (x *Config) GetPrivateKey() []byte { + if x != nil { + return x.PrivateKey + } + return nil +} + +func (x *Config) GetMinClientVer() []byte { + if x != nil { + return x.MinClientVer + } + return nil +} + +func (x *Config) GetMaxClientVer() []byte { + if x != nil { + return x.MaxClientVer + } + return nil +} + +func (x *Config) GetMaxTimeDiff() uint64 { + if x != nil { + return x.MaxTimeDiff + } + return 0 +} + +func (x *Config) GetShortIds() [][]byte { + if x != nil { + return x.ShortIds + } + return nil +} + +func (x *Config) GetFingerprint() string { + if x != nil { + return x.Fingerprint + } + return "" +} + +func (x *Config) GetServerName() string { + if x != nil { + return x.ServerName + } + return "" +} + +func (x *Config) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +func (x *Config) GetShortId() []byte { + if x != nil { + return x.ShortId + } + return nil +} + +func (x *Config) GetSpiderX() string { + if x != nil { + return x.SpiderX + } + return "" +} + +func (x *Config) GetSpiderY() []int64 { + if x != nil { + return x.SpiderY + } + return nil +} + +var File_transport_internet_reality_config_proto protoreflect.FileDescriptor + +var file_transport_internet_reality_config_proto_rawDesc = []byte{ + 0x0a, 0x27, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x2f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1f, 0x78, 0x72, 0x61, 0x79, 0x2e, + 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x2e, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x22, 0xdc, 0x03, 0x0a, 0x06, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x68, 0x6f, 0x77, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x04, 0x73, 0x68, 0x6f, 0x77, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, + 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x04, 0x78, 0x76, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, + 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, + 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x69, 0x6e, + 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x0c, 0x6d, 0x69, 0x6e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x12, + 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x76, 0x65, + 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x43, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x56, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x69, 0x6d, + 0x65, 0x5f, 0x64, 0x69, 0x66, 0x66, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x6d, 0x61, + 0x78, 0x54, 0x69, 0x6d, 0x65, 0x44, 0x69, 0x66, 0x66, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x6f, + 0x72, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x08, 0x73, 0x68, + 0x6f, 0x72, 0x74, 0x49, 0x64, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x46, 0x69, 0x6e, + 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x68, 0x6f, 0x72, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x68, 0x6f, 0x72, + 0x74, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x78, 0x18, + 0x19, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x58, 0x12, 0x19, + 0x0a, 0x08, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x79, 0x18, 0x1a, 0x20, 0x03, 0x28, 0x03, + 0x52, 0x07, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x59, 0x42, 0x7f, 0x0a, 0x23, 0x63, 0x6f, 0x6d, + 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, + 0x50, 0x01, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, + 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0xaa, 0x02, 0x1f, 0x58, 0x72, 0x61, 0x79, 0x2e, + 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x2e, 0x52, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_transport_internet_reality_config_proto_rawDescOnce sync.Once + file_transport_internet_reality_config_proto_rawDescData = file_transport_internet_reality_config_proto_rawDesc +) + +func file_transport_internet_reality_config_proto_rawDescGZIP() []byte { + file_transport_internet_reality_config_proto_rawDescOnce.Do(func() { + file_transport_internet_reality_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_reality_config_proto_rawDescData) + }) + return file_transport_internet_reality_config_proto_rawDescData +} + +var file_transport_internet_reality_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_transport_internet_reality_config_proto_goTypes = []interface{}{ + (*Config)(nil), // 0: xray.transport.internet.reality.Config +} +var file_transport_internet_reality_config_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_transport_internet_reality_config_proto_init() } +func file_transport_internet_reality_config_proto_init() { + if File_transport_internet_reality_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_transport_internet_reality_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Config); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_transport_internet_reality_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_transport_internet_reality_config_proto_goTypes, + DependencyIndexes: file_transport_internet_reality_config_proto_depIdxs, + MessageInfos: file_transport_internet_reality_config_proto_msgTypes, + }.Build() + File_transport_internet_reality_config_proto = out.File + file_transport_internet_reality_config_proto_rawDesc = nil + file_transport_internet_reality_config_proto_goTypes = nil + file_transport_internet_reality_config_proto_depIdxs = nil +} diff --git a/transport/internet/reality/config.proto b/transport/internet/reality/config.proto new file mode 100644 index 000000000000..f9ae3a4fd80a --- /dev/null +++ b/transport/internet/reality/config.proto @@ -0,0 +1,27 @@ +syntax = "proto3"; + +package xray.transport.internet.reality; +option csharp_namespace = "Xray.Transport.Internet.Reality"; +option go_package = "github.com/xtls/xray-core/transport/internet/reality"; +option java_package = "com.xray.transport.internet.reality"; +option java_multiple_files = true; + +message Config { + bool show = 1; + string dest = 2; + string type = 3; + uint64 xver = 4; + repeated string server_names = 5; + bytes private_key = 6; + bytes min_client_ver = 7; + bytes max_client_ver = 8; + uint64 max_time_diff = 9; + repeated bytes short_ids = 10; + + string Fingerprint = 21; + string server_name = 22; + bytes public_key = 23; + bytes short_id = 24; + string spider_x = 25; + repeated int64 spider_y = 26; +} diff --git a/transport/internet/reality/errors.generated.go b/transport/internet/reality/errors.generated.go new file mode 100644 index 000000000000..e578015f52e4 --- /dev/null +++ b/transport/internet/reality/errors.generated.go @@ -0,0 +1,9 @@ +package reality + +import "github.com/xtls/xray-core/common/errors" + +type errPathObjHolder struct{} + +func newError(values ...interface{}) *errors.Error { + return errors.New(values...).WithPathObj(errPathObjHolder{}) +} diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go new file mode 100644 index 000000000000..145f1531a940 --- /dev/null +++ b/transport/internet/reality/reality.go @@ -0,0 +1,269 @@ +package reality + +import ( + "bytes" + "context" + "crypto/aes" + "crypto/cipher" + "crypto/ed25519" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "crypto/sha512" + gotls "crypto/tls" + "crypto/x509" + "encoding/binary" + "fmt" + "io" + "math/big" + "net/http" + "reflect" + "regexp" + "strings" + "sync" + "time" + "unsafe" + + utls "github.com/refraction-networking/utls" + "github.com/xtls/reality" + "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/transport/internet/tls" + "golang.org/x/crypto/hkdf" + "golang.org/x/net/http2" +) + +//go:generate go run github.com/xtls/xray-core/common/errors/errorgen + +type Conn struct { + *reality.Conn +} + +func (c *Conn) HandshakeAddress() net.Address { + if err := c.Handshake(); err != nil { + return nil + } + state := c.ConnectionState() + if state.ServerName == "" { + return nil + } + return net.ParseAddress(state.ServerName) +} + +func Server(c net.Conn, config *reality.Config) (net.Conn, error) { + realityConn, err := reality.Server(c, config) + return &Conn{Conn: realityConn}, err +} + +type UConn struct { + *utls.UConn + ServerName string + AuthKey []byte + Verified bool +} + +func (c *UConn) HandshakeAddress() net.Address { + if err := c.Handshake(); err != nil { + return nil + } + state := c.ConnectionState() + if state.ServerName == "" { + return nil + } + return net.ParseAddress(state.ServerName) +} + +func (c *UConn) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates") + certs := *(*([]*x509.Certificate))(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + p.Offset)) + if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok { + h := hmac.New(sha512.New, c.AuthKey) + h.Write(pub) + if bytes.Equal(h.Sum(nil), certs[0].Signature) { + c.Verified = true + return nil + } + } + opts := x509.VerifyOptions{ + DNSName: c.ServerName, + Intermediates: x509.NewCertPool(), + } + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + if _, err := certs[0].Verify(opts); err != nil { + return err + } + return nil +} + +func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destination) (net.Conn, error) { + localAddr := c.LocalAddr().String() + uConn := &UConn{} + utlsConfig := &utls.Config{ + VerifyPeerCertificate: uConn.VerifyPeerCertificate, + ServerName: config.ServerName, + InsecureSkipVerify: true, + SessionTicketsDisabled: true, + } + if utlsConfig.ServerName == "" && dest.Address.Family().IsDomain() { + utlsConfig.ServerName = dest.Address.Domain() + } + uConn.ServerName = utlsConfig.ServerName + fingerprint := tls.GetFingerprint(config.Fingerprint) + if fingerprint == nil { + return nil, newError("REALITY: failed to get fingerprint").AtError() + } + uConn.UConn = utls.UClient(c, utlsConfig, *fingerprint) + { + uConn.BuildHandshakeState() + hello := uConn.HandshakeState.Hello + hello.SessionId = make([]byte, 32) + copy(hello.Raw[39:], hello.SessionId) // the location of session ID + binary.BigEndian.PutUint64(hello.SessionId, uint64(time.Now().Unix())) + hello.SessionId[0] = core.Version_x + hello.SessionId[1] = core.Version_y + hello.SessionId[2] = core.Version_z + copy(hello.SessionId[8:], config.ShortId) + if config.Show { + fmt.Printf("REALITY localAddr: %v\thello.sessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) + } + uConn.AuthKey = uConn.HandshakeState.State13.EcdheParams.SharedKey(config.PublicKey) + if uConn.AuthKey == nil { + return nil, errors.New("REALITY: SharedKey == nil") + } + if _, err := hkdf.New(sha256.New, uConn.AuthKey, hello.Random[:20], []byte("REALITY")).Read(uConn.AuthKey); err != nil { + return nil, err + } + block, _ := aes.NewCipher(uConn.AuthKey) + aead, _ := cipher.NewGCM(block) + aead.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw) + copy(hello.Raw[39:], hello.SessionId) + if config.Show { + fmt.Printf("REALITY localAddr: %v\thello.sessionId: %v\n", localAddr, hello.SessionId) + fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey: %v\n", localAddr, uConn.AuthKey) + } + } + if err := uConn.Handshake(); err != nil { + return nil, err + } + if config.Show { + fmt.Printf("REALITY localAddr: %v\tuConn.Verified: %v\n", localAddr, uConn.Verified) + } + if !uConn.Verified { + go func() { + client := &http.Client{ + Transport: &http2.Transport{ + DialTLSContext: func(ctx context.Context, network, addr string, cfg *gotls.Config) (net.Conn, error) { + fmt.Printf("REALITY localAddr: %v\tDialTLSContext\n", localAddr) + return uConn, nil + }, + }, + } + prefix := []byte("https://" + uConn.ServerName) + maps.Lock() + if maps.maps == nil { + maps.maps = make(map[string]map[string]bool) + } + paths := maps.maps[uConn.ServerName] + if paths == nil { + paths = make(map[string]bool) + paths[config.SpiderX] = true + maps.maps[uConn.ServerName] = paths + } + firstURL := string(prefix) + getPathLocked(paths) + maps.Unlock() + get := func(first bool) { + var ( + req *http.Request + resp *http.Response + err error + body []byte + ) + if first { + req, _ = http.NewRequest("GET", firstURL, nil) + } else { + maps.Lock() + req, _ = http.NewRequest("GET", string(prefix)+getPathLocked(paths), nil) + maps.Unlock() + } + req.Header.Set("User-Agent", fingerprint.Client) // TODO: User-Agent map + if first && config.Show { + fmt.Printf("REALITY localAddr: %v\treq.UserAgent(): %v\n", localAddr, req.UserAgent()) + } + times := 1 + if !first { + times = int(randBetween(config.SpiderY[4], config.SpiderY[5])) + } + for j := 0; j < times; j++ { + if !first && j == 0 { + req.Header.Set("Referer", firstURL) + } + req.AddCookie(&http.Cookie{Name: "padding", Value: strings.Repeat("0", int(randBetween(config.SpiderY[0], config.SpiderY[1])))}) + if resp, err = client.Do(req); err != nil { + break + } + req.Header.Set("Referer", req.URL.String()) + if body, err = io.ReadAll(resp.Body); err != nil { + break + } + maps.Lock() + for _, m := range href.FindAllSubmatch(body, -1) { + m[1] = bytes.TrimPrefix(m[1], prefix) + if !bytes.Contains(m[1], dot) { + paths[string(m[1])] = true + } + } + req.URL.Path = getPathLocked(paths) + if config.Show { + fmt.Printf("REALITY localAddr: %v\treq.Referer(): %v\n", localAddr, req.Referer()) + fmt.Printf("REALITY localAddr: %v\tlen(body): %v\n", localAddr, len(body)) + fmt.Printf("REALITY localAddr: %v\tlen(paths): %v\n", localAddr, len(paths)) + } + maps.Unlock() + if !first { + time.Sleep(time.Duration(randBetween(config.SpiderY[6], config.SpiderY[7])) * time.Millisecond) // interval + } + } + } + get(true) + concurrency := int(randBetween(config.SpiderY[2], config.SpiderY[3])) + for i := 0; i < concurrency; i++ { + go get(false) + } + // Do not close the connection + }() + time.Sleep(time.Duration(randBetween(config.SpiderY[8], config.SpiderY[9])) * time.Millisecond) // return + return nil, errors.New("REALITY: processed invalid connection") + } + return uConn, nil +} + +var href = regexp.MustCompile(`href="([/h].*?)"`) +var dot = []byte(".") + +var maps struct { + sync.Mutex + maps map[string]map[string]bool +} + +func getPathLocked(paths map[string]bool) string { + stopAt := int(randBetween(0, int64(len(paths)-1))) + i := 0 + for s := range paths { + if i == stopAt { + return s + } + i++ + } + return "/" +} + +func randBetween(left int64, right int64) int64 { + if left == right { + return left + } + bigInt, _ := rand.Int(rand.Reader, big.NewInt(right-left)) + return left + bigInt.Int64() +} diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index 5606cd8dfedc..c806246f23ac 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -7,6 +7,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -33,6 +34,10 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest)) conn = xtls.Client(conn, xtlsConfig) + } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + if conn, err = reality.UClient(conn, config, ctx, dest); err != nil { + return nil, err + } } tcpSettings := streamSettings.ProtocolSettings.(*Config) diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index 828bf97267d9..f6625ec13a6f 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -7,10 +7,12 @@ import ( "time" goxtls "github.com/xtls/go" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -18,13 +20,14 @@ import ( // Listener is an internet.Listener that listens for TCP connections. type Listener struct { - listener net.Listener - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - authConfig internet.ConnectionAuthenticator - config *Config - addConn internet.ConnHandler - locker *internet.FileLocker // for unix domain socket + listener net.Listener + tlsConfig *gotls.Config + xtlsConfig *goxtls.Config + realityConfig *goreality.Config + authConfig internet.ConnectionAuthenticator + config *Config + addConn internet.ConnHandler + locker *internet.FileLocker // for unix domain socket } // ListenTCP creates a new Listener based on configurations. @@ -78,6 +81,9 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { l.xtlsConfig = config.GetXTLSConfig() } + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + l.realityConfig = config.GetREALITYConfig() + } if tcpSettings.HeaderSettings != nil { headerConfig, err := tcpSettings.HeaderSettings.GetInstance() @@ -109,17 +115,22 @@ func (v *Listener) keepAccepting() { } continue } - - if v.tlsConfig != nil { - conn = tls.Server(conn, v.tlsConfig) - } else if v.xtlsConfig != nil { - conn = xtls.Server(conn, v.xtlsConfig) - } - if v.authConfig != nil { - conn = v.authConfig.Server(conn) - } - - v.addConn(stat.Connection(conn)) + go func() { + if v.tlsConfig != nil { + conn = tls.Server(conn, v.tlsConfig) + } else if v.xtlsConfig != nil { + conn = xtls.Server(conn, v.xtlsConfig) + } else if v.realityConfig != nil { + if conn, err = reality.Server(conn, v.realityConfig); err != nil { + newError(err).AtInfo().WriteToLog() + return + } + } + if v.authConfig != nil { + conn = v.authConfig.Server(conn) + } + v.addConn(stat.Connection(conn)) + }() } } From 82003f28b220be4690176bb266e1447d5972bbaf Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 11:43:18 +0000 Subject: [PATCH 043/226] Upgrade github.com/xtls/reality to 085bdf2104d3 Fixes https://github.com/XTLS/Xray-core/issues/1659 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ecf8e3548452..d14f5d2ddc8c 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 + github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index c2d2af911912..d32d88e75155 100644 --- a/go.sum +++ b/go.sum @@ -193,8 +193,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 h1:H7I3fhMXA0GKSysu+KcSNMdX/o4MBElWR02/NIwhmpY= -github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 h1:Rp9BfXZ+Li5j5L40zAdFZLcr0nXrYBPgaNpQ9lQnpWg= +github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= From e1cd1fd33ece9c9190efd43acc356400d129cc05 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 12:39:18 +0000 Subject: [PATCH 044/226] Allow empty "shortId" (client side) --- infra/conf/transport_internet.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index d71795283e41..dd84a89af58e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -637,9 +637,6 @@ func (c *REALITYConfig) Build() (proto.Message, error) { if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { return nil, newError(`invalid "publicKey": `, c.PublicKey) } - if c.ShortId == "" { - return nil, newError(`empty "shortId"`) - } config.ShortId = make([]byte, 8) if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { return nil, newError(`invalid "shortId": `, c.ShortId) From c7358a32f5b75dc31b5428432a231b03b7dc421b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 21:07:27 +0800 Subject: [PATCH 045/226] Allow empty "spiderX" (client side) --- infra/conf/transport_internet.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index dd84a89af58e..4d2e92e4a15f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -642,7 +642,7 @@ func (c *REALITYConfig) Build() (proto.Message, error) { return nil, newError(`invalid "shortId": `, c.ShortId) } if c.SpiderX == "" { - return nil, newError(`empty "spiderX"`) + c.SpiderX = "/" } if c.SpiderX[0] != '/' { return nil, newError(`invalid "spiderX": `, c.SpiderX) From 4d5c3195d2a6efd6fe33fd13ad79e0b54d213937 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 18 Feb 2023 05:55:19 +0000 Subject: [PATCH 046/226] Refine random Fixes https://github.com/XTLS/Xray-core/issues/1666 --- transport/internet/tls/tls.go | 48 +++++++++++++++++------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 1a880b9850fc..2fd9a017dc21 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -173,47 +173,47 @@ var PresetFingerprints = map[string]*utls.ClientHelloID{ var ModernFingerprints = map[string]*utls.ClientHelloID{ // One of these will be chosen as `random` at startup - "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, - "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, - "helloios_auto": &utls.HelloIOS_Auto, - "helloios_12_1": &utls.HelloIOS_12_1, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, - "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, - "helloedge_auto": &utls.HelloEdge_Auto, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, - "hellosafari_auto": &utls.HelloSafari_Auto, "hellosafari_16_0": &utls.HelloSafari_16_0, - "hello360_auto": &utls.Hello360_Auto, "hello360_11_0": &utls.Hello360_11_0, - "helloqq_auto": &utls.HelloQQ_Auto, "helloqq_11_1": &utls.HelloQQ_11_1, } var OtherFingerprints = map[string]*utls.ClientHelloID{ - // Golang, randomized, and fingerprints that are more than 4 years old - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, - "helloios_11_1": &utls.HelloIOS_11_1, - "hello360_7_5": &utls.Hello360_7_5, + // Golang, randomized, auto, and fingerprints that are too old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_auto": &utls.HelloFirefox_Auto, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_auto": &utls.HelloChrome_Auto, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_auto": &utls.HelloIOS_Auto, + "helloios_11_1": &utls.HelloIOS_11_1, + "helloios_12_1": &utls.HelloIOS_12_1, + "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, + "helloedge_auto": &utls.HelloEdge_Auto, + "hellosafari_auto": &utls.HelloSafari_Auto, + "hello360_auto": &utls.Hello360_Auto, + "hello360_7_5": &utls.Hello360_7_5, + "helloqq_auto": &utls.HelloQQ_Auto, } From 9d3de59d3ffcf58c2d2aecb0866b3f0035baedd8 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Tue, 21 Feb 2023 13:43:13 +0000 Subject: [PATCH 047/226] Check "serverNames" and "shortIds" (client side) Prevents https://github.com/XTLS/Xray-core/issues/1675 --- infra/conf/transport_internet.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 4d2e92e4a15f..a81760cb8b15 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -631,12 +631,18 @@ func (c *REALITYConfig) Build() (proto.Message, error) { if config.Fingerprint == "hellogolang" { return nil, newError(`invalid "fingerprint": `, config.Fingerprint) } + if len(c.ServerNames) != 0 { + return nil, newError(`non-empty "serverNames", please use "serverName" instead`) + } if c.PublicKey == "" { return nil, newError(`empty "publicKey"`) } if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { return nil, newError(`invalid "publicKey": `, c.PublicKey) } + if len(c.ShortIds) != 0 { + return nil, newError(`non-empty "shortIds", please use "shortId" instead`) + } config.ShortId = make([]byte, 8) if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { return nil, newError(`invalid "shortId": `, c.ShortId) From 9e07d8304d6e4df6a299a7c4095d92ca161a5cea Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Tue, 21 Feb 2023 22:23:10 -0500 Subject: [PATCH 048/226] Add retry for test steps to download geofiles --- .github/workflows/test.yml | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ffdc64cbdbe5..03a2a37ec9b0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -37,15 +37,25 @@ jobs: - name: Prepare geo*dat if: ${{ matrix.os != 'windows-latest' }} - run: | - mkdir resources - wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat - wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | + mkdir resources + wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat + wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - name: Prepare geo*dat for Windows if: ${{ matrix.os == 'windows-latest' }} - run: | - mkdir resources - Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" - Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | + mkdir resources + Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" + Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" - name: Test run: go test -timeout 1h -v ./... From 7f16f4ccd923795bb516b384c552a98b96a275c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Feb 2023 00:59:30 +0000 Subject: [PATCH 049/226] Bump github.com/sagernet/sing from 0.1.6 to 0.1.7 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.6 to 0.1.7. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.6...v0.1.7) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d14f5d2ddc8c..280211635e79 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.2 - github.com/sagernet/sing v0.1.6 + github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index d32d88e75155..fd5cb1cc870f 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJp github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= -github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= +github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 267d93f7bd02773ce5074928767e2f28bd3eb770 Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Sat, 25 Feb 2023 00:42:02 +0800 Subject: [PATCH 050/226] Improve ReshapeMultiBuffer (#1636) * Improve ReshapeMultiBuffer * Improve again * Always resize --- proxy/vless/encoding/encoding.go | 36 +++++++++++++++----------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 1e8aaa922c39..fa5b438c82cf 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -469,38 +469,36 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt // ReshapeMultiBuffer prepare multi buffer for padding stucture (max 21 bytes) func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBuffer { - needReshape := false + needReshape := 0 for _, b := range buffer { if b.Len() >= buf.Size-21 { - needReshape = true + needReshape += 1 } } - if !needReshape { + if needReshape == 0 { return buffer } - mb2 := make(buf.MultiBuffer, 0, len(buffer)) - print := "" - for _, b := range buffer { - if b.Len() >= buf.Size-21 { - index := int32(bytes.LastIndex(b.Bytes(), tlsApplicationDataStart)) + mb2 := make(buf.MultiBuffer, 0, len(buffer)+needReshape) + toPrint := "" + for i, buffer1 := range buffer { + if buffer1.Len() >= buf.Size-21 { + index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart)) if index <= 0 { index = buf.Size / 2 } - buffer1 := buf.New() buffer2 := buf.New() - buffer1.Write(b.BytesTo(index)) - buffer2.Write(b.BytesFrom(index)) + buffer2.Write(buffer1.BytesFrom(index)) + buffer1.Resize(0, index) mb2 = append(mb2, buffer1, buffer2) - print += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) } else { - newbuffer := buf.New() - newbuffer.Write(b.Bytes()) - mb2 = append(mb2, newbuffer) - print += " " + strconv.Itoa(int(b.Len())) + mb2 = append(mb2, buffer1) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) } + buffer[i] = nil } - buf.ReleaseMulti(buffer) - newError("ReshapeMultiBuffer ", print).WriteToLog(session.ExportIDToError(ctx)) + buffer = buffer[:0] + newError("ReshapeMultiBuffer ", toPrint).WriteToLog(session.ExportIDToError(ctx)) return mb2 } @@ -524,7 +522,7 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Cont *userUUID = nil } newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) - if (b != nil) { + if b != nil { newbuffer.Write(b.Bytes()) b.Release() b = nil From 03b8c094de7250c2724be8208f7253c1cb3622ce Mon Sep 17 00:00:00 2001 From: Yue Yin Date: Fri, 17 Feb 2023 16:01:24 +0800 Subject: [PATCH 051/226] Support SPKI Fingerprint Pinning Support SPKI Fingerprint Pinning for TLSObject --- infra/conf/transport_internet.go | 38 +++++++----- transport/internet/tls/config.go | 14 +++++ transport/internet/tls/config.pb.go | 38 ++++++++---- transport/internet/tls/config.proto | 7 +++ transport/internet/tls/pin.go | 6 ++ transport/internet/tls/pin_test.go | 89 +++++++++++++++++++++++++++++ 6 files changed, 169 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index a81760cb8b15..d0249b445184 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -343,19 +343,20 @@ func (c *TLSCertConfig) Build() (*tls.Certificate, error) { } type TLSConfig struct { - Insecure bool `json:"allowInsecure"` - Certs []*TLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - EnableSessionResumption bool `json:"enableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` - MinVersion string `json:"minVersion"` - MaxVersion string `json:"maxVersion"` - CipherSuites string `json:"cipherSuites"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites"` - Fingerprint string `json:"fingerprint"` - RejectUnknownSNI bool `json:"rejectUnknownSni"` - PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` + Insecure bool `json:"allowInsecure"` + Certs []*TLSCertConfig `json:"certificates"` + ServerName string `json:"serverName"` + ALPN *StringList `json:"alpn"` + EnableSessionResumption bool `json:"enableSessionResumption"` + DisableSystemRoot bool `json:"disableSystemRoot"` + MinVersion string `json:"minVersion"` + MaxVersion string `json:"maxVersion"` + CipherSuites string `json:"cipherSuites"` + PreferServerCipherSuites bool `json:"preferServerCipherSuites"` + Fingerprint string `json:"fingerprint"` + RejectUnknownSNI bool `json:"rejectUnknownSni"` + PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` + PinnedPeerCertificatePublicKeySha256 *[]string `json:"pinnedPeerCertificatePublicKeySha256"` } // Build implements Buildable. @@ -400,6 +401,17 @@ func (c *TLSConfig) Build() (proto.Message, error) { } } + if c.PinnedPeerCertificatePublicKeySha256 != nil { + config.PinnedPeerCertificatePublicKeySha256 = [][]byte{} + for _, v := range *c.PinnedPeerCertificatePublicKeySha256 { + hashValue, err := base64.StdEncoding.DecodeString(v) + if err != nil { + return nil, err + } + config.PinnedPeerCertificatePublicKeySha256 = append(config.PinnedPeerCertificatePublicKeySha256, hashValue) + } + } + return config, nil } diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index e1c128825401..9c1f8eee68f7 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -266,6 +266,20 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert } return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue)) } + + if c.PinnedPeerCertificatePublicKeySha256 != nil { + for _, v := range verifiedChains { + for _, cert := range v { + publicHash := GenerateCertPublicKeyHash(cert) + for _, c := range c.PinnedPeerCertificatePublicKeySha256 { + if hmac.Equal(publicHash, c) { + return nil + } + } + } + } + return newError("peer public key is unrecognized.") + } return nil } diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go index d038de6bf6bd..d02fa1122043 100644 --- a/transport/internet/tls/config.pb.go +++ b/transport/internet/tls/config.pb.go @@ -203,6 +203,11 @@ type Config struct { // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificateChainSha256 [][]byte `protobuf:"bytes,13,rep,name=pinned_peer_certificate_chain_sha256,json=pinnedPeerCertificateChainSha256,proto3" json:"pinned_peer_certificate_chain_sha256,omitempty"` + // @Document A pinned certificate public key sha256 hash. + // @Document If the server's public key hash does not match this value, the connection will be aborted. + // @Document This value replace allow_insecure. + // @Critical + PinnedPeerCertificatePublicKeySha256 [][]byte `protobuf:"bytes,14,rep,name=pinned_peer_certificate_public_key_sha256,json=pinnedPeerCertificatePublicKeySha256,proto3" json:"pinned_peer_certificate_public_key_sha256,omitempty"` } func (x *Config) Reset() { @@ -328,6 +333,13 @@ func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte { return nil } +func (x *Config) GetPinnedPeerCertificatePublicKeySha256() [][]byte { + if x != nil { + return x.PinnedPeerCertificatePublicKeySha256 + } + return nil +} + var File_transport_internet_tls_config_proto protoreflect.FileDescriptor var file_transport_internet_tls_config_proto_rawDesc = []byte{ @@ -357,7 +369,7 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, - 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xf3, 0x04, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, + 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xcc, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4a, 0x0a, 0x0b, 0x63, 0x65, 0x72, @@ -396,15 +408,21 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x20, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, 0x73, 0x0a, - 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, - 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, - 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, - 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, - 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x57, 0x0a, + 0x29, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, + 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0c, + 0x52, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, + 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, 0x73, 0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, + 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/tls/config.proto b/transport/internet/tls/config.proto index 28266e20d47d..227840a21d35 100644 --- a/transport/internet/tls/config.proto +++ b/transport/internet/tls/config.proto @@ -76,4 +76,11 @@ message Config { @Critical */ repeated bytes pinned_peer_certificate_chain_sha256 = 13; + + /* @Document A pinned certificate public key sha256 hash. + @Document If the server's public key hash does not match this value, the connection will be aborted. + @Document This value replace allow_insecure. + @Critical + */ + repeated bytes pinned_peer_certificate_public_key_sha256 = 14; } diff --git a/transport/internet/tls/pin.go b/transport/internet/tls/pin.go index a7b012b546d3..f561bfdf69dc 100644 --- a/transport/internet/tls/pin.go +++ b/transport/internet/tls/pin.go @@ -2,6 +2,7 @@ package tls import ( "crypto/sha256" + "crypto/x509" "encoding/base64" "encoding/pem" ) @@ -34,3 +35,8 @@ func GenerateCertChainHash(rawCerts [][]byte) []byte { } return hashValue } + +func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte { + out := sha256.Sum256(cert.RawSubjectPublicKeyInfo) + return out[:] +} diff --git a/transport/internet/tls/pin_test.go b/transport/internet/tls/pin_test.go index 9607fe1f71e1..cfc60e178081 100644 --- a/transport/internet/tls/pin_test.go +++ b/transport/internet/tls/pin_test.go @@ -1,6 +1,9 @@ package tls import ( + "crypto/x509" + "encoding/base64" + "encoding/pem" "testing" "github.com/stretchr/testify/assert" @@ -108,3 +111,89 @@ tzY45d4mjPs0fKCFKSsVM6YT0tX4NwIKsOaeQg30WLtRyDwYm6ma/a/UUUS0FloZ assert.Equal(t, "FW3SVMCL6um2wVltOdgJ3DpI82aredw83YoCblkMkVM=", hash) }) } + +func TestCalculateCertPublicKeyHash(t *testing.T) { + const Single = `-----BEGIN CERTIFICATE----- +MIINWTCCC0GgAwIBAgITLQAxbA/A+lw/1sLDAAAAADFsDzANBgkqhkiG9w0BAQsF +ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMjAeFw0yMjExMjUwMDU2 +NTZaFw0yMzA1MjUwMDU2NTZaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOH89lKmtkDnClFiQwfZofZO4h8C +Ye/+ChI67pEw5Q6/MxJzHiMKe8f1WaNuc+wkdHdct+BmQ+AftozIJt+eSN6IF7eY +dsutBvR87GNLFe40MBvfyvTQVM9Ulv04JxOpKTYnsf2wmktEI3y7FCgfm9RT71n+ +Zef8Z8fa4By7aGfbbCQ0DsHl5P9o3ug/eLQODzK9NuQlwcVBHD2Zvgo+K7WOsjgE +k8JnOr+2zc0WWT4OrWSDJE/3l+jvhxmZkrwgmks4m9zUZvAnYAz/xxVCJRqbI3Ou +S5fkJJ3f6IxPbS2i8OWz6tma1aIkgQaFNJQuYOJa1esfQcEzs6kb/Xx5DXUCAwEA +AaOCCWQwgglgMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgCt9776fP8QyIud +PZwePhhqtGcpXc+xDCTKhYY069yCigAAAYSsUtxtAAAEAwBHMEUCIQCP/Jpp337p +cKITqS/kNlA4bNY6TK1Ad0VlsdkzQU+oZgIgFZb2AcsyT1UKCmM3ziGsLdvS9MAT +D1g/kztyDXhkA70AdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA +AYSsUtsZAAAEAwBHMEUCIQDvlqXrdA440PW6b+JLj4F0ZVQNKHcv1lub0FhQqHgR +wAIgAtC7eXvXXhVBuO+Bd3fkDI0aGQM+pcvIesBoygzStjQAdQB6MoxU2LcttiDq +OOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYSsUtmfAAAEAwBGMEQCIDgjSYt6e/h8 +dv2KGEL3AJZUBH2gp1AA5saH8o3OyMJhAiBOCzo3oWlVFeF/8c0fxIIs9Fj4w8BY +INo0jNP/k7apgTAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUF +BwMCMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF +9OtggV2Fho5Bh8KYUAIBZAIBJzCBhwYIKwYBBQUHAQEEezB5MFMGCCsGAQUFBzAC +hkdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQl +MjBSU0ElMjBUTFMlMjBDQSUyMDAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29j +c3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUpuSPPchFlPGu8FTbzPhJTFxQ7RowDgYD +VR0PAQH/BAQDAgSwMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGlj +dC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYII +YmluZy5jb22CFmllb25saW5lLm1pY3Jvc29mdC5jb22CEyoud2luZG93c3NlYXJj +aC5jb22CGWNuLmllb25saW5lLm1pY3Jvc29mdC5jb22CESoub3JpZ2luLmJpbmcu +Y29tgg0qLm1tLmJpbmcubmV0gg4qLmFwaS5iaW5nLmNvbYIYZWNuLmRldi52aXJ0 +dWFsZWFydGgubmV0gg0qLmNuLmJpbmcubmV0gg0qLmNuLmJpbmcuY29tghBzc2wt +YXBpLmJpbmcuY29tghBzc2wtYXBpLmJpbmcubmV0gg4qLmFwaS5iaW5nLm5ldIIO +Ki5iaW5nYXBpcy5jb22CD2JpbmdzYW5kYm94LmNvbYIWZmVlZGJhY2subWljcm9z +b2Z0LmNvbYIbaW5zZXJ0bWVkaWEuYmluZy5vZmZpY2UubmV0gg5yLmJhdC5iaW5n +LmNvbYIQKi5yLmJhdC5iaW5nLmNvbYISKi5kaWN0LmJpbmcuY29tLmNugg8qLmRp +Y3QuYmluZy5jb22CDiouc3NsLmJpbmcuY29tghAqLmFwcGV4LmJpbmcuY29tghYq +LnBsYXRmb3JtLmNuLmJpbmcuY29tgg13cC5tLmJpbmcuY29tggwqLm0uYmluZy5j +b22CD2dsb2JhbC5iaW5nLmNvbYIRd2luZG93c3NlYXJjaC5jb22CDnNlYXJjaC5t +c24uY29tghEqLmJpbmdzYW5kYm94LmNvbYIZKi5hcGkudGlsZXMuZGl0dS5saXZl +LmNvbYIPKi5kaXR1LmxpdmUuY29tghgqLnQwLnRpbGVzLmRpdHUubGl2ZS5jb22C +GCoudDEudGlsZXMuZGl0dS5saXZlLmNvbYIYKi50Mi50aWxlcy5kaXR1LmxpdmUu +Y29tghgqLnQzLnRpbGVzLmRpdHUubGl2ZS5jb22CFSoudGlsZXMuZGl0dS5saXZl +LmNvbYILM2QubGl2ZS5jb22CE2FwaS5zZWFyY2gubGl2ZS5jb22CFGJldGEuc2Vh +cmNoLmxpdmUuY29tghVjbndlYi5zZWFyY2gubGl2ZS5jb22CDGRldi5saXZlLmNv +bYINZGl0dS5saXZlLmNvbYIRZmFyZWNhc3QubGl2ZS5jb22CDmltYWdlLmxpdmUu +Y29tgg9pbWFnZXMubGl2ZS5jb22CEWxvY2FsLmxpdmUuY29tLmF1ghRsb2NhbHNl +YXJjaC5saXZlLmNvbYIUbHM0ZC5zZWFyY2gubGl2ZS5jb22CDW1haWwubGl2ZS5j +b22CEW1hcGluZGlhLmxpdmUuY29tgg5sb2NhbC5saXZlLmNvbYINbWFwcy5saXZl +LmNvbYIQbWFwcy5saXZlLmNvbS5hdYIPbWluZGlhLmxpdmUuY29tgg1uZXdzLmxp +dmUuY29tghxvcmlnaW4uY253ZWIuc2VhcmNoLmxpdmUuY29tghZwcmV2aWV3Lmxv +Y2FsLmxpdmUuY29tgg9zZWFyY2gubGl2ZS5jb22CEnRlc3QubWFwcy5saXZlLmNv +bYIOdmlkZW8ubGl2ZS5jb22CD3ZpZGVvcy5saXZlLmNvbYIVdmlydHVhbGVhcnRo +LmxpdmUuY29tggx3YXAubGl2ZS5jb22CEndlYm1hc3Rlci5saXZlLmNvbYITd2Vi +bWFzdGVycy5saXZlLmNvbYIVd3d3LmxvY2FsLmxpdmUuY29tLmF1ghR3d3cubWFw +cy5saXZlLmNvbS5hdTCBsAYDVR0fBIGoMIGlMIGioIGfoIGchk1odHRwOi8vbXNj +cmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBSU0El +MjBUTFMlMjBDQSUyMDAyLmNybIZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br +aS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMENBJTIwMDIuY3Js +MFcGA1UdIARQME4wQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93 +d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAIBgZngQwBAgEwHwYDVR0j +BBgwFoAU/y9/4Qb0OPMt7SWNmML+DvZs/PowHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQB4OIB/EHxpF64iFZME7XkJjZYn +ZiYIfOfHs6EGDNn7fxvpZS9HVy1jOWv/RvzEbMuSV3b/fItaJN/zATBg5/6hb5Jq +HGIcnKmb+tYrKlYhSOngHSu/8/OYP1dFFIqcVe0769kwXaKUzLh6UVRaS+mB7GFc +sXmPMbv5NM7mCUEdMkOaoSmubfw/WzmmRGrcSmtCxtIwMcp8Jf13Esunq//4+9w3 +M/JXa8ubmXyrY63zt/Oz/NkVJvja89ueovscy6s5sw2r+Su4bRsJjmxwCbakp56K +rbh7z417LzW88MMuATvOyk/O8Rbw2KYVSEiQgO54kHI0YkHkJ/6IoeAT1pmCfHUE +Rd+Ec8T+/lE2BPLVqp8SjogDYiybb0IR5Gn2vYyUdzsS2h/C5qGNd2t5ehxfjQoL +G6Y3GJZQRxkSX6TLPYU0U63wWb4yeSxabpBlARaZMaAoqDa3cX53WCnrAXDz8vuH +yAtX2/Jq7IpybFK5kFzbxfI02Ik0aCWJUnXPL8L6esTskwvkzX8rSI/bjPrzcJL5 +B9pONLy6wc8/Arfu2eNlMbs8s/g8c5zkEc3fBZ9tJ1dqlnMAVgB2+fwI3aK4F34N +uyfZW7Xu65KkPhbMnO0GVGM7X4Lkyjm4ysQ9PIRV3MwMfXH+RBSXlIayLTcYG4gl +XF1a/qnao6nMjyTIyQ== +-----END CERTIFICATE----- +` + t.Run("singlepublickey", func(t *testing.T) { + block, _ := pem.Decode([]byte(Single)) + cert, err := x509.ParseCertificate(block.Bytes) + assert.Equal(t, err, nil) + hash := GenerateCertPublicKeyHash(cert) + hashstr := base64.StdEncoding.EncodeToString(hash) + assert.Equal(t, "xI/4mNm8xF9uDT4vA9G1+aKAaybwNlkRECnN8vGAHTM=", hashstr) + }) +} From c8b45808696f440235d42e264fe48dac4eeb37b9 Mon Sep 17 00:00:00 2001 From: xqzr <34030394+xqzr@users.noreply.github.com> Date: Sat, 25 Feb 2023 00:54:40 +0800 Subject: [PATCH 052/226] add `V6Only` (#1677) * add `V6Only` * add `V6Only` --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 56 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 6 ++++ 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index d0249b445184..21cc7e2299cf 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -727,6 +727,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -777,6 +778,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + V6Only: c.V6only, Interface: c.Interface, }, nil } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 67bf9f5aebfe..1fd38539c76a 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc v4.22.0 // source: transport/internet/config.proto package internet @@ -426,6 +426,7 @@ type SocketConfig struct { TcpKeepAliveIdle int32 `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"` TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` + V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` } func (x *SocketConfig) Reset() { @@ -551,6 +552,13 @@ func (x *SocketConfig) GetInterface() string { return "" } +func (x *SocketConfig) GetV6Only() bool { + if x != nil { + return x.V6Only + } + return false +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -603,7 +611,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x86, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0x9e, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -640,27 +648,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, - 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, - 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, - 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, - 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, - 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, - 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, - 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, - 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, - 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, - 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, - 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, - 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, - 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, - 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, + 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, + 0x6c, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, + 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, + 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, + 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, + 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, + 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, + 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, + 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, + 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index bcd905a6324a..23a964fd3e3d 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -100,4 +100,6 @@ message SocketConfig { string tcp_congestion = 12; string interface = 13; + + bool v6only = 14; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index a5b7a49f7601..e8376025e5ff 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -155,6 +155,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) } } + if config.V6Only { + if err := syscall.SetsockoptInt(int(fd), syscall.SOL_IPV6, syscall.IPV6_V6ONLY, 1); err != nil { + return newError("failed to set IPV6_V6ONLY", err) + } + } + return nil } From 336b2daeb9f29759c057a456b19904ad3215d0fa Mon Sep 17 00:00:00 2001 From: sduoduo233 <85996970+sduoduo233@users.noreply.github.com> Date: Sat, 25 Feb 2023 01:06:24 +0800 Subject: [PATCH 053/226] DNS Header for KCP (#1672) * dns header * fixed domain name encoding for dns header --------- Co-authored-by: kerry --- infra/conf/transport_authenticators.go | 14 ++ infra/conf/transport_internet.go | 1 + transport/internet/headers/dns/config.pb.go | 153 ++++++++++++++++++++ transport/internet/headers/dns/config.proto | 12 ++ transport/internet/headers/dns/dns.go | 57 ++++++++ 5 files changed, 237 insertions(+) create mode 100644 transport/internet/headers/dns/config.pb.go create mode 100644 transport/internet/headers/dns/config.proto create mode 100644 transport/internet/headers/dns/dns.go diff --git a/infra/conf/transport_authenticators.go b/infra/conf/transport_authenticators.go index 703a13662cef..46be85886868 100644 --- a/infra/conf/transport_authenticators.go +++ b/infra/conf/transport_authenticators.go @@ -4,6 +4,7 @@ import ( "sort" "github.com/golang/protobuf/proto" + "github.com/xtls/xray-core/transport/internet/headers/dns" "github.com/xtls/xray-core/transport/internet/headers/http" "github.com/xtls/xray-core/transport/internet/headers/noop" "github.com/xtls/xray-core/transport/internet/headers/srtp" @@ -49,6 +50,19 @@ func (WireguardAuthenticator) Build() (proto.Message, error) { return new(wireguard.WireguardConfig), nil } +type DNSAuthenticator struct { + Domain string `json:"domain"` +} + +func (v *DNSAuthenticator) Build() (proto.Message, error) { + config := new(dns.Config) + config.Domain = "www.baidu.com" + if len(v.Domain) > 0 { + config.Domain = v.Domain + } + return config, nil +} + type DTLSAuthenticator struct{} func (DTLSAuthenticator) Build() (proto.Message, error) { diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 21cc7e2299cf..92abb6885cb6 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -37,6 +37,7 @@ var ( "wechat-video": func() interface{} { return new(WechatVideoAuthenticator) }, "dtls": func() interface{} { return new(DTLSAuthenticator) }, "wireguard": func() interface{} { return new(WireguardAuthenticator) }, + "dns": func() interface{} { return new(DNSAuthenticator) }, }, "type", "") tcpHeaderLoader = NewJSONConfigLoader(ConfigCreatorCache{ diff --git a/transport/internet/headers/dns/config.pb.go b/transport/internet/headers/dns/config.pb.go new file mode 100644 index 000000000000..d42f537e33df --- /dev/null +++ b/transport/internet/headers/dns/config.pb.go @@ -0,0 +1,153 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.12 +// source: transport/internet/headers/dns/config.proto + +package dns + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Config struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` +} + +func (x *Config) Reset() { + *x = Config{} + if protoimpl.UnsafeEnabled { + mi := &file_transport_internet_headers_dns_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_transport_internet_headers_dns_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. +func (*Config) Descriptor() ([]byte, []int) { + return file_transport_internet_headers_dns_config_proto_rawDescGZIP(), []int{0} +} + +func (x *Config) GetDomain() string { + if x != nil { + return x.Domain + } + return "" +} + +var File_transport_internet_headers_dns_config_proto protoreflect.FileDescriptor + +var file_transport_internet_headers_dns_config_proto_rawDesc = []byte{ + 0x0a, 0x2b, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x64, 0x6e, 0x73, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x64, + 0x6e, 0x73, 0x22, 0x20, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, + 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x42, 0x8b, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, + 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x64, 0x6e, 0x73, + 0x50, 0x01, 0x5a, 0x38, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, + 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x23, 0x58, + 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x44, + 0x4e, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_transport_internet_headers_dns_config_proto_rawDescOnce sync.Once + file_transport_internet_headers_dns_config_proto_rawDescData = file_transport_internet_headers_dns_config_proto_rawDesc +) + +func file_transport_internet_headers_dns_config_proto_rawDescGZIP() []byte { + file_transport_internet_headers_dns_config_proto_rawDescOnce.Do(func() { + file_transport_internet_headers_dns_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_headers_dns_config_proto_rawDescData) + }) + return file_transport_internet_headers_dns_config_proto_rawDescData +} + +var file_transport_internet_headers_dns_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_transport_internet_headers_dns_config_proto_goTypes = []interface{}{ + (*Config)(nil), // 0: xray.transport.internet.headers.dns.Config +} +var file_transport_internet_headers_dns_config_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_transport_internet_headers_dns_config_proto_init() } +func file_transport_internet_headers_dns_config_proto_init() { + if File_transport_internet_headers_dns_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_transport_internet_headers_dns_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Config); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_transport_internet_headers_dns_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_transport_internet_headers_dns_config_proto_goTypes, + DependencyIndexes: file_transport_internet_headers_dns_config_proto_depIdxs, + MessageInfos: file_transport_internet_headers_dns_config_proto_msgTypes, + }.Build() + File_transport_internet_headers_dns_config_proto = out.File + file_transport_internet_headers_dns_config_proto_rawDesc = nil + file_transport_internet_headers_dns_config_proto_goTypes = nil + file_transport_internet_headers_dns_config_proto_depIdxs = nil +} diff --git a/transport/internet/headers/dns/config.proto b/transport/internet/headers/dns/config.proto new file mode 100644 index 000000000000..a9a44ff463ab --- /dev/null +++ b/transport/internet/headers/dns/config.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; + +package xray.transport.internet.headers.dns; +option csharp_namespace = "Xray.Transport.Internet.Headers.DNS"; +option go_package = "github.com/xtls/xray-core/transport/internet/headers/dns"; +option java_package = "com.xray.transport.internet.headers.dns"; +option java_multiple_files = true; + +message Config { + string domain = 1; +} + diff --git a/transport/internet/headers/dns/dns.go b/transport/internet/headers/dns/dns.go new file mode 100644 index 000000000000..5839bc8140b1 --- /dev/null +++ b/transport/internet/headers/dns/dns.go @@ -0,0 +1,57 @@ +package dns + +import ( + "context" + "encoding/binary" + + "github.com/miekg/dns" + "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/dice" +) + +type DNS struct { + header []byte +} + +func (d DNS) Size() int32 { + return int32(len(d.header)) +} + +// Serialize implements PacketHeader. +func (d DNS) Serialize(b []byte) { + copy(b, d.header) + binary.BigEndian.PutUint16(b[0:], dice.RollUint16()) // random transaction ID +} + +// NewDNS returns a new DNS instance based on given config. +func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { + var header []byte + + header = binary.BigEndian.AppendUint16(header, 0x0000) // Transaction ID + header = binary.BigEndian.AppendUint16(header, 0x0100) // Flags: Standard query + header = binary.BigEndian.AppendUint16(header, 0x0001) // Questions + header = binary.BigEndian.AppendUint16(header, 0x0000) // Answer RRs + header = binary.BigEndian.AppendUint16(header, 0x0000) // Authority RRs + header = binary.BigEndian.AppendUint16(header, 0x0000) // Additional RRs + + buf := make([]byte, 0x100) + + off1, err := dns.PackDomainName(dns.Fqdn(config.(*Config).Domain), buf, 0, nil, false) + + if err != nil { + return nil, err + } + + header = append(header, buf[:off1]...) + + header = binary.BigEndian.AppendUint16(header, 0x0001) // Type: A + header = binary.BigEndian.AppendUint16(header, 0x0001) // Class: IN + + return DNS{ + header: header, + }, nil +} + +func init() { + common.Must(common.RegisterConfig((*Config)(nil), NewDNS)) +} From 2e201c57cc45b8bd33c80a651dbe116c418ccb19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Feb 2023 00:19:44 +0000 Subject: [PATCH 054/226] Bump github.com/quic-go/quic-go from 0.32.0 to 0.33.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 7 +++---- go.sum | 14 ++++++-------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 280211635e79..dede210a77df 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 - github.com/quic-go/quic-go v0.32.0 + github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 @@ -44,9 +44,8 @@ require ( github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/onsi/ginkgo/v2 v2.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-18 v0.2.0 // indirect - github.com/quic-go/qtls-go1-19 v0.2.0 // indirect - github.com/quic-go/qtls-go1-20 v0.1.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.1 // indirect + github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect diff --git a/go.sum b/go.sum index fd5cb1cc870f..4bd8376b76e9 100644 --- a/go.sum +++ b/go.sum @@ -130,14 +130,12 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= -github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= -github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= -github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= -github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= -github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= -github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= +github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A= +github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk= +github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= +github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From d208fd31c97703de1e6ebbba4e84f73414f42360 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Feb 2023 00:20:51 +0000 Subject: [PATCH 055/226] Bump github.com/sagernet/sing-shadowsocks Bumps [github.com/sagernet/sing-shadowsocks](https://github.com/sagernet/sing-shadowsocks) from 0.1.1-0.20230202035033-e3123545f2f7 to 0.1.1. - [Release notes](https://github.com/sagernet/sing-shadowsocks/releases) - [Commits](https://github.com/sagernet/sing-shadowsocks/commits/v0.1.1) --- updated-dependencies: - dependency-name: github.com/sagernet/sing-shadowsocks dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dede210a77df..01993c74ce68 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.7 - github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 + github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.1 diff --git a/go.sum b/go.sum index 4bd8376b76e9..f7e9ccb2519b 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= -github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= -github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= +github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= +github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= From a5b297f9686afd6db63714a270e755c5bddd1d90 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 24 Feb 2023 12:29:45 -0500 Subject: [PATCH 056/226] Update test.yml Fix an issue when geoip fails download but geosite is ok https://github.com/XTLS/Xray-core/actions/runs/4264609454/jobs/7422911731 --- .github/workflows/test.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 03a2a37ec9b0..eeb28540f962 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,7 +35,7 @@ jobs: - name: Checkout codebase uses: actions/checkout@v3 - - name: Prepare geo*dat + - name: Prepare geoip if: ${{ matrix.os != 'windows-latest' }} uses: nick-fields/retry@v2 with: @@ -45,8 +45,16 @@ jobs: command: | mkdir resources wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat + - name: Prepare geosite + if: ${{ matrix.os != 'windows-latest' }} + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - - name: Prepare geo*dat for Windows + - name: Prepare geoip for Windows if: ${{ matrix.os == 'windows-latest' }} uses: nick-fields/retry@v2 with: @@ -56,6 +64,14 @@ jobs: command: | mkdir resources Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" + - name: Prepare geosite for Windows + if: ${{ matrix.os == 'windows-latest' }} + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" - name: Test run: go test -timeout 1h -v ./... From c38179a67feb993d63adc99cc7f4918e4d1d5c57 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 26 Feb 2023 19:26:57 +0800 Subject: [PATCH 057/226] Upgrade github.com/xtls/reality to f34b4d174342 Fixes https://github.com/XTLS/Xray-core/issues/1712 --- go.mod | 2 +- go.sum | 4 ++-- proxy/vless/inbound/inbound.go | 8 ++++---- transport/internet/reality/config.go | 4 ++++ transport/internet/reality/reality.go | 2 +- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 01993c74ce68..070bc02b6d23 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 + github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index f7e9ccb2519b..3c8110ebf362 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 h1:Rp9BfXZ+Li5j5L40zAdFZLcr0nXrYBPgaNpQ9lQnpWg= -github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 h1:lu9BD/UFZexv70X7mbmSJOyRHRO23mPFrW1xPlLhkGk= +github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index a7863051fa09..d060f222b4aa 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -495,10 +495,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } netConn = tlsConn.NetConn() - if pc, ok := netConn.(*proxyproto.Conn); ok { - netConn = pc.Raw() - // 8192 > 4096, there is no need to process pc's bufReader - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if realityConn, ok := iConn.(*reality.Conn); ok { @@ -512,6 +508,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader + } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } diff --git a/transport/internet/reality/config.go b/transport/internet/reality/config.go index f7938db52800..58608720628e 100644 --- a/transport/internet/reality/config.go +++ b/transport/internet/reality/config.go @@ -1,6 +1,7 @@ package reality import ( + "net" "time" "github.com/xtls/reality" @@ -8,7 +9,10 @@ import ( ) func (c *Config) GetREALITYConfig() *reality.Config { + var dialer net.Dialer config := &reality.Config{ + DialContext: dialer.DialContext, + Show: c.Show, Type: c.Type, Dest: c.Dest, diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 145f1531a940..835c075aa762 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -52,7 +52,7 @@ func (c *Conn) HandshakeAddress() net.Address { } func Server(c net.Conn, config *reality.Config) (net.Conn, error) { - realityConn, err := reality.Server(c, config) + realityConn, err := reality.Server(context.Background(), c, config) return &Conn{Conn: realityConn}, err } From 9401d65ef16fc4268dcd26e2e0241115e6aa6fb9 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 27 Feb 2023 16:20:19 +0000 Subject: [PATCH 058/226] Add REALITY support to H2 server Now you are able to configure REALITY H2 server directly Before: REALITY VLESS fallbacks -> H2C inbound --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/http/hub.go | 9 +++++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 070bc02b6d23..6b6f7c13379c 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 + github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index 3c8110ebf362..cf6d250758cf 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 h1:lu9BD/UFZexv70X7mbmSJOyRHRO23mPFrW1xPlLhkGk= -github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 h1:kC3gtMw5yxMb9pJyKD4ZobwtiF9DgdubkSd5BhWTX5M= +github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/transport/internet/http/hub.go b/transport/internet/http/hub.go index 13149267397b..54abe298ae5b 100644 --- a/transport/internet/http/hub.go +++ b/transport/internet/http/hub.go @@ -7,6 +7,7 @@ import ( "strings" "time" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/net/cnc" @@ -15,6 +16,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal/done" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tls" "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" @@ -187,14 +189,17 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti } if config == nil { + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + streamListener = goreality.NewListener(streamListener, config.GetREALITYConfig()) + } err = server.Serve(streamListener) if err != nil { - newError("stopping serving H2C").Base(err).WriteToLog(session.ExportIDToError(ctx)) + newError("stopping serving H2C or REALITY H2").Base(err).WriteToLog(session.ExportIDToError(ctx)) } } else { err = server.ServeTLS(streamListener, "", "") if err != nil { - newError("stopping serving TLS").Base(err).WriteToLog(session.ExportIDToError(ctx)) + newError("stopping serving TLS H2").Base(err).WriteToLog(session.ExportIDToError(ctx)) } } }() From 55dc26f22840c83045e6f34221533aa3cbe977a2 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 27 Feb 2023 19:52:01 +0000 Subject: [PATCH 059/226] Add REALITY support to gRPC client and server Now you are able to configure REALITY gRPC client and server Duplicate of REALITY H2, perhaps, just for fun --- go.mod | 2 +- go.sum | 4 ++-- infra/conf/transport_internet.go | 4 ++-- transport/internet/grpc/dial.go | 8 +++++++- transport/internet/grpc/hub.go | 5 +++++ 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6b6f7c13379c..b318b6bbc8dc 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 + github.com/xtls/reality v0.0.0-20230227192902-524506d97551 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index cf6d250758cf..02f4cb2e963e 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 h1:kC3gtMw5yxMb9pJyKD4ZobwtiF9DgdubkSd5BhWTX5M= -github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= +github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 92abb6885cb6..0af0f1e5498b 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -849,8 +849,8 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecurityType = tm.Type } if strings.EqualFold(c.Security, "reality") { - if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "domainsocket" { - return nil, newError("REALITY only supports TCP, H2 and DomainSocket for now.") + if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { + return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") } if c.REALITYSettings == nil { return nil, newError(`REALITY: Empty "realitySettings".`) diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index afc270bdc2de..4ab4b61521c0 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -11,6 +11,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/grpc/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "google.golang.org/grpc" @@ -77,6 +78,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in globalDialerMap = make(map[dialerConf]*grpc.ClientConn) } tlsConfig := tls.ConfigFromStreamSettings(streamSettings) + realityConfig := reality.ConfigFromStreamSettings(streamSettings) sockopt := streamSettings.SocketSettings grpcSettings := streamSettings.ProtocolSettings.(*Config) @@ -116,7 +118,11 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } address := net.ParseAddress(rawHost) - return internet.DialSystem(gctx, net.TCPDestination(address, port), sockopt) + c, err := internet.DialSystem(gctx, net.TCPDestination(address, port), sockopt) + if err == nil && realityConfig != nil { + return reality.UClient(c, realityConfig, ctx, dest) + } + return c, err }), } diff --git a/transport/internet/grpc/hub.go b/transport/internet/grpc/hub.go index 4f5530700b89..9bce2274fcdb 100644 --- a/transport/internet/grpc/hub.go +++ b/transport/internet/grpc/hub.go @@ -4,11 +4,13 @@ import ( "context" "time" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/grpc/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tls" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -125,6 +127,9 @@ func Listen(ctx context.Context, address net.Address, port net.Port, settings *i encoding.RegisterGRPCServiceServerX(s, listener, grpcSettings.getNormalizedName()) + if config := reality.ConfigFromStreamSettings(settings); config != nil { + streamListener = goreality.NewListener(streamListener, config.GetREALITYConfig()) + } if err = s.Serve(streamListener); err != nil { newError("Listener for gRPC ended").Base(err).WriteToLog() } From 2d898480be108472dbe2f091ce73705904c8eed9 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 27 Feb 2023 22:14:37 -0500 Subject: [PATCH 060/226] Vision padding upgrade (#1646) * Vision server allow multiple blocks of padding * Fix Vision client to support multiple possible padding blocks * Vision padding upgrade - Now we have two types of padding: long (pad to 900-1400) and traditional (0-256) - Long padding is applied to tls handshakes and first (empty) packet - Traditional padding is applied to all beginning (7) packets of the connection (counted two-way) - Since receiver changed its way to unpad buffer in fd6973b3c67a6e5a982734a8c288b56845b69cb9, we can freely extend padding packet length easily in the future - Simplify code * Adjust receiver withinPaddingBuffers Now default withinPaddingBuffers = true to give it a chance to do unpadding * Fix magic numbers for Vision Thanks @H1JK Thanks @RPRX for guidance --- proxy/vless/encoding/encoding.go | 86 ++++++++++++++++++++------------ proxy/vless/inbound/inbound.go | 10 ++-- proxy/vless/outbound/outbound.go | 11 ++-- 3 files changed, 63 insertions(+), 44 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index fa5b438c82cf..7a218aef5681 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -36,6 +36,23 @@ var ( tlsClientHandShakeStart = []byte{0x16, 0x03} tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} + + Tls13CipherSuiteDic = map[uint16]string{ + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", + } +) + +const ( + tlsHandshakeTypeClientHello byte = 0x01 + tlsHandshakeTypeServerHello byte = 0x02 + + CommandPaddingContinue byte = 0x00 + CommandPaddingEnd byte = 0x01 + CommandPaddingDirect byte = 0x02 ) var addrParser = protocol.NewAddressParser( @@ -256,7 +273,7 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater ) error { err := func() error { var ct stats.Counter - filterUUID := true + withinPaddingBuffers := true shouldSwitchToDirectCopy := false var remainingContent int32 = -1 var remainingPadding int32 = -1 @@ -294,13 +311,15 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } buffer, err := reader.ReadMultiBuffer() if !buffer.IsEmpty() { - if filterUUID && (*isTLS || *numberOfPacketToFilter > 0) { + if withinPaddingBuffers || *numberOfPacketToFilter > 0 { buffer = XtlsUnpadding(ctx, buffer, userUUID, &remainingContent, &remainingPadding, ¤tCommand) if remainingContent == 0 && remainingPadding == 0 { if currentCommand == 1 { - filterUUID = false + withinPaddingBuffers = false + remainingContent = -1 + remainingPadding = -1 // set to initial state to parse the next padding } else if currentCommand == 2 { - filterUUID = false + withinPaddingBuffers = false shouldSwitchToDirectCopy = true // XTLS Vision processes struct TLS Conn's input and rawInput if inputBuffer, err := buf.ReadFrom(input); err == nil { @@ -313,9 +332,15 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) } } - } else if currentCommand != 0 { + } else if currentCommand == 0 { + withinPaddingBuffers = true + } else { newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } + } else if remainingContent > 0 || remainingPadding > 0 { + withinPaddingBuffers = true + } else { + withinPaddingBuffers = false } } if *numberOfPacketToFilter > 0 { @@ -342,12 +367,12 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater // XtlsWrite filter and write xtls protocol func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, - ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + ctx context.Context, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { err := func() error { var ct stats.Counter - filterTlsApplicationData := true + isPadding := true shouldSwitchToDirectCopy := false for { buffer, err := reader.ReadMultiBuffer() @@ -355,27 +380,26 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate if *numberOfPacketToFilter > 0 { XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx) } - if filterTlsApplicationData && *isTLS { + if isPadding { buffer = ReshapeMultiBuffer(ctx, buffer) var xtlsSpecIndex int for i, b := range buffer { - if b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) { - var command byte = 0x01 + if *isTLS && b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) { + var command byte = CommandPaddingEnd if *enableXtls { shouldSwitchToDirectCopy = true xtlsSpecIndex = i - command = 0x02 + command = CommandPaddingDirect } - filterTlsApplicationData = false - buffer[i] = XtlsPadding(b, command, userUUID, ctx) + isPadding = false + buffer[i] = XtlsPadding(b, command, nil, *isTLS, ctx) break - } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 0 { - // maybe tls 1.1 or 1.0 - filterTlsApplicationData = false - buffer[i] = XtlsPadding(b, 0x01, userUUID, ctx) + } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early + isPadding = false + buffer[i] = XtlsPadding(b, CommandPaddingEnd, nil, *isTLS, ctx) break } - buffer[i] = XtlsPadding(b, 0x00, userUUID, ctx) + buffer[i] = XtlsPadding(b, CommandPaddingContinue, nil, *isTLS, ctx) } if shouldSwitchToDirectCopy { encryptBuffer, directBuffer := buf.SplitMulti(buffer, xtlsSpecIndex+1) @@ -422,7 +446,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *numberOfPacketToFilter-- if b.Len() >= 6 { startsBytes := b.BytesTo(6) - if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == 0x02 { + if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == tlsHandshakeTypeServerHello { *remainingServerHello = (int32(startsBytes[3])<<8 | int32(startsBytes[4])) + 5 *isTLS12orAbove = true *isTLS = true @@ -433,7 +457,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt } else { newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } - } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == 0x01 { + } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == tlsHandshakeTypeClientHello { *isTLS = true newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } @@ -483,7 +507,7 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu for i, buffer1 := range buffer { if buffer1.Len() >= buf.Size-21 { index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart)) - if index <= 0 { + if index <= 0 || index > buf.Size-21 { index = buf.Size / 2 } buffer2 := buf.New() @@ -503,23 +527,28 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu } // XtlsPadding add padding to eliminate length siganature during tls handshake -func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer { +func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { var contantLen int32 = 0 var paddingLen int32 = 0 if b != nil { contantLen = b.Len() } - if contantLen < 900 { + if contantLen < 900 && longPadding { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } paddingLen = int32(l.Int64()) + 900 - contantLen + } else { + l, err := rand.Int(rand.Reader, big.NewInt(256)) + if err != nil { + newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + paddingLen = int32(l.Int64()) } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) - *userUUID = nil } newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { @@ -543,6 +572,7 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, posByte = 16 *remainingContent = 0 *remainingPadding = 0 + *currentCommand = 0 break } } @@ -601,11 +631,3 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, buf.ReleaseMulti(buffer) return mb2 } - -var Tls13CipherSuiteDic = map[uint16]string{ - 0x1301: "TLS_AES_128_GCM_SHA256", - 0x1302: "TLS_AES_256_GCM_SHA384", - 0x1303: "TLS_CHACHA20_POLY1305_SHA256", - 0x1304: "TLS_AES_128_CCM_SHA256", - 0x1305: "TLS_AES_128_CCM_8_SHA256", -} diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index d060f222b4aa..434dec79430e 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -624,11 +624,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - if isTLS { - multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) - } + multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) + for i, b := range multiBuffer { + multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) } } if err := clientWriter.WriteMultiBuffer(multiBuffer); err != nil { @@ -645,7 +643,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index e532dfb68c79..6991d2765c62 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -243,10 +243,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if err1 == nil { if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - if isTLS { - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) - } + multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) + for i, b := range multiBuffer { + multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) } } if err := serverWriter.WriteMultiBuffer(multiBuffer); err != nil { @@ -256,7 +255,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return err1 } else if requestAddons.Flow == vless.XRV { mb := make(buf.MultiBuffer, 1) - mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1) + mb[0] = encoding.XtlsPadding(nil, encoding.CommandPaddingContinue, &userUUID, true, ctx) // we do a long padding to hide vless header newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx)) if err := serverWriter.WriteMultiBuffer(mb); err != nil { return err @@ -285,7 +284,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer From cc4be239cf2f89f05c046f63666cf11cc1e5b332 Mon Sep 17 00:00:00 2001 From: HalfLife Date: Sat, 25 Feb 2023 10:26:28 +0800 Subject: [PATCH 061/226] transfer geodat with actions/cache --- .github/workflows/release.yml | 73 ++++++++++++++++++++++++++--------- .github/workflows/test.yml | 43 +++------------------ 2 files changed, 59 insertions(+), 57 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d529d33fb6e..edbc01c18bc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,51 @@ on: - "go.sum" - ".github/workflows/*.yml" jobs: + prepare: + runs-on: ubuntu-latest + steps: + - name: Restore Cache + uses: actions/cache/restore@v3 + with: + path: resources + key: xray-geodat- + + - name: Update Geodat + id: update + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 60 + max_attempts: 60 + command: | + [ -d 'resources' ] || mkdir resources + LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') + for i in "${LIST[@]}" + do + INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) + FILE_NAME="${INFO[2]}.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" + if [ -s "./resources/${FILE_NAME}" ] && [ "$(sha256sum "./resources/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ]; then + continue + else + echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." + curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./resources/${FILE_NAME} + echo -e "Verifying HASH key..." + [ "$(sha256sum "./resources/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } + echo "unhit=true" >> $GITHUB_OUTPUT + fi + done + + - name: Save Cache + uses: actions/cache/save@v3 + if: ${{ steps.update.outputs.unhit }} + with: + path: resources + key: xray-geodat-${{ github.sha }}-${{ github.run_number }} + build: + needs: prepare permissions: contents: write strategy: @@ -160,26 +204,17 @@ jobs: cd ./build_assets || exit 1 mv xray xray.exe - - name: Prepare to release - uses: nick-fields/retry@v2 + - name: Restore Cache + uses: actions/cache/restore@v3 with: - timeout_minutes: 60 - retry_wait_seconds: 60 - max_attempts: 60 - command: | - cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md - cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') - for i in "${LIST[@]}" - do - INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) - FILE_NAME="${INFO[2]}.dat" - echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." - curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } - done + path: resources + key: xray-geodat- + + - name: Copy README.md & LICENSE + run: | + mv -f resources/* build_assets + cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md + cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - name: Create ZIP archive shell: bash diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eeb28540f962..49af621b96d6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,44 +34,11 @@ jobs: check-latest: true - name: Checkout codebase uses: actions/checkout@v3 - - - name: Prepare geoip - if: ${{ matrix.os != 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - mkdir resources - wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat - - name: Prepare geosite - if: ${{ matrix.os != 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - - name: Prepare geoip for Windows - if: ${{ matrix.os == 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - mkdir resources - Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" - - name: Prepare geosite for Windows - if: ${{ matrix.os == 'windows-latest' }} - uses: nick-fields/retry@v2 + - name: Restore Cache + uses: actions/cache/restore@v3 with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" + path: resources + key: xray-geodat- + enableCrossOsArchive: true - name: Test run: go test -timeout 1h -v ./... From fbc7c1cf84febfc577bd4af360ba72170bb60163 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Feb 2023 01:51:20 +0000 Subject: [PATCH 062/226] Bump github.com/miekg/dns from 1.1.50 to 1.1.51 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.50 to 1.1.51. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.50...v1.1.51) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 26 +++++++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index b318b6bbc8dc..4965f027beb3 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.50 + github.com/miekg/dns v1.1.51 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 diff --git a/go.sum b/go.sum index 02f4cb2e963e..53c4c9fc41eb 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= -github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo= +github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -194,6 +194,7 @@ github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8x github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= @@ -205,6 +206,7 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -215,6 +217,8 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -228,8 +232,10 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -243,6 +249,7 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -253,20 +260,24 @@ golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -282,7 +293,8 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 43bc92903053a5c52eac6275f2a2c7b71fb25a02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Feb 2023 19:52:51 +0000 Subject: [PATCH 063/226] Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4965f027beb3..30ea9109404c 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb - github.com/stretchr/testify v1.8.1 + github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 github.com/xtls/reality v0.0.0-20230227192902-524506d97551 diff --git a/go.sum b/go.sum index 53c4c9fc41eb..c07740a97dde 100644 --- a/go.sum +++ b/go.sum @@ -182,8 +182,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= From 7b54255cc1b3ce4c275b713e6289d0cd45ec50ea Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Wed, 1 Mar 2023 08:43:00 -0500 Subject: [PATCH 064/226] Fix padding extends out of bound --- proxy/vless/encoding/encoding.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 7a218aef5681..d42a15682178 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -556,6 +556,9 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool b.Release() b = nil } + if paddingLen > buf.Size - newbuffer.Len() { + paddingLen = buf.Size - newbuffer.Len() + } newbuffer.Extend(paddingLen) newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer From 6526e74d49eec5a4bb9a5e448a271d17f262d64b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Mar 2023 14:50:26 +0000 Subject: [PATCH 065/226] Add WaitReadCloser to make H2 real 0-RTT --- transport/internet/http/dialer.go | 66 ++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 9 deletions(-) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 25ede63fb543..75adc249b882 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -3,6 +3,7 @@ package http import ( "context" gotls "crypto/tls" + "io" "net/http" "net/url" "sync" @@ -166,23 +167,70 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me // Disable any compression method from server. request.Header.Set("Accept-Encoding", "identity") - response, err := client.Do(request) - if err != nil { - return nil, newError("failed to dial to ", dest).Base(err).AtWarning() - } - if response.StatusCode != 200 { - return nil, newError("unexpected status", response.StatusCode).AtWarning() - } + wrc := &WaitReadCloser{Wait: make(chan struct{})} + go func() { + response, err := client.Do(request) + if err != nil { + newError("failed to dial to ", dest).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx)) + wrc.Close() + return + } + if response.StatusCode != 200 { + newError("unexpected status", response.StatusCode).AtWarning().WriteToLog(session.ExportIDToError(ctx)) + wrc.Close() + return + } + wrc.Set(response.Body) + }() bwriter := buf.NewBufferedWriter(pwriter) common.Must(bwriter.SetBuffered(false)) return cnc.NewConnection( - cnc.ConnectionOutput(response.Body), + cnc.ConnectionOutput(wrc), cnc.ConnectionInput(bwriter), - cnc.ConnectionOnClose(common.ChainedClosable{breader, bwriter, response.Body}), + cnc.ConnectionOnClose(common.ChainedClosable{breader, bwriter, wrc}), ), nil } func init() { common.Must(internet.RegisterTransportDialer(protocolName, Dial)) } + +type WaitReadCloser struct { + Wait chan struct{} + io.ReadCloser +} + +func (w *WaitReadCloser) Set(rc io.ReadCloser) { + w.ReadCloser = rc + defer func() { + if err := recover(); err != nil { + rc.Close() + } + }() + close(w.Wait) +} + +func (w *WaitReadCloser) Read(b []byte) (int, error) { + if w.ReadCloser == nil { + if <-w.Wait; w.ReadCloser == nil { + return 0, io.ErrClosedPipe + } + } + return w.ReadCloser.Read(b) +} + +func (w *WaitReadCloser) Close() error { + if w.ReadCloser != nil { + return w.ReadCloser.Close() + } + defer func() { + if err := recover(); err != nil { + if w.ReadCloser != nil { + w.ReadCloser.Close() + } + } + }() + close(w.Wait) + return nil +} From ccba465590c126210fb3de302de4a410aec69690 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Mar 2023 16:55:42 +0000 Subject: [PATCH 066/226] Add reserved to WireGuard config Fixes https://github.com/XTLS/Xray-core/issues/1730 --- infra/conf/wireguard.go | 6 ++++++ proxy/wireguard/bind.go | 5 +++++ proxy/wireguard/config.pb.go | 27 ++++++++++++++++++--------- proxy/wireguard/config.proto | 1 + proxy/wireguard/wireguard.go | 7 ++++--- 5 files changed, 34 insertions(+), 12 deletions(-) diff --git a/infra/conf/wireguard.go b/infra/conf/wireguard.go index c4dec367dfb0..6b102b14d17e 100644 --- a/infra/conf/wireguard.go +++ b/infra/conf/wireguard.go @@ -52,6 +52,7 @@ type WireGuardConfig struct { Peers []*WireGuardPeerConfig `json:"peers"` MTU int `json:"mtu"` NumWorkers int `json:"workers"` + Reserved []byte `json:"reserved"` } func (c *WireGuardConfig) Build() (proto.Message, error) { @@ -90,6 +91,11 @@ func (c *WireGuardConfig) Build() (proto.Message, error) { // we don't need to process fallback manually config.NumWorkers = int32(c.NumWorkers) + if len(c.Reserved) != 0 && len(c.Reserved) != 3 { + return nil, newError(`"reserved" should be empty or 3 bytes`) + } + config.Reserved = c.Reserved + return config, nil } diff --git a/proxy/wireguard/bind.go b/proxy/wireguard/bind.go index 1136f5ed8f6d..a90a97036b3a 100644 --- a/proxy/wireguard/bind.go +++ b/proxy/wireguard/bind.go @@ -31,6 +31,7 @@ type netBindClient struct { dialer internet.Dialer dns dns.Client dnsOption dns.IPOption + reserved []byte readQueue chan *netReadInfo } @@ -157,6 +158,10 @@ func (bind *netBindClient) Send(buff []byte, endpoint conn.Endpoint) error { } } + if len(buff) > 3 && len(bind.reserved) == 3 { + copy(buff[1:], bind.reserved) + } + _, err = nend.conn.Write(buff) return err diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go index e290af8a0e30..75d5787b7cff 100644 --- a/proxy/wireguard/config.pb.go +++ b/proxy/wireguard/config.pb.go @@ -109,6 +109,7 @@ type DeviceConfig struct { Peers []*PeerConfig `protobuf:"bytes,3,rep,name=peers,proto3" json:"peers,omitempty"` Mtu int32 `protobuf:"varint,4,opt,name=mtu,proto3" json:"mtu,omitempty"` NumWorkers int32 `protobuf:"varint,5,opt,name=num_workers,json=numWorkers,proto3" json:"num_workers,omitempty"` + Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"` } func (x *DeviceConfig) Reset() { @@ -178,6 +179,13 @@ func (x *DeviceConfig) GetNumWorkers() int32 { return 0 } +func (x *DeviceConfig) GetReserved() []byte { + if x != nil { + return x.Reserved + } + return nil +} + var File_proxy_wireguard_config_proto protoreflect.FileDescriptor var file_proxy_wireguard_config_proto_rawDesc = []byte{ @@ -195,7 +203,7 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{ 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69, 0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, - 0x64, 0x49, 0x70, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, + 0x64, 0x49, 0x70, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, @@ -206,14 +214,15 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{ 0x67, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, 0x75, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1f, 0x0a, 0x0b, 0x6e, 0x75, 0x6d, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0a, 0x6e, 0x75, 0x6d, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x42, 0x5e, 0x0a, 0x18, 0x63, - 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, - 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, - 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, - 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x0a, 0x6e, 0x75, 0x6d, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x72, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, + 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, + 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/wireguard/config.proto b/proxy/wireguard/config.proto index dde3b41b05cb..810a1126c484 100644 --- a/proxy/wireguard/config.proto +++ b/proxy/wireguard/config.proto @@ -20,4 +20,5 @@ message DeviceConfig { repeated PeerConfig peers = 3; int32 mtu = 4; int32 num_workers = 5; + bytes reserved = 6; } \ No newline at end of file diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go index 51cee8767d68..2b7e1c875c9d 100644 --- a/proxy/wireguard/wireguard.go +++ b/proxy/wireguard/wireguard.go @@ -82,9 +82,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte }) // bind := conn.NewStdNetBind() // TODO: conn.Bind wrapper for dialer bind := &netBindClient{ - dialer: dialer, - workers: int(h.conf.NumWorkers), - dns: h.dns, + dialer: dialer, + workers: int(h.conf.NumWorkers), + dns: h.dns, + reserved: h.conf.Reserved, } net, err := h.makeVirtualTun(bind) From a4790133d23547f219628f445f576171b3921ab6 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 2 Mar 2023 21:42:48 -0500 Subject: [PATCH 067/226] Fix padding extends out of bound again --- proxy/vless/encoding/encoding.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index d42a15682178..20468fd01e68 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -528,17 +528,17 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu // XtlsPadding add padding to eliminate length siganature during tls handshake func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { - var contantLen int32 = 0 + var contentLen int32 = 0 var paddingLen int32 = 0 if b != nil { - contantLen = b.Len() + contentLen = b.Len() } - if contantLen < 900 && longPadding { + if contentLen < 900 && longPadding { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } - paddingLen = int32(l.Int64()) + 900 - contantLen + paddingLen = int32(l.Int64()) + 900 - contentLen } else { l, err := rand.Int(rand.Reader, big.NewInt(256)) if err != nil { @@ -546,21 +546,21 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool } paddingLen = int32(l.Int64()) } + if paddingLen > buf.Size - 21 - contentLen { + paddingLen = buf.Size - 21 - contentLen + } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) } - newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) + newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { newbuffer.Write(b.Bytes()) b.Release() b = nil } - if paddingLen > buf.Size - newbuffer.Len() { - paddingLen = buf.Size - newbuffer.Len() - } newbuffer.Extend(paddingLen) - newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsPadding ", contentLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer } From 25ea69fc3a67fdf309472e4e611d5ddd8b5d3e94 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 3 Mar 2023 09:45:10 -0500 Subject: [PATCH 068/226] Fix Vision inserting multiple uuid headers This happen for stream inbound like http --- proxy/vless/encoding/encoding.go | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 20468fd01e68..c7edf486e483 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -552,6 +552,7 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) + *userUUID = nil } newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { From 4c8ee0af50bbabd29e6766f0d9509add6fc0b2e7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 3 Mar 2023 15:39:16 +0000 Subject: [PATCH 069/226] Set reserved to zero after Read() Thank @IRN-Kawakaze for testing --- proxy/wireguard/bind.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/proxy/wireguard/bind.go b/proxy/wireguard/bind.go index a90a97036b3a..527f0e74e52b 100644 --- a/proxy/wireguard/bind.go +++ b/proxy/wireguard/bind.go @@ -129,6 +129,13 @@ func (bind *netBindClient) connectTo(endpoint *netEndpoint) error { return } i, err := c.Read(v.buff) + + if i > 3 { + v.buff[1] = 0 + v.buff[2] = 0 + v.buff[3] = 0 + } + v.bytes = i v.endpoint = endpoint v.err = err From 9e5bc07bf29bad54b8294dd04d89cafe402d120c Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 4 Mar 2023 05:39:26 -0500 Subject: [PATCH 070/226] Legends never die (#1725) --- go.mod | 1 - go.sum | 2 - infra/conf/transport_internet.go | 135 ------ infra/conf/trojan.go | 10 +- infra/conf/vless.go | 10 +- infra/conf/vless_test.go | 8 +- infra/conf/xray.go | 17 +- main/distro/all/all.go | 1 - proxy/trojan/client.go | 61 --- proxy/trojan/protocol.go | 93 ---- proxy/trojan/server.go | 67 +-- proxy/vless/account.go | 2 +- proxy/vless/account.pb.go | 2 +- proxy/vless/account.proto | 2 +- proxy/vless/encoding/addons.go | 2 +- proxy/vless/encoding/encoding.go | 61 --- proxy/vless/inbound/inbound.go | 95 ++-- proxy/vless/outbound/outbound.go | 93 ++-- proxy/vless/vless.go | 3 - transport/internet/domainsocket/dial.go | 3 - transport/internet/domainsocket/listener.go | 8 - transport/internet/kcp/dialer.go | 3 - transport/internet/kcp/listener.go | 8 - transport/internet/tcp/dialer.go | 4 - transport/internet/tcp/hub.go | 8 - transport/internet/xtls/config.go | 377 --------------- transport/internet/xtls/config.pb.go | 478 -------------------- transport/internet/xtls/config.proto | 76 ---- transport/internet/xtls/config_other.go | 53 --- transport/internet/xtls/config_test.go | 97 ---- transport/internet/xtls/config_windows.go | 14 - transport/internet/xtls/errors.generated.go | 9 - transport/internet/xtls/unsafe.go | 6 - transport/internet/xtls/xtls.go | 35 -- 34 files changed, 71 insertions(+), 1773 deletions(-) delete mode 100644 transport/internet/xtls/config.go delete mode 100644 transport/internet/xtls/config.pb.go delete mode 100644 transport/internet/xtls/config.proto delete mode 100644 transport/internet/xtls/config_other.go delete mode 100644 transport/internet/xtls/config_test.go delete mode 100644 transport/internet/xtls/config_windows.go delete mode 100644 transport/internet/xtls/errors.generated.go delete mode 100644 transport/internet/xtls/unsafe.go delete mode 100644 transport/internet/xtls/xtls.go diff --git a/go.mod b/go.mod index 30ea9109404c..6a63aec9a22f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,6 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 github.com/xtls/reality v0.0.0-20230227192902-524506d97551 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 diff --git a/go.sum b/go.sum index c07740a97dde..3fc8c2b55d5a 100644 --- a/go.sum +++ b/go.sum @@ -189,8 +189,6 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= -github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 0af0f1e5498b..b8f96f6ea049 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -26,7 +26,6 @@ import ( "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -416,117 +415,6 @@ func (c *TLSConfig) Build() (proto.Message, error) { return config, nil } -type XTLSCertConfig struct { - CertFile string `json:"certificateFile"` - CertStr []string `json:"certificate"` - KeyFile string `json:"keyFile"` - KeyStr []string `json:"key"` - Usage string `json:"usage"` - OcspStapling uint64 `json:"ocspStapling"` - OneTimeLoading bool `json:"oneTimeLoading"` -} - -// Build implements Buildable. -func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) { - certificate := new(xtls.Certificate) - cert, err := readFileOrString(c.CertFile, c.CertStr) - if err != nil { - return nil, newError("failed to parse certificate").Base(err) - } - certificate.Certificate = cert - certificate.CertificatePath = c.CertFile - - if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 { - key, err := readFileOrString(c.KeyFile, c.KeyStr) - if err != nil { - return nil, newError("failed to parse key").Base(err) - } - certificate.Key = key - certificate.KeyPath = c.KeyFile - } - - switch strings.ToLower(c.Usage) { - case "encipherment": - certificate.Usage = xtls.Certificate_ENCIPHERMENT - case "verify": - certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY - case "issue": - certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE - default: - certificate.Usage = xtls.Certificate_ENCIPHERMENT - } - if certificate.KeyPath == "" && certificate.CertificatePath == "" { - certificate.OneTimeLoading = true - } else { - certificate.OneTimeLoading = c.OneTimeLoading - } - certificate.OcspStapling = c.OcspStapling - - return certificate, nil -} - -type XTLSConfig struct { - Insecure bool `json:"allowInsecure"` - Certs []*XTLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - EnableSessionResumption bool `json:"enableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` - MinVersion string `json:"minVersion"` - MaxVersion string `json:"maxVersion"` - CipherSuites string `json:"cipherSuites"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites"` - Fingerprint string `json:"fingerprint"` - RejectUnknownSNI bool `json:"rejectUnknownSni"` - PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` -} - -// Build implements Buildable. -func (c *XTLSConfig) Build() (proto.Message, error) { - config := new(xtls.Config) - config.Certificate = make([]*xtls.Certificate, len(c.Certs)) - for idx, certConf := range c.Certs { - cert, err := certConf.Build() - if err != nil { - return nil, err - } - config.Certificate[idx] = cert - } - serverName := c.ServerName - config.AllowInsecure = c.Insecure - if len(c.ServerName) > 0 { - config.ServerName = serverName - } - if c.ALPN != nil && len(*c.ALPN) > 0 { - config.NextProtocol = []string(*c.ALPN) - } - config.EnableSessionResumption = c.EnableSessionResumption - config.DisableSystemRoot = c.DisableSystemRoot - config.MinVersion = c.MinVersion - config.MaxVersion = c.MaxVersion - config.CipherSuites = c.CipherSuites - config.PreferServerCipherSuites = c.PreferServerCipherSuites - if c.Fingerprint != "" { - return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`) - } - config.RejectUnknownSni = c.RejectUnknownSNI - - if c.PinnedPeerCertificateChainSha256 != nil { - config.PinnedPeerCertificateChainSha256 = [][]byte{} - for _, v := range *c.PinnedPeerCertificateChainSha256 { - hashValue, err := base64.StdEncoding.DecodeString(v) - if err != nil { - return nil, err - } - config.PinnedPeerCertificateChainSha256 = append(config.PinnedPeerCertificateChainSha256, hashValue) - } - } - - newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog() - - return config, nil -} - type REALITYConfig struct { Show bool `json:"show"` Dest json.RawMessage `json:"dest"` @@ -788,7 +676,6 @@ type StreamConfig struct { Network *TransportProtocol `json:"network"` Security string `json:"security"` TLSSettings *TLSConfig `json:"tlsSettings"` - XTLSSettings *XTLSConfig `json:"xtlsSettings"` REALITYSettings *REALITYConfig `json:"realitySettings"` TCPSettings *TCPConfig `json:"tcpSettings"` KCPSettings *KCPConfig `json:"kcpSettings"` @@ -816,9 +703,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { if strings.EqualFold(c.Security, "tls") { tlsSettings := c.TLSSettings if tlsSettings == nil { - if c.XTLSSettings != nil { - return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`) - } tlsSettings = &TLSConfig{} } ts, err := tlsSettings.Build() @@ -829,25 +713,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type } - if strings.EqualFold(c.Security, "xtls") { - if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" { - return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.") - } - xtlsSettings := c.XTLSSettings - if xtlsSettings == nil { - if c.TLSSettings != nil { - return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`) - } - xtlsSettings = &XTLSConfig{} - } - ts, err := xtlsSettings.Build() - if err != nil { - return nil, newError("Failed to build XTLS config.").Base(err) - } - tm := serial.ToTypedMessage(ts) - config.SecuritySettings = append(config.SecuritySettings, tm) - config.SecurityType = tm.Type - } if strings.EqualFold(c.Security, "reality") { if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index 80ae7bb65147..e7d8738b92ce 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -53,11 +53,7 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) { } switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443": - case "xtls-rprx-splice", "xtls-rprx-splice-udp443": - if runtime.GOOS != "linux" && runtime.GOOS != "android" { - return nil, newError(`Trojan servers: "` + account.Flow + `" only support linux in this version`) - } + case "": default: return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`) } @@ -119,9 +115,7 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) { } switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-direct": - case "xtls-rprx-splice": - return nil, newError(`Trojan clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) + case "": default: return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`) } diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 79c321443ee6..01a2090baca5 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -62,9 +62,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } } switch accountFlow { - case "", vless.XRO, vless.XRD, vless.XRV: - case vless.XRS: - return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) + case "", vless.XRV: default: return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) } @@ -191,11 +189,7 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) { account.Id = u.String() switch account.Flow { - case "", vless.XRO, vless.XRO + "-udp443", vless.XRD, vless.XRD + "-udp443", vless.XRV, vless.XRV + "-udp443": - case vless.XRS, vless.XRS + "-udp443": - if runtime.GOOS != "linux" && runtime.GOOS != "android" { - return nil, newError(`VLESS users: "` + account.Flow + `" only support linux in this version`) - } + case "", vless.XRV, vless.XRV + "-udp443": default: return nil, newError(`VLESS users: "flow" doesn't support "` + account.Flow + `" in this version`) } diff --git a/infra/conf/vless_test.go b/infra/conf/vless_test.go index 819ee9421858..0f70243797e1 100644 --- a/infra/conf/vless_test.go +++ b/infra/conf/vless_test.go @@ -26,7 +26,7 @@ func TestVLessOutbound(t *testing.T) { "users": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-direct-udp443", + "flow": "xtls-rprx-vision-udp443", "encryption": "none", "level": 0 } @@ -47,7 +47,7 @@ func TestVLessOutbound(t *testing.T) { { Account: serial.ToTypedMessage(&vless.Account{ Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-direct-udp443", + Flow: "xtls-rprx-vision-udp443", Encryption: "none", }), Level: 0, @@ -71,7 +71,7 @@ func TestVLessInbound(t *testing.T) { "clients": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-direct", + "flow": "xtls-rprx-vision", "level": 0, "email": "love@example.com" } @@ -98,7 +98,7 @@ func TestVLessInbound(t *testing.T) { { Account: serial.ToTypedMessage(&vless.Account{ Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-direct", + Flow: "xtls-rprx-vision", }), Level: 0, Email: "love@example.com", diff --git a/infra/conf/xray.go b/infra/conf/xray.go index cda512da9ff0..949e55344242 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -13,7 +13,6 @@ import ( "github.com/xtls/xray-core/common/serial" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/transport/internet" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -236,9 +235,6 @@ func (c *InboundDetourConfig) Build() (*core.InboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } receiverSettings.StreamSettings = ss } if c.SniffingConfig != nil { @@ -319,9 +315,6 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } senderSettings.StreamSettings = ss } @@ -346,15 +339,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { } if c.MuxSettings != nil { - ms := c.MuxSettings.Build() - if ms != nil && ms.Enabled { - if ss := senderSettings.StreamSettings; ss != nil { - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) { - return nil, newError("XTLS doesn't support Mux for now.") - } - } - } - senderSettings.MultiplexSettings = ms + senderSettings.MultiplexSettings = c.MuxSettings.Build() } settings := []byte("{}") diff --git a/main/distro/all/all.go b/main/distro/all/all.go index 7fb7307128fc..0e38fcf6643c 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -61,7 +61,6 @@ import ( _ "github.com/xtls/xray-core/transport/internet/tls" _ "github.com/xtls/xray-core/transport/internet/udp" _ "github.com/xtls/xray-core/transport/internet/websocket" - _ "github.com/xtls/xray-core/transport/internet/xtls" // Transport headers _ "github.com/xtls/xray-core/transport/internet/headers/http" diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 353b326e28d3..ffd10359e01f 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -2,14 +2,12 @@ package trojan import ( "context" - "syscall" "time" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -17,11 +15,9 @@ import ( "github.com/xtls/xray-core/common/task" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Client is a inbound handler for trojan protocol @@ -97,49 +93,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter Flow: account.Flow, } - var rawConn syscall.RawConn - var sctx context.Context - - allowUDP443 := false - switch connWriter.Flow { - case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443": - allowUDP443 = true - connWriter.Flow = connWriter.Flow[:16] - fallthrough - case XRO, XRD, XRS: - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(connWriter.Flow + " doesn't support Mux").AtWarning() - } - if destination.Network == net.Network_UDP { - if !allowUDP443 && destination.Port == 443 { - return newError(connWriter.Flow + " stopped UDP/443").AtInfo() - } - connWriter.Flow = "" - } else { // enable XTLS only if making TCP request - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if connWriter.Flow == XRS { - sctx = ctx - connWriter.Flow = XRD - } - if connWriter.Flow == XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + connWriter.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } - default: - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`) - } - } - sessionPolicy := c.policyManager.ForLevel(user.Level) ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -193,13 +146,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter } else { reader = buf.NewReader(conn) } - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - return ReadV(reader, link.Writer, timer, iConn.(*xtls.Conn), rawConn, counter, sctx) - } return buf.Copy(reader, link.Writer, buf.UpdateActivity(timer)) } @@ -215,11 +161,4 @@ func init() { common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewClient(ctx, config.(*ClientConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } diff --git a/proxy/trojan/protocol.go b/proxy/trojan/protocol.go index 38f0b85478dc..363cf9e02d12 100644 --- a/proxy/trojan/protocol.go +++ b/proxy/trojan/protocol.go @@ -1,22 +1,12 @@ package trojan import ( - "context" "encoding/binary" - fmt "fmt" "io" - "runtime" - "syscall" "github.com/xtls/xray-core/common/buf" - "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/session" - "github.com/xtls/xray-core/common/signal" - "github.com/xtls/xray-core/features/stats" - "github.com/xtls/xray-core/transport/internet/stat" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -27,25 +17,13 @@ var ( protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6), protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain), ) - - xtls_show = false ) const ( maxLength = 8192 - // XRS is constant for XTLS splice mode - XRS = "xtls-rprx-splice" - // XRD is constant for XTLS direct mode - XRD = "xtls-rprx-direct" - // XRO is constant for XTLS origin mode - XRO = "xtls-rprx-origin" commandTCP byte = 1 commandUDP byte = 3 - - // for XTLS - commandXRD byte = 0xf0 // XTLS direct mode - commandXRO byte = 0xf1 // XTLS origin mode ) // ConnWriter is TCP Connection Writer Wrapper for trojan protocol @@ -90,10 +68,6 @@ func (c *ConnWriter) writeHeader() error { command := commandTCP if c.Target.Network == net.Network_UDP { command = commandUDP - } else if c.Flow == XRD { - command = commandXRD - } else if c.Flow == XRO { - command = commandXRO } if _, err := buffer.Write(c.Account.Key); err != nil { @@ -201,10 +175,6 @@ func (c *ConnReader) ParseHeader() error { network := net.Network_TCP if command[0] == commandUDP { network = net.Network_UDP - } else if command[0] == commandXRD { - c.Flow = XRD - } else if command[0] == commandXRO { - c.Flow = XRO } addr, port, err := addrParser.ReadAddressPort(nil, c.Reader) @@ -288,66 +258,3 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { return mb, nil } - -func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter, sctx context.Context) error { - err := func() error { - var ct stats.Counter - for { - if conn.DirectIn { - conn.DirectIn = false - if sctx != nil { - if inbound := session.InboundFromContext(sctx); inbound != nil && inbound.Conn != nil { - iConn := inbound.Conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - if xc, ok := iConn.(*xtls.Conn); ok { - iConn = xc.NetConn() - } - if tc, ok := iConn.(*net.TCPConn); ok { - if conn.SHOW { - fmt.Println(conn.MARK, "Splice") - } - runtime.Gosched() // necessary - w, err := tc.ReadFrom(conn.NetConn()) - if counter != nil { - counter.Add(w) - } - if statConn != nil && statConn.WriteCounter != nil { - statConn.WriteCounter.Add(w) - } - return err - } else { - panic("XTLS Splice: not TCP inbound") - } - } else { - // panic("XTLS Splice: nil inbound or nil inbound.Conn") - } - } - reader = buf.NewReadVReader(conn.NetConn(), rawConn, nil) - ct = counter - if conn.SHOW { - fmt.Println(conn.MARK, "ReadV") - } - } - buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } - } - if err != nil { - return err - } - } - }() - if err != nil && errors.Cause(err) != io.EOF { - return err - } - return nil -} diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 30b52ad35a7b..029d4effb534 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -5,7 +5,6 @@ import ( "io" "strconv" "strings" - "syscall" "time" "github.com/xtls/xray-core/common" @@ -13,7 +12,6 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" udp_proto "github.com/xtls/xray-core/common/protocol/udp" "github.com/xtls/xray-core/common/retry" @@ -23,25 +21,16 @@ import ( "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" - "github.com/xtls/xray-core/transport/internet/xtls" ) func init() { common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewServer(ctx, config.(*ServerConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Server is an inbound connection handler that handles messages in trojan protocol. @@ -235,39 +224,6 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher) } - // handle tcp request - account, ok := user.Account.(*MemoryAccount) - if !ok { - return newError("user account is not valid") - } - - var rawConn syscall.RawConn - - switch clientReader.Flow { - case XRO, XRD: - if account.Flow == clientReader.Flow { - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(clientReader.Flow + " doesn't support Mux").AtWarning() - } - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if clientReader.Flow == XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } else { - return newError(account.Password + " is not able to use " + clientReader.Flow).AtWarning() - } - case "": - } - ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ From: conn.RemoteAddr(), To: destination, @@ -277,7 +233,7 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con }) newError("received request for ", destination).WriteToLog(sid) - return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher, iConn, rawConn, statConn) + return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher, iConn, statConn) } func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReader, clientWriter *PacketWriter, dispatcher routing.Dispatcher) error { @@ -343,7 +299,7 @@ func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReade func (s *Server) handleConnection(ctx context.Context, sessionPolicy policy.Session, destination net.Destination, clientReader buf.Reader, - clientWriter buf.Writer, dispatcher routing.Dispatcher, iConn stat.Connection, rawConn syscall.RawConn, statConn *stat.CounterConnection, + clientWriter buf.Writer, dispatcher routing.Dispatcher, iConn stat.Connection, statConn *stat.CounterConnection, ) error { ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -356,18 +312,7 @@ func (s *Server) handleConnection(ctx context.Context, sessionPolicy policy.Sess requestDone := func() error { defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly) - - var err error - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - err = ReadV(clientReader, link.Writer, timer, iConn.(*xtls.Conn), rawConn, counter, nil) - } else { - err = buf.Copy(clientReader, link.Writer, buf.UpdateActivity(timer)) - } - if err != nil { + if buf.Copy(clientReader, link.Writer, buf.UpdateActivity(timer)) != nil { return newError("failed to transfer request").Base(err) } return nil @@ -406,12 +351,6 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - cs := xtlsConn.ConnectionState() - name = cs.ServerName - alpn = cs.NegotiatedProtocol - newError("realName = " + name).AtInfo().WriteToLog(sid) - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } else if realityConn, ok := iConn.(*reality.Conn); ok { cs := realityConn.ConnectionState() name = cs.ServerName diff --git a/proxy/vless/account.go b/proxy/vless/account.go index 40443424da3a..b20a9539b3a5 100644 --- a/proxy/vless/account.go +++ b/proxy/vless/account.go @@ -22,7 +22,7 @@ func (a *Account) AsAccount() (protocol.Account, error) { type MemoryAccount struct { // ID of the account. ID *protocol.ID - // Flow of the account. May be "xtls-rprx-direct". + // Flow of the account. May be "xtls-rprx-vision". Flow string // Encryption of the account. Used for client connections, and only accepts "none" for now. Encryption string diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index ea425c735197..a52fc8f1d582 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -27,7 +27,7 @@ type Account struct { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Flow settings. May be "xtls-rprx-direct". + // Flow settings. May be "xtls-rprx-vision". Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` // Encryption settings. Only applies to client side, and only accepts "none" for now. Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"` diff --git a/proxy/vless/account.proto b/proxy/vless/account.proto index 38bd614485b4..51d2cb7deaaf 100644 --- a/proxy/vless/account.proto +++ b/proxy/vless/account.proto @@ -9,7 +9,7 @@ option java_multiple_files = true; message Account { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". string id = 1; - // Flow settings. May be "xtls-rprx-direct". + // Flow settings. May be "xtls-rprx-vision". string flow = 2; // Encryption settings. Only applies to client side, and only accepts "none" for now. string encryption = 3; diff --git a/proxy/vless/encoding/addons.go b/proxy/vless/encoding/addons.go index fb457412ecd1..d62e400f697c 100644 --- a/proxy/vless/encoding/addons.go +++ b/proxy/vless/encoding/addons.go @@ -11,7 +11,7 @@ import ( func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error { switch addons.Flow { - case vless.XRO, vless.XRD, vless.XRV: + case vless.XRV: bytes, err := proto.Marshal(addons) if err != nil { return newError("failed to marshal addons protobuf value").Base(err) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index c7edf486e483..b96acee91e56 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -6,7 +6,6 @@ import ( "bytes" "context" "crypto/rand" - "fmt" "io" "math/big" "runtime" @@ -24,7 +23,6 @@ import ( "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) const ( @@ -206,65 +204,6 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A return responseAddons, nil } -func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter, ctx context.Context) error { - err := func() error { - var ct stats.Counter - for { - if conn.DirectIn { - conn.DirectIn = false - if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil { - iConn := inbound.Conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - if xc, ok := iConn.(*xtls.Conn); ok { - iConn = xc.NetConn() - } - if tc, ok := iConn.(*net.TCPConn); ok { - if conn.SHOW { - fmt.Println(conn.MARK, "Splice") - } - runtime.Gosched() // necessary - w, err := tc.ReadFrom(conn.NetConn()) - if counter != nil { - counter.Add(w) - } - if statConn != nil && statConn.WriteCounter != nil { - statConn.WriteCounter.Add(w) - } - return err - } else { - panic("XTLS Splice: not TCP inbound") - } - } - reader = buf.NewReadVReader(conn.NetConn(), rawConn, nil) - ct = counter - if conn.SHOW { - fmt.Println(conn.MARK, "ReadV") - } - } - buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } - } - if err != nil { - return err - } - } - }() - if err != nil && errors.Cause(err) != io.EOF { - return err - } - return nil -} - // XtlsRead filter and read xtls protocol func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, input *bytes.Reader, rawInput *bytes.Buffer, diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 434dec79430e..642cc39f7497 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -20,7 +20,6 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -37,11 +36,8 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) -var xtls_show = false - func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { var dc dns.Client @@ -53,13 +49,6 @@ func init() { } return New(ctx, config.(*Config), dc) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an inbound connection handler that handles messages in VLess protocol. @@ -241,12 +230,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - cs := xtlsConn.ConnectionState() - name = cs.ServerName - alpn = cs.NegotiatedProtocol - newError("realName = " + name).AtInfo().WriteToLog(sid) - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } else if realityConn, ok := iConn.(*reality.Conn); ok { cs := realityConn.ConnectionState() name = cs.ServerName @@ -479,7 +462,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } } switch requestAddons.Flow { - case vless.XRO, vless.XRD, vless.XRV: + case vless.XRV: if accountFlow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: @@ -487,51 +470,35 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s case protocol.RequestCommandUDP: return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() case protocol.RequestCommandTCP: - if requestAddons.Flow == vless.XRV { - var t reflect.Type - var p uintptr - if tlsConn, ok := iConn.(*tls.Conn); ok { - if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() - } - netConn = tlsConn.NetConn() - t = reflect.TypeOf(tlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(tlsConn.Conn)) - } else if realityConn, ok := iConn.(*reality.Conn); ok { - netConn = realityConn.NetConn() - t = reflect.TypeOf(realityConn.Conn).Elem() - p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*tls.UConn); ok { - return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() - } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() - } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() - } - if pc, ok := netConn.(*proxyproto.Conn); ok { - netConn = pc.Raw() - // 8192 > 4096, there is no need to process pc's bufReader - } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - i, _ := t.FieldByName("input") - r, _ := t.FieldByName("rawInput") - input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) - rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } + var t reflect.Type + var p uintptr + if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } + netConn = tlsConn.NetConn() + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) + } else if _, ok := iConn.(*tls.UConn); ok { + return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() + return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + } + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() @@ -589,12 +556,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) - if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) - } else { - err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) - } + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 6991d2765c62..cde09bade72d 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -15,7 +15,6 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -32,22 +31,12 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) -var xtls_show = false - func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an outbound connection handler for VLess protocol. @@ -140,11 +129,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var rawInput *bytes.Buffer allowUDP443 := false switch requestAddons.Flow { - case vless.XRO + "-udp443", vless.XRD + "-udp443", vless.XRS + "-udp443", vless.XRV + "-udp443": + case vless.XRV + "-udp443": allowUDP443 = true requestAddons.Flow = requestAddons.Flow[:16] fallthrough - case vless.XRO, vless.XRD, vless.XRS, vless.XRV: + case vless.XRV: switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -154,53 +143,30 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } requestAddons.Flow = "" case protocol.RequestCommandTCP: - if requestAddons.Flow == vless.XRV { - var t reflect.Type - var p uintptr - if tlsConn, ok := iConn.(*tls.Conn); ok { - netConn = tlsConn.NetConn() - t = reflect.TypeOf(tlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(tlsConn.Conn)) - } else if utlsConn, ok := iConn.(*tls.UConn); ok { - netConn = utlsConn.NetConn() - t = reflect.TypeOf(utlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(utlsConn.Conn)) - } else if realityConn, ok := iConn.(*reality.UConn); ok { - netConn = realityConn.NetConn() - t = reflect.TypeOf(realityConn.Conn).Elem() - p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() - } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() - } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - i, _ := t.FieldByName("input") - r, _ := t.FieldByName("rawInput") - input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) - rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRS { - requestAddons.Flow = vless.XRD - } - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } + var t reflect.Type + var p uintptr + if tlsConn, ok := iConn.(*tls.Conn); ok { + netConn = tlsConn.NetConn() + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if utlsConn, ok := iConn.(*tls.UConn); ok { + netConn = utlsConn.NetConn() + t = reflect.TypeOf(utlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(utlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.UConn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() + return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } - } - default: - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in VLESS "flow" when using XTLS.`) + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } } @@ -320,15 +286,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.ReadCounter } - if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) - } else { - if requestAddons.Flow != vless.XRS { - ctx = session.ContextWithInbound(ctx, nil) - } - err = encoding.ReadV(serverReader, clientWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) - } + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) diff --git a/proxy/vless/vless.go b/proxy/vless/vless.go index 1e78b8afbadd..09827a540eba 100644 --- a/proxy/vless/vless.go +++ b/proxy/vless/vless.go @@ -8,8 +8,5 @@ package vless //go:generate go run github.com/xtls/xray-core/common/errors/errorgen const ( - XRO = "xtls-rprx-origin" - XRD = "xtls-rprx-direct" - XRS = "xtls-rprx-splice" XRV = "xtls-rprx-vision" ) diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go index 2a7727eec147..a0032b36694e 100644 --- a/transport/internet/domainsocket/dial.go +++ b/transport/internet/domainsocket/dial.go @@ -12,7 +12,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (stat.Connection, error) { @@ -29,8 +28,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { return reality.UClient(conn, config, ctx, dest) } diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go index 9c05c95f03be..323321e4deee 100644 --- a/transport/internet/domainsocket/listener.go +++ b/transport/internet/domainsocket/listener.go @@ -9,7 +9,6 @@ import ( "os" "strings" - goxtls "github.com/xtls/go" goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" @@ -17,7 +16,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" "golang.org/x/sys/unix" ) @@ -25,7 +23,6 @@ type Listener struct { addr *net.UnixAddr ln net.Listener tlsConfig *gotls.Config - xtlsConfig *goxtls.Config realityConfig *goreality.Config config *Config addConn internet.ConnHandler @@ -64,9 +61,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { ln.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - ln.xtlsConfig = config.GetXTLSConfig() - } if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { ln.realityConfig = config.GetREALITYConfig() } @@ -100,8 +94,6 @@ func (ln *Listener) run() { go func() { if ln.tlsConfig != nil { conn = tls.Server(conn, ln.tlsConfig) - } else if ln.xtlsConfig != nil { - conn = xtls.Server(conn, ln.xtlsConfig) } else if ln.realityConfig != nil { if conn, err = reality.Server(conn, ln.realityConfig); err != nil { newError(err).AtInfo().WriteToLog() diff --git a/transport/internet/kcp/dialer.go b/transport/internet/kcp/dialer.go index dd6393bc6af6..3e8d1220e346 100644 --- a/transport/internet/kcp/dialer.go +++ b/transport/internet/kcp/dialer.go @@ -12,7 +12,6 @@ import ( "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) var globalConv = uint32(dice.RollUint16()) @@ -87,8 +86,6 @@ func DialKCP(ctx context.Context, dest net.Destination, streamSettings *internet if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest))) - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - iConn = xtls.Client(iConn, config.GetXTLSConfig(xtls.WithDestination(dest))) } return iConn, nil diff --git a/transport/internet/kcp/listener.go b/transport/internet/kcp/listener.go index 6cf2a5398340..baf38e6dbd52 100644 --- a/transport/internet/kcp/listener.go +++ b/transport/internet/kcp/listener.go @@ -6,7 +6,6 @@ import ( gotls "crypto/tls" "sync" - goxtls "github.com/xtls/go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" @@ -14,7 +13,6 @@ import ( "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" - "github.com/xtls/xray-core/transport/internet/xtls" ) type ConnectionID struct { @@ -29,7 +27,6 @@ type Listener struct { sessions map[ConnectionID]*Connection hub *udp.Hub tlsConfig *gotls.Config - xtlsConfig *goxtls.Config config *Config reader PacketReader header internet.PacketHeader @@ -62,9 +59,6 @@ func NewListener(ctx context.Context, address net.Address, port net.Port, stream if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig() - } hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024)) if err != nil { @@ -137,8 +131,6 @@ func (l *Listener) OnReceive(payload *buf.Buffer, src net.Destination) { var netConn stat.Connection = conn if l.tlsConfig != nil { netConn = tls.Server(conn, l.tlsConfig) - } else if l.xtlsConfig != nil { - netConn = xtls.Server(conn, l.xtlsConfig) } l.addConn(netConn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index c806246f23ac..840062b1f288 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -10,7 +10,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Dial dials a new TCP connection to the given destination. @@ -31,9 +30,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me } else { conn = tls.Client(conn, tlsConfig) } - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest)) - conn = xtls.Client(conn, xtlsConfig) } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { if conn, err = reality.UClient(conn, config, ctx, dest); err != nil { return nil, err diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index f6625ec13a6f..392228c60cf7 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -6,7 +6,6 @@ import ( "strings" "time" - goxtls "github.com/xtls/go" goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" @@ -15,14 +14,12 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Listener is an internet.Listener that listens for TCP connections. type Listener struct { listener net.Listener tlsConfig *gotls.Config - xtlsConfig *goxtls.Config realityConfig *goreality.Config authConfig internet.ConnectionAuthenticator config *Config @@ -78,9 +75,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig() - } if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { l.realityConfig = config.GetREALITYConfig() } @@ -118,8 +112,6 @@ func (v *Listener) keepAccepting() { go func() { if v.tlsConfig != nil { conn = tls.Server(conn, v.tlsConfig) - } else if v.xtlsConfig != nil { - conn = xtls.Server(conn, v.xtlsConfig) } else if v.realityConfig != nil { if conn, err = reality.Server(conn, v.realityConfig); err != nil { newError(err).AtInfo().WriteToLog() diff --git a/transport/internet/xtls/config.go b/transport/internet/xtls/config.go deleted file mode 100644 index c1d93f4c6801..000000000000 --- a/transport/internet/xtls/config.go +++ /dev/null @@ -1,377 +0,0 @@ -package xtls - -import ( - "crypto/hmac" - "crypto/x509" - "encoding/base64" - "strings" - "sync" - "time" - - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/ocsp" - "github.com/xtls/xray-core/common/platform/filesystem" - "github.com/xtls/xray-core/common/protocol/tls/cert" - "github.com/xtls/xray-core/transport/internet" - "github.com/xtls/xray-core/transport/internet/tls" -) - -var globalSessionCache = xtls.NewLRUClientSessionCache(128) - -// ParseCertificate converts a cert.Certificate to Certificate. -func ParseCertificate(c *cert.Certificate) *Certificate { - if c != nil { - certPEM, keyPEM := c.ToPEM() - return &Certificate{ - Certificate: certPEM, - Key: keyPEM, - } - } - return nil -} - -func (c *Config) loadSelfCertPool() (*x509.CertPool, error) { - root := x509.NewCertPool() - for _, cert := range c.Certificate { - if !root.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("failed to append cert").AtWarning() - } - } - return root, nil -} - -// BuildCertificates builds a list of TLS certificates from proto definition. -func (c *Config) BuildCertificates() []*xtls.Certificate { - certs := make([]*xtls.Certificate, 0, len(c.Certificate)) - for _, entry := range c.Certificate { - if entry.Usage != Certificate_ENCIPHERMENT { - continue - } - keyPair, err := xtls.X509KeyPair(entry.Certificate, entry.Key) - if err != nil { - newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog() - continue - } - keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0]) - if err != nil { - newError("ignoring invalid certificate").Base(err).AtWarning().WriteToLog() - continue - } - certs = append(certs, &keyPair) - if !entry.OneTimeLoading { - var isOcspstapling bool - hotReloadInterval := uint64(3600) - if entry.OcspStapling != 0 { - hotReloadInterval = entry.OcspStapling - isOcspstapling = true - } - index := len(certs) - 1 - go func(entry *Certificate, cert *xtls.Certificate, index int) { - t := time.NewTicker(time.Duration(hotReloadInterval) * time.Second) - for { - if entry.CertificatePath != "" && entry.KeyPath != "" { - newCert, err := filesystem.ReadFile(entry.CertificatePath) - if err != nil { - newError("failed to parse certificate").Base(err).AtError().WriteToLog() - <-t.C - continue - } - newKey, err := filesystem.ReadFile(entry.KeyPath) - if err != nil { - newError("failed to parse key").Base(err).AtError().WriteToLog() - <-t.C - continue - } - if string(newCert) != string(entry.Certificate) && string(newKey) != string(entry.Key) { - newKeyPair, err := xtls.X509KeyPair(newCert, newKey) - if err != nil { - newError("ignoring invalid X509 key pair").Base(err).AtError().WriteToLog() - <-t.C - continue - } - if newKeyPair.Leaf, err = x509.ParseCertificate(newKeyPair.Certificate[0]); err != nil { - newError("ignoring invalid certificate").Base(err).AtError().WriteToLog() - <-t.C - continue - } - cert = &newKeyPair - } - } - if isOcspstapling { - if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil { - newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog() - } else if string(newOCSPData) != string(cert.OCSPStaple) { - cert.OCSPStaple = newOCSPData - } - } - certs[index] = cert - <-t.C - } - }(entry, certs[index], index) - } - } - return certs -} - -func isCertificateExpired(c *xtls.Certificate) bool { - if c.Leaf == nil && len(c.Certificate) > 0 { - if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil { - c.Leaf = pc - } - } - - // If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate. - return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute)) -} - -func issueCertificate(rawCA *Certificate, domain string) (*xtls.Certificate, error) { - parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key) - if err != nil { - return nil, newError("failed to parse raw certificate").Base(err) - } - newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain)) - if err != nil { - return nil, newError("failed to generate new certificate for ", domain).Base(err) - } - newCertPEM, newKeyPEM := newCert.ToPEM() - cert, err := xtls.X509KeyPair(newCertPEM, newKeyPEM) - return &cert, err -} - -func (c *Config) getCustomCA() []*Certificate { - certs := make([]*Certificate, 0, len(c.Certificate)) - for _, certificate := range c.Certificate { - if certificate.Usage == Certificate_AUTHORITY_ISSUE { - certs = append(certs, certificate) - } - } - return certs -} - -func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - var access sync.RWMutex - - return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - domain := hello.ServerName - certExpired := false - - access.RLock() - certificate, found := c.NameToCertificate[domain] - access.RUnlock() - - if found { - if !isCertificateExpired(certificate) { - return certificate, nil - } - certExpired = true - } - - if certExpired { - newCerts := make([]xtls.Certificate, 0, len(c.Certificates)) - - access.Lock() - for _, certificate := range c.Certificates { - if !isCertificateExpired(&certificate) { - newCerts = append(newCerts, certificate) - } - } - - c.Certificates = newCerts - access.Unlock() - } - - var issuedCertificate *xtls.Certificate - - // Create a new certificate from existing CA if possible - for _, rawCert := range ca { - if rawCert.Usage == Certificate_AUTHORITY_ISSUE { - newCert, err := issueCertificate(rawCert, domain) - if err != nil { - newError("failed to issue new certificate for ", domain).Base(err).WriteToLog() - continue - } - - access.Lock() - c.Certificates = append(c.Certificates, *newCert) - issuedCertificate = &c.Certificates[len(c.Certificates)-1] - access.Unlock() - break - } - } - - if issuedCertificate == nil { - return nil, newError("failed to create a new certificate for ", domain) - } - - access.Lock() - c.BuildNameToCertificate() - access.Unlock() - - return issuedCertificate, nil - } -} - -func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - if len(certs) == 0 { - return nil, errNoCertificates - } - sni := strings.ToLower(hello.ServerName) - if !rejectUnknownSNI && (len(certs) == 1 || sni == "") { - return certs[0], nil - } - gsni := "*" - if index := strings.IndexByte(sni, '.'); index != -1 { - gsni += sni[index:] - } - for _, keyPair := range certs { - if keyPair.Leaf.Subject.CommonName == sni || keyPair.Leaf.Subject.CommonName == gsni { - return keyPair, nil - } - for _, name := range keyPair.Leaf.DNSNames { - if name == sni || name == gsni { - return keyPair, nil - } - } - } - if rejectUnknownSNI { - return nil, errNoCertificates - } - return certs[0], nil - } -} - -func (c *Config) parseServerName() string { - return c.ServerName -} - -func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { - if c.PinnedPeerCertificateChainSha256 != nil { - hashValue := tls.GenerateCertChainHash(rawCerts) - for _, v := range c.PinnedPeerCertificateChainSha256 { - if hmac.Equal(hashValue, v) { - return nil - } - } - return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue)) - } - return nil -} - -// GetXTLSConfig converts this Config into xtls.Config. -func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config { - root, err := c.getCertPool() - if err != nil { - newError("failed to load system root certificate").AtError().Base(err).WriteToLog() - } - - if c == nil { - return &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: false, - NextProtos: nil, - SessionTicketsDisabled: true, - } - } - - config := &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: c.AllowInsecure, - NextProtos: c.NextProtocol, - SessionTicketsDisabled: !c.EnableSessionResumption, - VerifyPeerCertificate: c.verifyPeerCert, - } - - for _, opt := range opts { - opt(config) - } - - caCerts := c.getCustomCA() - if len(caCerts) > 0 { - config.GetCertificate = getGetCertificateFunc(config, caCerts) - } else { - config.GetCertificate = getNewGetCertificateFunc(c.BuildCertificates(), c.RejectUnknownSni) - } - - if sn := c.parseServerName(); len(sn) > 0 { - config.ServerName = sn - } - - if len(config.NextProtos) == 0 { - config.NextProtos = []string{"h2", "http/1.1"} - } - - switch c.MinVersion { - case "1.0": - config.MinVersion = xtls.VersionTLS10 - case "1.1": - config.MinVersion = xtls.VersionTLS11 - case "1.2": - config.MinVersion = xtls.VersionTLS12 - case "1.3": - config.MinVersion = xtls.VersionTLS13 - } - - switch c.MaxVersion { - case "1.0": - config.MaxVersion = xtls.VersionTLS10 - case "1.1": - config.MaxVersion = xtls.VersionTLS11 - case "1.2": - config.MaxVersion = xtls.VersionTLS12 - case "1.3": - config.MaxVersion = xtls.VersionTLS13 - } - - if len(c.CipherSuites) > 0 { - id := make(map[string]uint16) - for _, s := range xtls.CipherSuites() { - id[s.Name] = s.ID - } - for _, n := range strings.Split(c.CipherSuites, ":") { - if id[n] != 0 { - config.CipherSuites = append(config.CipherSuites, id[n]) - } - } - } - - config.PreferServerCipherSuites = c.PreferServerCipherSuites - - return config -} - -// Option for building XTLS config. -type Option func(*xtls.Config) - -// WithDestination sets the server name in XTLS config. -func WithDestination(dest net.Destination) Option { - return func(config *xtls.Config) { - if dest.Address.Family().IsDomain() && config.ServerName == "" { - config.ServerName = dest.Address.Domain() - } - } -} - -// WithNextProto sets the ALPN values in XTLS config. -func WithNextProto(protocol ...string) Option { - return func(config *xtls.Config) { - if len(config.NextProtos) == 0 { - config.NextProtos = protocol - } - } -} - -// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found. -func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config { - if settings == nil { - return nil - } - config, ok := settings.SecuritySettings.(*Config) - if !ok { - return nil - } - return config -} diff --git a/transport/internet/xtls/config.pb.go b/transport/internet/xtls/config.pb.go deleted file mode 100644 index edb1f3ff79d8..000000000000 --- a/transport/internet/xtls/config.pb.go +++ /dev/null @@ -1,478 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 -// source: transport/internet/xtls/config.proto - -package xtls - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Certificate_Usage int32 - -const ( - Certificate_ENCIPHERMENT Certificate_Usage = 0 - Certificate_AUTHORITY_VERIFY Certificate_Usage = 1 - Certificate_AUTHORITY_ISSUE Certificate_Usage = 2 -) - -// Enum value maps for Certificate_Usage. -var ( - Certificate_Usage_name = map[int32]string{ - 0: "ENCIPHERMENT", - 1: "AUTHORITY_VERIFY", - 2: "AUTHORITY_ISSUE", - } - Certificate_Usage_value = map[string]int32{ - "ENCIPHERMENT": 0, - "AUTHORITY_VERIFY": 1, - "AUTHORITY_ISSUE": 2, - } -) - -func (x Certificate_Usage) Enum() *Certificate_Usage { - p := new(Certificate_Usage) - *p = x - return p -} - -func (x Certificate_Usage) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor { - return file_transport_internet_xtls_config_proto_enumTypes[0].Descriptor() -} - -func (Certificate_Usage) Type() protoreflect.EnumType { - return &file_transport_internet_xtls_config_proto_enumTypes[0] -} - -func (x Certificate_Usage) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use Certificate_Usage.Descriptor instead. -func (Certificate_Usage) EnumDescriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0, 0} -} - -type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TLS certificate in x509 format. - Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"` - // TLS key in x509 format. - Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` - Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=xray.transport.internet.xtls.Certificate_Usage" json:"usage,omitempty"` - OcspStapling uint64 `protobuf:"varint,4,opt,name=ocsp_stapling,json=ocspStapling,proto3" json:"ocsp_stapling,omitempty"` - // TLS certificate path - CertificatePath string `protobuf:"bytes,5,opt,name=certificate_path,json=certificatePath,proto3" json:"certificate_path,omitempty"` - // TLS Key path - KeyPath string `protobuf:"bytes,6,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"` - // If true, one-Time Loading - OneTimeLoading bool `protobuf:"varint,7,opt,name=One_time_loading,json=OneTimeLoading,proto3" json:"One_time_loading,omitempty"` -} - -func (x *Certificate) Reset() { - *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Certificate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Certificate) ProtoMessage() {} - -func (x *Certificate) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. -func (*Certificate) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0} -} - -func (x *Certificate) GetCertificate() []byte { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Certificate) GetKey() []byte { - if x != nil { - return x.Key - } - return nil -} - -func (x *Certificate) GetUsage() Certificate_Usage { - if x != nil { - return x.Usage - } - return Certificate_ENCIPHERMENT -} - -func (x *Certificate) GetOcspStapling() uint64 { - if x != nil { - return x.OcspStapling - } - return 0 -} - -func (x *Certificate) GetCertificatePath() string { - if x != nil { - return x.CertificatePath - } - return "" -} - -func (x *Certificate) GetKeyPath() string { - if x != nil { - return x.KeyPath - } - return "" -} - -func (x *Certificate) GetOneTimeLoading() bool { - if x != nil { - return x.OneTimeLoading - } - return false -} - -type Config struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether or not to allow self-signed certificates. - AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` - // List of certificates to be served on server. - Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"` - // Override server name. - ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` - // Lists of string as ALPN values. - NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"` - // Whether or not to enable session (ticket) resumption. - EnableSessionResumption bool `protobuf:"varint,5,opt,name=enable_session_resumption,json=enableSessionResumption,proto3" json:"enable_session_resumption,omitempty"` - // If true, root certificates on the system will not be loaded for - // verification. - DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"` - // The minimum TLS version. - MinVersion string `protobuf:"bytes,7,opt,name=min_version,json=minVersion,proto3" json:"min_version,omitempty"` - // The maximum TLS version. - MaxVersion string `protobuf:"bytes,8,opt,name=max_version,json=maxVersion,proto3" json:"max_version,omitempty"` - // Specify cipher suites, except for TLS 1.3. - CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` - // Whether the server selects its most preferred ciphersuite. - PreferServerCipherSuites bool `protobuf:"varint,10,opt,name=prefer_server_cipher_suites,json=preferServerCipherSuites,proto3" json:"prefer_server_cipher_suites,omitempty"` - RejectUnknownSni bool `protobuf:"varint,12,opt,name=reject_unknown_sni,json=rejectUnknownSni,proto3" json:"reject_unknown_sni,omitempty"` - // @Document A pinned certificate chain sha256 hash. - // @Document If the server's hash does not match this value, the connection will be aborted. - // @Document This value replace allow_insecure. - // @Critical - PinnedPeerCertificateChainSha256 [][]byte `protobuf:"bytes,13,rep,name=pinned_peer_certificate_chain_sha256,json=pinnedPeerCertificateChainSha256,proto3" json:"pinned_peer_certificate_chain_sha256,omitempty"` -} - -func (x *Config) Reset() { - *x = Config{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Config) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Config) ProtoMessage() {} - -func (x *Config) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Config.ProtoReflect.Descriptor instead. -func (*Config) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{1} -} - -func (x *Config) GetAllowInsecure() bool { - if x != nil { - return x.AllowInsecure - } - return false -} - -func (x *Config) GetCertificate() []*Certificate { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Config) GetServerName() string { - if x != nil { - return x.ServerName - } - return "" -} - -func (x *Config) GetNextProtocol() []string { - if x != nil { - return x.NextProtocol - } - return nil -} - -func (x *Config) GetEnableSessionResumption() bool { - if x != nil { - return x.EnableSessionResumption - } - return false -} - -func (x *Config) GetDisableSystemRoot() bool { - if x != nil { - return x.DisableSystemRoot - } - return false -} - -func (x *Config) GetMinVersion() string { - if x != nil { - return x.MinVersion - } - return "" -} - -func (x *Config) GetMaxVersion() string { - if x != nil { - return x.MaxVersion - } - return "" -} - -func (x *Config) GetCipherSuites() string { - if x != nil { - return x.CipherSuites - } - return "" -} - -func (x *Config) GetPreferServerCipherSuites() bool { - if x != nil { - return x.PreferServerCipherSuites - } - return false -} - -func (x *Config) GetRejectUnknownSni() bool { - if x != nil { - return x.RejectUnknownSni - } - return false -} - -func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte { - if x != nil { - return x.PinnedPeerCertificateChainSha256 - } - return nil -} - -var File_transport_internet_xtls_config_proto protoreflect.FileDescriptor - -var file_transport_internet_xtls_config_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1c, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, - 0x78, 0x74, 0x6c, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x2e, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, - 0x23, 0x0a, 0x0d, 0x6f, 0x63, 0x73, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x69, 0x6e, 0x67, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x53, 0x74, 0x61, 0x70, - 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, - 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x12, 0x28, 0x0a, 0x10, 0x4f, 0x6e, - 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6c, 0x6f, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x4f, 0x6e, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x4c, 0x6f, 0x61, - 0x64, 0x69, 0x6e, 0x67, 0x22, 0x44, 0x0a, 0x05, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, - 0x0c, 0x45, 0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, - 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, - 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xd2, 0x04, 0x0a, 0x06, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, - 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4b, 0x0a, 0x0b, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x29, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, - 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6e, 0x65, - 0x78, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, - 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x17, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x13, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x72, 0x6f, - 0x6f, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, - 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, - 0x6d, 0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, - 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, - 0x65, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x6e, 0x6b, 0x6e, - 0x6f, 0x77, 0x6e, 0x5f, 0x73, 0x6e, 0x69, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, - 0x65, 0x6a, 0x65, 0x63, 0x74, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x6e, 0x69, 0x12, - 0x4e, 0x0a, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, - 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x20, 0x70, - 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, - 0x76, 0x0a, 0x20, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, - 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, - 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1c, 0x58, 0x72, 0x61, 0x79, 0x2e, - 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x65, 0x74, 0x2e, 0x58, 0x74, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_transport_internet_xtls_config_proto_rawDescOnce sync.Once - file_transport_internet_xtls_config_proto_rawDescData = file_transport_internet_xtls_config_proto_rawDesc -) - -func file_transport_internet_xtls_config_proto_rawDescGZIP() []byte { - file_transport_internet_xtls_config_proto_rawDescOnce.Do(func() { - file_transport_internet_xtls_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_xtls_config_proto_rawDescData) - }) - return file_transport_internet_xtls_config_proto_rawDescData -} - -var file_transport_internet_xtls_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_transport_internet_xtls_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_transport_internet_xtls_config_proto_goTypes = []interface{}{ - (Certificate_Usage)(0), // 0: xray.transport.internet.xtls.Certificate.Usage - (*Certificate)(nil), // 1: xray.transport.internet.xtls.Certificate - (*Config)(nil), // 2: xray.transport.internet.xtls.Config -} -var file_transport_internet_xtls_config_proto_depIdxs = []int32{ - 0, // 0: xray.transport.internet.xtls.Certificate.usage:type_name -> xray.transport.internet.xtls.Certificate.Usage - 1, // 1: xray.transport.internet.xtls.Config.certificate:type_name -> xray.transport.internet.xtls.Certificate - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_transport_internet_xtls_config_proto_init() } -func file_transport_internet_xtls_config_proto_init() { - if File_transport_internet_xtls_config_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_transport_internet_xtls_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_transport_internet_xtls_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Config); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_transport_internet_xtls_config_proto_rawDesc, - NumEnums: 1, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_transport_internet_xtls_config_proto_goTypes, - DependencyIndexes: file_transport_internet_xtls_config_proto_depIdxs, - EnumInfos: file_transport_internet_xtls_config_proto_enumTypes, - MessageInfos: file_transport_internet_xtls_config_proto_msgTypes, - }.Build() - File_transport_internet_xtls_config_proto = out.File - file_transport_internet_xtls_config_proto_rawDesc = nil - file_transport_internet_xtls_config_proto_goTypes = nil - file_transport_internet_xtls_config_proto_depIdxs = nil -} diff --git a/transport/internet/xtls/config.proto b/transport/internet/xtls/config.proto deleted file mode 100644 index e2e57e558c80..000000000000 --- a/transport/internet/xtls/config.proto +++ /dev/null @@ -1,76 +0,0 @@ -syntax = "proto3"; - -package xray.transport.internet.xtls; -option csharp_namespace = "Xray.Transport.Internet.Xtls"; -option go_package = "github.com/xtls/xray-core/transport/internet/xtls"; -option java_package = "com.xray.transport.internet.xtls"; -option java_multiple_files = true; - -message Certificate { - // TLS certificate in x509 format. - bytes certificate = 1; - - // TLS key in x509 format. - bytes key = 2; - - enum Usage { - ENCIPHERMENT = 0; - AUTHORITY_VERIFY = 1; - AUTHORITY_ISSUE = 2; - } - - Usage usage = 3; - - uint64 ocsp_stapling = 4; - - // TLS certificate path - string certificate_path = 5; - - // TLS Key path - string key_path = 6; - - // If true, one-Time Loading - bool One_time_loading = 7; -} - -message Config { - // Whether or not to allow self-signed certificates. - bool allow_insecure = 1; - - // List of certificates to be served on server. - repeated Certificate certificate = 2; - - // Override server name. - string server_name = 3; - - // Lists of string as ALPN values. - repeated string next_protocol = 4; - - // Whether or not to enable session (ticket) resumption. - bool enable_session_resumption = 5; - - // If true, root certificates on the system will not be loaded for - // verification. - bool disable_system_root = 6; - - // The minimum TLS version. - string min_version = 7; - - // The maximum TLS version. - string max_version = 8; - - // Specify cipher suites, except for TLS 1.3. - string cipher_suites = 9; - - // Whether the server selects its most preferred ciphersuite. - bool prefer_server_cipher_suites = 10; - - bool reject_unknown_sni = 12; - - /* @Document A pinned certificate chain sha256 hash. - @Document If the server's hash does not match this value, the connection will be aborted. - @Document This value replace allow_insecure. - @Critical - */ - repeated bytes pinned_peer_certificate_chain_sha256 = 13; -} diff --git a/transport/internet/xtls/config_other.go b/transport/internet/xtls/config_other.go deleted file mode 100644 index a429cf37c09c..000000000000 --- a/transport/internet/xtls/config_other.go +++ /dev/null @@ -1,53 +0,0 @@ -//go:build !windows -// +build !windows - -package xtls - -import ( - "crypto/x509" - "sync" -) - -type rootCertsCache struct { - sync.Mutex - pool *x509.CertPool -} - -func (c *rootCertsCache) load() (*x509.CertPool, error) { - c.Lock() - defer c.Unlock() - - if c.pool != nil { - return c.pool, nil - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - c.pool = pool - return pool, nil -} - -var rootCerts rootCertsCache - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - if len(c.Certificate) == 0 { - return rootCerts.load() - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, newError("system root").AtWarning().Base(err) - } - for _, cert := range c.Certificate { - if !pool.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("append cert to root").AtWarning().Base(err) - } - } - return pool, err -} diff --git a/transport/internet/xtls/config_test.go b/transport/internet/xtls/config_test.go deleted file mode 100644 index bd7fbf1d1276..000000000000 --- a/transport/internet/xtls/config_test.go +++ /dev/null @@ -1,97 +0,0 @@ -package xtls_test - -import ( - "crypto/x509" - "testing" - "time" - - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/protocol/tls/cert" - . "github.com/xtls/xray-core/transport/internet/xtls" -) - -func TestCertificateIssuing(t *testing.T) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestExpiredCertificate(t *testing.T) { - caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)) - expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com")) - - certificate := ParseCertificate(caCert) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - certificate2 := ParseCertificate(expiredCert) - - c := &Config{ - Certificate: []*Certificate{ - certificate, - certificate2, - }, - } - - xtlsConfig := c.GetXTLSConfig() - xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestInsecureCertificates(t *testing.T) { - c := &Config{} - - xtlsConfig := c.GetXTLSConfig() - if len(xtlsConfig.CipherSuites) > 0 { - t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites) - } -} - -func BenchmarkCertificateIssuing(b *testing.B) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - lenCerts := len(xtlsConfig.Certificates) - - b.ResetTimer() - - for i := 0; i < b.N; i++ { - _, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - delete(xtlsConfig.NameToCertificate, "www.example.com") - xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts] - } -} diff --git a/transport/internet/xtls/config_windows.go b/transport/internet/xtls/config_windows.go deleted file mode 100644 index 68f82b409c95..000000000000 --- a/transport/internet/xtls/config_windows.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build windows -// +build windows - -package xtls - -import "crypto/x509" - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - return nil, nil -} diff --git a/transport/internet/xtls/errors.generated.go b/transport/internet/xtls/errors.generated.go deleted file mode 100644 index bce26cc1cf2b..000000000000 --- a/transport/internet/xtls/errors.generated.go +++ /dev/null @@ -1,9 +0,0 @@ -package xtls - -import "github.com/xtls/xray-core/common/errors" - -type errPathObjHolder struct{} - -func newError(values ...interface{}) *errors.Error { - return errors.New(values...).WithPathObj(errPathObjHolder{}) -} diff --git a/transport/internet/xtls/unsafe.go b/transport/internet/xtls/unsafe.go deleted file mode 100644 index 96c89416c441..000000000000 --- a/transport/internet/xtls/unsafe.go +++ /dev/null @@ -1,6 +0,0 @@ -package xtls - -import _ "unsafe" - -//go:linkname errNoCertificates github.com/xtls/go.errNoCertificates -var errNoCertificates error diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go deleted file mode 100644 index 452780d2a4d2..000000000000 --- a/transport/internet/xtls/xtls.go +++ /dev/null @@ -1,35 +0,0 @@ -package xtls - -import ( - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" -) - -//go:generate go run github.com/xtls/xray-core/common/errors/errorgen - -type Conn struct { - *xtls.Conn -} - -func (c *Conn) HandshakeAddress() net.Address { - if err := c.Handshake(); err != nil { - return nil - } - state := c.ConnectionState() - if state.ServerName == "" { - return nil - } - return net.ParseAddress(state.ServerName) -} - -// Client initiates a XTLS client handshake on the given connection. -func Client(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Client(c, config) - return &Conn{Conn: xtlsConn} -} - -// Server initiates a XTLS server handshake on the given connection. -func Server(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Server(c, config) - return &Conn{Conn: xtlsConn} -} From c04c333afc68fa43a630ed1022473994a987f804 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 4 Mar 2023 15:39:27 +0000 Subject: [PATCH 071/226] They become a part of you --- infra/conf/transport_internet.go | 11 ++++++++--- infra/conf/vless.go | 11 +---------- proxy/vless/inbound/inbound.go | 23 ++++++----------------- 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index b8f96f6ea049..c46bd964f11f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -700,7 +700,9 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { } config.ProtocolName = protocol } - if strings.EqualFold(c.Security, "tls") { + switch strings.ToLower(c.Security) { + case "", "none": + case "tls": tlsSettings := c.TLSSettings if tlsSettings == nil { tlsSettings = &TLSConfig{} @@ -712,8 +714,7 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { tm := serial.ToTypedMessage(ts) config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type - } - if strings.EqualFold(c.Security, "reality") { + case "reality": if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") } @@ -727,6 +728,10 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { tm := serial.ToTypedMessage(ts) config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type + case "xtls": + return nil, newError(`Please use VLESS flow "xtls-rprx-vision" with TLS or REALITY.`) + default: + return nil, newError(`Unknown security "` + c.Security + `".`) } if c.TCPSettings != nil { ts, err := c.TCPSettings.Build() diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 01a2090baca5..d829cdee4bb8 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -4,7 +4,6 @@ import ( "encoding/json" "runtime" "strconv" - "strings" "syscall" "github.com/golang/protobuf/proto" @@ -53,15 +52,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } account.Id = u.String() - accountFlow := account.Flow - flows := strings.Split(account.Flow, ",") - for _, f := range flows { - t := strings.TrimSpace(f) - if t != "none" { - accountFlow = t - } - } - switch accountFlow { + switch account.Flow { case "", vless.XRV: default: return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 642cc39f7497..b3def4bb0adc 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -450,20 +450,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var rawConn syscall.RawConn var input *bytes.Reader var rawInput *bytes.Buffer - allowNoneFlow := false - accountFlow := account.Flow - flows := strings.Split(account.Flow, ",") - for _, f := range flows { - t := strings.TrimSpace(f) - if t == "none" { - allowNoneFlow = true - } else { - accountFlow = t - } - } + switch requestAddons.Flow { case vless.XRV: - if accountFlow == requestAddons.Flow { + if account.Flow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -503,10 +493,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } - case "", "none": - if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { - return newError(account.ID.String() + " is not able to use " + vless.XRV + - ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + case "": + if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { + return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() @@ -557,7 +546,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) From 4a0b45d1ffb1afba0fd2c21db97f9b97e025f30c Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Wed, 8 Mar 2023 21:43:42 +0800 Subject: [PATCH 072/226] Output real private key in x25519 command (#1747) --- main/commands/all/x25519.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/main/commands/all/x25519.go b/main/commands/all/x25519.go index 4ab1d09d5b23..e7909d9bff9e 100644 --- a/main/commands/all/x25519.go +++ b/main/commands/all/x25519.go @@ -4,7 +4,6 @@ import ( "crypto/rand" "encoding/base64" "fmt" - "io" "github.com/xtls/xray-core/main/commands/base" "golang.org/x/crypto/curve25519" @@ -44,17 +43,26 @@ func executeX25519(cmd *base.Command, args []string) { goto out } } + if privateKey == nil { privateKey = make([]byte, curve25519.ScalarSize) - if _, err = io.ReadFull(rand.Reader, privateKey); err != nil { + if _, err = rand.Read(privateKey); err != nil { output = err.Error() goto out } } + + // Modify random bytes using algorithm described at: + // https://cr.yp.to/ecdh.html. + privateKey[0] &= 248 + privateKey[31] &= 127 + privateKey[31] |= 64 + if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil { output = err.Error() goto out } + output = fmt.Sprintf("Private key: %v\nPublic key: %v", base64.RawURLEncoding.EncodeToString(privateKey), base64.RawURLEncoding.EncodeToString(publicKey)) From 836e84b8510a9478bc00dd8690cb71a51a607d11 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Mar 2023 14:06:20 +0000 Subject: [PATCH 073/226] Add recover() to H2 server's flushWriter.Write() Fixes https://github.com/XTLS/Xray-core/issues/1748 --- transport/internet/http/dialer.go | 8 +++----- transport/internet/http/hub.go | 7 +++++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 75adc249b882..010a95a5936b 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -204,7 +204,7 @@ type WaitReadCloser struct { func (w *WaitReadCloser) Set(rc io.ReadCloser) { w.ReadCloser = rc defer func() { - if err := recover(); err != nil { + if recover() != nil { rc.Close() } }() @@ -225,10 +225,8 @@ func (w *WaitReadCloser) Close() error { return w.ReadCloser.Close() } defer func() { - if err := recover(); err != nil { - if w.ReadCloser != nil { - w.ReadCloser.Close() - } + if recover() != nil && w.ReadCloser != nil { + w.ReadCloser.Close() } }() close(w.Wait) diff --git a/transport/internet/http/hub.go b/transport/internet/http/hub.go index 54abe298ae5b..551f897e3e5a 100644 --- a/transport/internet/http/hub.go +++ b/transport/internet/http/hub.go @@ -51,6 +51,13 @@ func (fw flushWriter) Write(p []byte) (n int, err error) { return 0, io.ErrClosedPipe } + defer func() { + if recover() != nil { + fw.d.Close() + err = io.ErrClosedPipe + } + }() + n, err = fw.w.Write(p) if f, ok := fw.w.(http.Flusher); ok && err == nil { f.Flush() From c3322294be71ab2433b44f69d7f30db5001c510c Mon Sep 17 00:00:00 2001 From: xqzr <34030394+xqzr@users.noreply.github.com> Date: Thu, 9 Mar 2023 21:51:16 +0800 Subject: [PATCH 074/226] Add `tcpWindowClamp` to `sockopt` (#1757) Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 54 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 14 +++++++- 4 files changed, 49 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index c46bd964f11f..63c8fbed8cdd 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -616,6 +616,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + TCPWindowClamp int32 `json:"tcpWindowClamp"` V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -667,6 +668,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + TcpWindowClamp: c.TCPWindowClamp, V6Only: c.V6only, Interface: c.Interface, }, nil diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 1fd38539c76a..90dcd7863987 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -427,6 +427,7 @@ type SocketConfig struct { TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` + TcpWindowClamp int32 `protobuf:"varint,15,opt,name=tcp_window_clamp,json=tcpWindowClamp,proto3" json:"tcp_window_clamp,omitempty"` } func (x *SocketConfig) Reset() { @@ -559,6 +560,13 @@ func (x *SocketConfig) GetV6Only() bool { return false } +func (x *SocketConfig) GetTcpWindowClamp() int32 { + if x != nil { + return x.TcpWindowClamp + } + return 0 +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -611,7 +619,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x9e, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xc8, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -650,27 +658,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, - 0x6c, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, - 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, - 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, - 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, - 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, - 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, - 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, - 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, - 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, - 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x6c, 0x79, 0x12, 0x28, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, + 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, + 0x70, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x22, 0x2f, 0x0a, 0x0a, + 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, + 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, + 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, + 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, + 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, + 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, + 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, + 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, + 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, + 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, + 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, + 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, + 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, + 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 23a964fd3e3d..574d698e6266 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -102,4 +102,6 @@ message SocketConfig { string interface = 13; bool v6only = 14; + + int32 tcp_window_clamp = 15; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index e8376025e5ff..eda5de151056 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -46,7 +46,7 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set SO_MARK").Base(err) } } - + if config.Interface != "" { if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { return newError("failed to set Interface").Base(err) @@ -89,6 +89,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set TCP_CONGESTION", err) } } + + if config.TcpWindowClamp > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { + return newError("failed to set TCP_WINDOW_CLAMP", err) + } + } } if config.Tproxy.IsEnabled() { @@ -139,6 +145,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) return newError("failed to set TCP_CONGESTION", err) } } + + if config.TcpWindowClamp > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { + return newError("failed to set TCP_WINDOW_CLAMP", err) + } + } } if config.Tproxy.IsEnabled() { From d6801ab03162bedc20b336132a6cf2952bab7ac8 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 9 Mar 2023 13:55:09 +0000 Subject: [PATCH 075/226] v1.8.0 --- core/core.go | 4 +-- go.mod | 36 ++++++++++++------------- go.sum | 74 ++++++++++++++++++++++++++-------------------------- 3 files changed, 57 insertions(+), 57 deletions(-) diff --git a/core/core.go b/core/core.go index 8ab199364c8d..05148110910d 100644 --- a/core/core.go +++ b/core/core.go @@ -20,8 +20,8 @@ import ( var ( Version_x byte = 1 - Version_y byte = 7 - Version_z byte = 5 + Version_y byte = 8 + Version_z byte = 0 ) var ( diff --git a/go.mod b/go.mod index 6a63aec9a22f..58f1cd651d91 100644 --- a/go.mod +++ b/go.mod @@ -5,54 +5,54 @@ go 1.20 require ( github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.6.0 - github.com/golang/protobuf v1.5.2 + github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 github.com/miekg/dns v1.1.51 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 - github.com/refraction-networking/utls v1.2.2 + github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230227192902-524506d97551 - go.starlark.net v0.0.0-20230128213706-3f75dec8e403 - golang.org/x/crypto v0.6.0 - golang.org/x/net v0.7.0 + github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 + go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 + golang.org/x/crypto v0.7.0 + golang.org/x/net v0.8.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.5.0 + golang.org/x/sys v0.6.0 google.golang.org/grpc v1.53.0 - google.golang.org/protobuf v1.28.1 + google.golang.org/protobuf v1.29.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 ) require ( - github.com/andybalholm/brotli v1.0.4 // indirect + github.com/andybalholm/brotli v1.0.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect - github.com/klauspost/compress v1.15.15 // indirect - github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/onsi/ginkgo/v2 v2.8.1 // indirect + github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 // indirect + github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/onsi/ginkgo/v2 v2.9.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.1 // indirect github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect - golang.org/x/mod v0.8.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/exp v0.0.0-20230307190834-24139beb5833 // indirect + golang.org/x/mod v0.9.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.6.0 // indirect - google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect + golang.org/x/tools v0.7.0 // indirect + google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 3fc8c2b55d5a..ab32e439b7ac 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= +github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= @@ -58,8 +58,8 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= @@ -76,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U= -github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg= +github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 h1:CqYfpuYIjnlNxM3msdyPRKabhXZWbKjf3Q8BWROFBso= +github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -91,11 +91,11 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= -github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= +github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= +github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= -github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -112,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU= -github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= -github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q= +github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8= +github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -136,8 +136,8 @@ github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3w github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= -github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= -github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= +github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db h1:ULRv/GPW5KYDafE0FACN2no+HTCyQLUtfyOIeyp3GNc= +github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAfp7uwOCCw0+2CZ3sMY8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -189,13 +189,13 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= -github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 h1:LLtLxEe3S0Ko+ckqt4t29RLskpNdOZfgjZCC2/Byr50= +github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= -go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg= +go.starlark.net v0.0.0-20230302034142-4b1e35fe2254/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -205,11 +205,11 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230307190834-24139beb5833 h1:SChBja7BCQewoTAU7IgvucQKMIXrEpFxNMs0spT3/5s= +golang.org/x/exp v0.0.0-20230307190834-24139beb5833/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -217,8 +217,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -234,8 +234,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -265,8 +265,8 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -276,8 +276,8 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -293,8 +293,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -313,8 +313,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -333,8 +333,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= +google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= From f1e35ad9d42ee0c0e95f6d2b49b858775881c7f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Mar 2023 01:00:21 +0000 Subject: [PATCH 076/226] Bump github.com/sagernet/sing from 0.1.7 to 0.1.8 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.7 to 0.1.8. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.7...v0.1.8) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 58f1cd651d91..be50bf9f07e6 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db - github.com/sagernet/sing v0.1.7 + github.com/sagernet/sing v0.1.8 github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index ab32e439b7ac..0b7e80ff0b62 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mo github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= -github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= +github.com/sagernet/sing v0.1.8 h1:6DKo2FkSHn0nUcjO7bAext/ai7y7pCusK/+fScBJ5Jk= +github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From f57ec1388084df041a2289bacab14e446bf1b357 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 15 Mar 2023 14:42:32 +0800 Subject: [PATCH 077/226] Update UoT protocol --- app/proxyman/outbound/uot.go | 12 +++++++-- go.mod | 2 +- go.sum | 6 +++-- infra/conf/shadowsocks.go | 18 +++++++------ proxy/shadowsocks_2022/config.pb.go | 41 ++++++++++++++++++----------- proxy/shadowsocks_2022/config.proto | 1 + proxy/shadowsocks_2022/outbound.go | 24 ++++++++++------- 7 files changed, 66 insertions(+), 38 deletions(-) diff --git a/app/proxyman/outbound/uot.go b/app/proxyman/outbound/uot.go index a4af220cb79b..4610bd79fde7 100644 --- a/app/proxyman/outbound/uot.go +++ b/app/proxyman/outbound/uot.go @@ -11,13 +11,21 @@ import ( ) func (h *Handler) getUoTConnection(ctx context.Context, dest net.Destination) (stat.Connection, error) { - if !dest.Address.Family().IsDomain() || dest.Address.Domain() != uot.UOTMagicAddress { + if !dest.Address.Family().IsDomain() { + return nil, os.ErrInvalid + } + var uotVersion int + if dest.Address.Domain() == uot.MagicAddress { + uotVersion = uot.Version + } else if dest.Address.Domain() == uot.LegacyMagicAddress { + uotVersion = uot.LegacyVersion + } else { return nil, os.ErrInvalid } packetConn, err := internet.ListenSystemPacket(ctx, &net.UDPAddr{IP: net.AnyIP.IP(), Port: 0}, h.streamSettings.SocketSettings) if err != nil { return nil, newError("unable to listen socket").Base(err) } - conn := uot.NewServerConn(packetConn) + conn := uot.NewServerConn(packetConn, uotVersion) return h.getStatCouterConnection(conn), nil } diff --git a/go.mod b/go.mod index be50bf9f07e6..dfb7ca04d877 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db - github.com/sagernet/sing v0.1.8 + github.com/sagernet/sing v0.2.0 github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 0b7e80ff0b62..155155a2ef78 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,10 @@ github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mo github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.8 h1:6DKo2FkSHn0nUcjO7bAext/ai7y7pCusK/+fScBJ5Jk= -github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= +github.com/sagernet/sing v0.1.9-0.20230315063014-2731df16725b h1:1iKGftQ59+shDSx2RaLaxXJcMK/B+IU9WqUPwyBW+E0= +github.com/sagernet/sing v0.1.9-0.20230315063014-2731df16725b/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= +github.com/sagernet/sing v0.2.0 h1:iyc4TaeXG5XYXixl48zSDDTw46C9NOEAVFq6ZE0dA2k= +github.com/sagernet/sing v0.2.0/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go index 4b94c8e8b329..240d4aaa3e96 100644 --- a/infra/conf/shadowsocks.go +++ b/infra/conf/shadowsocks.go @@ -155,14 +155,15 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { } type ShadowsocksServerTarget struct { - Address *Address `json:"address"` - Port uint16 `json:"port"` - Cipher string `json:"method"` - Password string `json:"password"` - Email string `json:"email"` - Level byte `json:"level"` - IVCheck bool `json:"ivCheck"` - UoT bool `json:"uot"` + Address *Address `json:"address"` + Port uint16 `json:"port"` + Cipher string `json:"method"` + Password string `json:"password"` + Email string `json:"email"` + Level byte `json:"level"` + IVCheck bool `json:"ivCheck"` + UoT bool `json:"uot"` + UoTVersion int `json:"uotVersion"` } type ShadowsocksClientConfig struct { @@ -193,6 +194,7 @@ func (v *ShadowsocksClientConfig) Build() (proto.Message, error) { config.Method = server.Cipher config.Key = server.Password config.UdpOverTcp = server.UoT + config.UdpOverTcpVersion = uint32(server.UoTVersion) return config, nil } } diff --git a/proxy/shadowsocks_2022/config.pb.go b/proxy/shadowsocks_2022/config.pb.go index 50626f7a4b00..fd51459e4737 100644 --- a/proxy/shadowsocks_2022/config.pb.go +++ b/proxy/shadowsocks_2022/config.pb.go @@ -389,11 +389,12 @@ type ClientConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Address *net.IPOrDomain `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - Method string `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` - Key string `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` - UdpOverTcp bool `protobuf:"varint,5,opt,name=udp_over_tcp,json=udpOverTcp,proto3" json:"udp_over_tcp,omitempty"` + Address *net.IPOrDomain `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` + Method string `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` + Key string `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` + UdpOverTcp bool `protobuf:"varint,5,opt,name=udp_over_tcp,json=udpOverTcp,proto3" json:"udp_over_tcp,omitempty"` + UdpOverTcpVersion uint32 `protobuf:"varint,6,opt,name=udp_over_tcp_version,json=udpOverTcpVersion,proto3" json:"udp_over_tcp_version,omitempty"` } func (x *ClientConfig) Reset() { @@ -463,6 +464,13 @@ func (x *ClientConfig) GetUdpOverTcp() bool { return false } +func (x *ClientConfig) GetUdpOverTcpVersion() uint32 { + if x != nil { + return x.UdpOverTcpVersion + } + return 0 +} + var File_proxy_shadowsocks_2022_config_proto protoreflect.FileDescriptor var file_proxy_shadowsocks_2022_config_proto_rawDesc = []byte{ @@ -520,7 +528,7 @@ var file_proxy_shadowsocks_2022_config_proto_rawDesc = []byte{ 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xa5, 0x01, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xd6, 0x01, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x35, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, 0x65, @@ -531,15 +539,18 @@ var file_proxy_shadowsocks_2022_config_proto_rawDesc = []byte{ 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0c, 0x75, 0x64, 0x70, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x63, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x75, 0x64, 0x70, 0x4f, 0x76, - 0x65, 0x72, 0x54, 0x63, 0x70, 0x42, 0x72, 0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, - 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f, - 0x63, 0x6b, 0x73, 0x5f, 0x32, 0x30, 0x32, 0x32, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, - 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x73, 0x68, 0x61, 0x64, - 0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x5f, 0x32, 0x30, 0x32, 0x32, 0xaa, 0x02, 0x1a, 0x58, - 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, - 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x32, 0x30, 0x32, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x65, 0x72, 0x54, 0x63, 0x70, 0x12, 0x2f, 0x0a, 0x14, 0x75, 0x64, 0x70, 0x5f, 0x6f, 0x76, 0x65, + 0x72, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x11, 0x75, 0x64, 0x70, 0x4f, 0x76, 0x65, 0x72, 0x54, 0x63, 0x70, 0x56, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x72, 0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, + 0x6f, 0x63, 0x6b, 0x73, 0x5f, 0x32, 0x30, 0x32, 0x32, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x73, 0x68, 0x61, + 0x64, 0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x5f, 0x32, 0x30, 0x32, 0x32, 0xaa, 0x02, 0x1a, + 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f, + 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x32, 0x30, 0x32, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( diff --git a/proxy/shadowsocks_2022/config.proto b/proxy/shadowsocks_2022/config.proto index 2c4690e45ffc..605409913cb2 100644 --- a/proxy/shadowsocks_2022/config.proto +++ b/proxy/shadowsocks_2022/config.proto @@ -51,4 +51,5 @@ message ClientConfig { string method = 3; string key = 4; bool udp_over_tcp = 5; + uint32 udp_over_tcp_version = 6; } diff --git a/proxy/shadowsocks_2022/outbound.go b/proxy/shadowsocks_2022/outbound.go index cc23f737f8fe..5b1583cbc925 100644 --- a/proxy/shadowsocks_2022/outbound.go +++ b/proxy/shadowsocks_2022/outbound.go @@ -11,7 +11,6 @@ import ( C "github.com/sagernet/sing/common" B "github.com/sagernet/sing/common/buf" "github.com/sagernet/sing/common/bufio" - M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" "github.com/sagernet/sing/common/uot" "github.com/xtls/xray-core/common" @@ -29,10 +28,10 @@ func init() { } type Outbound struct { - ctx context.Context - server net.Destination - method shadowsocks.Method - uot bool + ctx context.Context + server net.Destination + method shadowsocks.Method + uotClient *uot.Client } func NewClient(ctx context.Context, config *ClientConfig) (*Outbound, error) { @@ -43,7 +42,6 @@ func NewClient(ctx context.Context, config *ClientConfig) (*Outbound, error) { Port: net.Port(config.Port), Network: net.Network_TCP, }, - uot: config.UdpOverTcp, } if C.Contains(shadowaead_2022.List, config.Method) { if config.Key == "" { @@ -57,6 +55,9 @@ func NewClient(ctx context.Context, config *ClientConfig) (*Outbound, error) { } else { return nil, newError("unknown method ", config.Method) } + if config.UdpOverTcp { + o.uotClient = &uot.Client{Version: uint8(config.UdpOverTcpVersion)} + } return o, nil } @@ -77,7 +78,7 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int newError("tunneling request to ", destination, " via ", o.server.NetAddr()).WriteToLog(session.ExportIDToError(ctx)) serverDestination := o.server - if o.uot { + if o.uotClient != nil { serverDestination.Network = net.Network_TCP } else { serverDestination.Network = network @@ -149,9 +150,12 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int } } - if o.uot { - serverConn := o.method.DialEarlyConn(connection, M.Socksaddr{Fqdn: uot.UOTMagicAddress}) - return returnError(bufio.CopyPacketConn(ctx, packetConn, uot.NewClientConn(serverConn))) + if o.uotClient != nil { + uConn, err := o.uotClient.DialEarlyConn(o.method.DialEarlyConn(connection, uot.RequestDestination(o.uotClient.Version)), false, toSocksaddr(destination)) + if err != nil { + return err + } + return returnError(bufio.CopyPacketConn(ctx, packetConn, uConn)) } else { serverConn := o.method.DialPacketConn(connection) return returnError(bufio.CopyPacketConn(ctx, packetConn, serverConn)) From 55efac7236ca63f7d16620190643a83c7d4ec4fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 17 Mar 2023 13:17:01 +0800 Subject: [PATCH 078/226] Reformat code --- common/protocol/headers.go | 3 +-- infra/conf/transport_internet.go | 4 ++-- proxy/vless/encoding/encoding.go | 2 +- proxy/vless/outbound/outbound.go | 2 +- transport/internet/headers/dns/dns.go | 1 - transport/internet/kcp/listener.go | 16 ++++++++-------- transport/internet/reality/reality.go | 6 ++++-- transport/internet/sockopt_linux.go | 22 +++++++++++----------- 8 files changed, 28 insertions(+), 28 deletions(-) diff --git a/common/protocol/headers.go b/common/protocol/headers.go index 8806ee803f71..0058d1c5c1f0 100644 --- a/common/protocol/headers.go +++ b/common/protocol/headers.go @@ -3,11 +3,10 @@ package protocol import ( "runtime" - "golang.org/x/sys/cpu" - "github.com/xtls/xray-core/common/bitmask" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/uuid" + "golang.org/x/sys/cpu" ) // RequestCommand is a custom command in a proxy request. diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 63c8fbed8cdd..7424c5487d7d 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -616,7 +616,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` - TCPWindowClamp int32 `json:"tcpWindowClamp"` + TCPWindowClamp int32 `json:"tcpWindowClamp"` V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -668,7 +668,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, - TcpWindowClamp: c.TCPWindowClamp, + TcpWindowClamp: c.TCPWindowClamp, V6Only: c.V6only, Interface: c.Interface, }, nil diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index b96acee91e56..27d1fb012395 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -485,7 +485,7 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool } paddingLen = int32(l.Int64()) } - if paddingLen > buf.Size - 21 - contentLen { + if paddingLen > buf.Size-21-contentLen { paddingLen = buf.Size - 21 - contentLen } newbuffer := buf.New() diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index cde09bade72d..b7bc69641de1 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -287,7 +287,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) diff --git a/transport/internet/headers/dns/dns.go b/transport/internet/headers/dns/dns.go index 5839bc8140b1..a7366d1a8072 100644 --- a/transport/internet/headers/dns/dns.go +++ b/transport/internet/headers/dns/dns.go @@ -37,7 +37,6 @@ func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { buf := make([]byte, 0x100) off1, err := dns.PackDomainName(dns.Fqdn(config.(*Config).Domain), buf, 0, nil, false) - if err != nil { return nil, err } diff --git a/transport/internet/kcp/listener.go b/transport/internet/kcp/listener.go index baf38e6dbd52..82b5a3bc9063 100644 --- a/transport/internet/kcp/listener.go +++ b/transport/internet/kcp/listener.go @@ -24,14 +24,14 @@ type ConnectionID struct { // Listener defines a server listening for connections type Listener struct { sync.Mutex - sessions map[ConnectionID]*Connection - hub *udp.Hub - tlsConfig *gotls.Config - config *Config - reader PacketReader - header internet.PacketHeader - security cipher.AEAD - addConn internet.ConnHandler + sessions map[ConnectionID]*Connection + hub *udp.Hub + tlsConfig *gotls.Config + config *Config + reader PacketReader + header internet.PacketHeader + security cipher.AEAD + addConn internet.ConnHandler } func NewListener(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (*Listener, error) { diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 835c075aa762..3bdf1f43ab23 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -240,8 +240,10 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati return uConn, nil } -var href = regexp.MustCompile(`href="([/h].*?)"`) -var dot = []byte(".") +var ( + href = regexp.MustCompile(`href="([/h].*?)"`) + dot = []byte(".") +) var maps struct { sync.Mutex diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index eda5de151056..ea023f53d915 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -47,11 +47,11 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } } - if config.Interface != "" { - if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { - return newError("failed to set Interface").Base(err) - } - } + if config.Interface != "" { + if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { + return newError("failed to set Interface").Base(err) + } + } if isTCPSocket(network) { tfo := config.ParseTFOValue() @@ -91,10 +91,10 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } if config.TcpWindowClamp > 0 { - if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { - return newError("failed to set TCP_WINDOW_CLAMP", err) - } - } + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { + return newError("failed to set TCP_WINDOW_CLAMP", err) + } + } } if config.Tproxy.IsEnabled() { @@ -148,8 +148,8 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) if config.TcpWindowClamp > 0 { if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { - return newError("failed to set TCP_WINDOW_CLAMP", err) - } + return newError("failed to set TCP_WINDOW_CLAMP", err) + } } } From 172f353bd7fa0783d61f28a64f94bbef1d43cd79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Mon, 20 Mar 2023 14:59:13 +0800 Subject: [PATCH 079/226] Update dependencies --- go.mod | 2 +- go.sum | 6 ++---- proxy/shadowsocks_2022/inbound.go | 2 +- proxy/shadowsocks_2022/inbound_multi.go | 2 +- proxy/shadowsocks_2022/outbound.go | 2 +- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index dfb7ca04d877..d24f0def5c61 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db github.com/sagernet/sing v0.2.0 - github.com/sagernet/sing-shadowsocks v0.1.1 + github.com/sagernet/sing-shadowsocks v0.2.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 diff --git a/go.sum b/go.sum index 155155a2ef78..32c5e31e6e3f 100644 --- a/go.sum +++ b/go.sum @@ -141,12 +141,10 @@ github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mo github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.9-0.20230315063014-2731df16725b h1:1iKGftQ59+shDSx2RaLaxXJcMK/B+IU9WqUPwyBW+E0= -github.com/sagernet/sing v0.1.9-0.20230315063014-2731df16725b/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= github.com/sagernet/sing v0.2.0 h1:iyc4TaeXG5XYXixl48zSDDTw46C9NOEAVFq6ZE0dA2k= github.com/sagernet/sing v0.2.0/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= -github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= -github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= +github.com/sagernet/sing-shadowsocks v0.2.0 h1:ILDWL7pwWfkPLEbviE/MyCgfjaBmJY/JVVY+5jhSb58= +github.com/sagernet/sing-shadowsocks v0.2.0/go.mod h1:ysYzszRLpNzJSorvlWRMuzU6Vchsp7sd52q+JNY4axw= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 55bdda9ffc8d..550aadd13e63 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -50,7 +50,7 @@ func NewServer(ctx context.Context, config *ServerConfig) (*Inbound, error) { if !C.Contains(shadowaead_2022.List, config.Method) { return nil, newError("unsupported method ", config.Method) } - service, err := shadowaead_2022.NewServiceWithPassword(config.Method, config.Key, 500, inbound) + service, err := shadowaead_2022.NewServiceWithPassword(config.Method, config.Key, 500, inbound, nil) if err != nil { return nil, newError("create service").Base(err) } diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 662a171c3fe7..695de8e21851 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -58,7 +58,7 @@ func NewMultiServer(ctx context.Context, config *MultiUserServerConfig) (*MultiU if err != nil { return nil, newError("parse config").Base(err) } - service, err := shadowaead_2022.NewMultiService[int](config.Method, psk, 500, inbound) + service, err := shadowaead_2022.NewMultiService[int](config.Method, psk, 500, inbound, nil) if err != nil { return nil, newError("create service").Base(err) } diff --git a/proxy/shadowsocks_2022/outbound.go b/proxy/shadowsocks_2022/outbound.go index 5b1583cbc925..eb38c017185b 100644 --- a/proxy/shadowsocks_2022/outbound.go +++ b/proxy/shadowsocks_2022/outbound.go @@ -47,7 +47,7 @@ func NewClient(ctx context.Context, config *ClientConfig) (*Outbound, error) { if config.Key == "" { return nil, newError("missing psk") } - method, err := shadowaead_2022.NewWithPassword(config.Method, config.Key) + method, err := shadowaead_2022.NewWithPassword(config.Method, config.Key, nil) if err != nil { return nil, newError("create method").Base(err) } From 05737603463b5ad0064e386d97318f2559f17d2b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 20 Mar 2023 23:39:56 +0800 Subject: [PATCH 080/226] Do not show ciphertext SessionID or full AuthKey --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/reality/reality.go | 9 ++++----- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index d24f0def5c61..2f4e1d2edf49 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 + github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.7.0 golang.org/x/net v0.8.0 diff --git a/go.sum b/go.sum index 32c5e31e6e3f..7bf282568cdb 100644 --- a/go.sum +++ b/go.sum @@ -189,8 +189,8 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 h1:LLtLxEe3S0Ko+ckqt4t29RLskpNdOZfgjZCC2/Byr50= -github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e h1:mUMY3ndB1zZVic4+EjvTWzm9ghdpbdHZC9RwR0CoFxU= +github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 3bdf1f43ab23..a0a66afabb6f 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -127,7 +127,7 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati hello.SessionId[2] = core.Version_z copy(hello.SessionId[8:], config.ShortId) if config.Show { - fmt.Printf("REALITY localAddr: %v\thello.sessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) + fmt.Printf("REALITY localAddr: %v\thello.SessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) } uConn.AuthKey = uConn.HandshakeState.State13.EcdheParams.SharedKey(config.PublicKey) if uConn.AuthKey == nil { @@ -136,14 +136,13 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati if _, err := hkdf.New(sha256.New, uConn.AuthKey, hello.Random[:20], []byte("REALITY")).Read(uConn.AuthKey); err != nil { return nil, err } + if config.Show { + fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey[:16]: %v\n", localAddr, uConn.AuthKey[:16]) + } block, _ := aes.NewCipher(uConn.AuthKey) aead, _ := cipher.NewGCM(block) aead.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw) copy(hello.Raw[39:], hello.SessionId) - if config.Show { - fmt.Printf("REALITY localAddr: %v\thello.sessionId: %v\n", localAddr, hello.SessionId) - fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey: %v\n", localAddr, uConn.AuthKey) - } } if err := uConn.Handshake(); err != nil { return nil, err From f89998fc779b96047affa5b6a73b3a883217d813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Mar 2023 01:35:15 +0000 Subject: [PATCH 081/226] Update dependencies --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- go.mod | 10 +++++----- go.sum | 37 ++++++++++------------------------- 4 files changed, 17 insertions(+), 34 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index edbc01c18bc7..98ee485aa3c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -165,7 +165,7 @@ jobs: echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: '1.20' check-latest: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 49af621b96d6..55891af01774 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: os: [windows-latest, ubuntu-latest, macos-latest] steps: - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: '1.20' check-latest: true diff --git a/go.mod b/go.mod index 2f4e1d2edf49..52aac9af4f64 100644 --- a/go.mod +++ b/go.mod @@ -8,11 +8,11 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.51 + github.com/miekg/dns v1.1.52 github.com/pelletier/go-toml v1.9.5 - github.com/pires/go-proxyproto v0.6.2 + github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.33.0 - github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db + github.com/refraction-networking/utls v1.3.1 github.com/sagernet/sing v0.2.0 github.com/sagernet/sing-shadowsocks v0.2.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c @@ -25,8 +25,8 @@ require ( golang.org/x/net v0.8.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.6.0 - google.golang.org/grpc v1.53.0 - google.golang.org/protobuf v1.29.0 + google.golang.org/grpc v1.54.0 + google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 ) diff --git a/go.sum b/go.sum index 7bf282568cdb..d56f19e4ebc6 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo= -github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c= +github.com/miekg/dns v1.1.52 h1:Bmlc/qsNNULOe6bpXcUTsuOajd0DzRHwup6D9k1An0c= +github.com/miekg/dns v1.1.52/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -120,8 +120,8 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8= -github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= +github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs= +github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -136,8 +136,8 @@ github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3w github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= -github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db h1:ULRv/GPW5KYDafE0FACN2no+HTCyQLUtfyOIeyp3GNc= -github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAfp7uwOCCw0+2CZ3sMY8= +github.com/refraction-networking/utls v1.3.1 h1:3zVomUqx7nCmyGuU/6kYA/jp5NcqX8KQSGko8pY5Ch4= +github.com/refraction-networking/utls v1.3.1/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAfp7uwOCCw0+2CZ3sMY8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -192,7 +192,6 @@ github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMI github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e h1:mUMY3ndB1zZVic4+EjvTWzm9ghdpbdHZC9RwR0CoFxU= github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg= go.starlark.net v0.0.0-20230302034142-4b1e35fe2254/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= @@ -204,7 +203,6 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -215,8 +213,6 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -230,10 +226,7 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -247,7 +240,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -260,22 +252,15 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -291,8 +276,6 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -321,8 +304,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= -google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -333,8 +316,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= -google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= From c6b78318cb5f3b596b9fbb06a48a8fdb83ba925d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 24 Mar 2023 22:57:56 +0000 Subject: [PATCH 082/226] Update README.md Co-authored-by: chika0801 <88967758+chika0801@users.noreply.github.com> Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> --- README.md | 89 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 62 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 7579cb91645e..77b6185e71d6 100644 --- a/README.md +++ b/README.md @@ -1,58 +1,99 @@ # Project X -[Project X](https://github.com/XTLS) originates from XTLS protocol, provides a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core). +[Project X](https://github.com/XTLS) originates from XTLS protocol, providing a set of network tools such as [Xray-core](https://github.com/XTLS/Xray-core) and [REALITY](https://github.com/XTLS/REALITY). + +[README](https://github.com/XTLS/Xray-core#readme) is open, so feel free to submit your project [here](https://github.com/XTLS/Xray-core/pulls). ## License [Mozilla Public License Version 2.0](https://github.com/XTLS/Xray-core/blob/main/LICENSE) +## Documentation + +[Project X Official Website](https://xtls.github.io) + +## Telegram + +[Project X](https://t.me/projectXray) + +[Project X Channel](https://t.me/projectXtls) + ## Installation - Linux Script - - [Xray-install](https://github.com/XTLS/Xray-install) - - [Xray-script](https://github.com/kirin10000/Xray-script) + - [XTLS/Xray-install](https://github.com/XTLS/Xray-install) - Docker - [teddysun/xray](https://hub.docker.com/r/teddysun/xray) +- Web Panel + - [X-UI](https://github.com/FranzKafkaYu/x-ui), [X-UI-English](https://github.com/NidukaAkalanka/x-ui-english), [3X-UI](https://github.com/MHSanaei/3x-ui), [X-UI](https://github.com/alireza0/x-ui), [X-UI](https://github.com/diditra/x-ui) + - [Hiddify](https://github.com/hiddify/hiddify-config) + - [Marzban](https://github.com/Gozargah/Marzban) - One Click - - [ProxySU](https://github.com/proxysu/ProxySU) - - [v2ray-agent](https://github.com/mack-a/v2ray-agent) - - [Xray-yes](https://github.com/jiuqi9997/Xray-yes) - - [Xray_onekey](https://github.com/wulabing/Xray_onekey) + - [Xray-script](https://github.com/kirin10000/Xray-script), [Xray-script](https://github.com/zxcvos/Xray-script), [xray_script](https://github.com/tdjnodj/xray_script) + - [XTool](https://github.com/LordPenguin666/XTool), [Xray_bash_onekey](https://github.com/hello-yunshu/Xray_bash_onekey), [xray-reality](https://github.com/sajjaddg/xray-reality) + - [v2ray-agent](https://github.com/mack-a/v2ray-agent), [Xray_onekey](https://github.com/wulabing/Xray_onekey), [ProxySU](https://github.com/proxysu/ProxySU) - Magisk - [Xray4Magisk](https://github.com/CerteKim/Xray4Magisk) - [Xray_For_Magisk](https://github.com/E7KMbb/Xray_For_Magisk) - Homebrew - `brew install xray` - [(Tap) Repository 0](https://github.com/N4FA/homebrew-xray) - - [(Tap) Repository 1](https://github.com/xiruizhao/homebrew-xray) - -## Contributing -[Code Of Conduct](https://github.com/XTLS/Xray-core/blob/main/CODE_OF_CONDUCT.md) ## Usage -[Xray-examples](https://github.com/XTLS/Xray-examples) / [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/tree/main/VLESS-TCP-XTLS-WHATEVER) +- Example + - [VLESS-XTLS-uTLS-REALITY](https://github.com/XTLS/REALITY#readme) + - [VLESS-TCP-XTLS-Vision](https://github.com/XTLS/Xray-examples/tree/main/VLESS-TCP-XTLS-Vision) + - [All-in-One-fallbacks-Nginx](https://github.com/XTLS/Xray-examples/tree/main/All-in-One-fallbacks-Nginx) +- Xray-examples + - [XTLS/Xray-examples](https://github.com/XTLS/Xray-examples) + - [chika0801/Xray-examples](https://github.com/chika0801/Xray-examples) + - [lxhao61/integrated-examples](https://github.com/lxhao61/integrated-examples) +- Tutorial + - [XTLS Vision](https://github.com/chika0801/Xray-install) + - [REALITY (English)](https://cscot.pages.dev/2023/03/02/Xray-REALITY-tutorial/) ## GUI Clients - OpenWrt - - [PassWall](https://github.com/xiaorouji/openwrt-passwall) - - [Hello World](https://github.com/jerrykuku/luci-app-vssr) + - [PassWall](https://github.com/xiaorouji/openwrt-passwall), [PassWall 2](https://github.com/xiaorouji/openwrt-passwall2) - [ShadowSocksR Plus+](https://github.com/fw876/helloworld) - [luci-app-xray](https://github.com/yichya/luci-app-xray) ([openwrt-xray](https://github.com/yichya/openwrt-xray)) - Windows - [v2rayN](https://github.com/2dust/v2rayN) - - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive) - - [Netch (NetFilter & TUN/TAP)](https://github.com/NetchX/Netch) (This project had been archived and currently inactive) + - [Invisible Man - Xray](https://github.com/InvisibleManVPN/InvisibleMan-XRayClient) - Android - [v2rayNG](https://github.com/2dust/v2rayNG) - - [Kitsunebi](https://github.com/rurirei/Kitsunebi/tree/release_xtls) -- iOS & macOS (with M1 chip) + - [X-flutter](https://github.com/XTLS/X-flutter) +- iOS & macOS arm64 + - [Mango](https://github.com/daemooon/Mango) + - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) +- macOS arm64 & x64 + - [V2RayXS](https://github.com/tzmax/V2RayXS) + - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) + +## Others that support VLESS, XTLS, REALITY, XUDP, PLUX... + +- iOS & macOS arm64 - [Shadowrocket](https://apps.apple.com/app/shadowrocket/id932747118) - [Stash](https://apps.apple.com/app/stash/id1596063349) -- macOS (Intel chip & M1 chip) - - [Qv2ray](https://github.com/Qv2ray/Qv2ray) (This project had been archived and currently inactive) - - [V2RayXS](https://github.com/tzmax/V2RayXS) +- API Wrapper + - [xtlsapi](https://github.com/hiddify/xtlsapi) +- [XrayR](https://github.com/XrayR-project/XrayR) + - [XrayR-release](https://github.com/XrayR-project/XrayR-release) + - [XrayR-V2Board](https://github.com/missuo/XrayR-V2Board) +- [Clash.Meta](https://github.com/MetaCubeX/Clash.Meta) + - [Clash Verge](https://github.com/zzzgydi/clash-verge) + - [clashN](https://github.com/2dust/clashN) + - [Clash Meta for Android](https://github.com/MetaCubeX/ClashMetaForAndroid) + - [meta_for_ios](https://t.me/meta_for_ios) +- [sing-box](https://github.com/SagerNet/sing-box) + - [installReality](https://github.com/BoxXt/installReality) + - [sing-box-for-ios](https://github.com/SagerNet/sing-box-for-ios) + +## Contributing + +[Code of Conduct](https://github.com/XTLS/Xray-core/blob/main/CODE_OF_CONDUCT.md) ## Credits @@ -88,12 +129,6 @@ go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main ``` -## Telegram - -[Project X](https://t.me/projectXray) - -[Project X Channel](https://t.me/projectXtls) - ## Stargazers over time [![Stargazers over time](https://starchart.cc/XTLS/Xray-core.svg)](https://starchart.cc/XTLS/Xray-core) From 6872be5cc34ca82db31b341cd40b990ad585ab4c Mon Sep 17 00:00:00 2001 From: Hirbod Behnam Date: Sun, 26 Mar 2023 09:23:42 +0330 Subject: [PATCH 083/226] Add user agent to gRPC (#1790) --- infra/conf/grpc.go | 2 ++ transport/internet/grpc/config.pb.go | 22 ++++++++++++++++------ transport/internet/grpc/config.proto | 1 + transport/internet/grpc/dial.go | 4 ++++ 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/infra/conf/grpc.go b/infra/conf/grpc.go index 3813e40d9bf8..9085ab4d2049 100644 --- a/infra/conf/grpc.go +++ b/infra/conf/grpc.go @@ -12,6 +12,7 @@ type GRPCConfig struct { HealthCheckTimeout int32 `json:"health_check_timeout"` PermitWithoutStream bool `json:"permit_without_stream"` InitialWindowsSize int32 `json:"initial_windows_size"` + UserAgent string `json:"user_agent"` } func (g *GRPCConfig) Build() (proto.Message, error) { @@ -33,5 +34,6 @@ func (g *GRPCConfig) Build() (proto.Message, error) { HealthCheckTimeout: g.HealthCheckTimeout, PermitWithoutStream: g.PermitWithoutStream, InitialWindowsSize: g.InitialWindowsSize, + UserAgent: g.UserAgent, }, nil } diff --git a/transport/internet/grpc/config.pb.go b/transport/internet/grpc/config.pb.go index 9a94984d4905..52d03fd1ebda 100644 --- a/transport/internet/grpc/config.pb.go +++ b/transport/internet/grpc/config.pb.go @@ -32,6 +32,7 @@ type Config struct { HealthCheckTimeout int32 `protobuf:"varint,5,opt,name=health_check_timeout,json=healthCheckTimeout,proto3" json:"health_check_timeout,omitempty"` PermitWithoutStream bool `protobuf:"varint,6,opt,name=permit_without_stream,json=permitWithoutStream,proto3" json:"permit_without_stream,omitempty"` InitialWindowsSize int32 `protobuf:"varint,7,opt,name=initial_windows_size,json=initialWindowsSize,proto3" json:"initial_windows_size,omitempty"` + UserAgent string `protobuf:"bytes,8,opt,name=user_agent,json=userAgent,proto3" json:"user_agent,omitempty"` } func (x *Config) Reset() { @@ -115,6 +116,13 @@ func (x *Config) GetInitialWindowsSize() int32 { return 0 } +func (x *Config) GetUserAgent() string { + if x != nil { + return x.UserAgent + } + return "" +} + var File_transport_internet_grpc_config_proto protoreflect.FileDescriptor var file_transport_internet_grpc_config_proto_rawDesc = []byte{ @@ -122,7 +130,7 @@ var file_transport_internet_grpc_config_proto_rawDesc = []byte{ 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x22, 0x99, 0x02, + 0x67, 0x72, 0x70, 0x63, 0x2e, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x22, 0xb8, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, @@ -140,11 +148,13 @@ var file_transport_internet_grpc_config_proto_rawDesc = []byte{ 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x57, 0x69, - 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x53, 0x69, 0x7a, 0x65, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, - 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x75, + 0x73, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, + 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/grpc/config.proto b/transport/internet/grpc/config.proto index 7d256b2ce1df..56c507ae930f 100644 --- a/transport/internet/grpc/config.proto +++ b/transport/internet/grpc/config.proto @@ -11,4 +11,5 @@ message Config { int32 health_check_timeout = 5; bool permit_without_stream = 6; int32 initial_windows_size = 7; + string user_agent = 8; } diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 4ab4b61521c0..8c58ff1441fe 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -150,6 +150,10 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in dialOptions = append(dialOptions, grpc.WithInitialWindowSize(grpcSettings.InitialWindowsSize)) } + if grpcSettings.UserAgent != "" { + dialOptions = append(dialOptions, grpc.WithUserAgent(grpcSettings.UserAgent)) + } + var grpcDestHost string if dest.Address.Family().IsDomain() { grpcDestHost = dest.Address.Domain() From 526c6789ed5f56aaf8bad665f12692b8aae1565a Mon Sep 17 00:00:00 2001 From: Hirbod Behnam Date: Sun, 26 Mar 2023 09:28:19 +0330 Subject: [PATCH 084/226] Add custom path to gRPC (#1815) --- transport/internet/grpc/config.go | 40 ++++++- transport/internet/grpc/config_test.go | 111 ++++++++++++++++++ transport/internet/grpc/dial.go | 7 +- .../grpc/encoding/customSeviceName.go | 22 ++-- transport/internet/grpc/hub.go | 3 +- 5 files changed, 166 insertions(+), 17 deletions(-) create mode 100644 transport/internet/grpc/config_test.go diff --git a/transport/internet/grpc/config.go b/transport/internet/grpc/config.go index d87722a4a4d3..39eadf31da50 100644 --- a/transport/internet/grpc/config.go +++ b/transport/internet/grpc/config.go @@ -2,6 +2,7 @@ package grpc import ( "net/url" + "strings" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/transport/internet" @@ -15,6 +16,41 @@ func init() { })) } -func (c *Config) getNormalizedName() string { - return url.PathEscape(c.ServiceName) +func (c *Config) getServiceName() string { + // Normal old school config + if !strings.HasPrefix(c.ServiceName, "/") { + return url.PathEscape(c.ServiceName) + } + // Otherwise new custom paths + rawServiceName := c.ServiceName[1:strings.LastIndex(c.ServiceName, "/")] // trim from first to last '/' + serviceNameParts := strings.Split(rawServiceName, "/") + for i := range serviceNameParts { + serviceNameParts[i] = url.PathEscape(serviceNameParts[i]) + } + return strings.Join(serviceNameParts, "/") +} + +func (c *Config) getTunStreamName() string { + // Normal old school config + if !strings.HasPrefix(c.ServiceName, "/") { + return "Tun" + } + // Otherwise new custom paths + endingPath := c.ServiceName[strings.LastIndex(c.ServiceName, "/")+1:] // from the last '/' to end of string + return url.PathEscape(strings.Split(endingPath, "|")[0]) +} + +func (c *Config) getTunMultiStreamName() string { + // Normal old school config + if !strings.HasPrefix(c.ServiceName, "/") { + return "TunMulti" + } + // Otherwise new custom paths + endingPath := c.ServiceName[strings.LastIndex(c.ServiceName, "/")+1:] // from the last '/' to end of string + streamNames := strings.Split(endingPath, "|") + if len(streamNames) == 1 { // client side. Service name is the full path to multi tun + return url.PathEscape(streamNames[0]) + } else { // server side. The second part is the path to multi tun + return url.PathEscape(streamNames[1]) + } } diff --git a/transport/internet/grpc/config_test.go b/transport/internet/grpc/config_test.go new file mode 100644 index 000000000000..fbc549b44578 --- /dev/null +++ b/transport/internet/grpc/config_test.go @@ -0,0 +1,111 @@ +package grpc + +import ( + "github.com/stretchr/testify/assert" + "testing" +) + +func TestConfig_GetServiceName(t *testing.T) { + tests := []struct { + TestName string + ServiceName string + Expected string + }{ + { + TestName: "simple no absolute path", + ServiceName: "hello", + Expected: "hello", + }, + { + TestName: "escape no absolute path", + ServiceName: "hello/world!", + Expected: "hello%2Fworld%21", + }, + { + TestName: "absolute path", + ServiceName: "/my/sample/path/a|b", + Expected: "my/sample/path", + }, + { + TestName: "escape absolute path", + ServiceName: "/hello /world!/a|b", + Expected: "hello%20/world%21", + }, + } + for _, test := range tests { + t.Run(test.TestName, func(t *testing.T) { + config := Config{ServiceName: test.ServiceName} + assert.Equal(t, test.Expected, config.getServiceName()) + }) + } +} + +func TestConfig_GetTunStreamName(t *testing.T) { + tests := []struct { + TestName string + ServiceName string + Expected string + }{ + { + TestName: "no absolute path", + ServiceName: "hello", + Expected: "Tun", + }, + { + TestName: "absolute path server", + ServiceName: "/my/sample/path/tun_service|multi_service", + Expected: "tun_service", + }, + { + TestName: "absolute path client", + ServiceName: "/my/sample/path/tun_service", + Expected: "tun_service", + }, + { + TestName: "escape absolute path client", + ServiceName: "/m y/sa !mple/pa\\th/tun\\_serv!ice", + Expected: "tun%5C_serv%21ice", + }, + } + for _, test := range tests { + t.Run(test.TestName, func(t *testing.T) { + config := Config{ServiceName: test.ServiceName} + assert.Equal(t, test.Expected, config.getTunStreamName()) + }) + } +} + +func TestConfig_GetTunMultiStreamName(t *testing.T) { + tests := []struct { + TestName string + ServiceName string + Expected string + }{ + { + TestName: "no absolute path", + ServiceName: "hello", + Expected: "TunMulti", + }, + { + TestName: "absolute path server", + ServiceName: "/my/sample/path/tun_service|multi_service", + Expected: "multi_service", + }, + { + TestName: "absolute path client", + ServiceName: "/my/sample/path/multi_service", + Expected: "multi_service", + }, + { + TestName: "escape absolute path client", + ServiceName: "/m y/sa !mple/pa\\th/mu%lti\\_serv!ice", + Expected: "mu%25lti%5C_serv%21ice", + }, + } + for _, test := range tests { + t.Run(test.TestName, func(t *testing.T) { + config := Config{ServiceName: test.ServiceName} + assert.Equal(t, test.Expected, config.getTunMultiStreamName()) + }) + } +} diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 8c58ff1441fe..8fd544b5ee7b 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -54,15 +54,16 @@ func dialgRPC(ctx context.Context, dest net.Destination, streamSettings *interne } client := encoding.NewGRPCServiceClient(conn) if grpcSettings.MultiMode { - newError("using gRPC multi mode").AtDebug().WriteToLog() - grpcService, err := client.(encoding.GRPCServiceClientX).TunMultiCustomName(ctx, grpcSettings.getNormalizedName()) + newError("using gRPC multi mode service name: `" + grpcSettings.getServiceName() + "` stream name: `" + grpcSettings.getTunMultiStreamName() + "`").AtDebug().WriteToLog() + grpcService, err := client.(encoding.GRPCServiceClientX).TunMultiCustomName(ctx, grpcSettings.getServiceName(), grpcSettings.getTunMultiStreamName()) if err != nil { return nil, newError("Cannot dial gRPC").Base(err) } return encoding.NewMultiHunkConn(grpcService, nil), nil } - grpcService, err := client.(encoding.GRPCServiceClientX).TunCustomName(ctx, grpcSettings.getNormalizedName()) + newError("using gRPC tun mode service name: `" + grpcSettings.getServiceName() + "` stream name: `" + grpcSettings.getTunStreamName() + "`").AtDebug().WriteToLog() + grpcService, err := client.(encoding.GRPCServiceClientX).TunCustomName(ctx, grpcSettings.getServiceName(), grpcSettings.getTunStreamName()) if err != nil { return nil, newError("Cannot dial gRPC").Base(err) } diff --git a/transport/internet/grpc/encoding/customSeviceName.go b/transport/internet/grpc/encoding/customSeviceName.go index aa098835af70..dd99075557de 100644 --- a/transport/internet/grpc/encoding/customSeviceName.go +++ b/transport/internet/grpc/encoding/customSeviceName.go @@ -6,20 +6,20 @@ import ( "google.golang.org/grpc" ) -func ServerDesc(name string) grpc.ServiceDesc { +func ServerDesc(name, tun, tunMulti string) grpc.ServiceDesc { return grpc.ServiceDesc{ ServiceName: name, HandlerType: (*GRPCServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{ { - StreamName: "Tun", + StreamName: tun, Handler: _GRPCService_Tun_Handler, ServerStreams: true, ClientStreams: true, }, { - StreamName: "TunMulti", + StreamName: tunMulti, Handler: _GRPCService_TunMulti_Handler, ServerStreams: true, ClientStreams: true, @@ -29,8 +29,8 @@ func ServerDesc(name string) grpc.ServiceDesc { } } -func (c *gRPCServiceClient) TunCustomName(ctx context.Context, name string, opts ...grpc.CallOption) (GRPCService_TunClient, error) { - stream, err := c.cc.NewStream(ctx, &ServerDesc(name).Streams[0], "/"+name+"/Tun", opts...) +func (c *gRPCServiceClient) TunCustomName(ctx context.Context, name, tun string, opts ...grpc.CallOption) (GRPCService_TunClient, error) { + stream, err := c.cc.NewStream(ctx, &ServerDesc(name, tun, "").Streams[0], "/"+name+"/"+tun, opts...) if err != nil { return nil, err } @@ -38,8 +38,8 @@ func (c *gRPCServiceClient) TunCustomName(ctx context.Context, name string, opts return x, nil } -func (c *gRPCServiceClient) TunMultiCustomName(ctx context.Context, name string, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) { - stream, err := c.cc.NewStream(ctx, &ServerDesc(name).Streams[1], "/"+name+"/TunMulti", opts...) +func (c *gRPCServiceClient) TunMultiCustomName(ctx context.Context, name, tunMulti string, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) { + stream, err := c.cc.NewStream(ctx, &ServerDesc(name, "", tunMulti).Streams[1], "/"+name+"/"+tunMulti, opts...) if err != nil { return nil, err } @@ -48,13 +48,13 @@ func (c *gRPCServiceClient) TunMultiCustomName(ctx context.Context, name string, } type GRPCServiceClientX interface { - TunCustomName(ctx context.Context, name string, opts ...grpc.CallOption) (GRPCService_TunClient, error) - TunMultiCustomName(ctx context.Context, name string, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) + TunCustomName(ctx context.Context, name, tun string, opts ...grpc.CallOption) (GRPCService_TunClient, error) + TunMultiCustomName(ctx context.Context, name, tunMulti string, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) Tun(ctx context.Context, opts ...grpc.CallOption) (GRPCService_TunClient, error) TunMulti(ctx context.Context, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) } -func RegisterGRPCServiceServerX(s *grpc.Server, srv GRPCServiceServer, name string) { - desc := ServerDesc(name) +func RegisterGRPCServiceServerX(s *grpc.Server, srv GRPCServiceServer, name, tun, tunMulti string) { + desc := ServerDesc(name, tun, tunMulti) s.RegisterService(&desc, srv) } diff --git a/transport/internet/grpc/hub.go b/transport/internet/grpc/hub.go index 9bce2274fcdb..d3dd6da5912d 100644 --- a/transport/internet/grpc/hub.go +++ b/transport/internet/grpc/hub.go @@ -125,7 +125,8 @@ func Listen(ctx context.Context, address net.Address, port net.Port, settings *i } } - encoding.RegisterGRPCServiceServerX(s, listener, grpcSettings.getNormalizedName()) + newError("gRPC listen for service name `" + grpcSettings.getServiceName() + "` tun `" + grpcSettings.getTunStreamName() + "` multi tun `" + grpcSettings.getTunMultiStreamName() + "`").AtDebug().WriteToLog() + encoding.RegisterGRPCServiceServerX(s, listener, grpcSettings.getServiceName(), grpcSettings.getTunStreamName(), grpcSettings.getTunMultiStreamName()) if config := reality.ConfigFromStreamSettings(settings); config != nil { streamListener = goreality.NewListener(streamListener, config.GetREALITYConfig()) From a0d06f3a97e09815aa9268d0ee17a22bb56bea49 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 26 Mar 2023 10:10:27 +0000 Subject: [PATCH 085/226] Add env support to "address", "listen", etc. Usage: `"address": "env:ADDR"`, `"listen": "env:AUDS"`... Just like existing `"port": "env:PORT"` --- infra/conf/common.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/infra/conf/common.go b/infra/conf/common.go index 486e78246fa7..f8f560562427 100644 --- a/infra/conf/common.go +++ b/infra/conf/common.go @@ -45,6 +45,9 @@ func (v *Address) UnmarshalJSON(data []byte) error { if err := json.Unmarshal(data, &rawStr); err != nil { return newError("invalid address: ", string(data)).Base(err) } + if strings.HasPrefix(rawStr, "env:") { + rawStr = os.Getenv(rawStr[4:]) + } v.Address = net.ParseAddress(rawStr) return nil @@ -115,8 +118,7 @@ func parseIntPort(data []byte) (net.Port, error) { func parseStringPort(s string) (net.Port, net.Port, error) { if strings.HasPrefix(s, "env:") { - s = s[4:] - s = os.Getenv(s) + s = os.Getenv(s[4:]) } pair := strings.SplitN(s, "-", 2) From beb603af06137df357550fc99b89b2c88f698271 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 26 Mar 2023 10:57:20 +0000 Subject: [PATCH 086/226] Allow IP address ServerName when "serverName" is not configured In this case, TLS Client Hello will not have SNI (RFC 6066, Section 3) --- transport/internet/reality/reality.go | 4 ++-- transport/internet/tls/config.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index a0a66afabb6f..9058005670e8 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -107,8 +107,8 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati InsecureSkipVerify: true, SessionTicketsDisabled: true, } - if utlsConfig.ServerName == "" && dest.Address.Family().IsDomain() { - utlsConfig.ServerName = dest.Address.Domain() + if utlsConfig.ServerName == "" { + utlsConfig.ServerName = dest.Address.String() } uConn.ServerName = utlsConfig.ServerName fingerprint := tls.GetFingerprint(config.Fingerprint) diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index 9c1f8eee68f7..2e2b784a8720 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -373,8 +373,8 @@ type Option func(*tls.Config) // WithDestination sets the server name in TLS config. func WithDestination(dest net.Destination) Option { return func(config *tls.Config) { - if dest.Address.Family().IsDomain() && config.ServerName == "" { - config.ServerName = dest.Address.Domain() + if config.ServerName == "" { + config.ServerName = dest.Address.String() } } } From f4ab8d7e8b5f433a4ae627679addaffecba79f02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 03:38:12 +0000 Subject: [PATCH 087/226] Bump github.com/sagernet/sing from 0.2.0 to 0.2.1 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 52aac9af4f64..f4738d470eb4 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.3.1 - github.com/sagernet/sing v0.2.0 + github.com/sagernet/sing v0.2.1 github.com/sagernet/sing-shadowsocks v0.2.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index d56f19e4ebc6..117378ffb37b 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/refraction-networking/utls v1.3.1/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAf github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.0 h1:iyc4TaeXG5XYXixl48zSDDTw46C9NOEAVFq6ZE0dA2k= -github.com/sagernet/sing v0.2.0/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= +github.com/sagernet/sing v0.2.1 h1:r0STYeyfKBBtoAHsBtW1dQonxG+3Qidde7/1VAMhdn8= +github.com/sagernet/sing v0.2.1/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= github.com/sagernet/sing-shadowsocks v0.2.0 h1:ILDWL7pwWfkPLEbviE/MyCgfjaBmJY/JVVY+5jhSb58= github.com/sagernet/sing-shadowsocks v0.2.0/go.mod h1:ysYzszRLpNzJSorvlWRMuzU6Vchsp7sd52q+JNY4axw= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From a4d1509c236d18c2e74f99b89613a3df20e45053 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 00:59:47 +0000 Subject: [PATCH 088/226] Bump github.com/miekg/dns from 1.1.52 to 1.1.53 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.52 to 1.1.53. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.52...v1.1.53) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f4738d470eb4..e60d2629bb81 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.52 + github.com/miekg/dns v1.1.53 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.33.0 diff --git a/go.sum b/go.sum index 117378ffb37b..1b7006a4144f 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.52 h1:Bmlc/qsNNULOe6bpXcUTsuOajd0DzRHwup6D9k1An0c= -github.com/miekg/dns v1.1.52/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw= +github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= From 2c0a89f7dc64bc34df28dd05686b2f4f84ca33d7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 31 Mar 2023 22:39:57 +0000 Subject: [PATCH 089/226] REALITY protocol: Set the fourth byte as reserved --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/reality/reality.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index e60d2629bb81..32a245bcb11f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e + github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.7.0 golang.org/x/net v0.8.0 diff --git a/go.sum b/go.sum index 1b7006a4144f..bf6a63d03507 100644 --- a/go.sum +++ b/go.sum @@ -189,8 +189,8 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e h1:mUMY3ndB1zZVic4+EjvTWzm9ghdpbdHZC9RwR0CoFxU= -github.com/xtls/reality v0.0.0-20230320153727-442d33ede91e/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230331223127-176a94313eda h1:psRJD2RrZbnI0OWyHvXfgYCPqlRM5q5SPDcjDoDBWhE= +github.com/xtls/reality v0.0.0-20230331223127-176a94313eda/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg= diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 9058005670e8..6355687b20fd 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -121,10 +121,10 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati hello := uConn.HandshakeState.Hello hello.SessionId = make([]byte, 32) copy(hello.Raw[39:], hello.SessionId) // the location of session ID - binary.BigEndian.PutUint64(hello.SessionId, uint64(time.Now().Unix())) hello.SessionId[0] = core.Version_x hello.SessionId[1] = core.Version_y hello.SessionId[2] = core.Version_z + binary.BigEndian.PutUint32(hello.SessionId[4:], uint32(time.Now().Unix())) copy(hello.SessionId[8:], config.ShortId) if config.Show { fmt.Printf("REALITY localAddr: %v\thello.SessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) From 67affe3753ffbc24c5c8e257ef1c6a89e74095d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Apr 2023 00:59:34 +0000 Subject: [PATCH 090/226] Bump golang.org/x/sys from 0.6.0 to 0.7.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 32a245bcb11f..7d534bac933a 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/crypto v0.7.0 golang.org/x/net v0.8.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.6.0 + golang.org/x/sys v0.7.0 google.golang.org/grpc v1.54.0 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index bf6a63d03507..44f624c37e59 100644 --- a/go.sum +++ b/go.sum @@ -254,8 +254,8 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From be23d5d3b741268ef86f27dfcb06389e97447e87 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 6 Apr 2023 10:21:35 +0000 Subject: [PATCH 091/226] XUDP protocol: Add Global ID & UoT Migration The first UoT protocol that supports UoT Migration Thank @yuhan6665 for testing --- app/proxyman/config.pb.go | 32 ++++--- app/proxyman/config.proto | 2 + app/proxyman/outbound/handler.go | 7 +- common/mux/client.go | 26 ++---- common/mux/frame.go | 9 ++ common/mux/mux_test.go | 6 +- common/mux/server.go | 100 +++++++++++++++++---- common/mux/session.go | 112 +++++++++++++++++++++--- common/mux/session_test.go | 2 +- common/mux/writer.go | 5 +- common/session/context.go | 16 ++++ common/session/session.go | 2 + common/task/task.go | 12 +++ common/xudp/xudp.go | 67 ++++++++++++-- go.mod | 2 +- infra/conf/xray.go | 25 ++++-- proxy/dns/dns.go | 4 + proxy/dokodemo/dokodemo.go | 1 + proxy/freedom/freedom.go | 17 +++- proxy/http/client.go | 17 +++- proxy/http/server.go | 1 + proxy/shadowsocks/client.go | 17 +++- proxy/shadowsocks/server.go | 1 + proxy/shadowsocks_2022/inbound.go | 3 +- proxy/shadowsocks_2022/inbound_multi.go | 1 + proxy/shadowsocks_2022/inbound_relay.go | 1 + proxy/shadowsocks_2022/outbound.go | 6 +- proxy/socks/client.go | 17 +++- proxy/socks/server.go | 1 + proxy/trojan/client.go | 17 +++- proxy/trojan/server.go | 1 + proxy/vless/inbound/inbound.go | 1 + proxy/vless/outbound/outbound.go | 19 +++- proxy/vmess/inbound/inbound.go | 1 + proxy/vmess/outbound/outbound.go | 19 +++- proxy/wireguard/wireguard.go | 17 +++- transport/pipe/impl.go | 3 + transport/pipe/pipe.go | 1 + transport/pipe/reader.go | 14 +++ 39 files changed, 506 insertions(+), 99 deletions(-) diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index 2dfe29310489..03613e88ecb1 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -595,6 +595,8 @@ type MultiplexingConfig struct { Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // Max number of concurrent connections that one Mux connection can handle. Concurrency uint32 `protobuf:"varint,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"` + // Both(0), TCP(1), UDP(2). + Only uint32 `protobuf:"varint,3,opt,name=only,proto3" json:"only,omitempty"` } func (x *MultiplexingConfig) Reset() { @@ -643,6 +645,13 @@ func (x *MultiplexingConfig) GetConcurrency() uint32 { return 0 } +func (x *MultiplexingConfig) GetOnly() uint32 { + if x != nil { + return x.Only + } + return 0 +} + type AllocationStrategy_AllocationStrategyConcurrency struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -856,21 +865,22 @@ var file_app_proxyman_config_proto_rawDesc = []byte{ 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x2e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x6d, 0x75, 0x6c, 0x74, 0x69, - 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x50, 0x0a, 0x12, + 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x64, 0x0a, 0x12, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x2a, 0x23, - 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, - 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x4c, - 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, - 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x26, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, - 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x41, 0x70, - 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x0d, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x12, + 0x0a, 0x04, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6f, 0x6e, + 0x6c, 0x79, 0x2a, 0x23, 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x07, + 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, + 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, + 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, + 0x70, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, + 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/app/proxyman/config.proto b/app/proxyman/config.proto index 24216d2ceb19..54f634367210 100644 --- a/app/proxyman/config.proto +++ b/app/proxyman/config.proto @@ -98,4 +98,6 @@ message MultiplexingConfig { bool enabled = 1; // Max number of concurrent connections that one Mux connection can handle. uint32 concurrency = 2; + // Both(0), TCP(1), UDP(2). + uint32 only = 3; } diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index 42554b72aaf6..89e2862da8b8 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -111,7 +111,7 @@ func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbou return nil, newError("invalid mux concurrency: ", config.Concurrency).AtWarning() } h.mux = &mux.ClientManager{ - Enabled: h.senderSettings.MultiplexSettings.Enabled, + Enabled: config.Enabled, Picker: &mux.IncrementalWorkerPicker{ Factory: &mux.DialingWorkerFactory{ Proxy: proxyHandler, @@ -122,6 +122,7 @@ func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbou }, }, }, + Only: config.Only, } } @@ -136,7 +137,9 @@ func (h *Handler) Tag() string { // Dispatch implements proxy.Outbound.Dispatch. func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) { - if h.mux != nil && (h.mux.Enabled || session.MuxPreferedFromContext(ctx)) { + outbound := session.OutboundFromContext(ctx) + if h.mux != nil && (h.mux.Enabled || session.MuxPreferedFromContext(ctx)) && + (h.mux.Only == 0 || (outbound != nil && h.mux.Only == uint32(outbound.Target.Network))) { if err := h.mux.Dispatch(ctx, link); err != nil { err := newError("failed to process mux outbound traffic").Base(err) session.SubmitOutboundErrorToOriginator(ctx, err) diff --git a/common/mux/client.go b/common/mux/client.go index 2019738ff114..f933ef4c0b6d 100644 --- a/common/mux/client.go +++ b/common/mux/client.go @@ -14,6 +14,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal/done" "github.com/xtls/xray-core/common/task" + "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" @@ -23,6 +24,7 @@ import ( type ClientManager struct { Enabled bool // wheather mux is enabled from user config Picker WorkerPicker + Only uint32 } func (m *ClientManager) Dispatch(ctx context.Context, link *transport.Link) error { @@ -247,22 +249,20 @@ func fetchInput(ctx context.Context, s *Session, output buf.Writer) { transferType = protocol.TransferTypePacket } s.transferType = transferType - writer := NewWriter(s.ID, dest, output, transferType) - defer s.Close() + writer := NewWriter(s.ID, dest, output, transferType, xudp.GetGlobalID(ctx)) + defer s.Close(false) defer writer.Close() newError("dispatching request to ", dest).WriteToLog(session.ExportIDToError(ctx)) if err := writeFirstPayload(s.input, writer); err != nil { newError("failed to write first payload").Base(err).WriteToLog(session.ExportIDToError(ctx)) writer.hasError = true - common.Interrupt(s.input) return } if err := buf.Copy(s.input, writer); err != nil { newError("failed to fetch all input").Base(err).WriteToLog(session.ExportIDToError(ctx)) writer.hasError = true - common.Interrupt(s.input) return } } @@ -335,15 +335,8 @@ func (m *ClientWorker) handleStatusKeep(meta *FrameMetadata, reader *buf.Buffere err := buf.Copy(rr, s.output) if err != nil && buf.IsWriteError(err) { newError("failed to write to downstream. closing session ", s.ID).Base(err).WriteToLog() - - // Notify remote peer to close this session. - closingWriter := NewResponseWriter(meta.SessionID, m.link.Writer, protocol.TransferTypeStream) - closingWriter.Close() - - drainErr := buf.Copy(rr, buf.Discard) - common.Interrupt(s.input) - s.Close() - return drainErr + s.Close(false) + return buf.Copy(rr, buf.Discard) } return err @@ -351,12 +344,7 @@ func (m *ClientWorker) handleStatusKeep(meta *FrameMetadata, reader *buf.Buffere func (m *ClientWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.BufferedReader) error { if s, found := m.sessionManager.Get(meta.SessionID); found { - if meta.Option.Has(OptionError) { - common.Interrupt(s.input) - common.Interrupt(s.output) - } - common.Interrupt(s.input) - s.Close() + s.Close(false) } if meta.Option.Has(OptionData) { return buf.Copy(NewStreamReader(reader), buf.Discard) diff --git a/common/mux/frame.go b/common/mux/frame.go index 30f3c1db4563..ab57d7713302 100644 --- a/common/mux/frame.go +++ b/common/mux/frame.go @@ -58,6 +58,7 @@ type FrameMetadata struct { SessionID uint16 Option bitmask.Byte SessionStatus SessionStatus + GlobalID [8]byte } func (f FrameMetadata) WriteTo(b *buf.Buffer) error { @@ -81,6 +82,9 @@ func (f FrameMetadata) WriteTo(b *buf.Buffer) error { if err := addrParser.WriteAddressPort(b, f.Target.Address, f.Target.Port); err != nil { return err } + if b.UDP != nil { + b.Write(f.GlobalID[:]) + } } else if b.UDP != nil { b.WriteByte(byte(TargetNetworkUDP)) addrParser.WriteAddressPort(b, b.UDP.Address, b.UDP.Port) @@ -144,5 +148,10 @@ func (f *FrameMetadata) UnmarshalFromBuffer(b *buf.Buffer) error { } } + if f.SessionStatus == SessionStatusNew && f.Option.Has(OptionData) && + f.Target.Network == net.Network_UDP && b.Len() >= 8 { + copy(f.GlobalID[:], b.Bytes()) + } + return nil } diff --git a/common/mux/mux_test.go b/common/mux/mux_test.go index 39def2ab0a70..f326ffd7765c 100644 --- a/common/mux/mux_test.go +++ b/common/mux/mux_test.go @@ -32,13 +32,13 @@ func TestReaderWriter(t *testing.T) { pReader, pWriter := pipe.New(pipe.WithSizeLimit(1024)) dest := net.TCPDestination(net.DomainAddress("example.com"), 80) - writer := NewWriter(1, dest, pWriter, protocol.TransferTypeStream) + writer := NewWriter(1, dest, pWriter, protocol.TransferTypeStream, [8]byte{}) dest2 := net.TCPDestination(net.LocalHostIP, 443) - writer2 := NewWriter(2, dest2, pWriter, protocol.TransferTypeStream) + writer2 := NewWriter(2, dest2, pWriter, protocol.TransferTypeStream, [8]byte{}) dest3 := net.TCPDestination(net.LocalHostIPv6, 18374) - writer3 := NewWriter(3, dest3, pWriter, protocol.TransferTypeStream) + writer3 := NewWriter(3, dest3, pWriter, protocol.TransferTypeStream, [8]byte{}) writePayload := func(writer *Writer, payload ...byte) error { b := buf.New() diff --git a/common/mux/server.go b/common/mux/server.go index df461be799e5..e64e038f790b 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -2,6 +2,7 @@ package mux import ( "context" + "fmt" "io" "github.com/xtls/xray-core/common" @@ -11,6 +12,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport" @@ -99,7 +101,7 @@ func handle(ctx context.Context, s *Session, output buf.Writer) { } writer.Close() - s.Close() + s.Close(false) } func (w *ServerWorker) ActiveConnections() uint32 { @@ -131,6 +133,81 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, } ctx = log.ContextWithAccessMessage(ctx, msg) } + + if meta.GlobalID != [8]byte{} { + mb, err := NewPacketReader(reader, &meta.Target).ReadMultiBuffer() + if err != nil { + return err + } + XUDPManager.Lock() + x := XUDPManager.Map[meta.GlobalID] + if x == nil { + x = &XUDP{GlobalID: meta.GlobalID} + XUDPManager.Map[meta.GlobalID] = x + XUDPManager.Unlock() + } else { + if x.Status == Initializing { // nearly impossible + XUDPManager.Unlock() + if xudp.Show { + fmt.Printf("XUDP hit: %v err: conflict\n", meta.GlobalID) + } + // It's not a good idea to return an err here, so just let client wait. + // Client will receive an End frame after sending a Keep frame. + return nil + } + x.Status = Initializing + XUDPManager.Unlock() + x.Mux.Close(false) // detach from previous Mux + b := buf.New() + b.Write(mb[0].Bytes()) + b.UDP = mb[0].UDP + if err = x.Mux.output.WriteMultiBuffer(mb); err != nil { + x.Interrupt() + mb = buf.MultiBuffer{b} + } else { + b.Release() + mb = nil + } + if xudp.Show { + fmt.Printf("XUDP hit: %v err: %v\n", meta.GlobalID, err) + } + } + if mb != nil { + ctx = session.ContextWithTimeoutOnly(ctx, true) + // Actually, it won't return an error in Xray-core's implementations. + link, err := w.dispatcher.Dispatch(ctx, meta.Target) + if err != nil { + err = newError("failed to dispatch request to ", meta.Target).Base(err) + if xudp.Show { + fmt.Printf("XUDP new: %v err: %v\n", meta.GlobalID, err) + } + return err // it will break the whole Mux connection + } + link.Writer.WriteMultiBuffer(mb) // it's meaningless to test a new pipe + x.Mux = &Session{ + input: link.Reader, + output: link.Writer, + } + if xudp.Show { + fmt.Printf("XUDP new: %v err: %v\n", meta.GlobalID, err) + } + } + x.Mux = &Session{ + input: x.Mux.input, + output: x.Mux.output, + parent: w.sessionManager, + ID: meta.SessionID, + transferType: protocol.TransferTypePacket, + XUDP: x, + } + go handle(ctx, x.Mux, w.link.Writer) + x.Status = Active + if !w.sessionManager.Add(x.Mux) { + x.Mux.Close(false) + } + return nil + } + link, err := w.dispatcher.Dispatch(ctx, meta.Target) if err != nil { if meta.Option.Has(OptionData) { @@ -157,8 +234,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, rr := s.NewReader(reader, &meta.Target) if err := buf.Copy(rr, s.output); err != nil { buf.Copy(rr, buf.Discard) - common.Interrupt(s.input) - return s.Close() + return s.Close(false) } return nil } @@ -182,15 +258,8 @@ func (w *ServerWorker) handleStatusKeep(meta *FrameMetadata, reader *buf.Buffere if err != nil && buf.IsWriteError(err) { newError("failed to write to downstream writer. closing session ", s.ID).Base(err).WriteToLog() - - // Notify remote peer to close this session. - closingWriter := NewResponseWriter(meta.SessionID, w.link.Writer, protocol.TransferTypeStream) - closingWriter.Close() - - drainErr := buf.Copy(rr, buf.Discard) - common.Interrupt(s.input) - s.Close() - return drainErr + s.Close(false) + return buf.Copy(rr, buf.Discard) } return err @@ -198,12 +267,7 @@ func (w *ServerWorker) handleStatusKeep(meta *FrameMetadata, reader *buf.Buffere func (w *ServerWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.BufferedReader) error { if s, found := w.sessionManager.Get(meta.SessionID); found { - if meta.Option.Has(OptionError) { - common.Interrupt(s.input) - common.Interrupt(s.output) - } - common.Interrupt(s.input) - s.Close() + s.Close(false) } if meta.Option.Has(OptionData) { return buf.Copy(NewStreamReader(reader), buf.Discard) diff --git a/common/mux/session.go b/common/mux/session.go index 2f21b97a33e4..650e3545b9bd 100644 --- a/common/mux/session.go +++ b/common/mux/session.go @@ -1,12 +1,18 @@ package mux import ( + "fmt" + "io" + "runtime" "sync" + "time" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" + "github.com/xtls/xray-core/common/xudp" + "github.com/xtls/xray-core/transport/pipe" ) type SessionManager struct { @@ -61,21 +67,25 @@ func (m *SessionManager) Allocate() *Session { return s } -func (m *SessionManager) Add(s *Session) { +func (m *SessionManager) Add(s *Session) bool { m.Lock() defer m.Unlock() if m.closed { - return + return false } m.count++ m.sessions[s.ID] = s + return true } -func (m *SessionManager) Remove(id uint16) { - m.Lock() - defer m.Unlock() +func (m *SessionManager) Remove(locked bool, id uint16) { + if !locked { + m.Lock() + defer m.Unlock() + } + locked = true if m.closed { return @@ -83,9 +93,11 @@ func (m *SessionManager) Remove(id uint16) { delete(m.sessions, id) - if len(m.sessions) == 0 { - m.sessions = make(map[uint16]*Session, 16) - } + /* + if len(m.sessions) == 0 { + m.sessions = make(map[uint16]*Session, 16) + } + */ } func (m *SessionManager) Get(id uint16) (*Session, bool) { @@ -127,8 +139,7 @@ func (m *SessionManager) Close() error { m.closed = true for _, s := range m.sessions { - common.Close(s.input) - common.Close(s.output) + s.Close(true) } m.sessions = nil @@ -142,13 +153,42 @@ type Session struct { parent *SessionManager ID uint16 transferType protocol.TransferType + closed bool + XUDP *XUDP } // Close closes all resources associated with this session. -func (s *Session) Close() error { - common.Close(s.output) - common.Close(s.input) - s.parent.Remove(s.ID) +func (s *Session) Close(locked bool) error { + if !locked { + s.parent.Lock() + defer s.parent.Unlock() + } + locked = true + if s.closed { + return nil + } + s.closed = true + if s.XUDP == nil { + common.Interrupt(s.input) + common.Close(s.output) + } else { + // Stop existing handle(), then trigger writer.Close(). + // Note that s.output may be dispatcher.SizeStatWriter. + s.input.(*pipe.Reader).ReturnAnError(io.EOF) + runtime.Gosched() + // If the error set by ReturnAnError still exists, clear it. + s.input.(*pipe.Reader).Recover() + XUDPManager.Lock() + if s.XUDP.Status == Active { + s.XUDP.Expire = time.Now().Add(time.Minute) + s.XUDP.Status = Expiring + if xudp.Show { + fmt.Printf("XUDP put: %v\n", s.XUDP.GlobalID) + } + } + XUDPManager.Unlock() + } + s.parent.Remove(locked, s.ID) return nil } @@ -159,3 +199,47 @@ func (s *Session) NewReader(reader *buf.BufferedReader, dest *net.Destination) b } return NewPacketReader(reader, dest) } + +const ( + Initializing = 0 + Active = 1 + Expiring = 2 +) + +type XUDP struct { + GlobalID [8]byte + Status uint64 + Expire time.Time + Mux *Session +} + +func (x *XUDP) Interrupt() { + common.Interrupt(x.Mux.input) + common.Close(x.Mux.output) +} + +var XUDPManager struct { + sync.Mutex + Map map[[8]byte]*XUDP +} + +func init() { + XUDPManager.Map = make(map[[8]byte]*XUDP) + go func() { + for { + time.Sleep(time.Minute) + now := time.Now() + XUDPManager.Lock() + for id, x := range XUDPManager.Map { + if x.Status == Expiring && now.After(x.Expire) { + x.Interrupt() + delete(XUDPManager.Map, id) + if xudp.Show { + fmt.Printf("XUDP del: %v\n", id) + } + } + } + XUDPManager.Unlock() + } + }() +} diff --git a/common/mux/session_test.go b/common/mux/session_test.go index 7139df10995c..d81ad8c405eb 100644 --- a/common/mux/session_test.go +++ b/common/mux/session_test.go @@ -44,7 +44,7 @@ func TestSessionManagerClose(t *testing.T) { if m.CloseIfNoSession() { t.Error("able to close") } - m.Remove(s.ID) + m.Remove(false, s.ID) if !m.CloseIfNoSession() { t.Error("not able to close") } diff --git a/common/mux/writer.go b/common/mux/writer.go index f7a22b2d7c3c..a6dc551d6bdd 100644 --- a/common/mux/writer.go +++ b/common/mux/writer.go @@ -15,15 +15,17 @@ type Writer struct { followup bool hasError bool transferType protocol.TransferType + globalID [8]byte } -func NewWriter(id uint16, dest net.Destination, writer buf.Writer, transferType protocol.TransferType) *Writer { +func NewWriter(id uint16, dest net.Destination, writer buf.Writer, transferType protocol.TransferType, globalID [8]byte) *Writer { return &Writer{ id: id, dest: dest, writer: writer, followup: false, transferType: transferType, + globalID: globalID, } } @@ -40,6 +42,7 @@ func (w *Writer) getNextFrameMeta() FrameMetadata { meta := FrameMetadata{ SessionID: w.id, Target: w.dest, + GlobalID: w.globalID, } if w.followup { diff --git a/common/session/context.go b/common/session/context.go index 2959807e535a..71e4b154cea7 100644 --- a/common/session/context.go +++ b/common/session/context.go @@ -2,10 +2,14 @@ package session import ( "context" + _ "unsafe" "github.com/xtls/xray-core/features/routing" ) +//go:linkname IndependentCancelCtx context.newCancelCtx +func IndependentCancelCtx(parent context.Context) context.Context + type sessionKey int const ( @@ -17,6 +21,7 @@ const ( sockoptSessionKey trackedConnectionErrorKey dispatcherKey + timeoutOnlyKey ) // ContextWithID returns a new context with the given ID. @@ -131,3 +136,14 @@ func DispatcherFromContext(ctx context.Context) routing.Dispatcher { } return nil } + +func ContextWithTimeoutOnly(ctx context.Context, only bool) context.Context { + return context.WithValue(ctx, timeoutOnlyKey, only) +} + +func TimeoutOnlyFromContext(ctx context.Context) bool { + if val, ok := ctx.Value(timeoutOnlyKey).(bool); ok { + return val + } + return false +} diff --git a/common/session/session.go b/common/session/session.go index 656a24044e50..83c48fde70f2 100644 --- a/common/session/session.go +++ b/common/session/session.go @@ -42,6 +42,8 @@ type Inbound struct { Gateway net.Destination // Tag of the inbound proxy that handles the connection. Tag string + // Name of the inbound proxy that handles the connection. + Name string // User is the user that authencates for the inbound. May be nil if the protocol allows anounymous traffic. User *protocol.MemoryUser // Conn is actually internet.Connection. May be nil. diff --git a/common/task/task.go b/common/task/task.go index 52b0d44b6320..eeba1dcd71f9 100644 --- a/common/task/task.go +++ b/common/task/task.go @@ -38,6 +38,12 @@ func Run(ctx context.Context, tasks ...func() error) error { }(task) } + /* + if altctx := ctx.Value("altctx"); altctx != nil { + ctx = altctx.(context.Context) + } + */ + for i := 0; i < n; i++ { select { case err := <-done: @@ -48,5 +54,11 @@ func Run(ctx context.Context, tasks ...func() error) error { } } + /* + if cancel := ctx.Value("cancel"); cancel != nil { + cancel.(context.CancelFunc)() + } + */ + return nil } diff --git a/common/xudp/xudp.go b/common/xudp/xudp.go index 80a35e411a92..65096d16917c 100644 --- a/common/xudp/xudp.go +++ b/common/xudp/xudp.go @@ -1,30 +1,76 @@ package xudp import ( + "context" + "crypto/rand" + "encoding/base64" + "fmt" "io" + "os" + "strings" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" + "github.com/xtls/xray-core/common/session" + "lukechampine.com/blake3" ) -var addrParser = protocol.NewAddressParser( +var AddrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4), protocol.AddressFamilyByte(byte(protocol.AddressTypeDomain), net.AddressFamilyDomain), protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv6), net.AddressFamilyIPv6), protocol.PortThenAddress(), ) -func NewPacketWriter(writer buf.Writer, dest net.Destination) *PacketWriter { +var ( + Show bool + BaseKey [32]byte +) + +const ( + EnvShow = "XRAY_XUDP_SHOW" + EnvBaseKey = "XRAY_XUDP_BASEKEY" +) + +func init() { + if strings.ToLower(os.Getenv(EnvShow)) == "true" { + Show = true + } + if raw := os.Getenv(EnvBaseKey); raw != "" { + if key, _ := base64.RawURLEncoding.DecodeString(raw); len(key) == len(BaseKey) { + copy(BaseKey[:], key) + return + } else { + panic(EnvBaseKey + ": invalid value: " + raw) + } + } + rand.Read(BaseKey[:]) +} + +func GetGlobalID(ctx context.Context) (globalID [8]byte) { + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Source.Network == net.Network_UDP && + (inbound.Name == "dokodemo-door" || inbound.Name == "socks" || inbound.Name == "shadowsocks") { + h := blake3.New(8, BaseKey[:]) + h.Write([]byte(inbound.Source.String())) + copy(globalID[:], h.Sum(nil)) + fmt.Printf("XUDP inbound.Source.String(): %v\tglobalID: %v\n", inbound.Source.String(), globalID) + } + return +} + +func NewPacketWriter(writer buf.Writer, dest net.Destination, globalID [8]byte) *PacketWriter { return &PacketWriter{ - Writer: writer, - Dest: dest, + Writer: writer, + Dest: dest, + GlobalID: globalID, } } type PacketWriter struct { - Writer buf.Writer - Dest net.Destination + Writer buf.Writer + Dest net.Destination + GlobalID [8]byte } func (w *PacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { @@ -42,14 +88,17 @@ func (w *PacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { eb.WriteByte(1) // New eb.WriteByte(1) // Opt eb.WriteByte(2) // UDP - addrParser.WriteAddressPort(eb, w.Dest.Address, w.Dest.Port) + AddrParser.WriteAddressPort(eb, w.Dest.Address, w.Dest.Port) + if b.UDP != nil { // make sure it's user's proxy request + eb.Write(w.GlobalID[:]) + } w.Dest.Network = net.Network_Unknown } else { eb.WriteByte(2) // Keep eb.WriteByte(1) if b.UDP != nil { eb.WriteByte(2) - addrParser.WriteAddressPort(eb, b.UDP.Address, b.UDP.Port) + AddrParser.WriteAddressPort(eb, b.UDP.Address, b.UDP.Port) } } l := eb.Len() - 2 @@ -98,7 +147,7 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { case 2: if l != 4 { b.Advance(5) - addr, port, err := addrParser.ReadAddressPort(nil, b) + addr, port, err := AddrParser.ReadAddressPort(nil, b) if err != nil { b.Release() return nil, err diff --git a/go.mod b/go.mod index 7d534bac933a..76d7c0d79e00 100644 --- a/go.mod +++ b/go.mod @@ -29,6 +29,7 @@ require ( google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 + lukechampine.com/blake3 v1.1.7 ) require ( @@ -55,5 +56,4 @@ require ( google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - lukechampine.com/blake3 v1.1.7 // indirect ) diff --git a/infra/conf/xray.go b/infra/conf/xray.go index 949e55344242..2306e380ea03 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -10,6 +10,7 @@ import ( "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/app/stats" + "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/serial" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/transport/internet" @@ -107,8 +108,9 @@ func (c *SniffingConfig) Build() (*proxyman.SniffingConfig, error) { } type MuxConfig struct { - Enabled bool `json:"enabled"` - Concurrency int16 `json:"concurrency"` + Enabled bool `json:"enabled"` + Concurrency int16 `json:"concurrency"` + Only string `json:"only"` } // Build creates MultiplexingConfig, Concurrency < 0 completely disables mux. @@ -116,16 +118,23 @@ func (m *MuxConfig) Build() *proxyman.MultiplexingConfig { if m.Concurrency < 0 { return nil } - - var con uint32 = 8 - if m.Concurrency > 0 { - con = uint32(m.Concurrency) + if m.Concurrency == 0 { + m.Concurrency = 8 } - return &proxyman.MultiplexingConfig{ + config := &proxyman.MultiplexingConfig{ Enabled: m.Enabled, - Concurrency: con, + Concurrency: uint32(m.Concurrency), + } + + switch strings.ToLower(m.Only) { + case "tcp": + config.Only = uint32(net.Network_TCP) + case "udp": + config.Only = uint32(net.Network_UDP) } + + return config } type InboundDetourAllocationConfig struct { diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index ae123c28be49..be05e4f7413b 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -148,6 +148,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet. } } + if session.TimeoutOnlyFromContext(ctx) { + ctx, _ = context.WithCancel(context.Background()) + } + ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, h.timeout) diff --git a/proxy/dokodemo/dokodemo.go b/proxy/dokodemo/dokodemo.go index d0fb69f932bb..42d8256f45aa 100644 --- a/proxy/dokodemo/dokodemo.go +++ b/proxy/dokodemo/dokodemo.go @@ -103,6 +103,7 @@ func (d *DokodemoDoor) Process(ctx context.Context, network net.Network, conn st inbound := session.InboundFromContext(ctx) if inbound != nil { + inbound.Name = "dokodemo-door" inbound.User = &protocol.MemoryUser{ Level: d.config.UserLevel, } diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index 15ebc22b659d..8630ab9ceb58 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -149,9 +149,20 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } defer conn.Close() + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + plcy := h.policy() ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, plcy.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, plcy.Timeouts.ConnectionIdle) requestDone := func() error { defer timer.SetTimeout(plcy.Timeouts.DownlinkOnly) @@ -186,6 +197,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return nil } + if newCtx != nil { + ctx = newCtx + } + if err := task.Run(ctx, requestDone, task.OnSuccess(responseDone, task.Close(output))); err != nil { return newError("connection ends").Base(err) } diff --git a/proxy/http/client.go b/proxy/http/client.go index 71a10e699739..b1661011afa8 100644 --- a/proxy/http/client.go +++ b/proxy/http/client.go @@ -128,8 +128,19 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter p = c.policyManager.ForLevel(user.Level) } + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, p.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, p.Timeouts.ConnectionIdle) requestFunc := func() error { defer timer.SetTimeout(p.Timeouts.DownlinkOnly) @@ -140,6 +151,10 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter return buf.Copy(buf.NewReader(conn), link.Writer, buf.UpdateActivity(timer)) } + if newCtx != nil { + ctx = newCtx + } + responseDonePost := task.OnSuccess(responseFunc, task.Close(link.Writer)) if err := task.Run(ctx, requestFunc, responseDonePost); err != nil { return newError("connection ends").Base(err) diff --git a/proxy/http/server.go b/proxy/http/server.go index cdcf2e3afdbc..6b00fe2b2963 100644 --- a/proxy/http/server.go +++ b/proxy/http/server.go @@ -85,6 +85,7 @@ type readerOnly struct { func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) if inbound != nil { + inbound.Name = "http" inbound.User = &protocol.MemoryUser{ Level: s.config.UserLevel, } diff --git a/proxy/shadowsocks/client.go b/proxy/shadowsocks/client.go index 2d8a4e81a32e..e22b11c7ab53 100644 --- a/proxy/shadowsocks/client.go +++ b/proxy/shadowsocks/client.go @@ -96,9 +96,24 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter } request.User = user + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + sessionPolicy := c.policyManager.ForLevel(user.Level) ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, sessionPolicy.Timeouts.ConnectionIdle) + + if newCtx != nil { + ctx = newCtx + } if request.Command == protocol.RequestCommandTCP { requestDone := func() error { diff --git a/proxy/shadowsocks/server.go b/proxy/shadowsocks/server.go index 140c6704a3fb..1d89db5e0a20 100644 --- a/proxy/shadowsocks/server.go +++ b/proxy/shadowsocks/server.go @@ -113,6 +113,7 @@ func (s *Server) handleUDPPayload(ctx context.Context, conn stat.Connection, dis if inbound == nil { panic("no inbound metadata") } + inbound.Name = "shadowsocks" var dest *net.Destination diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 550aadd13e63..1c2ae1d219b3 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -3,7 +3,7 @@ package shadowsocks_2022 import ( "context" - "github.com/sagernet/sing-shadowsocks" + shadowsocks "github.com/sagernet/sing-shadowsocks" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" C "github.com/sagernet/sing/common" B "github.com/sagernet/sing/common/buf" @@ -64,6 +64,7 @@ func (i *Inbound) Network() []net.Network { func (i *Inbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) + inbound.Name = "shadowsocks-2022" var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 695de8e21851..77a344279beb 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -153,6 +153,7 @@ func (i *MultiUserInbound) Network() []net.Network { func (i *MultiUserInbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) + inbound.Name = "shadowsocks-2022-multi" var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/inbound_relay.go b/proxy/shadowsocks_2022/inbound_relay.go index 3e0043ee3e94..d07babb8061f 100644 --- a/proxy/shadowsocks_2022/inbound_relay.go +++ b/proxy/shadowsocks_2022/inbound_relay.go @@ -85,6 +85,7 @@ func (i *RelayInbound) Network() []net.Network { func (i *RelayInbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) + inbound.Name = "shadowsocks-2022-relay" var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/outbound.go b/proxy/shadowsocks_2022/outbound.go index eb38c017185b..41e239dcf8c3 100644 --- a/proxy/shadowsocks_2022/outbound.go +++ b/proxy/shadowsocks_2022/outbound.go @@ -6,7 +6,7 @@ import ( "runtime" "time" - "github.com/sagernet/sing-shadowsocks" + shadowsocks "github.com/sagernet/sing-shadowsocks" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" C "github.com/sagernet/sing/common" B "github.com/sagernet/sing/common/buf" @@ -88,6 +88,10 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int return newError("failed to connect to server").Base(err) } + if session.TimeoutOnlyFromContext(ctx) { + ctx, _ = context.WithCancel(context.Background()) + } + if network == net.Network_TCP { serverConn := o.method.DialEarlyConn(connection, toSocksaddr(destination)) var handshake bool diff --git a/proxy/socks/client.go b/proxy/socks/client.go index f1690bec8757..1993aa0b8902 100644 --- a/proxy/socks/client.go +++ b/proxy/socks/client.go @@ -151,8 +151,19 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter newError("failed to clear deadline after handshake").Base(err).WriteToLog(session.ExportIDToError(ctx)) } + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, p.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, p.Timeouts.ConnectionIdle) var requestFunc func() error var responseFunc func() error @@ -183,6 +194,10 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter } } + if newCtx != nil { + ctx = newCtx + } + responseDonePost := task.OnSuccess(responseFunc, task.Close(link.Writer)) if err := task.Run(ctx, requestFunc, responseDonePost); err != nil { return newError("connection ends").Base(err) diff --git a/proxy/socks/server.go b/proxy/socks/server.go index ce15163c5b2e..184ecd08000b 100644 --- a/proxy/socks/server.go +++ b/proxy/socks/server.go @@ -64,6 +64,7 @@ func (s *Server) Network() []net.Network { // Process implements proxy.Inbound. func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { if inbound := session.InboundFromContext(ctx); inbound != nil { + inbound.Name = "socks" inbound.User = &protocol.MemoryUser{ Level: s.config.UserLevel, } diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index ffd10359e01f..2605239d377b 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -93,9 +93,20 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter Flow: account.Flow, } + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + sessionPolicy := c.policyManager.ForLevel(user.Level) ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, sessionPolicy.Timeouts.ConnectionIdle) postRequest := func() error { defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly) @@ -149,6 +160,10 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter return buf.Copy(reader, link.Writer, buf.UpdateActivity(timer)) } + if newCtx != nil { + ctx = newCtx + } + responseDoneAndCloseWriter := task.OnSuccess(getResponse, task.Close(link.Writer)) if err := task.Run(ctx, postRequest, responseDoneAndCloseWriter); err != nil { return newError("connection ends").Base(err) diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 029d4effb534..368374ffbe3f 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -217,6 +217,7 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con if inbound == nil { panic("no inbound metadata") } + inbound.Name = "trojan" inbound.User = user sessionPolicy = s.policyManager.ForLevel(user.Level) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index b3def4bb0adc..c8a69444d775 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -438,6 +438,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if inbound == nil { panic("no inbound metadata") } + inbound.Name = "vless" inbound.User = request.User account := request.User.Account.(*vless.MemoryAccount) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index b7bc69641de1..cb2a1b766cb0 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -170,9 +170,20 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } } + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + sessionPolicy := h.policyManager.ForLevel(request.User.Level) ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, sessionPolicy.Timeouts.ConnectionIdle) clientReader := link.Reader // .(*pipe.Reader) clientWriter := link.Writer // .(*pipe.Writer) @@ -200,7 +211,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte // default: serverWriter := bufferWriter serverWriter := encoding.EncodeBodyAddons(bufferWriter, request, requestAddons) if request.Command == protocol.RequestCommandMux && request.Port == 666 { - serverWriter = xudp.NewPacketWriter(serverWriter, target) + serverWriter = xudp.NewPacketWriter(serverWriter, target, xudp.GetGlobalID(ctx)) } userUUID := account.ID.Bytes() timeoutReader, ok := clientReader.(buf.TimeoutReader) @@ -300,6 +311,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return nil } + if newCtx != nil { + ctx = newCtx + } + if err := task.Run(ctx, postRequest, task.OnSuccess(getResponse, task.Close(clientWriter))); err != nil { return newError("connection ends").Base(err).AtInfo() } diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go index 00b07f14c8d7..eb24a6c6ddd1 100644 --- a/proxy/vmess/inbound/inbound.go +++ b/proxy/vmess/inbound/inbound.go @@ -287,6 +287,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if inbound == nil { panic("no inbound metadata") } + inbound.Name = "vmess" inbound.User = request.User sessionPolicy = h.policyManager.ForLevel(request.User.Level) diff --git a/proxy/vmess/outbound/outbound.go b/proxy/vmess/outbound/outbound.go index e7c6466efdef..64c292253bd6 100644 --- a/proxy/vmess/outbound/outbound.go +++ b/proxy/vmess/outbound/outbound.go @@ -138,11 +138,22 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte behaviorSeed := crc64.Checksum(hashkdf.Sum(nil), crc64.MakeTable(crc64.ISO)) + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + session := encoding.NewClientSession(ctx, isAEAD, protocol.DefaultIDHash, int64(behaviorSeed)) sessionPolicy := h.policyManager.ForLevel(request.User.Level) ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, sessionPolicy.Timeouts.ConnectionIdle) if request.Command == protocol.RequestCommandUDP && h.cone && request.Port != 53 && request.Port != 443 { request.Command = protocol.RequestCommandMux @@ -164,7 +175,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } bodyWriter2 := bodyWriter if request.Command == protocol.RequestCommandMux && request.Port == 666 { - bodyWriter = xudp.NewPacketWriter(bodyWriter, target) + bodyWriter = xudp.NewPacketWriter(bodyWriter, target, xudp.GetGlobalID(ctx)) } if err := buf.CopyOnceTimeout(input, bodyWriter, time.Millisecond*100); err != nil && err != buf.ErrNotTimeoutReader && err != buf.ErrReadTimeout { return newError("failed to write first payload").Base(err) @@ -208,6 +219,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return buf.Copy(bodyReader, output, buf.UpdateActivity(timer)) } + if newCtx != nil { + ctx = newCtx + } + responseDonePost := task.OnSuccess(responseDone, task.Close(output)) if err := task.Run(ctx, requestDone, responseDonePost); err != nil { return newError("connection ends").Base(err) diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go index 2b7e1c875c9d..0d4994f5adf0 100644 --- a/proxy/wireguard/wireguard.go +++ b/proxy/wireguard/wireguard.go @@ -127,10 +127,21 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte addr = net.IPAddress(ips[0]) } + var newCtx context.Context + var newCancel context.CancelFunc + if session.TimeoutOnlyFromContext(ctx) { + newCtx, newCancel = context.WithCancel(context.Background()) + } + p := h.policyManager.ForLevel(0) ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, p.Timeouts.ConnectionIdle) + timer := signal.CancelAfterInactivity(ctx, func() { + cancel() + if newCancel != nil { + newCancel() + } + }, p.Timeouts.ConnectionIdle) addrPort := netip.AddrPortFrom(toNetIpAddr(addr), destination.Port.Value()) var requestFunc func() error @@ -166,6 +177,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } } + if newCtx != nil { + ctx = newCtx + } + responseDonePost := task.OnSuccess(responseFunc, task.Close(link.Writer)) if err := task.Run(ctx, requestFunc, responseDonePost); err != nil { return newError("connection ends").Base(err) diff --git a/transport/pipe/impl.go b/transport/pipe/impl.go index 14a18e6319d4..a60bc4855f23 100644 --- a/transport/pipe/impl.go +++ b/transport/pipe/impl.go @@ -37,6 +37,7 @@ type pipe struct { readSignal *signal.Notifier writeSignal *signal.Notifier done *done.Instance + errChan chan error option pipeOption state state } @@ -92,6 +93,8 @@ func (p *pipe) ReadMultiBuffer() (buf.MultiBuffer, error) { select { case <-p.readSignal.Wait(): case <-p.done.Wait(): + case err = <-p.errChan: + return nil, err } } } diff --git a/transport/pipe/pipe.go b/transport/pipe/pipe.go index 0b22c2db8e66..735cc091baec 100644 --- a/transport/pipe/pipe.go +++ b/transport/pipe/pipe.go @@ -59,6 +59,7 @@ func New(opts ...Option) (*Reader, *Writer) { readSignal: signal.NewNotifier(), writeSignal: signal.NewNotifier(), done: done.New(), + errChan: make(chan error, 1), option: pipeOption{ limit: -1, }, diff --git a/transport/pipe/reader.go b/transport/pipe/reader.go index 6673343683b8..79f0ac033f5e 100644 --- a/transport/pipe/reader.go +++ b/transport/pipe/reader.go @@ -25,3 +25,17 @@ func (r *Reader) ReadMultiBufferTimeout(d time.Duration) (buf.MultiBuffer, error func (r *Reader) Interrupt() { r.pipe.Interrupt() } + +// ReturnAnError makes ReadMultiBuffer return an error, only once. +func (r *Reader) ReturnAnError(err error) { + r.pipe.errChan <- err +} + +// Recover catches an error set by ReturnAnError, if exists. +func (r *Reader) Recover() (err error) { + select { + case err = <-r.pipe.errChan: + default: + } + return +} From 54ad0e96a0d4728c45f7101bebf5b568ab1974de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Apr 2023 00:59:29 +0000 Subject: [PATCH 092/226] Bump golang.org/x/net from 0.8.0 to 0.9.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 76d7c0d79e00..fa91017b3308 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.7.0 - golang.org/x/net v0.8.0 + golang.org/x/net v0.9.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.7.0 google.golang.org/grpc v1.54.0 @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230307190834-24139beb5833 // indirect golang.org/x/mod v0.9.0 // indirect - golang.org/x/text v0.8.0 // indirect + golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.7.0 // indirect google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect diff --git a/go.sum b/go.sum index 44f624c37e59..a49be94adc92 100644 --- a/go.sum +++ b/go.sum @@ -227,8 +227,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -261,8 +261,8 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From 15cf31f30a1bce7027041574ace9079d9ddb4fc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?MisakaNo=20=E3=81=AE=20=E5=B0=8F=E7=A0=B4=E7=AB=99?= <122191366+Misaka-blog@users.noreply.github.com> Date: Fri, 7 Apr 2023 18:20:56 +0800 Subject: [PATCH 093/226] Add sbox-reality to README/Others/sing-box (#1909) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 77b6185e71d6..596cdbc276c1 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ - [meta_for_ios](https://t.me/meta_for_ios) - [sing-box](https://github.com/SagerNet/sing-box) - [installReality](https://github.com/BoxXt/installReality) + - [sbox-reality](https://github.com/Misaka-blog/sbox-reality) - [sing-box-for-ios](https://github.com/SagerNet/sing-box-for-ios) ## Contributing From 76b27a37cb9d1f82baef901949d3fabc03fa63fa Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 7 Apr 2023 19:13:20 +0800 Subject: [PATCH 094/226] Update common/xudp/xudp.go and common/mux/server.go --- common/mux/server.go | 3 +++ common/xudp/xudp.go | 18 +++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/common/mux/server.go b/common/mux/server.go index e64e038f790b..b3c22a61cd5d 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -177,6 +177,9 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, // Actually, it won't return an error in Xray-core's implementations. link, err := w.dispatcher.Dispatch(ctx, meta.Target) if err != nil { + XUDPManager.Lock() + delete(XUDPManager.Map, x.GlobalID) + XUDPManager.Unlock() err = newError("failed to dispatch request to ", meta.Target).Base(err) if xudp.Show { fmt.Printf("XUDP new: %v err: %v\n", meta.GlobalID, err) diff --git a/common/xudp/xudp.go b/common/xudp/xudp.go index 65096d16917c..32dda614dba8 100644 --- a/common/xudp/xudp.go +++ b/common/xudp/xudp.go @@ -25,7 +25,7 @@ var AddrParser = protocol.NewAddressParser( var ( Show bool - BaseKey [32]byte + BaseKey []byte ) const ( @@ -37,24 +37,24 @@ func init() { if strings.ToLower(os.Getenv(EnvShow)) == "true" { Show = true } - if raw := os.Getenv(EnvBaseKey); raw != "" { - if key, _ := base64.RawURLEncoding.DecodeString(raw); len(key) == len(BaseKey) { - copy(BaseKey[:], key) + if raw, found := os.LookupEnv(EnvBaseKey); found { + if BaseKey, _ = base64.RawURLEncoding.DecodeString(raw); len(BaseKey) == 32 { return - } else { - panic(EnvBaseKey + ": invalid value: " + raw) } + panic(EnvBaseKey + ": invalid value: " + raw) } - rand.Read(BaseKey[:]) + rand.Read(BaseKey) } func GetGlobalID(ctx context.Context) (globalID [8]byte) { if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Source.Network == net.Network_UDP && (inbound.Name == "dokodemo-door" || inbound.Name == "socks" || inbound.Name == "shadowsocks") { - h := blake3.New(8, BaseKey[:]) + h := blake3.New(8, BaseKey) h.Write([]byte(inbound.Source.String())) copy(globalID[:], h.Sum(nil)) - fmt.Printf("XUDP inbound.Source.String(): %v\tglobalID: %v\n", inbound.Source.String(), globalID) + if Show { + fmt.Printf("XUDP inbound.Source.String(): %v\tglobalID: %v\n", inbound.Source.String(), globalID) + } } return } From 05d24d6827f313d5a2a2a633e3b83a8cac7d26a5 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 8 Apr 2023 20:56:54 -0400 Subject: [PATCH 095/226] Amend XUDP related logs - Useful for debug XUDP improvements - Move XUDP log in core log - Freedom connection log show local port --- common/mux/server.go | 19 ++++--------------- common/mux/session.go | 10 ++-------- proxy/freedom/freedom.go | 2 +- 3 files changed, 7 insertions(+), 24 deletions(-) diff --git a/common/mux/server.go b/common/mux/server.go index b3c22a61cd5d..55e3a6743393 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -2,7 +2,6 @@ package mux import ( "context" - "fmt" "io" "github.com/xtls/xray-core/common" @@ -12,7 +11,6 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" - "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport" @@ -148,9 +146,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, } else { if x.Status == Initializing { // nearly impossible XUDPManager.Unlock() - if xudp.Show { - fmt.Printf("XUDP hit: %v err: conflict\n", meta.GlobalID) - } + newError("XUDP hit ", meta.GlobalID).Base(errors.New("conflict")).AtWarning().WriteToLog(session.ExportIDToError(ctx)) // It's not a good idea to return an err here, so just let client wait. // Client will receive an End frame after sending a Keep frame. return nil @@ -168,9 +164,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, b.Release() mb = nil } - if xudp.Show { - fmt.Printf("XUDP hit: %v err: %v\n", meta.GlobalID, err) - } + newError("XUDP hit ", meta.GlobalID).Base(err).WriteToLog(session.ExportIDToError(ctx)) } if mb != nil { ctx = session.ContextWithTimeoutOnly(ctx, true) @@ -180,10 +174,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, XUDPManager.Lock() delete(XUDPManager.Map, x.GlobalID) XUDPManager.Unlock() - err = newError("failed to dispatch request to ", meta.Target).Base(err) - if xudp.Show { - fmt.Printf("XUDP new: %v err: %v\n", meta.GlobalID, err) - } + err = newError("XUDP new ", meta.GlobalID).Base(errors.New("failed to dispatch request to ", meta.Target).Base(err)) return err // it will break the whole Mux connection } link.Writer.WriteMultiBuffer(mb) // it's meaningless to test a new pipe @@ -191,9 +182,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, input: link.Reader, output: link.Writer, } - if xudp.Show { - fmt.Printf("XUDP new: %v err: %v\n", meta.GlobalID, err) - } + newError("XUDP new ", meta.GlobalID).Base(err).WriteToLog(session.ExportIDToError(ctx)) } x.Mux = &Session{ input: x.Mux.input, diff --git a/common/mux/session.go b/common/mux/session.go index 650e3545b9bd..695974402d25 100644 --- a/common/mux/session.go +++ b/common/mux/session.go @@ -1,7 +1,6 @@ package mux import ( - "fmt" "io" "runtime" "sync" @@ -11,7 +10,6 @@ import ( "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/transport/pipe" ) @@ -182,9 +180,7 @@ func (s *Session) Close(locked bool) error { if s.XUDP.Status == Active { s.XUDP.Expire = time.Now().Add(time.Minute) s.XUDP.Status = Expiring - if xudp.Show { - fmt.Printf("XUDP put: %v\n", s.XUDP.GlobalID) - } + newError("XUDP put ", s.XUDP.GlobalID).AtDebug().WriteToLog() } XUDPManager.Unlock() } @@ -234,9 +230,7 @@ func init() { if x.Status == Expiring && now.After(x.Expire) { x.Interrupt() delete(XUDPManager.Map, id) - if xudp.Show { - fmt.Printf("XUDP del: %v\n", id) - } + newError("XUDP del ", id).AtDebug().WriteToLog() } } XUDPManager.Unlock() diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index 8630ab9ceb58..93804a814384 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -117,7 +117,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte UDPOverride.Port = destination.Port } } - newError("opening connection to ", destination).WriteToLog(session.ExportIDToError(ctx)) input := link.Reader output := link.Writer @@ -148,6 +147,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return newError("failed to open connection to ", destination).Base(err) } defer conn.Close() + newError("connection opened to ", destination, ", local endpoint ", conn.LocalAddr(), ", remote endpoint ", conn.RemoteAddr()).WriteToLog(session.ExportIDToError(ctx)) var newCtx context.Context var newCancel context.CancelFunc From 29d7865d78289b07376e65cd1e68f25692bda950 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 10 Apr 2023 10:15:16 +0800 Subject: [PATCH 096/226] Refine "only" in Mux config --- app/proxyman/config.pb.go | 2 +- app/proxyman/config.proto | 2 +- infra/conf/xray.go | 15 +++++++++++---- infra/conf/xray_test.go | 2 +- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index 03613e88ecb1..c3b221c4de9c 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -595,7 +595,7 @@ type MultiplexingConfig struct { Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // Max number of concurrent connections that one Mux connection can handle. Concurrency uint32 `protobuf:"varint,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"` - // Both(0), TCP(1), UDP(2). + // Both(0), TCP(net.Network_TCP), UDP(net.Network_UDP). Only uint32 `protobuf:"varint,3,opt,name=only,proto3" json:"only,omitempty"` } diff --git a/app/proxyman/config.proto b/app/proxyman/config.proto index 54f634367210..8f282aa27908 100644 --- a/app/proxyman/config.proto +++ b/app/proxyman/config.proto @@ -98,6 +98,6 @@ message MultiplexingConfig { bool enabled = 1; // Max number of concurrent connections that one Mux connection can handle. uint32 concurrency = 2; - // Both(0), TCP(1), UDP(2). + // Both(0), TCP(net.Network_TCP), UDP(net.Network_UDP). uint32 only = 3; } diff --git a/infra/conf/xray.go b/infra/conf/xray.go index 2306e380ea03..63ffccf58489 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -114,9 +114,9 @@ type MuxConfig struct { } // Build creates MultiplexingConfig, Concurrency < 0 completely disables mux. -func (m *MuxConfig) Build() *proxyman.MultiplexingConfig { +func (m *MuxConfig) Build() (*proxyman.MultiplexingConfig, error) { if m.Concurrency < 0 { - return nil + return nil, nil } if m.Concurrency == 0 { m.Concurrency = 8 @@ -128,13 +128,16 @@ func (m *MuxConfig) Build() *proxyman.MultiplexingConfig { } switch strings.ToLower(m.Only) { + case "", "both": case "tcp": config.Only = uint32(net.Network_TCP) case "udp": config.Only = uint32(net.Network_UDP) + default: + return nil, newError(`unknown "only": `, m.Only) } - return config + return config, nil } type InboundDetourAllocationConfig struct { @@ -348,7 +351,11 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { } if c.MuxSettings != nil { - senderSettings.MultiplexSettings = c.MuxSettings.Build() + ms, err := c.MuxSettings.Build() + if err != nil { + return nil, newError("failed to build Mux config.").Base(err) + } + senderSettings.MultiplexSettings = ms } settings := []byte("{}") diff --git a/infra/conf/xray_test.go b/infra/conf/xray_test.go index 8c8151de7e64..02d868fec349 100644 --- a/infra/conf/xray_test.go +++ b/infra/conf/xray_test.go @@ -357,7 +357,7 @@ func TestMuxConfig_Build(t *testing.T) { t.Run(tt.name, func(t *testing.T) { m := &MuxConfig{} common.Must(json.Unmarshal([]byte(tt.fields), m)) - if got := m.Build(); !reflect.DeepEqual(got, tt.want) { + if got, _ := m.Build(); !reflect.DeepEqual(got, tt.want) { t.Errorf("MuxConfig.Build() = %v, want %v", got, tt.want) } }) From 24a2be43ef997f500602127259d8d076d0c913c5 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 10 Apr 2023 10:36:07 +0800 Subject: [PATCH 097/226] Replace "only" with "xudpConcurrency" in Mux config --- app/proxyman/config.pb.go | 37 +++++----- app/proxyman/config.proto | 6 +- app/proxyman/outbound/handler.go | 114 ++++++++++++++++++++----------- common/mux/client.go | 1 - infra/conf/xray.go | 35 +++------- infra/conf/xray_test.go | 7 +- 6 files changed, 111 insertions(+), 89 deletions(-) diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index c3b221c4de9c..664e6670e014 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -594,9 +594,9 @@ type MultiplexingConfig struct { // Whether or not Mux is enabled. Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // Max number of concurrent connections that one Mux connection can handle. - Concurrency uint32 `protobuf:"varint,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"` - // Both(0), TCP(net.Network_TCP), UDP(net.Network_UDP). - Only uint32 `protobuf:"varint,3,opt,name=only,proto3" json:"only,omitempty"` + Concurrency int32 `protobuf:"varint,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"` + // Transport XUDP in another Mux. + XudpConcurrency int32 `protobuf:"varint,3,opt,name=xudpConcurrency,proto3" json:"xudpConcurrency,omitempty"` } func (x *MultiplexingConfig) Reset() { @@ -638,16 +638,16 @@ func (x *MultiplexingConfig) GetEnabled() bool { return false } -func (x *MultiplexingConfig) GetConcurrency() uint32 { +func (x *MultiplexingConfig) GetConcurrency() int32 { if x != nil { return x.Concurrency } return 0 } -func (x *MultiplexingConfig) GetOnly() uint32 { +func (x *MultiplexingConfig) GetXudpConcurrency() int32 { if x != nil { - return x.Only + return x.XudpConcurrency } return 0 } @@ -865,22 +865,23 @@ var file_app_proxyman_config_proto_rawDesc = []byte{ 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x2e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x6d, 0x75, 0x6c, 0x74, 0x69, - 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x64, 0x0a, 0x12, + 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x7a, 0x0a, 0x12, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x12, - 0x0a, 0x04, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6f, 0x6e, - 0x6c, 0x79, 0x2a, 0x23, 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x07, - 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, - 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, - 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, - 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, - 0x70, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, - 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x05, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x28, + 0x0a, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, + 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, 0x6e, + 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x2a, 0x23, 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, + 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, + 0x54, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, + 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, + 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, + 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x6d, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/app/proxyman/config.proto b/app/proxyman/config.proto index 8f282aa27908..dc755fef3fa6 100644 --- a/app/proxyman/config.proto +++ b/app/proxyman/config.proto @@ -97,7 +97,7 @@ message MultiplexingConfig { // Whether or not Mux is enabled. bool enabled = 1; // Max number of concurrent connections that one Mux connection can handle. - uint32 concurrency = 2; - // Both(0), TCP(net.Network_TCP), UDP(net.Network_UDP). - uint32 only = 3; + int32 concurrency = 2; + // Transport XUDP in another Mux. + int32 xudpConcurrency = 3; } diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index 89e2862da8b8..4de70df2d07f 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -57,6 +57,7 @@ type Handler struct { proxy proxy.Outbound outboundManager outbound.Manager mux *mux.ClientManager + xudp *mux.ClientManager uplinkCounter stats.Counter downlinkCounter stats.Counter } @@ -106,23 +107,49 @@ func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbou } if h.senderSettings != nil && h.senderSettings.MultiplexSettings != nil { - config := h.senderSettings.MultiplexSettings - if config.Concurrency < 1 || config.Concurrency > 1024 { - return nil, newError("invalid mux concurrency: ", config.Concurrency).AtWarning() - } - h.mux = &mux.ClientManager{ - Enabled: config.Enabled, - Picker: &mux.IncrementalWorkerPicker{ - Factory: &mux.DialingWorkerFactory{ - Proxy: proxyHandler, - Dialer: h, - Strategy: mux.ClientStrategy{ - MaxConcurrency: config.Concurrency, - MaxConnection: 128, + if config := h.senderSettings.MultiplexSettings; config.Enabled { + if config.Concurrency < 0 { + h.mux = &mux.ClientManager{Enabled: false} + } + if config.Concurrency == 0 { + config.Concurrency = 8 // same as before + } + if config.Concurrency > 0 { + h.mux = &mux.ClientManager{ + Enabled: true, + Picker: &mux.IncrementalWorkerPicker{ + Factory: &mux.DialingWorkerFactory{ + Proxy: proxyHandler, + Dialer: h, + Strategy: mux.ClientStrategy{ + MaxConcurrency: uint32(config.Concurrency), + MaxConnection: 128, + }, + }, }, - }, - }, - Only: config.Only, + } + } + if config.XudpConcurrency < 0 { + h.xudp = &mux.ClientManager{Enabled: false} + } + if config.XudpConcurrency == 0 { + h.xudp = nil // same as before + } + if config.XudpConcurrency > 0 { + h.xudp = &mux.ClientManager{ + Enabled: true, + Picker: &mux.IncrementalWorkerPicker{ + Factory: &mux.DialingWorkerFactory{ + Proxy: proxyHandler, + Dialer: h, + Strategy: mux.ClientStrategy{ + MaxConcurrency: uint32(config.XudpConcurrency), + MaxConnection: 128, + }, + }, + }, + } + } } } @@ -137,33 +164,44 @@ func (h *Handler) Tag() string { // Dispatch implements proxy.Outbound.Dispatch. func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) { - outbound := session.OutboundFromContext(ctx) - if h.mux != nil && (h.mux.Enabled || session.MuxPreferedFromContext(ctx)) && - (h.mux.Only == 0 || (outbound != nil && h.mux.Only == uint32(outbound.Target.Network))) { - if err := h.mux.Dispatch(ctx, link); err != nil { - err := newError("failed to process mux outbound traffic").Base(err) - session.SubmitOutboundErrorToOriginator(ctx, err) - err.WriteToLog(session.ExportIDToError(ctx)) - common.Interrupt(link.Writer) + if h.mux != nil { + test := func(err error) { + if err != nil { + err := newError("failed to process mux outbound traffic").Base(err) + session.SubmitOutboundErrorToOriginator(ctx, err) + err.WriteToLog(session.ExportIDToError(ctx)) + common.Interrupt(link.Writer) + } } - } else { - err := h.proxy.Process(ctx, link, h) - if err != nil { - if errors.Is(err, io.EOF) || errors.Is(err, io.ErrClosedPipe) || errors.Is(err, context.Canceled) { - err = nil + if h.xudp != nil && session.OutboundFromContext(ctx).Target.Network == net.Network_UDP { + if !h.xudp.Enabled { + goto out } + test(h.xudp.Dispatch(ctx, link)) + return } - if err != nil { - // Ensure outbound ray is properly closed. - err := newError("failed to process outbound traffic").Base(err) - session.SubmitOutboundErrorToOriginator(ctx, err) - err.WriteToLog(session.ExportIDToError(ctx)) - common.Interrupt(link.Writer) - } else { - common.Must(common.Close(link.Writer)) + if h.mux.Enabled { + test(h.mux.Dispatch(ctx, link)) + return + } + } +out: + err := h.proxy.Process(ctx, link, h) + if err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrClosedPipe) || errors.Is(err, context.Canceled) { + err = nil } - common.Interrupt(link.Reader) } + if err != nil { + // Ensure outbound ray is properly closed. + err := newError("failed to process outbound traffic").Base(err) + session.SubmitOutboundErrorToOriginator(ctx, err) + err.WriteToLog(session.ExportIDToError(ctx)) + common.Interrupt(link.Writer) + } else { + common.Must(common.Close(link.Writer)) + } + common.Interrupt(link.Reader) } // Address implements internet.Dialer. diff --git a/common/mux/client.go b/common/mux/client.go index f933ef4c0b6d..88621be0f0ef 100644 --- a/common/mux/client.go +++ b/common/mux/client.go @@ -24,7 +24,6 @@ import ( type ClientManager struct { Enabled bool // wheather mux is enabled from user config Picker WorkerPicker - Only uint32 } func (m *ClientManager) Dispatch(ctx context.Context, link *transport.Link) error { diff --git a/infra/conf/xray.go b/infra/conf/xray.go index 63ffccf58489..07c667fe0639 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -10,7 +10,6 @@ import ( "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/app/stats" - "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/serial" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/transport/internet" @@ -108,36 +107,18 @@ func (c *SniffingConfig) Build() (*proxyman.SniffingConfig, error) { } type MuxConfig struct { - Enabled bool `json:"enabled"` - Concurrency int16 `json:"concurrency"` - Only string `json:"only"` + Enabled bool `json:"enabled"` + Concurrency int16 `json:"concurrency"` + XudpConcurrency int16 `json:"xudpConcurrency"` } // Build creates MultiplexingConfig, Concurrency < 0 completely disables mux. func (m *MuxConfig) Build() (*proxyman.MultiplexingConfig, error) { - if m.Concurrency < 0 { - return nil, nil - } - if m.Concurrency == 0 { - m.Concurrency = 8 - } - - config := &proxyman.MultiplexingConfig{ - Enabled: m.Enabled, - Concurrency: uint32(m.Concurrency), - } - - switch strings.ToLower(m.Only) { - case "", "both": - case "tcp": - config.Only = uint32(net.Network_TCP) - case "udp": - config.Only = uint32(net.Network_UDP) - default: - return nil, newError(`unknown "only": `, m.Only) - } - - return config, nil + return &proxyman.MultiplexingConfig{ + Enabled: m.Enabled, + Concurrency: int32(m.Concurrency), + XudpConcurrency: int32(m.XudpConcurrency), + }, nil } type InboundDetourAllocationConfig struct { diff --git a/infra/conf/xray_test.go b/infra/conf/xray_test.go index 02d868fec349..91b82eeac01e 100644 --- a/infra/conf/xray_test.go +++ b/infra/conf/xray_test.go @@ -345,13 +345,16 @@ func TestMuxConfig_Build(t *testing.T) { }}, {"empty def", `{}`, &proxyman.MultiplexingConfig{ Enabled: false, - Concurrency: 8, + Concurrency: 0, }}, {"not enable", `{"enabled": false, "concurrency": 4}`, &proxyman.MultiplexingConfig{ Enabled: false, Concurrency: 4, }}, - {"forbidden", `{"enabled": false, "concurrency": -1}`, nil}, + {"forbidden", `{"enabled": false, "concurrency": -1}`, &proxyman.MultiplexingConfig{ + Enabled: false, + Concurrency: -1, + }}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { From 01b7e5e9be034421c948e59c64977aee16f67d1e Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 12 Apr 2023 23:20:26 +0800 Subject: [PATCH 098/226] XUDP Global ID should be empty if "cone" is disabled (client side) --- common/xudp/xudp.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/xudp/xudp.go b/common/xudp/xudp.go index 32dda614dba8..a162334ab5c9 100644 --- a/common/xudp/xudp.go +++ b/common/xudp/xudp.go @@ -47,6 +47,9 @@ func init() { } func GetGlobalID(ctx context.Context) (globalID [8]byte) { + if cone := ctx.Value("cone"); cone == nil || !cone.(bool) { // cone is nil only in some unit tests + return + } if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Source.Network == net.Network_UDP && (inbound.Name == "dokodemo-door" || inbound.Name == "socks" || inbound.Name == "shadowsocks") { h := blake3.New(8, BaseKey) From b33b0bc89d0308bc3287bec109b0941db9b75edc Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 12 Apr 2023 23:20:38 +0800 Subject: [PATCH 099/226] Allow multiple XUDP in Mux when using XTLS Vision (server side) --- common/mux/server.go | 6 ++++++ common/session/context.go | 13 +++++++++++++ proxy/vless/inbound/inbound.go | 4 +++- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/common/mux/server.go b/common/mux/server.go index 55e3a6743393..47a6d3dce5a0 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -132,6 +132,12 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, ctx = log.ContextWithAccessMessage(ctx, msg) } + if network := session.AllowedNetworkFromContext(ctx); network != net.Network_Unknown { + if meta.Target.Network != network { + return newError("unexpected network ", meta.Target.Network) // it will break the whole Mux connection + } + } + if meta.GlobalID != [8]byte{} { mb, err := NewPacketReader(reader, &meta.Target).ReadMultiBuffer() if err != nil { diff --git a/common/session/context.go b/common/session/context.go index 71e4b154cea7..329a5a658dae 100644 --- a/common/session/context.go +++ b/common/session/context.go @@ -4,6 +4,7 @@ import ( "context" _ "unsafe" + "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/features/routing" ) @@ -22,6 +23,7 @@ const ( trackedConnectionErrorKey dispatcherKey timeoutOnlyKey + allowedNetworkKey ) // ContextWithID returns a new context with the given ID. @@ -147,3 +149,14 @@ func TimeoutOnlyFromContext(ctx context.Context) bool { } return false } + +func ContextWithAllowedNetwork(ctx context.Context, network net.Network) context.Context { + return context.WithValue(ctx, allowedNetworkKey, network) +} + +func AllowedNetworkFromContext(ctx context.Context) net.Network { + if val, ok := ctx.Value(allowedNetworkKey).(net.Network); ok { + return val + } + return net.Network_Unknown +} diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index c8a69444d775..8d9b9b43fcb9 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -495,7 +495,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "": - if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { + if account.Flow == vless.XRV && request.Command == protocol.RequestCommandTCP { return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } default: @@ -510,6 +510,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s Reason: "", Email: request.User.Email, }) + } else if account.Flow == vless.XRV { + ctx = session.ContextWithAllowedNetwork(ctx, net.Network_UDP) } sessionPolicy = h.policyManager.ForLevel(request.User.Level) From 4f601530fabf045b0dc08e5526426ba7331c1133 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 14 Apr 2023 22:51:09 +0000 Subject: [PATCH 100/226] Allow multiple XUDP in Mux when using XTLS Vision (client side) --- proxy/vless/outbound/outbound.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index cb2a1b766cb0..4cdae7646cdc 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -136,10 +136,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte case vless.XRV: switch request.Command { case protocol.RequestCommandMux: - return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() + requestAddons.Flow = "" // let server break Mux connections that contain TCP requests case protocol.RequestCommandUDP: if !allowUDP443 && request.Port == 443 { - return newError(requestAddons.Flow + " stopped UDP/443").AtInfo() + return newError("XTLS rejected UDP/443 traffic").AtInfo() } requestAddons.Flow = "" case protocol.RequestCommandTCP: From 06c9e50c521ad73074a1d9c10c447c5dc1c00ae2 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 14 Apr 2023 22:51:18 +0000 Subject: [PATCH 101/226] Add "xudpProxyUDP443" to Mux config & XUDP rejects UDP/443 traffic by default (client side, excluding reverse proxy) --- app/proxyman/config.pb.go | 46 ++++++++++++++++++++------------ app/proxyman/config.proto | 2 ++ app/proxyman/outbound/handler.go | 14 +++++++++- infra/conf/xray.go | 15 ++++++++--- infra/conf/xray_test.go | 24 +++++++++++------ 5 files changed, 72 insertions(+), 29 deletions(-) diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index 664e6670e014..cd50e664cefe 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -597,6 +597,8 @@ type MultiplexingConfig struct { Concurrency int32 `protobuf:"varint,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"` // Transport XUDP in another Mux. XudpConcurrency int32 `protobuf:"varint,3,opt,name=xudpConcurrency,proto3" json:"xudpConcurrency,omitempty"` + // "reject" (default), "allow" or "skip". + XudpProxyUDP443 string `protobuf:"bytes,4,opt,name=xudpProxyUDP443,proto3" json:"xudpProxyUDP443,omitempty"` } func (x *MultiplexingConfig) Reset() { @@ -652,6 +654,13 @@ func (x *MultiplexingConfig) GetXudpConcurrency() int32 { return 0 } +func (x *MultiplexingConfig) GetXudpProxyUDP443() string { + if x != nil { + return x.XudpProxyUDP443 + } + return "" +} + type AllocationStrategy_AllocationStrategyConcurrency struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -865,23 +874,26 @@ var file_app_proxyman_config_proto_rawDesc = []byte{ 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x2e, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x6d, 0x75, 0x6c, 0x74, 0x69, - 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x7a, 0x0a, 0x12, - 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, - 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x28, - 0x0a, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, - 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, 0x6e, - 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x2a, 0x23, 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, - 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, - 0x54, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, - 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, - 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, - 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x6d, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x6c, 0x65, 0x78, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xa4, 0x01, 0x0a, + 0x12, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x78, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, + 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, + 0x28, 0x0a, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, + 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x43, 0x6f, + 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x78, 0x75, 0x64, + 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x55, 0x44, 0x50, 0x34, 0x34, 0x33, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0f, 0x78, 0x75, 0x64, 0x70, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x55, 0x44, 0x50, + 0x34, 0x34, 0x33, 0x2a, 0x23, 0x0a, 0x0e, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, + 0x07, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, + 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, + 0x6e, 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, + 0x70, 0x70, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, + 0x61, 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x6d, 0x61, 0x6e, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/app/proxyman/config.proto b/app/proxyman/config.proto index dc755fef3fa6..5d063ebaa0c7 100644 --- a/app/proxyman/config.proto +++ b/app/proxyman/config.proto @@ -100,4 +100,6 @@ message MultiplexingConfig { int32 concurrency = 2; // Transport XUDP in another Mux. int32 xudpConcurrency = 3; + // "reject" (default), "allow" or "skip". + string xudpProxyUDP443 = 4; } diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index 4de70df2d07f..e91bcb079d2b 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -58,6 +58,7 @@ type Handler struct { outboundManager outbound.Manager mux *mux.ClientManager xudp *mux.ClientManager + udp443 string uplinkCounter stats.Counter downlinkCounter stats.Counter } @@ -150,6 +151,7 @@ func NewHandler(ctx context.Context, config *core.OutboundHandlerConfig) (outbou }, } } + h.udp443 = config.XudpProxyUDP443 } } @@ -173,7 +175,17 @@ func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) { common.Interrupt(link.Writer) } } - if h.xudp != nil && session.OutboundFromContext(ctx).Target.Network == net.Network_UDP { + outbound := session.OutboundFromContext(ctx) + if outbound.Target.Network == net.Network_UDP && outbound.Target.Port == 443 { + switch h.udp443 { + case "reject": + test(newError("XUDP rejected UDP/443 traffic").AtInfo()) + return + case "skip": + goto out + } + } + if h.xudp != nil && outbound.Target.Network == net.Network_UDP { if !h.xudp.Enabled { goto out } diff --git a/infra/conf/xray.go b/infra/conf/xray.go index 07c667fe0639..8b6d05f42d35 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -107,17 +107,26 @@ func (c *SniffingConfig) Build() (*proxyman.SniffingConfig, error) { } type MuxConfig struct { - Enabled bool `json:"enabled"` - Concurrency int16 `json:"concurrency"` - XudpConcurrency int16 `json:"xudpConcurrency"` + Enabled bool `json:"enabled"` + Concurrency int16 `json:"concurrency"` + XudpConcurrency int16 `json:"xudpConcurrency"` + XudpProxyUDP443 string `json:"xudpProxyUDP443"` } // Build creates MultiplexingConfig, Concurrency < 0 completely disables mux. func (m *MuxConfig) Build() (*proxyman.MultiplexingConfig, error) { + switch m.XudpProxyUDP443 { + case "": + m.XudpProxyUDP443 = "reject" + case "reject", "allow", "skip": + default: + return nil, newError(`unknown "xudpProxyUDP443": `, m.XudpProxyUDP443) + } return &proxyman.MultiplexingConfig{ Enabled: m.Enabled, Concurrency: int32(m.Concurrency), XudpConcurrency: int32(m.XudpConcurrency), + XudpProxyUDP443: m.XudpProxyUDP443, }, nil } diff --git a/infra/conf/xray_test.go b/infra/conf/xray_test.go index 91b82eeac01e..b39da7c9db22 100644 --- a/infra/conf/xray_test.go +++ b/infra/conf/xray_test.go @@ -340,20 +340,28 @@ func TestMuxConfig_Build(t *testing.T) { want *proxyman.MultiplexingConfig }{ {"default", `{"enabled": true, "concurrency": 16}`, &proxyman.MultiplexingConfig{ - Enabled: true, - Concurrency: 16, + Enabled: true, + Concurrency: 16, + XudpConcurrency: 0, + XudpProxyUDP443: "reject", }}, {"empty def", `{}`, &proxyman.MultiplexingConfig{ - Enabled: false, - Concurrency: 0, + Enabled: false, + Concurrency: 0, + XudpConcurrency: 0, + XudpProxyUDP443: "reject", }}, {"not enable", `{"enabled": false, "concurrency": 4}`, &proxyman.MultiplexingConfig{ - Enabled: false, - Concurrency: 4, + Enabled: false, + Concurrency: 4, + XudpConcurrency: 0, + XudpProxyUDP443: "reject", }}, {"forbidden", `{"enabled": false, "concurrency": -1}`, &proxyman.MultiplexingConfig{ - Enabled: false, - Concurrency: -1, + Enabled: false, + Concurrency: -1, + XudpConcurrency: 0, + XudpProxyUDP443: "reject", }}, } for _, tt := range tests { From 9f8e9e8e64ece63258e03b0c6941a95fd8cfaaf9 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 15 Apr 2023 20:21:21 -0400 Subject: [PATCH 102/226] Add xudp buffer test --- common/xudp/xudp.go | 2 +- common/xudp/xudp_test.go | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 common/xudp/xudp_test.go diff --git a/common/xudp/xudp.go b/common/xudp/xudp.go index a162334ab5c9..a3df4e8b5faa 100644 --- a/common/xudp/xudp.go +++ b/common/xudp/xudp.go @@ -150,7 +150,7 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { case 2: if l != 4 { b.Advance(5) - addr, port, err := AddrParser.ReadAddressPort(nil, b) + addr, port, err := AddrParser.ReadAddressPort(nil, b) // read addr will read all content and clear b if err != nil { b.Release() return nil, err diff --git a/common/xudp/xudp_test.go b/common/xudp/xudp_test.go new file mode 100644 index 000000000000..dd720a817cf7 --- /dev/null +++ b/common/xudp/xudp_test.go @@ -0,0 +1,36 @@ +package xudp + +import ( + "testing" + + "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/net" +) + +func TestXudpReadWrite(t *testing.T) { + addr, _ := net.ParseDestination("tcp:127.0.0.1:1345") + mb := make(buf.MultiBuffer, 0, 16) + m := buf.MultiBufferContainer { + MultiBuffer: mb, + } + var arr [8]byte + writer := NewPacketWriter(&m, addr, arr) + + source := make(buf.MultiBuffer, 0, 16) + b := buf.New() + b.WriteByte('a') + b.UDP = &addr + source = append(source, b) + writer.WriteMultiBuffer(source) + + reader := NewPacketReader(&m) + dest, err := reader.ReadMultiBuffer() + common.Must(err) + if dest[0].Byte(0) != 'a' { + t.Error("failed to parse xudp buffer") + } + if dest[0].UDP.Port != 1345 { + t.Error("failed to parse xudp buffer") + } +} \ No newline at end of file From b4c1a560265569682f8c26687331d467dc9811e5 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 16 Apr 2023 21:15:27 +0000 Subject: [PATCH 103/226] XUDP practice: MUST check the flag first & Add more comments --- common/mux/frame.go | 8 +++++--- common/mux/server.go | 2 +- common/xudp/xudp.go | 15 ++++++++------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/common/mux/frame.go b/common/mux/frame.go index ab57d7713302..d53ac2020f90 100644 --- a/common/mux/frame.go +++ b/common/mux/frame.go @@ -82,8 +82,8 @@ func (f FrameMetadata) WriteTo(b *buf.Buffer) error { if err := addrParser.WriteAddressPort(b, f.Target.Address, f.Target.Port); err != nil { return err } - if b.UDP != nil { - b.Write(f.GlobalID[:]) + if b.UDP != nil { // make sure it's user's proxy request + b.Write(f.GlobalID[:]) // no need to check whether it's empty } } else if b.UDP != nil { b.WriteByte(byte(TargetNetworkUDP)) @@ -126,7 +126,8 @@ func (f *FrameMetadata) UnmarshalFromBuffer(b *buf.Buffer) error { f.Option = bitmask.Byte(b.Byte(3)) f.Target.Network = net.Network_Unknown - if f.SessionStatus == SessionStatusNew || (f.SessionStatus == SessionStatusKeep && b.Len() != 4) { + if f.SessionStatus == SessionStatusNew || (f.SessionStatus == SessionStatusKeep && b.Len() > 4 && + TargetNetwork(b.Byte(4)) == TargetNetworkUDP) { // MUST check the flag first if b.Len() < 8 { return newError("insufficient buffer: ", b.Len()) } @@ -148,6 +149,7 @@ func (f *FrameMetadata) UnmarshalFromBuffer(b *buf.Buffer) error { } } + // Application data is essential, to test whether the pipe is closed. if f.SessionStatus == SessionStatusNew && f.Option.Has(OptionData) && f.Target.Network == net.Network_UDP && b.Len() >= 8 { copy(f.GlobalID[:], b.Bytes()) diff --git a/common/mux/server.go b/common/mux/server.go index 47a6d3dce5a0..2d33189fbde7 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -138,7 +138,7 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata, } } - if meta.GlobalID != [8]byte{} { + if meta.GlobalID != [8]byte{} { // MUST ignore empty Global ID mb, err := NewPacketReader(reader, &meta.Target).ReadMultiBuffer() if err != nil { return err diff --git a/common/xudp/xudp.go b/common/xudp/xudp.go index a3df4e8b5faa..513247c39a28 100644 --- a/common/xudp/xudp.go +++ b/common/xudp/xudp.go @@ -86,21 +86,21 @@ func (w *PacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { } eb := buf.New() - eb.Write([]byte{0, 0, 0, 0}) + eb.Write([]byte{0, 0, 0, 0}) // Meta data length; Mux Session ID if w.Dest.Network == net.Network_UDP { eb.WriteByte(1) // New eb.WriteByte(1) // Opt eb.WriteByte(2) // UDP AddrParser.WriteAddressPort(eb, w.Dest.Address, w.Dest.Port) if b.UDP != nil { // make sure it's user's proxy request - eb.Write(w.GlobalID[:]) + eb.Write(w.GlobalID[:]) // no need to check whether it's empty } w.Dest.Network = net.Network_Unknown } else { eb.WriteByte(2) // Keep - eb.WriteByte(1) + eb.WriteByte(1) // Opt if b.UDP != nil { - eb.WriteByte(2) + eb.WriteByte(2) // UDP AddrParser.WriteAddressPort(eb, b.UDP.Address, b.UDP.Port) } } @@ -148,9 +148,10 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { discard := false switch b.Byte(2) { case 2: - if l != 4 { + if l > 4 && b.Byte(4) == 2 { // MUST check the flag first b.Advance(5) - addr, port, err := AddrParser.ReadAddressPort(nil, b) // read addr will read all content and clear b + // b.Clear() will be called automatically if all data had been read. + addr, port, err := AddrParser.ReadAddressPort(nil, b) if err != nil { b.Release() return nil, err @@ -167,6 +168,7 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { b.Release() return nil, io.EOF } + b.Clear() // in case there is padding (empty bytes) attached if b.Byte(3) == 1 { if _, err := io.ReadFull(r.Reader, r.cache); err != nil { b.Release() @@ -174,7 +176,6 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { } length := int32(r.cache[0])<<8 | int32(r.cache[1]) if length > 0 { - b.Clear() if _, err := b.ReadFullFrom(r.Reader, length); err != nil { b.Release() return nil, err From 242f3b0e0b635699db26a991aa6c0cd47927e8b6 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 16 Apr 2023 21:15:36 +0000 Subject: [PATCH 104/226] XTLS protocol: Apply Vision's padding to XUDP Mux & Minor fixes It's recommended to enable XUDP Mux when using XTLS Vision Thank @yuhan6665 for testing --- proxy/vless/encoding/encoding.go | 7 +++++-- proxy/vless/inbound/inbound.go | 10 ++++------ proxy/vless/outbound/outbound.go | 6 +++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 27d1fb012395..f668c4024f5b 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -21,6 +21,7 @@ import ( "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" ) @@ -227,8 +228,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater if ok { iConn = statConn.Connection } - if xc, ok := iConn.(*tls.Conn); ok { - iConn = xc.NetConn() + if tlsConn, ok := iConn.(*tls.Conn); ok { + iConn = tlsConn.NetConn() + } else if realityConn, ok := iConn.(*reality.Conn); ok { + iConn = realityConn.NetConn() } if tc, ok := iConn.(*net.TCPConn); ok { newError("XtlsRead splice").WriteToLog(session.ExportIDToError(ctx)) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8d9b9b43fcb9..688c98a3919a 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -456,10 +456,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s case vless.XRV: if account.Flow == requestAddons.Flow { switch request.Command { - case protocol.RequestCommandMux: - return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() case protocol.RequestCommandUDP: return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() + case protocol.RequestCommandMux: + fallthrough // we will break Mux connections that contain TCP requests case protocol.RequestCommandTCP: var t reflect.Type var p uintptr @@ -474,10 +474,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s netConn = realityConn.NetConn() t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*tls.UConn); ok { - return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() @@ -495,7 +493,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "": - if account.Flow == vless.XRV && request.Command == protocol.RequestCommandTCP { + if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } default: diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 4cdae7646cdc..4f42ea9fa3cf 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -135,13 +135,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte fallthrough case vless.XRV: switch request.Command { - case protocol.RequestCommandMux: - requestAddons.Flow = "" // let server break Mux connections that contain TCP requests case protocol.RequestCommandUDP: if !allowUDP443 && request.Port == 443 { return newError("XTLS rejected UDP/443 traffic").AtInfo() } requestAddons.Flow = "" + case protocol.RequestCommandMux: + fallthrough // let server break Mux connections that contain TCP requests case protocol.RequestCommandTCP: var t reflect.Type var p uintptr @@ -158,7 +158,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() From 039e5f207888cec57768cbea4f030ebeb34a85f7 Mon Sep 17 00:00:00 2001 From: Vigilans Date: Sat, 18 Feb 2023 05:47:59 +0800 Subject: [PATCH 105/226] Correctly implement quic sniffer's frame parsing --- common/protocol/quic/sniff.go | 105 +++++++++++++++++++++++++++------- 1 file changed, 83 insertions(+), 22 deletions(-) diff --git a/common/protocol/quic/sniff.go b/common/protocol/quic/sniff.go index 71c144282d61..bf4614648420 100644 --- a/common/protocol/quic/sniff.go +++ b/common/protocol/quic/sniff.go @@ -10,6 +10,7 @@ import ( "github.com/quic-go/quic-go/quicvarint" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/bytespool" "github.com/xtls/xray-core/common/errors" ptls "github.com/xtls/xray-core/common/protocol/tls" "golang.org/x/crypto/hkdf" @@ -141,7 +142,7 @@ func SniffQUIC(b []byte) (*SniffHeader, error) { packetNumber = uint32(n) } - if packetNumber != 0 { + if packetNumber != 0 && packetNumber != 1 { return nil, errNotQuicInitial } @@ -159,32 +160,92 @@ func SniffQUIC(b []byte) (*SniffHeader, error) { return nil, err } buffer = buf.FromBytes(decrypted) - frameType, err := buffer.ReadByte() - if err != nil { - return nil, io.ErrUnexpectedEOF - } - if frameType != 0x6 { - // not crypto frame - return &SniffHeader{domain: ""}, nil - } - if common.Error2(quicvarint.Read(buffer)) != nil { - return nil, io.ErrUnexpectedEOF - } - dataLen, err := quicvarint.Read(buffer) - if err != nil { - return nil, io.ErrUnexpectedEOF - } - if dataLen > uint64(buffer.Len()) { - return nil, io.ErrUnexpectedEOF + + cryptoLen := uint(0) + cryptoData := bytespool.Alloc(buffer.Len()) + defer bytespool.Free(cryptoData) + for i := 0; !buffer.IsEmpty(); i++ { + frameType := byte(0x0) // Default to PADDING frame + for frameType == 0x0 && !buffer.IsEmpty() { + frameType, _ = buffer.ReadByte() + } + switch frameType { + case 0x00: // PADDING frame + case 0x01: // PING frame + case 0x02, 0x03: // ACK frame + if _, err = quicvarint.Read(buffer); err != nil { // Field: Largest Acknowledged + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { // Field: ACK Delay + return nil, io.ErrUnexpectedEOF + } + ackRangeCount, err := quicvarint.Read(buffer) // Field: ACK Range Count + if err != nil { + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { // Field: First ACK Range + return nil, io.ErrUnexpectedEOF + } + for i := 0; i < int(ackRangeCount); i++ { // Field: ACK Range + if _, err = quicvarint.Read(buffer); err != nil { // Field: ACK Range -> Gap + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { // Field: ACK Range -> ACK Range Length + return nil, io.ErrUnexpectedEOF + } + } + if frameType == 0x03 { + if _, err = quicvarint.Read(buffer); err != nil { // Field: ECN Counts -> ECT0 Count + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { // Field: ECN Counts -> ECT1 Count + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { //nolint:misspell // Field: ECN Counts -> ECT-CE Count + return nil, io.ErrUnexpectedEOF + } + } + case 0x06: // CRYPTO frame, we will use this frame + offset, err := quicvarint.Read(buffer) // Field: Offset + if err != nil { + return nil, io.ErrUnexpectedEOF + } + length, err := quicvarint.Read(buffer) // Field: Length + if err != nil || length > uint64(buffer.Len()) { + return nil, io.ErrUnexpectedEOF + } + if cryptoLen < uint(offset+length) { + cryptoLen = uint(offset + length) + } + if _, err := buffer.Read(cryptoData[offset : offset+length]); err != nil { // Field: Crypto Data + return nil, io.ErrUnexpectedEOF + } + case 0x1c: // CONNECTION_CLOSE frame, only 0x1c is permitted in initial packet + if _, err = quicvarint.Read(buffer); err != nil { // Field: Error Code + return nil, io.ErrUnexpectedEOF + } + if _, err = quicvarint.Read(buffer); err != nil { // Field: Frame Type + return nil, io.ErrUnexpectedEOF + } + length, err := quicvarint.Read(buffer) // Field: Reason Phrase Length + if err != nil { + return nil, io.ErrUnexpectedEOF + } + if _, err := buffer.ReadBytes(int32(length)); err != nil { // Field: Reason Phrase + return nil, io.ErrUnexpectedEOF + } + default: + // Only above frame types are permitted in initial packet. + // See https://www.rfc-editor.org/rfc/rfc9000.html#section-17.2.2-8 + return nil, errNotQuicInitial + } } - frameData, err := buffer.ReadBytes(int32(dataLen)) - common.Must(err) + tlsHdr := &ptls.SniffHeader{} - err = ptls.ReadClientHello(frameData, tlsHdr) + err = ptls.ReadClientHello(cryptoData[:cryptoLen], tlsHdr) if err != nil { return nil, err } - return &SniffHeader{domain: tlsHdr.Domain()}, nil } From 197bc78ea19a9bb2dbb4b1a683a78b89f6f21f77 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Wed, 12 Apr 2023 09:51:18 -0400 Subject: [PATCH 106/226] Turn off Quic qlog since it jam the regular test info --- transport/internet/quic/qlogWriter.go | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/transport/internet/quic/qlogWriter.go b/transport/internet/quic/qlogWriter.go index 1b7913e6e60d..dd13f419184d 100644 --- a/transport/internet/quic/qlogWriter.go +++ b/transport/internet/quic/qlogWriter.go @@ -1,22 +1,18 @@ package quic -import ( - "fmt" - - "github.com/xtls/xray-core/common/log" -) - type QlogWriter struct { connID []byte } func (w *QlogWriter) Write(b []byte) (int, error) { - if len(b) > 1 { // skip line separator "0a" in qlog - log.Record(&log.GeneralMessage{ - Severity: log.Severity_Debug, - Content: fmt.Sprintf("[%x] %s", w.connID, b), - }) - } + // to much log, only turn on when debug Quic + + // if len(b) > 1 { // skip line separator "0a" in qlog + // log.Record(&log.GeneralMessage{ + // Severity: log.Severity_Debug, + // Content: fmt.Sprintf("[%x] %s", w.connID, b), + // }) + // } return len(b), nil } From ac8109eef8ec80423fea2e7c56b17eccec6df1e7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 17 Apr 2023 23:21:56 +0000 Subject: [PATCH 107/226] Update README.md --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 596cdbc276c1..fb85b407db61 100644 --- a/README.md +++ b/README.md @@ -26,18 +26,19 @@ - [teddysun/xray](https://hub.docker.com/r/teddysun/xray) - Web Panel - [X-UI](https://github.com/FranzKafkaYu/x-ui), [X-UI-English](https://github.com/NidukaAkalanka/x-ui-english), [3X-UI](https://github.com/MHSanaei/3x-ui), [X-UI](https://github.com/alireza0/x-ui), [X-UI](https://github.com/diditra/x-ui) + - [Xray-UI](https://github.com/qist/xray-ui), [X-UI](https://github.com/sing-web/x-ui) - [Hiddify](https://github.com/hiddify/hiddify-config) - [Marzban](https://github.com/Gozargah/Marzban) + - [Libertea](https://github.com/VZiChoushaDui/Libertea) - One Click - - [Xray-script](https://github.com/kirin10000/Xray-script), [Xray-script](https://github.com/zxcvos/Xray-script), [xray_script](https://github.com/tdjnodj/xray_script) + - [Xray-script](https://github.com/kirin10000/Xray-script), [Xray-REALITY](https://github.com/zxcvos/Xray-script), [LetsXray](https://github.com/tdjnodj/LetsXray) - [XTool](https://github.com/LordPenguin666/XTool), [Xray_bash_onekey](https://github.com/hello-yunshu/Xray_bash_onekey), [xray-reality](https://github.com/sajjaddg/xray-reality) - [v2ray-agent](https://github.com/mack-a/v2ray-agent), [Xray_onekey](https://github.com/wulabing/Xray_onekey), [ProxySU](https://github.com/proxysu/ProxySU) - Magisk - - [Xray4Magisk](https://github.com/CerteKim/Xray4Magisk) + - [Xray4Magisk](https://github.com/Asterisk4Magisk/Xray4Magisk) - [Xray_For_Magisk](https://github.com/E7KMbb/Xray_For_Magisk) - Homebrew - `brew install xray` - - [(Tap) Repository 0](https://github.com/N4FA/homebrew-xray) ## Usage @@ -52,6 +53,7 @@ - Tutorial - [XTLS Vision](https://github.com/chika0801/Xray-install) - [REALITY (English)](https://cscot.pages.dev/2023/03/02/Xray-REALITY-tutorial/) + - [XTLS-Iran-Reality (English)](https://github.com/SasukeFreestyle/XTLS-Iran-Reality) ## GUI Clients @@ -66,7 +68,7 @@ - [v2rayNG](https://github.com/2dust/v2rayNG) - [X-flutter](https://github.com/XTLS/X-flutter) - iOS & macOS arm64 - - [Mango](https://github.com/daemooon/Mango) + - [Mango](https://github.com/arror/Mango) - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) - macOS arm64 & x64 - [V2RayXS](https://github.com/tzmax/V2RayXS) @@ -77,8 +79,11 @@ - iOS & macOS arm64 - [Shadowrocket](https://apps.apple.com/app/shadowrocket/id932747118) - [Stash](https://apps.apple.com/app/stash/id1596063349) -- API Wrapper +- Xray Wrapper - [xtlsapi](https://github.com/hiddify/xtlsapi) + - [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite) + - [XrayKit](https://github.com/arror/XrayKit) + - [libxray](https://github.com/KouYiGuo/libxray) - [XrayR](https://github.com/XrayR-project/XrayR) - [XrayR-release](https://github.com/XrayR-project/XrayR-release) - [XrayR-V2Board](https://github.com/missuo/XrayR-V2Board) From d3060c28f826ba62f5f77085fa1dc2a20f5cd19f Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 17 Apr 2023 23:22:12 +0000 Subject: [PATCH 108/226] v1.8.1 --- core/core.go | 2 +- go.mod | 29 +++++++++++++------------ go.sum | 61 ++++++++++++++++++++++++++-------------------------- 3 files changed, 47 insertions(+), 45 deletions(-) diff --git a/core/core.go b/core/core.go index 05148110910d..07ec158db03d 100644 --- a/core/core.go +++ b/core/core.go @@ -21,7 +21,7 @@ import ( var ( Version_x byte = 1 Version_y byte = 8 - Version_z byte = 0 + Version_z byte = 1 ) var ( diff --git a/go.mod b/go.mod index fa91017b3308..879bd20dc849 100644 --- a/go.mod +++ b/go.mod @@ -12,16 +12,16 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.33.0 - github.com/refraction-networking/utls v1.3.1 - github.com/sagernet/sing v0.2.1 - github.com/sagernet/sing-shadowsocks v0.2.0 + github.com/refraction-networking/utls v1.3.2 + github.com/sagernet/sing v0.2.3 + github.com/sagernet/sing-shadowsocks v0.2.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 - golang.org/x/crypto v0.7.0 + golang.org/x/crypto v0.8.0 golang.org/x/net v0.9.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.7.0 @@ -37,23 +37,24 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect github.com/francoispqt/gojay v1.2.13 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect + github.com/gaukas/godicttls v0.0.3 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/google/pprof v0.0.0-20230406165453-00490a63f317 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect - github.com/onsi/ginkgo/v2 v2.9.0 // indirect + github.com/onsi/ginkgo/v2 v2.9.2 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-19 v0.2.1 // indirect - github.com/quic-go/qtls-go1-20 v0.1.1 // indirect + github.com/quic-go/qtls-go1-19 v0.3.2 // indirect + github.com/quic-go/qtls-go1-20 v0.2.2 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230307190834-24139beb5833 // indirect - golang.org/x/mod v0.9.0 // indirect + golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect + golang.org/x/mod v0.10.0 // indirect golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.7.0 // indirect - google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect + golang.org/x/tools v0.8.0 // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index a49be94adc92..b7e81d05112c 100644 --- a/go.sum +++ b/go.sum @@ -33,14 +33,16 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/gaukas/godicttls v0.0.3 h1:YNDIf0d9adcxOijiLrEzpfZGAkNwLRzPaG6OjU7EITk= +github.com/gaukas/godicttls v0.0.3/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= @@ -76,8 +78,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 h1:CqYfpuYIjnlNxM3msdyPRKabhXZWbKjf3Q8BWROFBso= -github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -91,8 +93,8 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= @@ -112,9 +114,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8= -github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= -github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= +github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= +github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -130,21 +132,21 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A= -github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= -github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk= -github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U= +github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= +github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= -github.com/refraction-networking/utls v1.3.1 h1:3zVomUqx7nCmyGuU/6kYA/jp5NcqX8KQSGko8pY5Ch4= -github.com/refraction-networking/utls v1.3.1/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAfp7uwOCCw0+2CZ3sMY8= +github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= +github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.1 h1:r0STYeyfKBBtoAHsBtW1dQonxG+3Qidde7/1VAMhdn8= -github.com/sagernet/sing v0.2.1/go.mod h1:9uHswk2hITw8leDbiLS/xn0t9nzBcbePxzm9PJhwdlw= -github.com/sagernet/sing-shadowsocks v0.2.0 h1:ILDWL7pwWfkPLEbviE/MyCgfjaBmJY/JVVY+5jhSb58= -github.com/sagernet/sing-shadowsocks v0.2.0/go.mod h1:ysYzszRLpNzJSorvlWRMuzU6Vchsp7sd52q+JNY4axw= +github.com/sagernet/sing v0.2.3 h1:V50MvZ4c3Iij2lYFWPlzL1PyipwSzjGeN9x+Ox89vpk= +github.com/sagernet/sing v0.2.3/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing-shadowsocks v0.2.1 h1:FvdLQOqpvxHBJUcUe4fvgiYP2XLLwH5i1DtXQviVEPw= +github.com/sagernet/sing-shadowsocks v0.2.1/go.mod h1:T/OgurSjsAe+Ug3+6PprXjmgHFmJidjOvQcjXGTKb3I= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= @@ -178,7 +180,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -203,18 +204,18 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= +golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230307190834-24139beb5833 h1:SChBja7BCQewoTAU7IgvucQKMIXrEpFxNMs0spT3/5s= -golang.org/x/exp v0.0.0-20230307190834-24139beb5833/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -276,8 +277,8 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -296,8 +297,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From ca32496a38f2727b2b7edfc92d3ac22feb95b6ad Mon Sep 17 00:00:00 2001 From: kunson Date: Mon, 17 Apr 2023 05:45:16 +0800 Subject: [PATCH 109/226] feat : support docker build --- .github/docker/Dockerfile | 21 +++++++++++++++ .github/docker/files/config.json | 19 ++++++++++++++ .github/workflows/docker.yml | 45 ++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 .github/docker/Dockerfile create mode 100644 .github/docker/files/config.json create mode 100644 .github/workflows/docker.yml diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile new file mode 100644 index 000000000000..36f356f82070 --- /dev/null +++ b/.github/docker/Dockerfile @@ -0,0 +1,21 @@ +# syntax=docker/dockerfile:1 +FROM --platform=$BUILDPLATFORM golang:alpine AS build +WORKDIR /src +COPY . . +ARG TARGETOS TARGETARCH +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main + +FROM --platform=${TARGETPLATFORM} alpine:latest +WORKDIR /root +COPY .github/docker/files/config.json /etc/xray/config.json +COPY --from=build /src/xray /usr/bin/xray +RUN set -ex \ + && apk add --no-cache tzdata ca-certificates \ + && mkdir -p /var/log/xray /usr/share/xray \ + && chmod +x /usr/bin/xray \ + && wget -O /usr/share/xray/geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat \ + && wget -O /usr/share/xray/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat + +VOLUME /etc/xray +ENV TZ=Asia/Shanghai +CMD [ "/usr/bin/xray", "-config", "/etc/xray/config.json" ] \ No newline at end of file diff --git a/.github/docker/files/config.json b/.github/docker/files/config.json new file mode 100644 index 000000000000..9dded72879f7 --- /dev/null +++ b/.github/docker/files/config.json @@ -0,0 +1,19 @@ +{ + "inbounds": [{ + "port": 9000, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "1eb6e917-774b-4a84-aff6-b058577c60a5", + "level": 1, + "alterId": 64 + } + ] + } + }], + "outbounds": [{ + "protocol": "freedom", + "settings": {} + }] +} \ No newline at end of file diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000000..a9c4d5f834d6 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,45 @@ +name: Build docker image + +on: + push: + branches: + - '*' + +jobs: + build-image: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - uses: actions/checkout@v3 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ github.actor }}/xray-core + flavor: latest=true + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - # Add support for more platforms with QEMU (optional) + # https://github.com/docker/setup-qemu-action + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + platforms: linux/amd64,linux/arm64 + file: .github/docker/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file From 69aa3f48ccc36135c873d359ab5d6dabb0f3dde1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=86=B0=E5=A4=A9=E9=9B=AA=E5=9C=B0?= Date: Thu, 20 Apr 2023 23:36:25 +0800 Subject: [PATCH 110/226] Fix : docker build when repo on organization. (#1973) * feat : support docker build * fix : ghcr build login when organization --------- Co-authored-by: kunson --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a9c4d5f834d6..4021b65fadc2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: id: meta uses: docker/metadata-action@v4 with: - images: ghcr.io/${{ github.actor }}/xray-core + images: ghcr.io/${{ github.repository_owner }}/xray-core flavor: latest=true tags: | type=ref,event=branch @@ -26,7 +26,7 @@ jobs: uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} + username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - # Add support for more platforms with QEMU (optional) # https://github.com/docker/setup-qemu-action From d9994538bcf6e074c4f9cfa31331ed9cf6673221 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Apr 2023 00:58:54 +0000 Subject: [PATCH 111/226] Bump github.com/quic-go/quic-go from 0.33.0 to 0.34.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.33.0 to 0.34.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 879bd20dc849..367332213ed5 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.53 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.33.0 + github.com/quic-go/quic-go v0.34.0 github.com/refraction-networking/utls v1.3.2 github.com/sagernet/sing v0.2.3 github.com/sagernet/sing-shadowsocks v0.2.1 diff --git a/go.sum b/go.sum index b7e81d05112c..4e681dc1586f 100644 --- a/go.sum +++ b/go.sum @@ -136,8 +136,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= -github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= +github.com/quic-go/quic-go v0.34.0 h1:OvOJ9LFjTySgwOTYUZmNoq0FzVicP8YujpV0kB7m2lU= +github.com/quic-go/quic-go v0.34.0/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g= github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From 90d915ea0505e7d5172abc8aeda5d5d039696cb3 Mon Sep 17 00:00:00 2001 From: yichya QC Date: Sun, 12 Mar 2023 17:44:41 +0800 Subject: [PATCH 112/226] feat: add tcp_user_timeout ```json {"streamSettings":{"sockopt": {"tcpUserTimeout": 10000}}} ``` run `gofmt -w -s .` as well --- common/xudp/xudp_test.go | 4 +-- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 55 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 27 ++++++++------ 5 files changed, 55 insertions(+), 35 deletions(-) diff --git a/common/xudp/xudp_test.go b/common/xudp/xudp_test.go index dd720a817cf7..78ddfa2728c9 100644 --- a/common/xudp/xudp_test.go +++ b/common/xudp/xudp_test.go @@ -11,7 +11,7 @@ import ( func TestXudpReadWrite(t *testing.T) { addr, _ := net.ParseDestination("tcp:127.0.0.1:1345") mb := make(buf.MultiBuffer, 0, 16) - m := buf.MultiBufferContainer { + m := buf.MultiBufferContainer{ MultiBuffer: mb, } var arr [8]byte @@ -33,4 +33,4 @@ func TestXudpReadWrite(t *testing.T) { if dest[0].UDP.Port != 1345 { t.Error("failed to parse xudp buffer") } -} \ No newline at end of file +} diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 7424c5487d7d..976a49d45b9c 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -617,6 +617,7 @@ type SocketConfig struct { TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` TCPWindowClamp int32 `json:"tcpWindowClamp"` + TCPUserTimeout int32 `json:"tcpUserTimeout"` V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -669,6 +670,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, TcpWindowClamp: c.TCPWindowClamp, + TcpUserTimeout: c.TCPUserTimeout, V6Only: c.V6only, Interface: c.Interface, }, nil diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 90dcd7863987..8021c6dbf124 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -428,6 +428,7 @@ type SocketConfig struct { Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` TcpWindowClamp int32 `protobuf:"varint,15,opt,name=tcp_window_clamp,json=tcpWindowClamp,proto3" json:"tcp_window_clamp,omitempty"` + TcpUserTimeout int32 `protobuf:"varint,16,opt,name=tcp_user_timeout,json=tcpUserTimeout,proto3" json:"tcp_user_timeout,omitempty"` } func (x *SocketConfig) Reset() { @@ -567,6 +568,13 @@ func (x *SocketConfig) GetTcpWindowClamp() int32 { return 0 } +func (x *SocketConfig) GetTcpUserTimeout() int32 { + if x != nil { + return x.TcpUserTimeout + } + return 0 +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -619,7 +627,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xc8, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xf2, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -660,27 +668,30 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x28, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, - 0x70, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x22, 0x2f, 0x0a, 0x0a, - 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, - 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, - 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, - 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, - 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, - 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, - 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, - 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, - 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, - 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, - 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, - 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, 0x28, 0x0a, 0x10, + 0x74, 0x63, 0x70, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x10, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, 0x70, 0x55, 0x73, 0x65, 0x72, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, + 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, + 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, + 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, + 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, + 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, + 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, + 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, + 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, + 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 574d698e6266..1d5ef6bf8fa3 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -104,4 +104,6 @@ message SocketConfig { bool v6only = 14; int32 tcp_window_clamp = 15; + + int32 tcp_user_timeout = 16; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index ea023f53d915..7f366de8fe32 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -7,13 +7,6 @@ import ( "golang.org/x/sys/unix" ) -const ( - // For incoming connections. - TCP_FASTOPEN = 23 - // For out-going connections. - TCP_FASTOPEN_CONNECT = 30 -) - func bindAddr(fd uintptr, ip []byte, port uint32) error { setReuseAddr(fd) setReusePort(fd) @@ -59,8 +52,8 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf tfo = 1 } if tfo >= 0 { - if err := syscall.SetsockoptInt(int(fd), syscall.SOL_TCP, TCP_FASTOPEN_CONNECT, tfo); err != nil { - return newError("failed to set TCP_FASTOPEN_CONNECT=", tfo).Base(err) + if err := syscall.SetsockoptInt(int(fd), syscall.SOL_TCP, unix.TCP_FASTOPEN_CONNECT, tfo); err != nil { + return newError("failed to set TCP_FASTOPEN_CONNECT", tfo).Base(err) } } @@ -95,6 +88,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set TCP_WINDOW_CLAMP", err) } } + + if config.TcpUserTimeout > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, int(config.TcpUserTimeout)); err != nil { + return newError("failed to set TCP_USER_TIMEOUT", err) + } + } } if config.Tproxy.IsEnabled() { @@ -115,8 +114,8 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) if isTCPSocket(network) { tfo := config.ParseTFOValue() if tfo >= 0 { - if err := syscall.SetsockoptInt(int(fd), syscall.SOL_TCP, TCP_FASTOPEN, tfo); err != nil { - return newError("failed to set TCP_FASTOPEN=", tfo).Base(err) + if err := syscall.SetsockoptInt(int(fd), syscall.SOL_TCP, unix.TCP_FASTOPEN, tfo); err != nil { + return newError("failed to set TCP_FASTOPEN", tfo).Base(err) } } @@ -151,6 +150,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) return newError("failed to set TCP_WINDOW_CLAMP", err) } } + + if config.TcpUserTimeout > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, int(config.TcpUserTimeout)); err != nil { + return newError("failed to set TCP_USER_TIMEOUT", err) + } + } } if config.Tproxy.IsEnabled() { From 18e5b0963f2c0f128ca0668ce237533bc8c7e71d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Sun, 23 Apr 2023 19:31:41 +0800 Subject: [PATCH 113/226] Update dependencies --- app/dispatcher/default.go | 40 +++--- app/proxyman/outbound/handler.go | 2 +- common/singbridge/destination.go | 46 +++++++ common/singbridge/dialer.go | 59 +++++++++ common/singbridge/error.go | 10 ++ common/singbridge/handler.go | 51 ++++++++ common/singbridge/logger.go | 71 +++++++++++ common/singbridge/packet.go | 82 ++++++++++++ common/singbridge/pipe.go | 61 +++++++++ common/singbridge/reader.go | 66 ++++++++++ go.mod | 2 +- go.sum | 2 + proxy/shadowsocks_2022/inbound.go | 18 +-- proxy/shadowsocks_2022/inbound_multi.go | 18 +-- proxy/shadowsocks_2022/inbound_relay.go | 20 ++- proxy/shadowsocks_2022/outbound.go | 24 +--- proxy/shadowsocks_2022/shadowsocks_2022.go | 142 --------------------- transport/internet/system_dialer.go | 16 +-- transport/internet/system_listener.go | 21 ++- transport/internet/system_listener_test.go | 10 +- 20 files changed, 523 insertions(+), 238 deletions(-) create mode 100644 common/singbridge/destination.go create mode 100644 common/singbridge/dialer.go create mode 100644 common/singbridge/error.go create mode 100644 common/singbridge/handler.go create mode 100644 common/singbridge/logger.go create mode 100644 common/singbridge/packet.go create mode 100644 common/singbridge/pipe.go create mode 100644 common/singbridge/reader.go diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go index 7328d2130bc8..35307ceffc00 100644 --- a/app/dispatcher/default.go +++ b/app/dispatcher/default.go @@ -342,29 +342,27 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De } sniffingRequest := content.SniffingRequest if !sniffingRequest.Enabled { - go d.routedDispatch(ctx, outbound, destination) + d.routedDispatch(ctx, outbound, destination) } else { - go func() { - cReader := &cachedReader{ - reader: outbound.Reader.(*pipe.Reader), - } - outbound.Reader = cReader - result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network) - if err == nil { - content.Protocol = result.Protocol() - } - if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) { - domain := result.Domain() - newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx)) - destination.Address = net.ParseAddress(domain) - if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" { - ob.RouteTarget = destination - } else { - ob.Target = destination - } + cReader := &cachedReader{ + reader: outbound.Reader.(*pipe.Reader), + } + outbound.Reader = cReader + result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly, destination.Network) + if err == nil { + content.Protocol = result.Protocol() + } + if err == nil && d.shouldOverride(ctx, result, sniffingRequest, destination) { + domain := result.Domain() + newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx)) + destination.Address = net.ParseAddress(domain) + if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" { + ob.RouteTarget = destination + } else { + ob.Target = destination } - d.routedDispatch(ctx, outbound, destination) - }() + } + d.routedDispatch(ctx, outbound, destination) } return nil diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index e91bcb079d2b..b477dd6bfdac 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -211,7 +211,7 @@ out: err.WriteToLog(session.ExportIDToError(ctx)) common.Interrupt(link.Writer) } else { - common.Must(common.Close(link.Writer)) + common.Close(link.Writer) } common.Interrupt(link.Reader) } diff --git a/common/singbridge/destination.go b/common/singbridge/destination.go new file mode 100644 index 000000000000..7a89c9ef5a24 --- /dev/null +++ b/common/singbridge/destination.go @@ -0,0 +1,46 @@ +package singbridge + +import ( + M "github.com/sagernet/sing/common/metadata" + N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common/net" +) + +func ToNetwork(network string) net.Network { + switch N.NetworkName(network) { + case N.NetworkTCP: + return net.Network_TCP + case N.NetworkUDP: + return net.Network_UDP + default: + return net.Network_Unknown + } +} + +func ToDestination(socksaddr M.Socksaddr, network net.Network) net.Destination { + if socksaddr.IsFqdn() { + return net.Destination{ + Network: network, + Address: net.DomainAddress(socksaddr.Fqdn), + Port: net.Port(socksaddr.Port), + } + } else { + return net.Destination{ + Network: network, + Address: net.IPAddress(socksaddr.Addr.AsSlice()), + Port: net.Port(socksaddr.Port), + } + } +} + +func ToSocksaddr(destination net.Destination) M.Socksaddr { + var addr M.Socksaddr + switch destination.Address.Family() { + case net.AddressFamilyDomain: + addr.Fqdn = destination.Address.Domain() + default: + addr.Addr = M.AddrFromIP(destination.Address.IP()) + } + addr.Port = uint16(destination.Port) + return addr +} diff --git a/common/singbridge/dialer.go b/common/singbridge/dialer.go new file mode 100644 index 000000000000..dfc128d863e9 --- /dev/null +++ b/common/singbridge/dialer.go @@ -0,0 +1,59 @@ +package singbridge + +import ( + "context" + "os" + + M "github.com/sagernet/sing/common/metadata" + N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/net/cnc" + "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/proxy" + "github.com/xtls/xray-core/transport" + "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/pipe" +) + +var _ N.Dialer = (*XrayDialer)(nil) + +type XrayDialer struct { + internet.Dialer +} + +func NewDialer(dialer internet.Dialer) *XrayDialer { + return &XrayDialer{dialer} +} + +func (d *XrayDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) { + return d.Dialer.Dial(ctx, ToDestination(destination, ToNetwork(network))) +} + +func (d *XrayDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) { + return nil, os.ErrInvalid +} + +type XrayOutboundDialer struct { + outbound proxy.Outbound + dialer internet.Dialer +} + +func NewOutboundDialer(outbound proxy.Outbound, dialer internet.Dialer) *XrayOutboundDialer { + return &XrayOutboundDialer{outbound, dialer} +} + +func (d *XrayOutboundDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) { + ctx = session.ContextWithOutbound(context.Background(), &session.Outbound{ + Target: ToDestination(destination, ToNetwork(network)), + }) + opts := []pipe.Option{pipe.WithSizeLimit(64 * 1024)} + uplinkReader, uplinkWriter := pipe.New(opts...) + downlinkReader, downlinkWriter := pipe.New(opts...) + conn := cnc.NewConnection(cnc.ConnectionInputMulti(downlinkWriter), cnc.ConnectionOutputMulti(uplinkReader)) + go d.outbound.Process(ctx, &transport.Link{Reader: downlinkReader, Writer: uplinkWriter}, d.dialer) + return conn, nil +} + +func (d *XrayOutboundDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) { + return nil, os.ErrInvalid +} diff --git a/common/singbridge/error.go b/common/singbridge/error.go new file mode 100644 index 000000000000..ac9e63517781 --- /dev/null +++ b/common/singbridge/error.go @@ -0,0 +1,10 @@ +package singbridge + +import E "github.com/sagernet/sing/common/exceptions" + +func ReturnError(err error) error { + if E.IsClosedOrCanceled(err) { + return nil + } + return err +} diff --git a/common/singbridge/handler.go b/common/singbridge/handler.go new file mode 100644 index 000000000000..18d4ad71aa0c --- /dev/null +++ b/common/singbridge/handler.go @@ -0,0 +1,51 @@ +package singbridge + +import ( + "context" + "io" + + M "github.com/sagernet/sing/common/metadata" + N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/features/routing" + "github.com/xtls/xray-core/transport" +) + +var ( + _ N.TCPConnectionHandler = (*Dispatcher)(nil) + _ N.UDPConnectionHandler = (*Dispatcher)(nil) +) + +type Dispatcher struct { + upstream routing.Dispatcher + newErrorFunc func(values ...any) *errors.Error +} + +func NewDispatcher(dispatcher routing.Dispatcher, newErrorFunc func(values ...any) *errors.Error) *Dispatcher { + return &Dispatcher{ + upstream: dispatcher, + newErrorFunc: newErrorFunc, + } +} + +func (d *Dispatcher) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error { + xConn := NewConn(conn) + return d.upstream.DispatchLink(ctx, ToDestination(metadata.Destination, net.Network_TCP), &transport.Link{ + Reader: xConn, + Writer: xConn, + }) +} + +func (d *Dispatcher) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error { + return d.upstream.DispatchLink(ctx, ToDestination(metadata.Destination, net.Network_UDP), &transport.Link{ + Reader: buf.NewPacketReader(conn.(io.Reader)), + Writer: buf.NewWriter(conn.(io.Writer)), + }) +} + +func (d *Dispatcher) NewError(ctx context.Context, err error) { + d.newErrorFunc(err).WriteToLog(session.ExportIDToError(ctx)) +} diff --git a/common/singbridge/logger.go b/common/singbridge/logger.go new file mode 100644 index 000000000000..c1702363700a --- /dev/null +++ b/common/singbridge/logger.go @@ -0,0 +1,71 @@ +package singbridge + +import ( + "context" + + "github.com/sagernet/sing/common/logger" + "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/session" +) + +var _ logger.ContextLogger = (*XrayLogger)(nil) + +type XrayLogger struct { + newError func(values ...any) *errors.Error +} + +func NewLogger(newErrorFunc func(values ...any) *errors.Error) *XrayLogger { + return &XrayLogger{ + newErrorFunc, + } +} + +func (l *XrayLogger) Trace(args ...any) { +} + +func (l *XrayLogger) Debug(args ...any) { + l.newError(args...).AtDebug().WriteToLog() +} + +func (l *XrayLogger) Info(args ...any) { + l.newError(args...).AtInfo().WriteToLog() +} + +func (l *XrayLogger) Warn(args ...any) { + l.newError(args...).AtWarning().WriteToLog() +} + +func (l *XrayLogger) Error(args ...any) { + l.newError(args...).AtError().WriteToLog() +} + +func (l *XrayLogger) Fatal(args ...any) { +} + +func (l *XrayLogger) Panic(args ...any) { +} + +func (l *XrayLogger) TraceContext(ctx context.Context, args ...any) { +} + +func (l *XrayLogger) DebugContext(ctx context.Context, args ...any) { + l.newError(args...).AtDebug().WriteToLog(session.ExportIDToError(ctx)) +} + +func (l *XrayLogger) InfoContext(ctx context.Context, args ...any) { + l.newError(args...).AtInfo().WriteToLog(session.ExportIDToError(ctx)) +} + +func (l *XrayLogger) WarnContext(ctx context.Context, args ...any) { + l.newError(args...).AtWarning().WriteToLog(session.ExportIDToError(ctx)) +} + +func (l *XrayLogger) ErrorContext(ctx context.Context, args ...any) { + l.newError(args...).AtError().WriteToLog(session.ExportIDToError(ctx)) +} + +func (l *XrayLogger) FatalContext(ctx context.Context, args ...any) { +} + +func (l *XrayLogger) PanicContext(ctx context.Context, args ...any) { +} diff --git a/common/singbridge/packet.go b/common/singbridge/packet.go new file mode 100644 index 000000000000..fef955e76a1c --- /dev/null +++ b/common/singbridge/packet.go @@ -0,0 +1,82 @@ +package singbridge + +import ( + "context" + + B "github.com/sagernet/sing/common/buf" + "github.com/sagernet/sing/common/bufio" + M "github.com/sagernet/sing/common/metadata" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/transport" +) + +func CopyPacketConn(ctx context.Context, inboundConn net.Conn, link *transport.Link, destination net.Destination, serverConn net.PacketConn) error { + conn := &PacketConnWrapper{ + Reader: link.Reader, + Writer: link.Writer, + Dest: destination, + Conn: inboundConn, + } + return ReturnError(bufio.CopyPacketConn(ctx, conn, bufio.NewPacketConn(serverConn))) +} + +type PacketConnWrapper struct { + buf.Reader + buf.Writer + net.Conn + Dest net.Destination + cached buf.MultiBuffer +} + +func (w *PacketConnWrapper) ReadPacket(buffer *B.Buffer) (M.Socksaddr, error) { + if w.cached != nil { + mb, bb := buf.SplitFirst(w.cached) + if bb == nil { + w.cached = nil + } else { + buffer.Write(bb.Bytes()) + w.cached = mb + var destination net.Destination + if bb.UDP != nil { + destination = *bb.UDP + } else { + destination = w.Dest + } + bb.Release() + return ToSocksaddr(destination), nil + } + } + mb, err := w.ReadMultiBuffer() + if err != nil { + return M.Socksaddr{}, err + } + nb, bb := buf.SplitFirst(mb) + if bb == nil { + return M.Socksaddr{}, nil + } else { + buffer.Write(bb.Bytes()) + w.cached = nb + var destination net.Destination + if bb.UDP != nil { + destination = *bb.UDP + } else { + destination = w.Dest + } + bb.Release() + return ToSocksaddr(destination), nil + } +} + +func (w *PacketConnWrapper) WritePacket(buffer *B.Buffer, destination M.Socksaddr) error { + vBuf := buf.New() + vBuf.Write(buffer.Bytes()) + endpoint := ToDestination(destination, net.Network_UDP) + vBuf.UDP = &endpoint + return w.Writer.WriteMultiBuffer(buf.MultiBuffer{vBuf}) +} + +func (w *PacketConnWrapper) Close() error { + buf.ReleaseMulti(w.cached) + return nil +} diff --git a/common/singbridge/pipe.go b/common/singbridge/pipe.go new file mode 100644 index 000000000000..d04ebda44e02 --- /dev/null +++ b/common/singbridge/pipe.go @@ -0,0 +1,61 @@ +package singbridge + +import ( + "context" + "io" + "net" + + "github.com/sagernet/sing/common/bufio" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/transport" +) + +func CopyConn(ctx context.Context, inboundConn net.Conn, link *transport.Link, serverConn net.Conn) error { + conn := &PipeConnWrapper{ + W: link.Writer, + Conn: inboundConn, + } + if ir, ok := link.Reader.(io.Reader); ok { + conn.R = ir + } else { + conn.R = &buf.BufferedReader{Reader: link.Reader} + } + return ReturnError(bufio.CopyConn(ctx, conn, serverConn)) +} + +type PipeConnWrapper struct { + R io.Reader + W buf.Writer + net.Conn +} + +func (w *PipeConnWrapper) Close() error { + return nil +} + +func (w *PipeConnWrapper) Read(b []byte) (n int, err error) { + return w.R.Read(b) +} + +func (w *PipeConnWrapper) Write(p []byte) (n int, err error) { + n = len(p) + var mb buf.MultiBuffer + pLen := len(p) + for pLen > 0 { + buffer := buf.New() + if pLen > buf.Size { + _, err = buffer.Write(p[:buf.Size]) + p = p[buf.Size:] + } else { + buffer.Write(p) + } + pLen -= int(buffer.Len()) + mb = append(mb, buffer) + } + err = w.W.WriteMultiBuffer(mb) + if err != nil { + n = 0 + buf.ReleaseMulti(mb) + } + return +} diff --git a/common/singbridge/reader.go b/common/singbridge/reader.go new file mode 100644 index 000000000000..1ace1845f031 --- /dev/null +++ b/common/singbridge/reader.go @@ -0,0 +1,66 @@ +package singbridge + +import ( + "time" + + "github.com/sagernet/sing/common" + "github.com/sagernet/sing/common/bufio" + N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/net" +) + +var ( + _ buf.Reader = (*Conn)(nil) + _ buf.TimeoutReader = (*Conn)(nil) + _ buf.Writer = (*Conn)(nil) +) + +type Conn struct { + net.Conn + writer N.VectorisedWriter +} + +func NewConn(conn net.Conn) *Conn { + writer, _ := bufio.CreateVectorisedWriter(conn) + return &Conn{ + Conn: conn, + writer: writer, + } +} + +func (c *Conn) ReadMultiBuffer() (buf.MultiBuffer, error) { + buffer, err := buf.ReadBuffer(c.Conn) + if err != nil { + return nil, err + } + return buf.MultiBuffer{buffer}, nil +} + +func (c *Conn) ReadMultiBufferTimeout(duration time.Duration) (buf.MultiBuffer, error) { + err := c.SetReadDeadline(time.Now().Add(duration)) + if err != nil { + return nil, err + } + defer c.SetReadDeadline(time.Time{}) + return c.ReadMultiBuffer() +} + +func (c *Conn) WriteMultiBuffer(bufferList buf.MultiBuffer) error { + defer buf.ReleaseMulti(bufferList) + if c.writer != nil { + bytesList := make([][]byte, len(bufferList)) + for i, buffer := range bufferList { + bytesList[i] = buffer.Bytes() + } + return common.Error(bufio.WriteVectorised(c.writer, bytesList)) + } + // Since this conn is only used by tun, we don't force buffer writes to merge. + for _, buffer := range bufferList { + _, err := c.Conn.Write(buffer.Bytes()) + if err != nil { + return err + } + } + return nil +} diff --git a/go.mod b/go.mod index 367332213ed5..bf6a6c3a6110 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.34.0 github.com/refraction-networking/utls v1.3.2 - github.com/sagernet/sing v0.2.3 + github.com/sagernet/sing v0.2.4 github.com/sagernet/sing-shadowsocks v0.2.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 4e681dc1586f..f8df04008880 100644 --- a/go.sum +++ b/go.sum @@ -145,6 +145,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/sagernet/sing v0.2.3 h1:V50MvZ4c3Iij2lYFWPlzL1PyipwSzjGeN9x+Ox89vpk= github.com/sagernet/sing v0.2.3/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing v0.2.4 h1:gC8BR5sglbJZX23RtMyFa8EETP9YEUADhfbEzU1yVbo= +github.com/sagernet/sing v0.2.4/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= github.com/sagernet/sing-shadowsocks v0.2.1 h1:FvdLQOqpvxHBJUcUe4fvgiYP2XLLwH5i1DtXQviVEPw= github.com/sagernet/sing-shadowsocks v0.2.1/go.mod h1:T/OgurSjsAe+Ug3+6PprXjmgHFmJidjOvQcjXGTKb3I= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 1c2ae1d219b3..bb298c09485e 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -17,6 +17,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/singbridge" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport/internet/stat" ) @@ -74,7 +75,7 @@ func (i *Inbound) Process(ctx context.Context, network net.Network, connection s ctx = session.ContextWithDispatcher(ctx, dispatcher) if network == net.Network_TCP { - return returnError(i.service.NewConnection(ctx, connection, metadata)) + return singbridge.ReturnError(i.service.NewConnection(ctx, connection, metadata)) } else { reader := buf.NewReader(connection) pc := &natPacketConn{connection} @@ -82,7 +83,7 @@ func (i *Inbound) Process(ctx context.Context, network net.Network, connection s mb, err := reader.ReadMultiBuffer() if err != nil { buf.ReleaseMulti(mb) - return returnError(err) + return singbridge.ReturnError(err) } for _, buffer := range mb { packet := B.As(buffer.Bytes()).ToOwned() @@ -112,16 +113,11 @@ func (i *Inbound) NewConnection(ctx context.Context, conn net.Conn, metadata M.M }) newError("tunnelling request to tcp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - link, err := dispatcher.Dispatch(ctx, toDestination(metadata.Destination, net.Network_TCP)) + link, err := dispatcher.Dispatch(ctx, singbridge.ToDestination(metadata.Destination, net.Network_TCP)) if err != nil { return err } - outConn := &pipeConnWrapper{ - &buf.BufferedReader{Reader: link.Reader}, - link.Writer, - conn, - } - return bufio.CopyConn(ctx, conn, outConn) + return singbridge.CopyConn(ctx, nil, link, conn) } func (i *Inbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error { @@ -138,12 +134,12 @@ func (i *Inbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, me }) newError("tunnelling request to udp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - destination := toDestination(metadata.Destination, net.Network_UDP) + destination := singbridge.ToDestination(metadata.Destination, net.Network_UDP) link, err := dispatcher.Dispatch(ctx, destination) if err != nil { return err } - outConn := &packetConnWrapper{ + outConn := &singbridge.PacketConnWrapper{ Reader: link.Reader, Writer: link.Writer, Dest: destination, diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 77a344279beb..04cac573e793 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -21,6 +21,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/singbridge" "github.com/xtls/xray-core/common/uuid" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport/internet/stat" @@ -163,7 +164,7 @@ func (i *MultiUserInbound) Process(ctx context.Context, network net.Network, con ctx = session.ContextWithDispatcher(ctx, dispatcher) if network == net.Network_TCP { - return returnError(i.service.NewConnection(ctx, connection, metadata)) + return singbridge.ReturnError(i.service.NewConnection(ctx, connection, metadata)) } else { reader := buf.NewReader(connection) pc := &natPacketConn{connection} @@ -171,7 +172,7 @@ func (i *MultiUserInbound) Process(ctx context.Context, network net.Network, con mb, err := reader.ReadMultiBuffer() if err != nil { buf.ReleaseMulti(mb) - return returnError(err) + return singbridge.ReturnError(err) } for _, buffer := range mb { packet := B.As(buffer.Bytes()).ToOwned() @@ -203,16 +204,11 @@ func (i *MultiUserInbound) NewConnection(ctx context.Context, conn net.Conn, met }) newError("tunnelling request to tcp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - link, err := dispatcher.Dispatch(ctx, toDestination(metadata.Destination, net.Network_TCP)) + link, err := dispatcher.Dispatch(ctx, singbridge.ToDestination(metadata.Destination, net.Network_TCP)) if err != nil { return err } - outConn := &pipeConnWrapper{ - &buf.BufferedReader{Reader: link.Reader}, - link.Writer, - conn, - } - return bufio.CopyConn(ctx, conn, outConn) + return singbridge.CopyConn(ctx, conn, link, conn) } func (i *MultiUserInbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error { @@ -231,12 +227,12 @@ func (i *MultiUserInbound) NewPacketConnection(ctx context.Context, conn N.Packe }) newError("tunnelling request to udp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - destination := toDestination(metadata.Destination, net.Network_UDP) + destination := singbridge.ToDestination(metadata.Destination, net.Network_UDP) link, err := dispatcher.Dispatch(ctx, destination) if err != nil { return err } - outConn := &packetConnWrapper{ + outConn := &singbridge.PacketConnWrapper{ Reader: link.Reader, Writer: link.Writer, Dest: destination, diff --git a/proxy/shadowsocks_2022/inbound_relay.go b/proxy/shadowsocks_2022/inbound_relay.go index d07babb8061f..c3f8e6759631 100644 --- a/proxy/shadowsocks_2022/inbound_relay.go +++ b/proxy/shadowsocks_2022/inbound_relay.go @@ -19,6 +19,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/singbridge" "github.com/xtls/xray-core/common/uuid" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport/internet/stat" @@ -66,7 +67,7 @@ func NewRelayServer(ctx context.Context, config *RelayServerConfig) (*RelayInbou C.MapIndexed(config.Destinations, func(index int, it *RelayDestination) int { return index }), C.Map(config.Destinations, func(it *RelayDestination) string { return it.Key }), C.Map(config.Destinations, func(it *RelayDestination) M.Socksaddr { - return toSocksaddr(net.Destination{ + return singbridge.ToSocksaddr(net.Destination{ Address: it.Address.AsAddress(), Port: net.Port(it.Port), }) @@ -95,7 +96,7 @@ func (i *RelayInbound) Process(ctx context.Context, network net.Network, connect ctx = session.ContextWithDispatcher(ctx, dispatcher) if network == net.Network_TCP { - return returnError(i.service.NewConnection(ctx, connection, metadata)) + return singbridge.ReturnError(i.service.NewConnection(ctx, connection, metadata)) } else { reader := buf.NewReader(connection) pc := &natPacketConn{connection} @@ -103,7 +104,7 @@ func (i *RelayInbound) Process(ctx context.Context, network net.Network, connect mb, err := reader.ReadMultiBuffer() if err != nil { buf.ReleaseMulti(mb) - return returnError(err) + return singbridge.ReturnError(err) } for _, buffer := range mb { packet := B.As(buffer.Bytes()).ToOwned() @@ -135,16 +136,11 @@ func (i *RelayInbound) NewConnection(ctx context.Context, conn net.Conn, metadat }) newError("tunnelling request to tcp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - link, err := dispatcher.Dispatch(ctx, toDestination(metadata.Destination, net.Network_TCP)) + link, err := dispatcher.Dispatch(ctx, singbridge.ToDestination(metadata.Destination, net.Network_TCP)) if err != nil { return err } - outConn := &pipeConnWrapper{ - &buf.BufferedReader{Reader: link.Reader}, - link.Writer, - conn, - } - return bufio.CopyConn(ctx, conn, outConn) + return singbridge.CopyConn(ctx, nil, link, conn) } func (i *RelayInbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error { @@ -163,12 +159,12 @@ func (i *RelayInbound) NewPacketConnection(ctx context.Context, conn N.PacketCon }) newError("tunnelling request to udp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - destination := toDestination(metadata.Destination, net.Network_UDP) + destination := singbridge.ToDestination(metadata.Destination, net.Network_UDP) link, err := dispatcher.Dispatch(ctx, destination) if err != nil { return err } - outConn := &packetConnWrapper{ + outConn := &singbridge.PacketConnWrapper{ Reader: link.Reader, Writer: link.Writer, Dest: destination, diff --git a/proxy/shadowsocks_2022/outbound.go b/proxy/shadowsocks_2022/outbound.go index 41e239dcf8c3..151ea0e2867f 100644 --- a/proxy/shadowsocks_2022/outbound.go +++ b/proxy/shadowsocks_2022/outbound.go @@ -2,7 +2,6 @@ package shadowsocks_2022 import ( "context" - "io" "runtime" "time" @@ -17,6 +16,7 @@ import ( "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/singbridge" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" ) @@ -93,7 +93,7 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int } if network == net.Network_TCP { - serverConn := o.method.DialEarlyConn(connection, toSocksaddr(destination)) + serverConn := o.method.DialEarlyConn(connection, singbridge.ToSocksaddr(destination)) var handshake bool if timeoutReader, isTimeoutReader := link.Reader.(buf.TimeoutReader); isTimeoutReader { mb, err := timeoutReader.ReadMultiBufferTimeout(time.Millisecond * 100) @@ -128,17 +128,7 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int return newError("client handshake").Base(err) } } - conn := &pipeConnWrapper{ - W: link.Writer, - Conn: inboundConn, - } - if ir, ok := link.Reader.(io.Reader); ok { - conn.R = ir - } else { - conn.R = &buf.BufferedReader{Reader: link.Reader} - } - - return returnError(bufio.CopyConn(ctx, conn, serverConn)) + return singbridge.CopyConn(ctx, inboundConn, link, serverConn) } else { var packetConn N.PacketConn if pc, isPacketConn := inboundConn.(N.PacketConn); isPacketConn { @@ -146,7 +136,7 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int } else if nc, isNetPacket := inboundConn.(net.PacketConn); isNetPacket { packetConn = bufio.NewPacketConn(nc) } else { - packetConn = &packetConnWrapper{ + packetConn = &singbridge.PacketConnWrapper{ Reader: link.Reader, Writer: link.Writer, Conn: inboundConn, @@ -155,14 +145,14 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int } if o.uotClient != nil { - uConn, err := o.uotClient.DialEarlyConn(o.method.DialEarlyConn(connection, uot.RequestDestination(o.uotClient.Version)), false, toSocksaddr(destination)) + uConn, err := o.uotClient.DialEarlyConn(o.method.DialEarlyConn(connection, uot.RequestDestination(o.uotClient.Version)), false, singbridge.ToSocksaddr(destination)) if err != nil { return err } - return returnError(bufio.CopyPacketConn(ctx, packetConn, uConn)) + return singbridge.ReturnError(bufio.CopyPacketConn(ctx, packetConn, uConn)) } else { serverConn := o.method.DialPacketConn(connection) - return returnError(bufio.CopyPacketConn(ctx, packetConn, serverConn)) + return singbridge.ReturnError(bufio.CopyPacketConn(ctx, packetConn, serverConn)) } } } diff --git a/proxy/shadowsocks_2022/shadowsocks_2022.go b/proxy/shadowsocks_2022/shadowsocks_2022.go index 945c44994e75..4f8d88ab0b4f 100644 --- a/proxy/shadowsocks_2022/shadowsocks_2022.go +++ b/proxy/shadowsocks_2022/shadowsocks_2022.go @@ -1,145 +1,3 @@ package shadowsocks_2022 -import ( - "io" - - B "github.com/sagernet/sing/common/buf" - E "github.com/sagernet/sing/common/exceptions" - M "github.com/sagernet/sing/common/metadata" - "github.com/xtls/xray-core/common/buf" - "github.com/xtls/xray-core/common/net" -) - //go:generate go run github.com/xtls/xray-core/common/errors/errorgen - -func toDestination(socksaddr M.Socksaddr, network net.Network) net.Destination { - if socksaddr.IsFqdn() { - return net.Destination{ - Network: network, - Address: net.DomainAddress(socksaddr.Fqdn), - Port: net.Port(socksaddr.Port), - } - } else { - return net.Destination{ - Network: network, - Address: net.IPAddress(socksaddr.Addr.AsSlice()), - Port: net.Port(socksaddr.Port), - } - } -} - -func toSocksaddr(destination net.Destination) M.Socksaddr { - var addr M.Socksaddr - switch destination.Address.Family() { - case net.AddressFamilyDomain: - addr.Fqdn = destination.Address.Domain() - default: - addr.Addr = M.AddrFromIP(destination.Address.IP()) - } - addr.Port = uint16(destination.Port) - return addr -} - -type pipeConnWrapper struct { - R io.Reader - W buf.Writer - net.Conn -} - -func (w *pipeConnWrapper) Close() error { - return nil -} - -func (w *pipeConnWrapper) Read(b []byte) (n int, err error) { - return w.R.Read(b) -} - -func (w *pipeConnWrapper) Write(p []byte) (n int, err error) { - n = len(p) - var mb buf.MultiBuffer - pLen := len(p) - for pLen > 0 { - buffer := buf.New() - if pLen > buf.Size { - _, err = buffer.Write(p[:buf.Size]) - p = p[buf.Size:] - } else { - buffer.Write(p) - } - pLen -= int(buffer.Len()) - mb = append(mb, buffer) - } - err = w.W.WriteMultiBuffer(mb) - if err != nil { - n = 0 - buf.ReleaseMulti(mb) - } - return -} - -type packetConnWrapper struct { - buf.Reader - buf.Writer - net.Conn - Dest net.Destination - cached buf.MultiBuffer -} - -func (w *packetConnWrapper) ReadPacket(buffer *B.Buffer) (M.Socksaddr, error) { - if w.cached != nil { - mb, bb := buf.SplitFirst(w.cached) - if bb == nil { - w.cached = nil - } else { - buffer.Write(bb.Bytes()) - w.cached = mb - var destination net.Destination - if bb.UDP != nil { - destination = *bb.UDP - } else { - destination = w.Dest - } - bb.Release() - return toSocksaddr(destination), nil - } - } - mb, err := w.ReadMultiBuffer() - if err != nil { - return M.Socksaddr{}, err - } - nb, bb := buf.SplitFirst(mb) - if bb == nil { - return M.Socksaddr{}, nil - } else { - buffer.Write(bb.Bytes()) - w.cached = nb - var destination net.Destination - if bb.UDP != nil { - destination = *bb.UDP - } else { - destination = w.Dest - } - bb.Release() - return toSocksaddr(destination), nil - } -} - -func (w *packetConnWrapper) WritePacket(buffer *B.Buffer, destination M.Socksaddr) error { - vBuf := buf.New() - vBuf.Write(buffer.Bytes()) - endpoint := toDestination(destination, net.Network_UDP) - vBuf.UDP = &endpoint - return w.Writer.WriteMultiBuffer(buf.MultiBuffer{vBuf}) -} - -func (w *packetConnWrapper) Close() error { - buf.ReleaseMulti(w.cached) - return nil -} - -func returnError(err error) error { - if E.IsClosed(err) { - return nil - } - return err -} diff --git a/transport/internet/system_dialer.go b/transport/internet/system_dialer.go index 93cf404ef1a7..5a68144d0050 100644 --- a/transport/internet/system_dialer.go +++ b/transport/internet/system_dialer.go @@ -5,6 +5,7 @@ import ( "syscall" "time" + "github.com/sagernet/sing/common/control" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/features/dns" @@ -18,7 +19,7 @@ type SystemDialer interface { } type DefaultSystemDialer struct { - controllers []controller + controllers []control.Func dns dns.Client obm outbound.Manager } @@ -81,6 +82,11 @@ func (d *DefaultSystemDialer) Dial(ctx context.Context, src net.Address, dest ne if sockopt != nil || len(d.controllers) > 0 { dialer.Control = func(network, address string, c syscall.RawConn) error { + for _, ctl := range d.controllers { + if err := ctl(network, address, c); err != nil { + newError("failed to apply external controller").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + } return c.Control(func(fd uintptr) { if sockopt != nil { if err := applyOutboundSocketOptions(network, address, fd, sockopt); err != nil { @@ -92,12 +98,6 @@ func (d *DefaultSystemDialer) Dial(ctx context.Context, src net.Address, dest ne } } } - - for _, ctl := range d.controllers { - if err := ctl(network, address, fd); err != nil { - newError("failed to apply external controller").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - } }) } } @@ -185,7 +185,7 @@ func UseAlternativeSystemDialer(dialer SystemDialer) { // It only works when effective dialer is the default dialer. // // xray:api:beta -func RegisterDialerController(ctl func(network, address string, fd uintptr) error) error { +func RegisterDialerController(ctl control.Func) error { if ctl == nil { return newError("nil listener controller") } diff --git a/transport/internet/system_listener.go b/transport/internet/system_listener.go index 0469438345e2..60979062017a 100644 --- a/transport/internet/system_listener.go +++ b/transport/internet/system_listener.go @@ -10,21 +10,26 @@ import ( "time" "github.com/pires/go-proxyproto" + "github.com/sagernet/sing/common/control" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" ) var effectiveListener = DefaultListener{} -type controller func(network, address string, fd uintptr) error - type DefaultListener struct { - controllers []controller + controllers []control.Func } -func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []controller) func(network, address string, c syscall.RawConn) error { +func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []control.Func) func(network, address string, c syscall.RawConn) error { return func(network, address string, c syscall.RawConn) error { return c.Control(func(fd uintptr) { + for _, controller := range controllers { + if err := controller(network, address, c); err != nil { + newError("failed to apply external controller").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + } + if sockopt != nil { if err := applyInboundSocketOptions(network, fd, sockopt); err != nil { newError("failed to apply socket options to incoming connection").Base(err).WriteToLog(session.ExportIDToError(ctx)) @@ -32,12 +37,6 @@ func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []co } setReusePort(fd) - - for _, controller := range controllers { - if err := controller(network, address, fd); err != nil { - newError("failed to apply external controller").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - } }) } } @@ -117,7 +116,7 @@ func (dl *DefaultListener) ListenPacket(ctx context.Context, addr net.Addr, sock // The controller can be used to operate on file descriptors before they are put into use. // // xray:api:beta -func RegisterListenerController(controller func(network, address string, fd uintptr) error) error { +func RegisterListenerController(controller control.Func) error { if controller == nil { return newError("nil listener controller") } diff --git a/transport/internet/system_listener_test.go b/transport/internet/system_listener_test.go index 0fcc9a95ae09..390888e7a786 100644 --- a/transport/internet/system_listener_test.go +++ b/transport/internet/system_listener_test.go @@ -3,8 +3,10 @@ package internet_test import ( "context" "net" + "syscall" "testing" + "github.com/sagernet/sing/common/control" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/transport/internet" ) @@ -12,9 +14,11 @@ import ( func TestRegisterListenerController(t *testing.T) { var gotFd uintptr - common.Must(internet.RegisterListenerController(func(network string, addr string, fd uintptr) error { - gotFd = fd - return nil + common.Must(internet.RegisterListenerController(func(network, address string, conn syscall.RawConn) error { + return control.Raw(conn, func(fd uintptr) error { + gotFd = fd + return nil + }) })) conn, err := internet.ListenSystemPacket(context.Background(), &net.UDPAddr{ From dd81ad53425c656371089577ff1bb856239a9ca1 Mon Sep 17 00:00:00 2001 From: xqzr <34030394+xqzr@users.noreply.github.com> Date: Sun, 30 Apr 2023 08:03:30 +0800 Subject: [PATCH 114/226] Add `tcpMaxSeg` to `sockopt` (#2002) --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 14 ++++++++++++-- transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 13 +++++++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 976a49d45b9c..0da0fb645290 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -617,6 +617,7 @@ type SocketConfig struct { TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` TCPWindowClamp int32 `json:"tcpWindowClamp"` + TCPMaxSeg int32 `json:"tcpMaxSeg"` TCPUserTimeout int32 `json:"tcpUserTimeout"` V6only bool `json:"v6only"` Interface string `json:"interface"` @@ -670,6 +671,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, TcpWindowClamp: c.TCPWindowClamp, + TcpMaxSeg: c.TCPMaxSeg, TcpUserTimeout: c.TCPUserTimeout, V6Only: c.V6only, Interface: c.Interface, diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 8021c6dbf124..1d16101c361c 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -429,6 +429,7 @@ type SocketConfig struct { V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` TcpWindowClamp int32 `protobuf:"varint,15,opt,name=tcp_window_clamp,json=tcpWindowClamp,proto3" json:"tcp_window_clamp,omitempty"` TcpUserTimeout int32 `protobuf:"varint,16,opt,name=tcp_user_timeout,json=tcpUserTimeout,proto3" json:"tcp_user_timeout,omitempty"` + TcpMaxSeg int32 `protobuf:"varint,17,opt,name=tcp_max_seg,json=tcpMaxSeg,proto3" json:"tcp_max_seg,omitempty"` } func (x *SocketConfig) Reset() { @@ -575,6 +576,13 @@ func (x *SocketConfig) GetTcpUserTimeout() int32 { return 0 } +func (x *SocketConfig) GetTcpMaxSeg() int32 { + if x != nil { + return x.TcpMaxSeg + } + return 0 +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -627,7 +635,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xf2, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0x92, 0x06, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -671,7 +679,9 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x70, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, 0x28, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, 0x70, 0x55, 0x73, 0x65, 0x72, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6d, 0x61, + 0x78, 0x5f, 0x73, 0x65, 0x67, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x63, 0x70, + 0x4d, 0x61, 0x78, 0x53, 0x65, 0x67, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 1d5ef6bf8fa3..cbfd7b54facf 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -106,4 +106,6 @@ message SocketConfig { int32 tcp_window_clamp = 15; int32 tcp_user_timeout = 16; + + int32 tcp_max_seg = 17; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index 7f366de8fe32..01888e946966 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -94,6 +94,13 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set TCP_USER_TIMEOUT", err) } } + + if config.TcpMaxSeg > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_MAXSEG, int(config.TcpMaxSeg)); err != nil { + return newError("failed to set TCP_MAXSEG", err) + } + } + } if config.Tproxy.IsEnabled() { @@ -156,6 +163,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) return newError("failed to set TCP_USER_TIMEOUT", err) } } + + if config.TcpMaxSeg > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_MAXSEG, int(config.TcpMaxSeg)); err != nil { + return newError("failed to set TCP_MAXSEG", err) + } + } } if config.Tproxy.IsEnabled() { From ae518cce52935f423601fed973b6eb4f7bb64bf8 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 29 Apr 2023 23:05:53 -0400 Subject: [PATCH 115/226] Update docker.yml limit docker build to main branch --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4021b65fadc2..6c51d0b538a5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,7 +3,7 @@ name: Build docker image on: push: branches: - - '*' + - main jobs: build-image: @@ -42,4 +42,4 @@ jobs: file: .github/docker/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} From bfd5da2f0020e9856602c1d624cdf2e7914e545e Mon Sep 17 00:00:00 2001 From: Zeyu Chen Date: Wed, 26 Apr 2023 22:35:12 +0800 Subject: [PATCH 116/226] fix: dns empty response --- app/dns/dns.go | 2 +- app/dns/dns_test.go | 3 ++- common/errors/multi_error.go | 17 +++++++++++++++++ proxy/dns/dns.go | 3 ++- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/app/dns/dns.go b/app/dns/dns.go index af5f285b88ff..6efcb825a931 100644 --- a/app/dns/dns.go +++ b/app/dns/dns.go @@ -215,7 +215,7 @@ func (s *DNS) LookupIP(domain string, option dns.IPOption) ([]net.IP, error) { newError("failed to lookup ip for domain ", domain, " at server ", client.Name()).Base(err).WriteToLog() errs = append(errs, err) } - if err != context.Canceled && err != context.DeadlineExceeded && err != errExpectedIPNonMatch { + if err != context.Canceled && err != context.DeadlineExceeded && err != errExpectedIPNonMatch && err != dns.ErrEmptyResponse { return nil, err } } diff --git a/app/dns/dns_test.go b/app/dns/dns_test.go index b3a8def88559..74c7a125a946 100644 --- a/app/dns/dns_test.go +++ b/app/dns/dns_test.go @@ -13,6 +13,7 @@ import ( _ "github.com/xtls/xray-core/app/proxyman/outbound" "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/core" @@ -260,7 +261,7 @@ func TestUDPServer(t *testing.T) { IPv6Enable: true, FakeEnable: false, }) - if err != feature_dns.ErrEmptyResponse { + if !errors.AllEqual(feature_dns.ErrEmptyResponse, errors.Cause(err)) { t.Fatal("error: ", err) } if len(ips) != 0 { diff --git a/common/errors/multi_error.go b/common/errors/multi_error.go index 8f19c97a315a..8066ac9e7c5b 100644 --- a/common/errors/multi_error.go +++ b/common/errors/multi_error.go @@ -28,3 +28,20 @@ func Combine(maybeError ...error) error { } return errs } + +func AllEqual(expected error, actual error) bool { + switch errs := actual.(type) { + case multiError: + if len(errs) == 0 { + return false + } + for _, err := range errs { + if err != expected { + return false + } + } + return true + default: + return errs == expected + } +} diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index be05e4f7413b..4aa5dac09e59 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -8,6 +8,7 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" dns_proto "github.com/xtls/xray-core/common/protocol/dns" "github.com/xtls/xray-core/common/session" @@ -232,7 +233,7 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, } rcode := dns.RCodeFromError(err) - if rcode == 0 && len(ips) == 0 && err != dns.ErrEmptyResponse { + if rcode == 0 && len(ips) == 0 && !errors.AllEqual(dns.ErrEmptyResponse, errors.Cause(err)) { newError("ip query").Base(err).WriteToLog() return } From f3231fb94e2b49d38f63451eae8279bd913f826c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 01:07:41 +0000 Subject: [PATCH 117/226] Bump github.com/miekg/dns from 1.1.53 to 1.1.54 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.53 to 1.1.54. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.53...v1.1.54) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index bf6a6c3a6110..672694898701 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.53 + github.com/miekg/dns v1.1.54 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.34.0 diff --git a/go.sum b/go.sum index f8df04008880..eb711a08842b 100644 --- a/go.sum +++ b/go.sum @@ -108,8 +108,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw= -github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI= +github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -143,8 +143,6 @@ github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvj github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.3 h1:V50MvZ4c3Iij2lYFWPlzL1PyipwSzjGeN9x+Ox89vpk= -github.com/sagernet/sing v0.2.3/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= github.com/sagernet/sing v0.2.4 h1:gC8BR5sglbJZX23RtMyFa8EETP9YEUADhfbEzU1yVbo= github.com/sagernet/sing v0.2.4/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= github.com/sagernet/sing-shadowsocks v0.2.1 h1:FvdLQOqpvxHBJUcUe4fvgiYP2XLLwH5i1DtXQviVEPw= From 37c8957495e43bc8d8826503885b0a3ab76b46a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 00:59:55 +0000 Subject: [PATCH 118/226] Bump golang.org/x/sys from 0.7.0 to 0.8.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 672694898701..0e5d650a5dae 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/crypto v0.8.0 golang.org/x/net v0.9.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.7.0 + golang.org/x/sys v0.8.0 google.golang.org/grpc v1.54.0 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index eb711a08842b..fbde3b7cd58e 100644 --- a/go.sum +++ b/go.sum @@ -255,8 +255,8 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From a514d48baeec83432e4564acec87c38346de326d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 14:20:07 +0000 Subject: [PATCH 119/226] Bump google.golang.org/grpc from 1.54.0 to 1.55.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0e5d650a5dae..3ccdc3f0f83f 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/net v0.9.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.8.0 - google.golang.org/grpc v1.54.0 + google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index fbde3b7cd58e..828788ea4b63 100644 --- a/go.sum +++ b/go.sum @@ -305,8 +305,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 1f2ffb522290a80c94325266c98e22582235bc51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 14:20:07 +0000 Subject: [PATCH 120/226] Bump golang.org/x/sync from 0.1.0 to 0.2.0 Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0. - [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3ccdc3f0f83f..24b5980fbedb 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.8.0 golang.org/x/net v0.9.0 - golang.org/x/sync v0.1.0 + golang.org/x/sync v0.2.0 golang.org/x/sys v0.8.0 google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 diff --git a/go.sum b/go.sum index 828788ea4b63..e797d88ed2ee 100644 --- a/go.sum +++ b/go.sum @@ -241,8 +241,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From 6cc5d1de449365df5ecd56cd38cfea27d996a557 Mon Sep 17 00:00:00 2001 From: Hiddify <114227601+hiddify1@users.noreply.github.com> Date: Sat, 6 May 2023 04:20:50 +0200 Subject: [PATCH 121/226] Add HiddifyN and HiddifyNG to README/GUI Clients (#2028) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index fb85b407db61..d0b3bbf48928 100644 --- a/README.md +++ b/README.md @@ -63,9 +63,11 @@ - [luci-app-xray](https://github.com/yichya/luci-app-xray) ([openwrt-xray](https://github.com/yichya/openwrt-xray)) - Windows - [v2rayN](https://github.com/2dust/v2rayN) + - [HiddifyN](https://github.com/hiddify/HiddifyN) - [Invisible Man - Xray](https://github.com/InvisibleManVPN/InvisibleMan-XRayClient) - Android - [v2rayNG](https://github.com/2dust/v2rayNG) + - [HiddifyNG](https://github.com/hiddify/HiddifyNG) - [X-flutter](https://github.com/XTLS/X-flutter) - iOS & macOS arm64 - [Mango](https://github.com/arror/Mango) From d9af02812f22aad5d415fb0b01b855d21c2d1078 Mon Sep 17 00:00:00 2001 From: rurirei <72071920+rurirei@users.noreply.github.com> Date: Sat, 6 May 2023 03:18:08 +0000 Subject: [PATCH 122/226] Add ctx to UDP dispatcherConn (#2024) --- transport/internet/udp/dispatcher.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/transport/internet/udp/dispatcher.go b/transport/internet/udp/dispatcher.go index 48b90b63bec6..32c8c8ac6a6a 100644 --- a/transport/internet/udp/dispatcher.go +++ b/transport/internet/udp/dispatcher.go @@ -142,12 +142,14 @@ type dispatcherConn struct { dispatcher *Dispatcher cache chan *udp.Packet done *done.Instance + ctx context.Context } func DialDispatcher(ctx context.Context, dispatcher routing.Dispatcher) (net.PacketConn, error) { c := &dispatcherConn{ cache: make(chan *udp.Packet, 16), done: done.New(), + ctx: ctx, } d := &Dispatcher{ @@ -197,8 +199,7 @@ func (c *dispatcherConn) WriteTo(p []byte, addr net.Addr) (int, error) { n := copy(raw, p) buffer.Resize(0, int32(n)) - ctx := context.Background() - c.dispatcher.Dispatch(ctx, net.DestinationFromAddr(addr), buffer) + c.dispatcher.Dispatch(c.ctx, net.DestinationFromAddr(addr), buffer) return n, nil } From ecedc5117334ac641ce7ed2b8f5c8cc486acdfe0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 May 2023 00:58:47 +0000 Subject: [PATCH 123/226] Bump golang.org/x/net from 0.9.0 to 0.10.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 24b5980fbedb..e3cf7006171d 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.8.0 - golang.org/x/net v0.9.0 + golang.org/x/net v0.10.0 golang.org/x/sync v0.2.0 golang.org/x/sys v0.8.0 google.golang.org/grpc v1.55.0 diff --git a/go.sum b/go.sum index e797d88ed2ee..7c2228f5de81 100644 --- a/go.sum +++ b/go.sum @@ -228,8 +228,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From 70b8b2aaca72a5f67b33cdb5611ba195fdac1382 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=97=8D+85CD?= <50108258+kwaa@users.noreply.github.com> Date: Tue, 9 May 2023 19:25:33 +0800 Subject: [PATCH 124/226] refactor(dockerfile): set entrypoint --- .github/docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile index 36f356f82070..ad1e8c3dc214 100644 --- a/.github/docker/Dockerfile +++ b/.github/docker/Dockerfile @@ -18,4 +18,5 @@ RUN set -ex \ VOLUME /etc/xray ENV TZ=Asia/Shanghai -CMD [ "/usr/bin/xray", "-config", "/etc/xray/config.json" ] \ No newline at end of file +ENTRYPOINT [ "/usr/bin/xray" ] +CMD [ "-config", "/etc/xray/config.json" ] From cb7e08100058e69725fd1b1fb4fae1fcf50e82c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 14 May 2023 23:42:26 +0000 Subject: [PATCH 125/226] Bump golang.org/x/crypto from 0.8.0 to 0.9.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e3cf7006171d..506d830e5364 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 - golang.org/x/crypto v0.8.0 + golang.org/x/crypto v0.9.0 golang.org/x/net v0.10.0 golang.org/x/sync v0.2.0 golang.org/x/sys v0.8.0 diff --git a/go.sum b/go.sum index 7c2228f5de81..40a1c4ee4d48 100644 --- a/go.sum +++ b/go.sum @@ -204,8 +204,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= From e7324700edf886afea14845c648f40abdf6e9818 Mon Sep 17 00:00:00 2001 From: jcdong98 Date: Fri, 12 May 2023 20:11:58 +0800 Subject: [PATCH 126/226] Fix memory leak caused by Wireguard outbound --- proxy/wireguard/wireguard.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go index 0d4994f5adf0..53e7dcd56b2e 100644 --- a/proxy/wireguard/wireguard.go +++ b/proxy/wireguard/wireguard.go @@ -152,6 +152,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if err != nil { return newError("failed to create TCP connection").Base(err) } + defer conn.Close() requestFunc = func() error { defer timer.SetTimeout(p.Timeouts.DownlinkOnly) @@ -166,6 +167,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if err != nil { return newError("failed to create UDP connection").Base(err) } + defer conn.Close() requestFunc = func() error { defer timer.SetTimeout(p.Timeouts.DownlinkOnly) @@ -183,6 +185,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte responseDonePost := task.OnSuccess(responseFunc, task.Close(link.Writer)) if err := task.Run(ctx, requestFunc, responseDonePost); err != nil { + common.Interrupt(link.Reader) + common.Interrupt(link.Writer) return newError("connection ends").Base(err) } From bb26f8576bc8bdcdc4b112314a9d6950b97b99ec Mon Sep 17 00:00:00 2001 From: Matin Baloochestani Date: Sat, 13 May 2023 22:41:23 +0330 Subject: [PATCH 127/226] Add Linux GUI client to README.md This commit adds v2rayA user interface (GUI) client. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d0b3bbf48928..5a096a9dd862 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,8 @@ - macOS arm64 & x64 - [V2RayXS](https://github.com/tzmax/V2RayXS) - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) +- Linux + - [v2rayA](https://github.com/v2rayA/v2rayA) ## Others that support VLESS, XTLS, REALITY, XUDP, PLUX... From f58fededc5a8f1d2095fc59784ac59f353b6a9b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 May 2023 00:59:23 +0000 Subject: [PATCH 128/226] Bump lukechampine.com/blake3 from 1.1.7 to 1.2.1 Bumps [lukechampine.com/blake3](https://github.com/lukechampine/blake3) from 1.1.7 to 1.2.1. - [Commits](https://github.com/lukechampine/blake3/compare/v1.1.7...v1.2.1) --- updated-dependencies: - dependency-name: lukechampine.com/blake3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 506d830e5364..936c6d573c19 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 - lukechampine.com/blake3 v1.1.7 + lukechampine.com/blake3 v1.2.1 ) require ( diff --git a/go.sum b/go.sum index 40a1c4ee4d48..4e9ca5ff51fd 100644 --- a/go.sum +++ b/go.sum @@ -95,7 +95,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= @@ -339,7 +338,7 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0= -lukechampine.com/blake3 v1.1.7/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA= +lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI= +lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= From 19d3a4faba312e00891e308a0192ba95d8f40209 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 May 2023 00:59:34 +0000 Subject: [PATCH 129/226] Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 936c6d573c19..41fa574e195b 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.2.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb - github.com/stretchr/testify v1.8.2 + github.com/stretchr/testify v1.8.3 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 diff --git a/go.sum b/go.sum index 4e9ca5ff51fd..961f7d70c475 100644 --- a/go.sum +++ b/go.sum @@ -176,14 +176,10 @@ github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5k github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= From 51b29224274befd57ce2e9a5e1d28529b568f6a6 Mon Sep 17 00:00:00 2001 From: chika0801 <88967758+chika0801@users.noreply.github.com> Date: Sun, 21 May 2023 11:21:52 +0800 Subject: [PATCH 130/226] Replace Wings X with FoXray in README/GUI Clients (#2091) --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5a096a9dd862..bcbd7039009f 100644 --- a/README.md +++ b/README.md @@ -71,10 +71,10 @@ - [X-flutter](https://github.com/XTLS/X-flutter) - iOS & macOS arm64 - [Mango](https://github.com/arror/Mango) - - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) + - [FoXray](https://apps.apple.com/app/foxray/id6448898396) - macOS arm64 & x64 - [V2RayXS](https://github.com/tzmax/V2RayXS) - - [Wings X](https://apps.apple.com/app/wings-x/id6446119727) + - [FoXray](https://apps.apple.com/app/foxray/id6448898396) - Linux - [v2rayA](https://github.com/v2rayA/v2rayA) @@ -87,7 +87,6 @@ - [xtlsapi](https://github.com/hiddify/xtlsapi) - [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite) - [XrayKit](https://github.com/arror/XrayKit) - - [libxray](https://github.com/KouYiGuo/libxray) - [XrayR](https://github.com/XrayR-project/XrayR) - [XrayR-release](https://github.com/XrayR-project/XrayR-release) - [XrayR-V2Board](https://github.com/missuo/XrayR-V2Board) From c80646a045c2d8b2d7d68a63036f21c37c4c1c0d Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 20 May 2023 23:40:56 -0400 Subject: [PATCH 131/226] Clean code dependencies on github.com/miekg/dns (#2099) --- transport/internet/headers/dns/dns.go | 71 ++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/transport/internet/headers/dns/dns.go b/transport/internet/headers/dns/dns.go index a7366d1a8072..df209ff67d2c 100644 --- a/transport/internet/headers/dns/dns.go +++ b/transport/internet/headers/dns/dns.go @@ -3,8 +3,8 @@ package dns import ( "context" "encoding/binary" + "errors" - "github.com/miekg/dns" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/dice" ) @@ -36,7 +36,7 @@ func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { buf := make([]byte, 0x100) - off1, err := dns.PackDomainName(dns.Fqdn(config.(*Config).Domain), buf, 0, nil, false) + off1, err := packDomainName(config.(*Config).Domain + ".", buf) if err != nil { return nil, err } @@ -51,6 +51,73 @@ func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { }, nil } +// copied from github.com/miekg/dns +func packDomainName(s string, msg []byte) (off1 int, err error) { + off := 0 + ls := len(s) + // Each dot ends a segment of the name. + // We trade each dot byte for a length byte. + // Except for escaped dots (\.), which are normal dots. + // There is also a trailing zero. + + // Emit sequence of counted strings, chopping at dots. + var ( + begin int + bs []byte + ) + for i := 0; i < ls; i++ { + var c byte + if bs == nil { + c = s[i] + } else { + c = bs[i] + } + + switch c { + case '\\': + if off+1 > len(msg) { + return len(msg), errors.New("buffer size too small") + } + + if bs == nil { + bs = []byte(s) + } + + copy(bs[i:ls-1], bs[i+1:]) + ls-- + case '.': + labelLen := i - begin + if labelLen >= 1<<6 { // top two bits of length must be clear + return len(msg), errors.New("bad rdata") + } + + // off can already (we're in a loop) be bigger than len(msg) + // this happens when a name isn't fully qualified + if off+1+labelLen > len(msg) { + return len(msg), errors.New("buffer size too small") + } + + // The following is covered by the length check above. + msg[off] = byte(labelLen) + + if bs == nil { + copy(msg[off+1:], s[begin:i]) + } else { + copy(msg[off+1:], bs[begin:i]) + } + off += 1 + labelLen + begin = i + 1 + default: + } + } + + if off < len(msg) { + msg[off] = 0 + } + + return off + 1, nil +} + func init() { common.Must(common.RegisterConfig((*Config)(nil), NewDNS)) } From 5f5ae375714abd67eb2f0a0f2e86410b6f29f7c2 Mon Sep 17 00:00:00 2001 From: sambali9 <120097517+sambali9@users.noreply.github.com> Date: Mon, 22 May 2023 04:59:58 +0200 Subject: [PATCH 132/226] Added tcp fragmentation for freedom outbound (#2021) * Added tcp fragmentation for freedom outbound * Added TCP_NODELAY to outbound sockopt * Changed fragment parameters to accept ranges and changed strategy to use length * Changed packetNumber to packets, supporting range. * Refactored the freedom fragment logic * Refine Write() --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- infra/conf/freedom.go | 98 +++++++++++- infra/conf/transport_internet.go | 6 +- proxy/freedom/config.pb.go | 208 +++++++++++++++++++++----- proxy/freedom/config.proto | 10 ++ proxy/freedom/freedom.go | 66 +++++++- transport/internet/config.pb.go | 56 ++++--- transport/internet/config.proto | 2 + transport/internet/sockopt_darwin.go | 6 + transport/internet/sockopt_linux.go | 6 + transport/internet/sockopt_windows.go | 5 + 10 files changed, 392 insertions(+), 71 deletions(-) diff --git a/infra/conf/freedom.go b/infra/conf/freedom.go index 60dfd5b87e00..b37902784d0d 100644 --- a/infra/conf/freedom.go +++ b/infra/conf/freedom.go @@ -2,6 +2,7 @@ package conf import ( "net" + "strconv" "strings" "github.com/golang/protobuf/proto" @@ -11,10 +12,17 @@ import ( ) type FreedomConfig struct { - DomainStrategy string `json:"domainStrategy"` - Timeout *uint32 `json:"timeout"` - Redirect string `json:"redirect"` - UserLevel uint32 `json:"userLevel"` + DomainStrategy string `json:"domainStrategy"` + Timeout *uint32 `json:"timeout"` + Redirect string `json:"redirect"` + UserLevel uint32 `json:"userLevel"` + Fragment *Fragment `json:"fragment"` +} + +type Fragment struct { + Packets string `json:"packets"` + Length string `json:"length"` + Interval string `json:"interval"` } // Build implements Buildable @@ -30,6 +38,88 @@ func (c *FreedomConfig) Build() (proto.Message, error) { config.DomainStrategy = freedom.Config_USE_IP6 } + if c.Fragment != nil { + if len(c.Fragment.Interval) == 0 || len(c.Fragment.Length) == 0 { + return nil, newError("Invalid interval or length") + } + intervalMinMax := strings.Split(c.Fragment.Interval, "-") + var minInterval, maxInterval int64 + var err, err2 error + if len(intervalMinMax) == 2 { + minInterval, err = strconv.ParseInt(intervalMinMax[0], 10, 64) + maxInterval, err2 = strconv.ParseInt(intervalMinMax[1], 10, 64) + } else { + minInterval, err = strconv.ParseInt(intervalMinMax[0], 10, 64) + maxInterval = minInterval + } + if err != nil { + return nil, newError("Invalid minimum interval: ", err).Base(err) + } + if err2 != nil { + return nil, newError("Invalid maximum interval: ", err2).Base(err2) + } + + lengthMinMax := strings.Split(c.Fragment.Length, "-") + var minLength, maxLength int64 + if len(lengthMinMax) == 2 { + minLength, err = strconv.ParseInt(lengthMinMax[0], 10, 64) + maxLength, err2 = strconv.ParseInt(lengthMinMax[1], 10, 64) + + } else { + minLength, err = strconv.ParseInt(lengthMinMax[0], 10, 64) + maxLength = minLength + } + if err != nil { + return nil, newError("Invalid minimum length: ", err).Base(err) + } + if err2 != nil { + return nil, newError("Invalid maximum length: ", err2).Base(err2) + } + + if minInterval > maxInterval { + minInterval, maxInterval = maxInterval, minInterval + } + if minLength > maxLength { + minLength, maxLength = maxLength, minLength + } + + config.Fragment = &freedom.Fragment{ + MinInterval: int32(minInterval), + MaxInterval: int32(maxInterval), + MinLength: int32(minLength), + MaxLength: int32(maxLength), + } + + if len(c.Fragment.Packets) > 0 { + packetRange := strings.Split(c.Fragment.Packets, "-") + var startPacket, endPacket int64 + if len(packetRange) == 2 { + startPacket, err = strconv.ParseInt(packetRange[0], 10, 64) + endPacket, err2 = strconv.ParseInt(packetRange[1], 10, 64) + } else { + startPacket, err = strconv.ParseInt(packetRange[0], 10, 64) + endPacket = startPacket + } + if err != nil { + return nil, newError("Invalid start packet: ", err).Base(err) + } + if err2 != nil { + return nil, newError("Invalid end packet: ", err2).Base(err2) + } + if startPacket > endPacket { + return nil, newError("Invalid packet range: ", c.Fragment.Packets) + } + if startPacket < 1 { + return nil, newError("Cannot start from packet 0") + } + config.Fragment.StartPacket = int32(startPacket) + config.Fragment.EndPacket = int32(endPacket) + } else { + config.Fragment.StartPacket = 0 + config.Fragment.EndPacket = 0 + } + } + if c.Timeout != nil { config.Timeout = *c.Timeout } diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 0da0fb645290..958edfad159e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -617,7 +617,8 @@ type SocketConfig struct { TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` TCPWindowClamp int32 `json:"tcpWindowClamp"` - TCPMaxSeg int32 `json:"tcpMaxSeg"` + TCPMaxSeg int32 `json:"tcpMaxSeg"` + TcpNoDelay bool `json:"tcpNoDelay"` TCPUserTimeout int32 `json:"tcpUserTimeout"` V6only bool `json:"v6only"` Interface string `json:"interface"` @@ -671,7 +672,8 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, TcpWindowClamp: c.TCPWindowClamp, - TcpMaxSeg: c.TCPMaxSeg, + TcpMaxSeg: c.TCPMaxSeg, + TcpNoDelay: c.TcpNoDelay, TcpUserTimeout: c.TCPUserTimeout, V6Only: c.V6only, Interface: c.Interface, diff --git a/proxy/freedom/config.pb.go b/proxy/freedom/config.pb.go index 5c95bce7eb8e..0bfc4cba3f47 100644 --- a/proxy/freedom/config.pb.go +++ b/proxy/freedom/config.pb.go @@ -70,7 +70,7 @@ func (x Config_DomainStrategy) Number() protoreflect.EnumNumber { // Deprecated: Use Config_DomainStrategy.Descriptor instead. func (Config_DomainStrategy) EnumDescriptor() ([]byte, []int) { - return file_proxy_freedom_config_proto_rawDescGZIP(), []int{1, 0} + return file_proxy_freedom_config_proto_rawDescGZIP(), []int{2, 0} } type DestinationOverride struct { @@ -120,6 +120,93 @@ func (x *DestinationOverride) GetServer() *protocol.ServerEndpoint { return nil } +type Fragment struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MinInterval int32 `protobuf:"varint,1,opt,name=min_interval,json=minInterval,proto3" json:"min_interval,omitempty"` + MaxInterval int32 `protobuf:"varint,2,opt,name=max_interval,json=maxInterval,proto3" json:"max_interval,omitempty"` + MinLength int32 `protobuf:"varint,3,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"` + MaxLength int32 `protobuf:"varint,4,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"` + StartPacket int32 `protobuf:"varint,5,opt,name=start_packet,json=startPacket,proto3" json:"start_packet,omitempty"` + EndPacket int32 `protobuf:"varint,6,opt,name=end_packet,json=endPacket,proto3" json:"end_packet,omitempty"` +} + +func (x *Fragment) Reset() { + *x = Fragment{} + if protoimpl.UnsafeEnabled { + mi := &file_proxy_freedom_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Fragment) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Fragment) ProtoMessage() {} + +func (x *Fragment) ProtoReflect() protoreflect.Message { + mi := &file_proxy_freedom_config_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Fragment.ProtoReflect.Descriptor instead. +func (*Fragment) Descriptor() ([]byte, []int) { + return file_proxy_freedom_config_proto_rawDescGZIP(), []int{1} +} + +func (x *Fragment) GetMinInterval() int32 { + if x != nil { + return x.MinInterval + } + return 0 +} + +func (x *Fragment) GetMaxInterval() int32 { + if x != nil { + return x.MaxInterval + } + return 0 +} + +func (x *Fragment) GetMinLength() int32 { + if x != nil { + return x.MinLength + } + return 0 +} + +func (x *Fragment) GetMaxLength() int32 { + if x != nil { + return x.MaxLength + } + return 0 +} + +func (x *Fragment) GetStartPacket() int32 { + if x != nil { + return x.StartPacket + } + return 0 +} + +func (x *Fragment) GetEndPacket() int32 { + if x != nil { + return x.EndPacket + } + return 0 +} + type Config struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -130,12 +217,13 @@ type Config struct { Timeout uint32 `protobuf:"varint,2,opt,name=timeout,proto3" json:"timeout,omitempty"` DestinationOverride *DestinationOverride `protobuf:"bytes,3,opt,name=destination_override,json=destinationOverride,proto3" json:"destination_override,omitempty"` UserLevel uint32 `protobuf:"varint,4,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` + Fragment *Fragment `protobuf:"bytes,5,opt,name=fragment,proto3" json:"fragment,omitempty"` } func (x *Config) Reset() { *x = Config{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_freedom_config_proto_msgTypes[1] + mi := &file_proxy_freedom_config_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -148,7 +236,7 @@ func (x *Config) String() string { func (*Config) ProtoMessage() {} func (x *Config) ProtoReflect() protoreflect.Message { - mi := &file_proxy_freedom_config_proto_msgTypes[1] + mi := &file_proxy_freedom_config_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -161,7 +249,7 @@ func (x *Config) ProtoReflect() protoreflect.Message { // Deprecated: Use Config.ProtoReflect.Descriptor instead. func (*Config) Descriptor() ([]byte, []int) { - return file_proxy_freedom_config_proto_rawDescGZIP(), []int{1} + return file_proxy_freedom_config_proto_rawDescGZIP(), []int{2} } func (x *Config) GetDomainStrategy() Config_DomainStrategy { @@ -193,6 +281,13 @@ func (x *Config) GetUserLevel() uint32 { return 0 } +func (x *Config) GetFragment() *Fragment { + if x != nil { + return x.Fragment + } + return nil +} + var File_proxy_freedom_config_proto protoreflect.FileDescriptor var file_proxy_freedom_config_proto_rawDesc = []byte{ @@ -206,33 +301,50 @@ var file_proxy_freedom_config_proto_rawDesc = []byte{ 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0xb8, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x52, 0x0a, 0x0f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, 0x73, 0x74, - 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x78, - 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, - 0x6d, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, - 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, - 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x07, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x5a, 0x0a, 0x14, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x13, 0x64, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, - 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, 0x76, 0x65, 0x6c, - 0x22, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, - 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, - 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, - 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, - 0x36, 0x10, 0x03, 0x42, 0x58, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x50, 0x01, 0x5a, - 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, - 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x2f, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0xaa, 0x02, 0x12, 0x58, 0x72, 0x61, 0x79, 0x2e, - 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x46, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x46, 0x72, 0x61, + 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, + 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, + 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, + 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, + 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, + 0x72, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0b, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1d, 0x0a, 0x0a, + 0x65, 0x6e, 0x64, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x09, 0x65, 0x6e, 0x64, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x22, 0xf2, 0x02, 0x0a, 0x06, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52, 0x0a, 0x0f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, + 0x5f, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x29, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, + 0x65, 0x64, 0x6f, 0x6d, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x6f, 0x6d, 0x61, + 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, + 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, + 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x5a, 0x0a, 0x14, 0x64, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x2e, 0x44, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, + 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x76, 0x65, 0x72, + 0x72, 0x69, 0x64, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, + 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x12, 0x38, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x2e, 0x46, 0x72, 0x61, 0x67, 0x6d, + 0x65, 0x6e, 0x74, 0x52, 0x08, 0x66, 0x72, 0x61, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0x41, 0x0a, + 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, + 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, + 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, + 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, + 0x42, 0x58, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, + 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x66, 0x72, + 0x65, 0x65, 0x64, 0x6f, 0x6d, 0xaa, 0x02, 0x12, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x2e, 0x46, 0x72, 0x65, 0x65, 0x64, 0x6f, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -248,22 +360,24 @@ func file_proxy_freedom_config_proto_rawDescGZIP() []byte { } var file_proxy_freedom_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_proxy_freedom_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_proxy_freedom_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_proxy_freedom_config_proto_goTypes = []interface{}{ (Config_DomainStrategy)(0), // 0: xray.proxy.freedom.Config.DomainStrategy (*DestinationOverride)(nil), // 1: xray.proxy.freedom.DestinationOverride - (*Config)(nil), // 2: xray.proxy.freedom.Config - (*protocol.ServerEndpoint)(nil), // 3: xray.common.protocol.ServerEndpoint + (*Fragment)(nil), // 2: xray.proxy.freedom.Fragment + (*Config)(nil), // 3: xray.proxy.freedom.Config + (*protocol.ServerEndpoint)(nil), // 4: xray.common.protocol.ServerEndpoint } var file_proxy_freedom_config_proto_depIdxs = []int32{ - 3, // 0: xray.proxy.freedom.DestinationOverride.server:type_name -> xray.common.protocol.ServerEndpoint + 4, // 0: xray.proxy.freedom.DestinationOverride.server:type_name -> xray.common.protocol.ServerEndpoint 0, // 1: xray.proxy.freedom.Config.domain_strategy:type_name -> xray.proxy.freedom.Config.DomainStrategy 1, // 2: xray.proxy.freedom.Config.destination_override:type_name -> xray.proxy.freedom.DestinationOverride - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name + 2, // 3: xray.proxy.freedom.Config.fragment:type_name -> xray.proxy.freedom.Fragment + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name } func init() { file_proxy_freedom_config_proto_init() } @@ -285,6 +399,18 @@ func file_proxy_freedom_config_proto_init() { } } file_proxy_freedom_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Fragment); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proxy_freedom_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Config); i { case 0: return &v.state @@ -303,7 +429,7 @@ func file_proxy_freedom_config_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proxy_freedom_config_proto_rawDesc, NumEnums: 1, - NumMessages: 2, + NumMessages: 3, NumExtensions: 0, NumServices: 0, }, diff --git a/proxy/freedom/config.proto b/proxy/freedom/config.proto index 7578a43fba12..4422edd3a2e5 100644 --- a/proxy/freedom/config.proto +++ b/proxy/freedom/config.proto @@ -12,6 +12,15 @@ message DestinationOverride { xray.common.protocol.ServerEndpoint server = 1; } +message Fragment { + int32 min_interval = 1; + int32 max_interval = 2; + int32 min_length = 3; + int32 max_length = 4; + int32 start_packet = 5; + int32 end_packet = 6; +} + message Config { enum DomainStrategy { AS_IS = 0; @@ -23,4 +32,5 @@ message Config { uint32 timeout = 2 [deprecated = true]; DestinationOverride destination_override = 3; uint32 user_level = 4; + Fragment fragment = 5; } diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index 93804a814384..d5d147bd8382 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -4,6 +4,9 @@ package freedom import ( "context" + "crypto/rand" + "io" + "math/big" "time" "github.com/xtls/xray-core/common" @@ -169,7 +172,21 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var writer buf.Writer if destination.Network == net.Network_TCP { - writer = buf.NewWriter(conn) + if h.config.Fragment != nil { + writer = buf.NewWriter( + &FragmentWriter{ + Writer: conn, + minLength: int(h.config.Fragment.MinLength), + maxLength: int(h.config.Fragment.MaxLength), + minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, + maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, + startPacket: int(h.config.Fragment.StartPacket), + endPacket: int(h.config.Fragment.EndPacket), + PacketCount: 0, + }) + } else { + writer = buf.NewWriter(conn) + } } else { writer = NewPacketWriter(conn, h, ctx, UDPOverride) } @@ -324,3 +341,50 @@ func (w *PacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { } return nil } + +type FragmentWriter struct { + io.Writer + minLength int + maxLength int + minInterval time.Duration + maxInterval time.Duration + startPacket int + endPacket int + PacketCount int +} + +func (w *FragmentWriter) Write(buf []byte) (int, error) { + w.PacketCount += 1 + if (w.startPacket != 0 && (w.PacketCount < w.startPacket || w.PacketCount > w.endPacket)) || len(buf) <= w.minLength { + return w.Writer.Write(buf) + } + + nTotal := 0 + for { + randomBytesTo := int(randBetween(int64(w.minLength), int64(w.maxLength))) + nTotal + if randomBytesTo > len(buf) { + randomBytesTo = len(buf) + } + n, err := w.Writer.Write(buf[nTotal:randomBytesTo]) + if err != nil { + return nTotal + n, err + } + nTotal += n + + if nTotal >= len(buf) { + return nTotal, nil + } + + randomInterval := randBetween(int64(w.minInterval), int64(w.maxInterval)) + time.Sleep(time.Duration(randomInterval)) + } +} + +// stolen from github.com/xtls/xray-core/transport/internet/reality +func randBetween(left int64, right int64) int64 { + if left == right { + return left + } + bigInt, _ := rand.Int(rand.Reader, big.NewInt(right-left)) + return left + bigInt.Int64() +} diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 1d16101c361c..20b582c6fc48 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v4.22.0 +// protoc v3.12.4 // source: transport/internet/config.proto package internet @@ -430,6 +430,7 @@ type SocketConfig struct { TcpWindowClamp int32 `protobuf:"varint,15,opt,name=tcp_window_clamp,json=tcpWindowClamp,proto3" json:"tcp_window_clamp,omitempty"` TcpUserTimeout int32 `protobuf:"varint,16,opt,name=tcp_user_timeout,json=tcpUserTimeout,proto3" json:"tcp_user_timeout,omitempty"` TcpMaxSeg int32 `protobuf:"varint,17,opt,name=tcp_max_seg,json=tcpMaxSeg,proto3" json:"tcp_max_seg,omitempty"` + TcpNoDelay bool `protobuf:"varint,18,opt,name=tcp_no_delay,json=tcpNoDelay,proto3" json:"tcp_no_delay,omitempty"` } func (x *SocketConfig) Reset() { @@ -583,6 +584,13 @@ func (x *SocketConfig) GetTcpMaxSeg() int32 { return 0 } +func (x *SocketConfig) GetTcpNoDelay() bool { + if x != nil { + return x.TcpNoDelay + } + return false +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -635,7 +643,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x92, 0x06, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xb4, 0x06, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -681,27 +689,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x18, 0x10, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, 0x70, 0x55, 0x73, 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x65, 0x67, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x63, 0x70, - 0x4d, 0x61, 0x78, 0x53, 0x65, 0x67, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, - 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, - 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, - 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, - 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, - 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, - 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, - 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, - 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, - 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, - 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x4d, 0x61, 0x78, 0x53, 0x65, 0x67, 0x12, 0x20, 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, 0x6e, 0x6f, + 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x74, 0x63, + 0x70, 0x4e, 0x6f, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, + 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, + 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, + 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, + 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, + 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, + 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, + 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, + 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, + 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, + 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index cbfd7b54facf..7fdc8ca20b78 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -108,4 +108,6 @@ message SocketConfig { int32 tcp_user_timeout = 16; int32 tcp_max_seg = 17; + + bool tcp_no_delay = 18; } diff --git a/transport/internet/sockopt_darwin.go b/transport/internet/sockopt_darwin.go index 5a50efa73ca9..37ced27b6a33 100644 --- a/transport/internet/sockopt_darwin.go +++ b/transport/internet/sockopt_darwin.go @@ -126,6 +126,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to unset SO_KEEPALIVE", err) } } + + if config.TcpNoDelay { + if err := unix.SetsockoptInt(int(fd), unix.IPPROTO_TCP, unix.TCP_NODELAY, 1); err != nil { + return newError("failed to set TCP_NODELAY", err) + } + } } return nil diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index 01888e946966..56f24be8bad8 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -101,6 +101,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } } + if config.TcpNoDelay { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_NODELAY, 1); err != nil { + return newError("failed to set TCP_NODELAY", err) + } + } + } if config.Tproxy.IsEnabled() { diff --git a/transport/internet/sockopt_windows.go b/transport/internet/sockopt_windows.go index ccc7b039253e..703a53c2f9b1 100644 --- a/transport/internet/sockopt_windows.go +++ b/transport/internet/sockopt_windows.go @@ -34,6 +34,11 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to unset SO_KEEPALIVE", err) } } + if config.TcpNoDelay { + if err := syscall.SetsockoptInt(syscall.Handle(fd), syscall.IPPROTO_TCP, syscall.TCP_NODELAY, 1); err != nil { + return newError("failed to set TCP_NODELAY", err) + } + } } return nil From 6b8e36f6eeacd6cd348547a9bde17b935720ae11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 00:59:03 +0000 Subject: [PATCH 133/226] Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 41fa574e195b..5d0690976b25 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.2.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb - github.com/stretchr/testify v1.8.3 + github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 diff --git a/go.sum b/go.sum index 961f7d70c475..8efc6300c5f4 100644 --- a/go.sum +++ b/go.sum @@ -178,8 +178,8 @@ github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= From 86b4b81f1d126e9bb3c463c987e54e12a0177d02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 00:59:07 +0000 Subject: [PATCH 134/226] Bump github.com/quic-go/quic-go from 0.34.0 to 0.35.1 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.34.0 to 0.35.1. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.34.0...v0.35.1) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- app/dns/nameserver_quic.go | 2 +- go.mod | 2 +- go.sum | 4 ++-- transport/internet/quic/dialer.go | 16 ++++++++-------- transport/internet/quic/hub.go | 17 +++++++++-------- transport/internet/quic/qlogWriter.go | 4 +++- 6 files changed, 24 insertions(+), 21 deletions(-) diff --git a/app/dns/nameserver_quic.go b/app/dns/nameserver_quic.go index a362ec849a32..a312b7845154 100644 --- a/app/dns/nameserver_quic.go +++ b/app/dns/nameserver_quic.go @@ -374,7 +374,7 @@ func (s *QUICNameServer) openConnection() (quic.Connection, error) { HandshakeIdleTimeout: handshakeTimeout, } - conn, err := quic.DialAddrContext(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig) + conn, err := quic.DialAddr(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig) log.Record(&log.AccessMessage{ From: "DNS", To: s.destination, diff --git a/go.mod b/go.mod index 5d0690976b25..883de3c9b603 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.54 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.34.0 + github.com/quic-go/quic-go v0.35.1 github.com/refraction-networking/utls v1.3.2 github.com/sagernet/sing v0.2.4 github.com/sagernet/sing-shadowsocks v0.2.1 diff --git a/go.sum b/go.sum index 8efc6300c5f4..135e85e26b52 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.34.0 h1:OvOJ9LFjTySgwOTYUZmNoq0FzVicP8YujpV0kB7m2lU= -github.com/quic-go/quic-go v0.34.0/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g= +github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo= +github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g= github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 0b9483ce8c75..f0d8e4e1331b 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -2,7 +2,6 @@ package quic import ( "context" - "io" "sync" "time" @@ -140,15 +139,13 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add } quicConfig := &quic.Config{ - ConnectionIDLength: 12, KeepAlivePeriod: 0, HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, - Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { - return &QlogWriter{connID: connID} - }), + Tracer: func(ctx context.Context, p logging.Perspective, ci quic.ConnectionID) logging.ConnectionTracer { + return qlog.NewConnectionTracer( &QlogWriter{connID: ci}, p, ci); + }, } - udpConn, _ := rawConn.(*net.UDPConn) if udpConn == nil { udpConn = rawConn.(*internet.PacketConnWrapper).Conn.(*net.UDPConn) @@ -158,8 +155,11 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add rawConn.Close() return nil, err } - - conn, err := quic.DialContext(context.Background(), sysConn, destAddr, "", tlsConfig.GetTLSConfig(tls.WithDestination(dest)), quicConfig) + tr := quic.Transport{ + ConnectionIDLength: 12, + Conn: sysConn, + } + conn, err := tr.Dial(context.Background(), destAddr, tlsConfig.GetTLSConfig(tls.WithDestination(dest)), quicConfig) if err != nil { sysConn.Close() return nil, err diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 9b6481c52732..15f072ec1d8f 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -2,7 +2,6 @@ package quic import ( "context" - "io" "time" "github.com/quic-go/quic-go" @@ -19,7 +18,7 @@ import ( // Listener is an internet.Listener that listens for TCP connections. type Listener struct { rawConn *sysConn - listener quic.Listener + listener *quic.Listener done *done.Instance addConn internet.ConnHandler } @@ -104,15 +103,14 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti } quicConfig := &quic.Config{ - ConnectionIDLength: 12, KeepAlivePeriod: 0, HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, MaxIncomingStreams: 32, MaxIncomingUniStreams: -1, - Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { - return &QlogWriter{connID: connID} - }), + Tracer: func(ctx context.Context, p logging.Perspective, ci quic.ConnectionID) logging.ConnectionTracer { + return qlog.NewConnectionTracer( &QlogWriter{connID: ci}, p, ci); + }, } conn, err := wrapSysConn(rawConn.(*net.UDPConn), config) @@ -120,8 +118,11 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti conn.Close() return nil, err } - - qListener, err := quic.Listen(conn, tlsConfig.GetTLSConfig(), quicConfig) + tr := quic.Transport{ + ConnectionIDLength: 12, + Conn: conn, + } + qListener, err := tr.Listen(tlsConfig.GetTLSConfig(), quicConfig) if err != nil { conn.Close() return nil, err diff --git a/transport/internet/quic/qlogWriter.go b/transport/internet/quic/qlogWriter.go index dd13f419184d..54284d29cea6 100644 --- a/transport/internet/quic/qlogWriter.go +++ b/transport/internet/quic/qlogWriter.go @@ -1,7 +1,9 @@ package quic +import "github.com/quic-go/quic-go" + type QlogWriter struct { - connID []byte + connID quic.ConnectionID } func (w *QlogWriter) Write(b []byte) (int, error) { From a4e80f01e4c6fe6973fa4fc6cce0caf1843d183c Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 4 Jun 2023 08:45:38 -0400 Subject: [PATCH 135/226] Add tls serverName to DoQ --- app/dns/nameserver_quic.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/dns/nameserver_quic.go b/app/dns/nameserver_quic.go index a312b7845154..e82a6a3de0d0 100644 --- a/app/dns/nameserver_quic.go +++ b/app/dns/nameserver_quic.go @@ -373,7 +373,7 @@ func (s *QUICNameServer) openConnection() (quic.Connection, error) { quicConfig := &quic.Config{ HandshakeIdleTimeout: handshakeTimeout, } - + tlsConfig.ServerName = s.destination.Address.String() conn, err := quic.DialAddr(context.Background(), s.destination.NetAddr(), tlsConfig.GetTLSConfig(tls.WithNextProto("http/1.1", http2.NextProtoTLS, NextProtoDQ)), quicConfig) log.Record(&log.AccessMessage{ From: "DNS", From 038f849dd314c60524f46f2db5a06f7f51562602 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 7 Jun 2023 18:33:16 +0000 Subject: [PATCH 136/226] Update README.md Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Co-authored-by: yiguous <133725318+yiguous@users.noreply.github.com> --- README.md | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index bcbd7039009f..00a2a8116e5e 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,8 @@ - [Marzban](https://github.com/Gozargah/Marzban) - [Libertea](https://github.com/VZiChoushaDui/Libertea) - One Click - - [Xray-script](https://github.com/kirin10000/Xray-script), [Xray-REALITY](https://github.com/zxcvos/Xray-script), [LetsXray](https://github.com/tdjnodj/LetsXray) - - [XTool](https://github.com/LordPenguin666/XTool), [Xray_bash_onekey](https://github.com/hello-yunshu/Xray_bash_onekey), [xray-reality](https://github.com/sajjaddg/xray-reality) + - [Xray-REALITY](https://github.com/zxcvos/Xray-script), [xray-reality](https://github.com/sajjaddg/xray-reality), [reality-ezpz](https://github.com/aleskxyz/reality-ezpz) + - [Xray-script](https://github.com/kirin10000/Xray-script), [Xray_bash_onekey](https://github.com/hello-yunshu/Xray_bash_onekey), [XTool](https://github.com/LordPenguin666/XTool) - [v2ray-agent](https://github.com/mack-a/v2ray-agent), [Xray_onekey](https://github.com/wulabing/Xray_onekey), [ProxySU](https://github.com/proxysu/ProxySU) - Magisk - [Xray4Magisk](https://github.com/Asterisk4Magisk/Xray4Magisk) @@ -82,8 +82,8 @@ - iOS & macOS arm64 - [Shadowrocket](https://apps.apple.com/app/shadowrocket/id932747118) - - [Stash](https://apps.apple.com/app/stash/id1596063349) - Xray Wrapper + - [XTLS/libXray](https://github.com/XTLS/libXray) - [xtlsapi](https://github.com/hiddify/xtlsapi) - [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite) - [XrayKit](https://github.com/arror/XrayKit) @@ -106,23 +106,8 @@ ## Credits -This repo relies on the following third-party projects: - -- Special thanks: - - [v2fly/v2ray-core](https://github.com/v2fly/v2ray-core) -- In production: - - [ghodss/yaml](https://github.com/ghodss/yaml) - - [gorilla/websocket](https://github.com/gorilla/websocket) - - [quic-go/quic-go](https://github.com/quic-go/quic-go) - - [pelletier/go-toml](https://github.com/pelletier/go-toml) - - [pires/go-proxyproto](https://github.com/pires/go-proxyproto) - - [refraction-networking/utls](https://github.com/refraction-networking/utls) - - [seiflotfy/cuckoofilter](https://github.com/seiflotfy/cuckoofilter) - - [google/starlark-go](https://github.com/google/starlark-go) -- For testing only: - - [miekg/dns](https://github.com/miekg/dns) - - [stretchr/testify](https://github.com/stretchr/testify) - - [h12w/socks](https://github.com/h12w/socks) +- [Xray-core v1.0.0](https://github.com/XTLS/Xray-core/releases/tag/v1.0.0) was forked from [v2fly-core 9a03cc5](https://github.com/v2fly/v2ray-core/commit/9a03cc5c98d04cc28320fcee26dbc236b3291256), and we have made & accumulated a huge number of enhancements over time, check [the release notes for each version](https://github.com/XTLS/Xray-core/releases). +- For third-party projects used in [Xray-core](https://github.com/XTLS/Xray-core), check your local or [the latest go.mod](https://github.com/XTLS/Xray-core/blob/main/go.mod). ## Compilation From c9f517108cd731056383ee21effd742a3e86f87c Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Tue, 6 Jun 2023 23:38:34 -0400 Subject: [PATCH 137/226] Remove mtproto --- infra/conf/mtproto.go | 67 -------- infra/conf/mtproto_test.go | 40 ----- infra/conf/xray.go | 2 - main/distro/all/all.go | 1 - proxy/mtproto/auth.go | 148 ---------------- proxy/mtproto/auth_test.go | 52 ------ proxy/mtproto/client.go | 76 --------- proxy/mtproto/config.go | 24 --- proxy/mtproto/config.pb.go | 272 ------------------------------ proxy/mtproto/config.proto | 22 --- proxy/mtproto/errors.generated.go | 9 - proxy/mtproto/mtproto.go | 3 - proxy/mtproto/server.go | 160 ------------------ 13 files changed, 876 deletions(-) delete mode 100644 infra/conf/mtproto.go delete mode 100644 infra/conf/mtproto_test.go delete mode 100644 proxy/mtproto/auth.go delete mode 100644 proxy/mtproto/auth_test.go delete mode 100644 proxy/mtproto/client.go delete mode 100644 proxy/mtproto/config.go delete mode 100644 proxy/mtproto/config.pb.go delete mode 100644 proxy/mtproto/config.proto delete mode 100644 proxy/mtproto/errors.generated.go delete mode 100644 proxy/mtproto/mtproto.go delete mode 100644 proxy/mtproto/server.go diff --git a/infra/conf/mtproto.go b/infra/conf/mtproto.go deleted file mode 100644 index 88b02af59f59..000000000000 --- a/infra/conf/mtproto.go +++ /dev/null @@ -1,67 +0,0 @@ -package conf - -import ( - "encoding/hex" - "encoding/json" - - "github.com/golang/protobuf/proto" - "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/serial" - "github.com/xtls/xray-core/proxy/mtproto" -) - -type MTProtoAccount struct { - Secret string `json:"secret"` -} - -// Build implements Buildable -func (a *MTProtoAccount) Build() (*mtproto.Account, error) { - if len(a.Secret) != 32 { - return nil, newError("MTProto secret must have 32 chars") - } - secret, err := hex.DecodeString(a.Secret) - if err != nil { - return nil, newError("failed to decode secret: ", a.Secret).Base(err) - } - return &mtproto.Account{ - Secret: secret, - }, nil -} - -type MTProtoServerConfig struct { - Users []json.RawMessage `json:"users"` -} - -func (c *MTProtoServerConfig) Build() (proto.Message, error) { - config := &mtproto.ServerConfig{} - - if len(c.Users) == 0 { - return nil, newError("zero MTProto users configured.") - } - config.User = make([]*protocol.User, len(c.Users)) - for idx, rawData := range c.Users { - user := new(protocol.User) - if err := json.Unmarshal(rawData, user); err != nil { - return nil, newError("invalid MTProto user").Base(err) - } - account := new(MTProtoAccount) - if err := json.Unmarshal(rawData, account); err != nil { - return nil, newError("invalid MTProto user").Base(err) - } - accountProto, err := account.Build() - if err != nil { - return nil, newError("failed to parse MTProto user").Base(err) - } - user.Account = serial.ToTypedMessage(accountProto) - config.User[idx] = user - } - - return config, nil -} - -type MTProtoClientConfig struct{} - -func (c *MTProtoClientConfig) Build() (proto.Message, error) { - config := new(mtproto.ClientConfig) - return config, nil -} diff --git a/infra/conf/mtproto_test.go b/infra/conf/mtproto_test.go deleted file mode 100644 index f44cb19a65ef..000000000000 --- a/infra/conf/mtproto_test.go +++ /dev/null @@ -1,40 +0,0 @@ -package conf_test - -import ( - "testing" - - "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/serial" - . "github.com/xtls/xray-core/infra/conf" - "github.com/xtls/xray-core/proxy/mtproto" -) - -func TestMTProtoServerConfig(t *testing.T) { - creator := func() Buildable { - return new(MTProtoServerConfig) - } - - runMultiTestCase(t, []TestCase{ - { - Input: `{ - "users": [{ - "email": "love@example.com", - "level": 1, - "secret": "b0cbcef5a486d9636472ac27f8e11a9d" - }] - }`, - Parser: loadJSON(creator), - Output: &mtproto.ServerConfig{ - User: []*protocol.User{ - { - Email: "love@example.com", - Level: 1, - Account: serial.ToTypedMessage(&mtproto.Account{ - Secret: []byte{176, 203, 206, 245, 164, 134, 217, 99, 100, 114, 172, 39, 248, 225, 26, 157}, - }), - }, - }, - }, - }, - }) -} diff --git a/infra/conf/xray.go b/infra/conf/xray.go index 8b6d05f42d35..7bfc53e36325 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -24,7 +24,6 @@ var ( "vless": func() interface{} { return new(VLessInboundConfig) }, "vmess": func() interface{} { return new(VMessInboundConfig) }, "trojan": func() interface{} { return new(TrojanServerConfig) }, - "mtproto": func() interface{} { return new(MTProtoServerConfig) }, }, "protocol", "settings") outboundConfigLoader = NewJSONConfigLoader(ConfigCreatorCache{ @@ -37,7 +36,6 @@ var ( "vless": func() interface{} { return new(VLessOutboundConfig) }, "vmess": func() interface{} { return new(VMessOutboundConfig) }, "trojan": func() interface{} { return new(TrojanClientConfig) }, - "mtproto": func() interface{} { return new(MTProtoClientConfig) }, "dns": func() interface{} { return new(DNSOutboundConfig) }, "wireguard": func() interface{} { return new(WireGuardConfig) }, }, "protocol", "settings") diff --git a/main/distro/all/all.go b/main/distro/all/all.go index 0e38fcf6643c..d383e043ab02 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -40,7 +40,6 @@ import ( _ "github.com/xtls/xray-core/proxy/freedom" _ "github.com/xtls/xray-core/proxy/http" _ "github.com/xtls/xray-core/proxy/loopback" - _ "github.com/xtls/xray-core/proxy/mtproto" _ "github.com/xtls/xray-core/proxy/shadowsocks" _ "github.com/xtls/xray-core/proxy/socks" _ "github.com/xtls/xray-core/proxy/trojan" diff --git a/proxy/mtproto/auth.go b/proxy/mtproto/auth.go deleted file mode 100644 index cdd66d6f844c..000000000000 --- a/proxy/mtproto/auth.go +++ /dev/null @@ -1,148 +0,0 @@ -package mtproto - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "io" - "sync" - - "github.com/xtls/xray-core/common" -) - -const ( - HeaderSize = 64 -) - -type SessionContext struct { - ConnectionType [4]byte - DataCenterID uint16 -} - -func DefaultSessionContext() SessionContext { - return SessionContext{ - ConnectionType: [4]byte{0xef, 0xef, 0xef, 0xef}, - DataCenterID: 0, - } -} - -type contextKey int32 - -const ( - sessionContextKey contextKey = iota -) - -func ContextWithSessionContext(ctx context.Context, c SessionContext) context.Context { - return context.WithValue(ctx, sessionContextKey, c) -} - -func SessionContextFromContext(ctx context.Context) SessionContext { - if c := ctx.Value(sessionContextKey); c != nil { - return c.(SessionContext) - } - return DefaultSessionContext() -} - -type Authentication struct { - Header [HeaderSize]byte - DecodingKey [32]byte - EncodingKey [32]byte - DecodingNonce [16]byte - EncodingNonce [16]byte -} - -func (a *Authentication) DataCenterID() uint16 { - x := ((int16(a.Header[61]) << 8) | int16(a.Header[60])) - if x < 0 { - x = -x - } - return uint16(x) - 1 -} - -func (a *Authentication) ConnectionType() [4]byte { - var x [4]byte - copy(x[:], a.Header[56:60]) - return x -} - -func (a *Authentication) ApplySecret(b []byte) { - a.DecodingKey = sha256.Sum256(append(a.DecodingKey[:], b...)) - a.EncodingKey = sha256.Sum256(append(a.EncodingKey[:], b...)) -} - -func generateRandomBytes(random []byte, connType [4]byte) { - for { - common.Must2(rand.Read(random)) - - if random[0] == 0xef { - continue - } - - val := (uint32(random[3]) << 24) | (uint32(random[2]) << 16) | (uint32(random[1]) << 8) | uint32(random[0]) - if val == 0x44414548 || val == 0x54534f50 || val == 0x20544547 || val == 0x4954504f || val == 0xeeeeeeee { - continue - } - - if (uint32(random[7])<<24)|(uint32(random[6])<<16)|(uint32(random[5])<<8)|uint32(random[4]) == 0x00000000 { - continue - } - - copy(random[56:60], connType[:]) - - return - } -} - -func NewAuthentication(sc SessionContext) *Authentication { - auth := getAuthenticationObject() - random := auth.Header[:] - generateRandomBytes(random, sc.ConnectionType) - copy(auth.EncodingKey[:], random[8:]) - copy(auth.EncodingNonce[:], random[8+32:]) - keyivInverse := Inverse(random[8 : 8+32+16]) - copy(auth.DecodingKey[:], keyivInverse) - copy(auth.DecodingNonce[:], keyivInverse[32:]) - return auth -} - -func ReadAuthentication(reader io.Reader) (*Authentication, error) { - auth := getAuthenticationObject() - - if _, err := io.ReadFull(reader, auth.Header[:]); err != nil { - putAuthenticationObject(auth) - return nil, err - } - - copy(auth.DecodingKey[:], auth.Header[8:]) - copy(auth.DecodingNonce[:], auth.Header[8+32:]) - keyivInverse := Inverse(auth.Header[8 : 8+32+16]) - copy(auth.EncodingKey[:], keyivInverse) - copy(auth.EncodingNonce[:], keyivInverse[32:]) - - return auth, nil -} - -// Inverse returns a new byte array. It is a sequence of bytes when the input is read from end to beginning.Inverse -// Visible for testing only. -func Inverse(b []byte) []byte { - lenb := len(b) - b2 := make([]byte, lenb) - for i, v := range b { - b2[lenb-i-1] = v - } - return b2 -} - -var authPool = sync.Pool{ - New: func() interface{} { - return new(Authentication) - }, -} - -func getAuthenticationObject() *Authentication { - return authPool.Get().(*Authentication) -} - -func putAuthenticationObject(auth *Authentication) { - authPool.Put(auth) -} diff --git a/proxy/mtproto/auth_test.go b/proxy/mtproto/auth_test.go deleted file mode 100644 index a05bc7434496..000000000000 --- a/proxy/mtproto/auth_test.go +++ /dev/null @@ -1,52 +0,0 @@ -package mtproto_test - -import ( - "bytes" - "crypto/rand" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/xtls/xray-core/common" - . "github.com/xtls/xray-core/proxy/mtproto" -) - -func TestInverse(t *testing.T) { - const size = 64 - b := make([]byte, 64) - for b[0] == b[size-1] { - common.Must2(rand.Read(b)) - } - - bi := Inverse(b) - if b[0] == bi[0] { - t.Fatal("seems bytes are not inversed: ", b[0], "vs", bi[0]) - } - - bii := Inverse(bi) - if r := cmp.Diff(bii, b); r != "" { - t.Fatal(r) - } -} - -func TestAuthenticationReadWrite(t *testing.T) { - a := NewAuthentication(DefaultSessionContext()) - b := bytes.NewReader(a.Header[:]) - a2, err := ReadAuthentication(b) - common.Must(err) - - if r := cmp.Diff(a.EncodingKey[:], a2.DecodingKey[:]); r != "" { - t.Error("decoding key: ", r) - } - - if r := cmp.Diff(a.EncodingNonce[:], a2.DecodingNonce[:]); r != "" { - t.Error("decoding nonce: ", r) - } - - if r := cmp.Diff(a.DecodingKey[:], a2.EncodingKey[:]); r != "" { - t.Error("encoding key: ", r) - } - - if r := cmp.Diff(a.DecodingNonce[:], a2.EncodingNonce[:]); r != "" { - t.Error("encoding nonce: ", r) - } -} diff --git a/proxy/mtproto/client.go b/proxy/mtproto/client.go deleted file mode 100644 index 6825fdaeb2f7..000000000000 --- a/proxy/mtproto/client.go +++ /dev/null @@ -1,76 +0,0 @@ -package mtproto - -import ( - "context" - - "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/buf" - "github.com/xtls/xray-core/common/crypto" - "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/session" - "github.com/xtls/xray-core/common/task" - "github.com/xtls/xray-core/transport" - "github.com/xtls/xray-core/transport/internet" -) - -type Client struct{} - -func NewClient(ctx context.Context, config *ClientConfig) (*Client, error) { - return &Client{}, nil -} - -func (c *Client) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error { - outbound := session.OutboundFromContext(ctx) - if outbound == nil || !outbound.Target.IsValid() { - return newError("unknown destination.") - } - dest := outbound.Target - if dest.Network != net.Network_TCP { - return newError("not TCP traffic", dest) - } - - conn, err := dialer.Dial(ctx, dest) - if err != nil { - return newError("failed to dial to ", dest).Base(err).AtWarning() - } - defer conn.Close() - - sc := SessionContextFromContext(ctx) - auth := NewAuthentication(sc) - defer putAuthenticationObject(auth) - - request := func() error { - encryptor := crypto.NewAesCTRStream(auth.EncodingKey[:], auth.EncodingNonce[:]) - - var header [HeaderSize]byte - encryptor.XORKeyStream(header[:], auth.Header[:]) - copy(header[:56], auth.Header[:]) - - if _, err := conn.Write(header[:]); err != nil { - return newError("failed to write auth header").Base(err) - } - - connWriter := buf.NewWriter(crypto.NewCryptionWriter(encryptor, conn)) - return buf.Copy(link.Reader, connWriter) - } - - response := func() error { - decryptor := crypto.NewAesCTRStream(auth.DecodingKey[:], auth.DecodingNonce[:]) - - connReader := buf.NewReader(crypto.NewCryptionReader(decryptor, conn)) - return buf.Copy(connReader, link.Writer) - } - - responseDoneAndCloseWriter := task.OnSuccess(response, task.Close(link.Writer)) - if err := task.Run(ctx, request, responseDoneAndCloseWriter); err != nil { - return newError("connection ends").Base(err) - } - - return nil -} - -func init() { - common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { - return NewClient(ctx, config.(*ClientConfig)) - })) -} diff --git a/proxy/mtproto/config.go b/proxy/mtproto/config.go deleted file mode 100644 index fcd203d709f7..000000000000 --- a/proxy/mtproto/config.go +++ /dev/null @@ -1,24 +0,0 @@ -package mtproto - -import ( - "github.com/xtls/xray-core/common/protocol" -) - -func (a *Account) Equals(another protocol.Account) bool { - aa, ok := another.(*Account) - if !ok { - return false - } - - if len(a.Secret) != len(aa.Secret) { - return false - } - - for i, v := range a.Secret { - if v != aa.Secret[i] { - return false - } - } - - return true -} diff --git a/proxy/mtproto/config.pb.go b/proxy/mtproto/config.pb.go deleted file mode 100644 index 425c76726c61..000000000000 --- a/proxy/mtproto/config.pb.go +++ /dev/null @@ -1,272 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 -// source: proxy/mtproto/config.proto - -package mtproto - -import ( - protocol "github.com/xtls/xray-core/common/protocol" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Account struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Secret []byte `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` -} - -func (x *Account) Reset() { - *x = Account{} - if protoimpl.UnsafeEnabled { - mi := &file_proxy_mtproto_config_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Account) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Account) ProtoMessage() {} - -func (x *Account) ProtoReflect() protoreflect.Message { - mi := &file_proxy_mtproto_config_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Account.ProtoReflect.Descriptor instead. -func (*Account) Descriptor() ([]byte, []int) { - return file_proxy_mtproto_config_proto_rawDescGZIP(), []int{0} -} - -func (x *Account) GetSecret() []byte { - if x != nil { - return x.Secret - } - return nil -} - -type ServerConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // User is a list of users that allowed to connect to this inbound. - // Although this is a repeated field, only the first user is effective for - // now. - User []*protocol.User `protobuf:"bytes,1,rep,name=user,proto3" json:"user,omitempty"` -} - -func (x *ServerConfig) Reset() { - *x = ServerConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_proxy_mtproto_config_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServerConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServerConfig) ProtoMessage() {} - -func (x *ServerConfig) ProtoReflect() protoreflect.Message { - mi := &file_proxy_mtproto_config_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServerConfig.ProtoReflect.Descriptor instead. -func (*ServerConfig) Descriptor() ([]byte, []int) { - return file_proxy_mtproto_config_proto_rawDescGZIP(), []int{1} -} - -func (x *ServerConfig) GetUser() []*protocol.User { - if x != nil { - return x.User - } - return nil -} - -type ClientConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *ClientConfig) Reset() { - *x = ClientConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_proxy_mtproto_config_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ClientConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ClientConfig) ProtoMessage() {} - -func (x *ClientConfig) ProtoReflect() protoreflect.Message { - mi := &file_proxy_mtproto_config_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ClientConfig.ProtoReflect.Descriptor instead. -func (*ClientConfig) Descriptor() ([]byte, []int) { - return file_proxy_mtproto_config_proto_rawDescGZIP(), []int{2} -} - -var File_proxy_mtproto_config_proto protoreflect.FileDescriptor - -var file_proxy_mtproto_config_proto_rawDesc = []byte{ - 0x0a, 0x1a, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x6d, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x78, 0x72, - 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x6d, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1a, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x21, 0x0a, 0x07, - 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, - 0x3e, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, - 0x2e, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x22, - 0x0e, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, - 0x58, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x6d, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, - 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x6d, 0x74, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0xaa, 0x02, 0x12, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x4d, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_proxy_mtproto_config_proto_rawDescOnce sync.Once - file_proxy_mtproto_config_proto_rawDescData = file_proxy_mtproto_config_proto_rawDesc -) - -func file_proxy_mtproto_config_proto_rawDescGZIP() []byte { - file_proxy_mtproto_config_proto_rawDescOnce.Do(func() { - file_proxy_mtproto_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_proxy_mtproto_config_proto_rawDescData) - }) - return file_proxy_mtproto_config_proto_rawDescData -} - -var file_proxy_mtproto_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_proxy_mtproto_config_proto_goTypes = []interface{}{ - (*Account)(nil), // 0: xray.proxy.mtproto.Account - (*ServerConfig)(nil), // 1: xray.proxy.mtproto.ServerConfig - (*ClientConfig)(nil), // 2: xray.proxy.mtproto.ClientConfig - (*protocol.User)(nil), // 3: xray.common.protocol.User -} -var file_proxy_mtproto_config_proto_depIdxs = []int32{ - 3, // 0: xray.proxy.mtproto.ServerConfig.user:type_name -> xray.common.protocol.User - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_proxy_mtproto_config_proto_init() } -func file_proxy_mtproto_config_proto_init() { - if File_proxy_mtproto_config_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_proxy_mtproto_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Account); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proxy_mtproto_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServerConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_proxy_mtproto_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_proxy_mtproto_config_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_proxy_mtproto_config_proto_goTypes, - DependencyIndexes: file_proxy_mtproto_config_proto_depIdxs, - MessageInfos: file_proxy_mtproto_config_proto_msgTypes, - }.Build() - File_proxy_mtproto_config_proto = out.File - file_proxy_mtproto_config_proto_rawDesc = nil - file_proxy_mtproto_config_proto_goTypes = nil - file_proxy_mtproto_config_proto_depIdxs = nil -} diff --git a/proxy/mtproto/config.proto b/proxy/mtproto/config.proto deleted file mode 100644 index 65997bc00fda..000000000000 --- a/proxy/mtproto/config.proto +++ /dev/null @@ -1,22 +0,0 @@ -syntax = "proto3"; - -package xray.proxy.mtproto; -option csharp_namespace = "Xray.Proxy.Mtproto"; -option go_package = "github.com/xtls/xray-core/proxy/mtproto"; -option java_package = "com.xray.proxy.mtproto"; -option java_multiple_files = true; - -import "common/protocol/user.proto"; - -message Account { - bytes secret = 1; -} - -message ServerConfig { - // User is a list of users that allowed to connect to this inbound. - // Although this is a repeated field, only the first user is effective for - // now. - repeated xray.common.protocol.User user = 1; -} - -message ClientConfig {} diff --git a/proxy/mtproto/errors.generated.go b/proxy/mtproto/errors.generated.go deleted file mode 100644 index 012202d67ca9..000000000000 --- a/proxy/mtproto/errors.generated.go +++ /dev/null @@ -1,9 +0,0 @@ -package mtproto - -import "github.com/xtls/xray-core/common/errors" - -type errPathObjHolder struct{} - -func newError(values ...interface{}) *errors.Error { - return errors.New(values...).WithPathObj(errPathObjHolder{}) -} diff --git a/proxy/mtproto/mtproto.go b/proxy/mtproto/mtproto.go deleted file mode 100644 index af7983a5cf62..000000000000 --- a/proxy/mtproto/mtproto.go +++ /dev/null @@ -1,3 +0,0 @@ -package mtproto - -//go:generate go run github.com/xtls/xray-core/common/errors/errorgen diff --git a/proxy/mtproto/server.go b/proxy/mtproto/server.go deleted file mode 100644 index 2079df1fa414..000000000000 --- a/proxy/mtproto/server.go +++ /dev/null @@ -1,160 +0,0 @@ -package mtproto - -import ( - "bytes" - "context" - "time" - - "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/buf" - "github.com/xtls/xray-core/common/crypto" - "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/session" - "github.com/xtls/xray-core/common/signal" - "github.com/xtls/xray-core/common/task" - "github.com/xtls/xray-core/core" - "github.com/xtls/xray-core/features/policy" - "github.com/xtls/xray-core/features/routing" - "github.com/xtls/xray-core/transport/internet/stat" -) - -var dcList = []net.Address{ - net.ParseAddress("149.154.175.50"), - net.ParseAddress("149.154.167.51"), - net.ParseAddress("149.154.175.100"), - net.ParseAddress("149.154.167.91"), - net.ParseAddress("149.154.171.5"), -} - -type Server struct { - user *protocol.User - account *Account - policy policy.Manager -} - -func NewServer(ctx context.Context, config *ServerConfig) (*Server, error) { - if len(config.User) == 0 { - return nil, newError("no user configured.") - } - - user := config.User[0] - rawAccount, err := config.User[0].GetTypedAccount() - if err != nil { - return nil, newError("invalid account").Base(err) - } - account, ok := rawAccount.(*Account) - if !ok { - return nil, newError("not a MTProto account") - } - - v := core.MustFromContext(ctx) - - return &Server{ - user: user, - account: account, - policy: v.GetFeature(policy.ManagerType()).(policy.Manager), - }, nil -} - -func (s *Server) Network() []net.Network { - return []net.Network{net.Network_TCP} -} - -var ( - ctype1 = []byte{0xef, 0xef, 0xef, 0xef} - ctype2 = []byte{0xee, 0xee, 0xee, 0xee} -) - -func isValidConnectionType(c [4]byte) bool { - if bytes.Equal(c[:], ctype1) { - return true - } - if bytes.Equal(c[:], ctype2) { - return true - } - return false -} - -func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { - sPolicy := s.policy.ForLevel(s.user.Level) - - if err := conn.SetDeadline(time.Now().Add(sPolicy.Timeouts.Handshake)); err != nil { - newError("failed to set deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - auth, err := ReadAuthentication(conn) - if err != nil { - return newError("failed to read authentication header").Base(err) - } - defer putAuthenticationObject(auth) - - if err := conn.SetDeadline(time.Time{}); err != nil { - newError("failed to clear deadline").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - - auth.ApplySecret(s.account.Secret) - - decryptor := crypto.NewAesCTRStream(auth.DecodingKey[:], auth.DecodingNonce[:]) - decryptor.XORKeyStream(auth.Header[:], auth.Header[:]) - - ct := auth.ConnectionType() - if !isValidConnectionType(ct) { - return newError("invalid connection type: ", ct) - } - - dcID := auth.DataCenterID() - if dcID >= uint16(len(dcList)) { - return newError("invalid datacenter id: ", dcID) - } - - dest := net.Destination{ - Network: net.Network_TCP, - Address: dcList[dcID], - Port: net.Port(443), - } - - ctx, cancel := context.WithCancel(ctx) - timer := signal.CancelAfterInactivity(ctx, cancel, sPolicy.Timeouts.ConnectionIdle) - ctx = policy.ContextWithBufferPolicy(ctx, sPolicy.Buffer) - - sc := SessionContext{ - ConnectionType: ct, - DataCenterID: dcID, - } - ctx = ContextWithSessionContext(ctx, sc) - - link, err := dispatcher.Dispatch(ctx, dest) - if err != nil { - return newError("failed to dispatch request to: ", dest).Base(err) - } - - request := func() error { - defer timer.SetTimeout(sPolicy.Timeouts.DownlinkOnly) - - reader := buf.NewReader(crypto.NewCryptionReader(decryptor, conn)) - return buf.Copy(reader, link.Writer, buf.UpdateActivity(timer)) - } - - response := func() error { - defer timer.SetTimeout(sPolicy.Timeouts.UplinkOnly) - - encryptor := crypto.NewAesCTRStream(auth.EncodingKey[:], auth.EncodingNonce[:]) - writer := buf.NewWriter(crypto.NewCryptionWriter(encryptor, conn)) - return buf.Copy(link.Reader, writer, buf.UpdateActivity(timer)) - } - - responseDoneAndCloseWriter := task.OnSuccess(response, task.Close(link.Writer)) - if err := task.Run(ctx, request, responseDoneAndCloseWriter); err != nil { - common.Interrupt(link.Reader) - common.Interrupt(link.Writer) - return newError("connection ends").Base(err) - } - - return nil -} - -func init() { - common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { - return NewServer(ctx, config.(*ServerConfig)) - })) -} From d11d72be6ccb7f7e00a3bd05755ff77743a8f413 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 21 May 2023 12:03:42 -0400 Subject: [PATCH 138/226] Update proto file and fix protoc version parsing The new protoc cli return version v23.1, so we parse the file version v4.23.1 without "4." --- app/commander/config.pb.go | 4 +- app/dispatcher/config.pb.go | 4 +- app/dns/config.pb.go | 12 +++--- app/dns/fakedns/fakedns.pb.go | 4 +- app/log/command/config.pb.go | 4 +- app/log/command/config_grpc.pb.go | 12 ++++-- app/log/config.pb.go | 4 +- app/metrics/config.pb.go | 4 +- app/observatory/command/command.pb.go | 4 +- app/observatory/command/command_grpc.pb.go | 12 ++++-- app/observatory/config.pb.go | 4 +- app/policy/config.pb.go | 4 +- app/proxyman/command/command.pb.go | 4 +- app/proxyman/command/command_grpc.pb.go | 37 ++++++++++++------- app/proxyman/config.pb.go | 8 ++-- app/reverse/config.pb.go | 4 +- app/router/command/command.pb.go | 4 +- app/router/command/command_grpc.pb.go | 15 +++++--- app/router/config.pb.go | 20 +++++----- app/stats/command/command.pb.go | 4 +- app/stats/command/command_grpc.pb.go | 22 +++++++---- app/stats/config.pb.go | 4 +- common/log/log.pb.go | 4 +- common/net/address.pb.go | 4 +- common/net/destination.pb.go | 4 +- common/net/network.pb.go | 6 +-- common/net/port.pb.go | 4 +- common/protocol/headers.pb.go | 4 +- common/protocol/server_spec.pb.go | 4 +- common/protocol/user.pb.go | 4 +- common/serial/typed_message.pb.go | 4 +- core/config.pb.go | 8 ++-- infra/vprotogen/main.go | 4 +- proxy/blackhole/config.pb.go | 4 +- proxy/dns/config.pb.go | 4 +- proxy/dokodemo/config.pb.go | 12 +++--- proxy/freedom/config.pb.go | 8 ++-- proxy/http/config.pb.go | 8 ++-- proxy/loopback/config.pb.go | 4 +- proxy/shadowsocks/config.pb.go | 4 +- proxy/shadowsocks_2022/config.pb.go | 4 +- proxy/socks/config.pb.go | 8 ++-- proxy/trojan/config.pb.go | 4 +- proxy/vless/account.pb.go | 4 +- proxy/vless/encoding/addons.pb.go | 4 +- proxy/vless/inbound/config.pb.go | 4 +- proxy/vless/outbound/config.pb.go | 4 +- proxy/vmess/account.pb.go | 4 +- proxy/vmess/inbound/config.pb.go | 4 +- proxy/vmess/outbound/config.pb.go | 4 +- proxy/wireguard/config.pb.go | 4 +- transport/global/config.pb.go | 6 +-- transport/internet/config.pb.go | 12 +++--- transport/internet/domainsocket/config.pb.go | 4 +- transport/internet/grpc/config.pb.go | 4 +- transport/internet/grpc/encoding/stream.pb.go | 4 +- .../internet/grpc/encoding/stream_grpc.pb.go | 13 +++++-- transport/internet/headers/dns/config.pb.go | 4 +- transport/internet/headers/http/config.pb.go | 4 +- transport/internet/headers/noop/config.pb.go | 4 +- transport/internet/headers/srtp/config.pb.go | 4 +- transport/internet/headers/tls/config.pb.go | 4 +- transport/internet/headers/utp/config.pb.go | 4 +- .../internet/headers/wechat/config.pb.go | 4 +- .../internet/headers/wireguard/config.pb.go | 4 +- transport/internet/http/config.pb.go | 4 +- transport/internet/kcp/config.pb.go | 4 +- transport/internet/quic/config.pb.go | 4 +- transport/internet/reality/config.pb.go | 4 +- transport/internet/tcp/config.pb.go | 4 +- transport/internet/tls/config.pb.go | 4 +- transport/internet/udp/config.pb.go | 4 +- transport/internet/websocket/config.pb.go | 4 +- 73 files changed, 238 insertions(+), 205 deletions(-) diff --git a/app/commander/config.pb.go b/app/commander/config.pb.go index 1ebbe094fb7d..73037653d44a 100644 --- a/app/commander/config.pb.go +++ b/app/commander/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/commander/config.proto package commander diff --git a/app/dispatcher/config.pb.go b/app/dispatcher/config.pb.go index 04e8d7a373eb..e0a55ab279cd 100644 --- a/app/dispatcher/config.pb.go +++ b/app/dispatcher/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/dispatcher/config.proto package dispatcher diff --git a/app/dns/config.pb.go b/app/dns/config.pb.go index 7474c04a43f4..d5bc18d26b14 100644 --- a/app/dns/config.pb.go +++ b/app/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/dns/config.proto package dns @@ -219,14 +219,14 @@ type Config struct { // the moment. A special value 'localhost' as a domain address can be set to // use DNS on local system. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/dns/config.proto. NameServers []*net.Endpoint `protobuf:"bytes,1,rep,name=NameServers,proto3" json:"NameServers,omitempty"` // NameServer list used by this DNS client. NameServer []*NameServer `protobuf:"bytes,5,rep,name=name_server,json=nameServer,proto3" json:"name_server,omitempty"` // Static hosts. Domain to IP. // Deprecated. Use static_hosts. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/dns/config.proto. Hosts map[string]*net.IPOrDomain `protobuf:"bytes,2,rep,name=Hosts,proto3" json:"Hosts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Client IP for EDNS client subnet. Must be 4 bytes (IPv4) or 16 bytes // (IPv6). @@ -273,7 +273,7 @@ func (*Config) Descriptor() ([]byte, []int) { return file_app_dns_config_proto_rawDescGZIP(), []int{1} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/dns/config.proto. func (x *Config) GetNameServers() []*net.Endpoint { if x != nil { return x.NameServers @@ -288,7 +288,7 @@ func (x *Config) GetNameServer() []*NameServer { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/dns/config.proto. func (x *Config) GetHosts() map[string]*net.IPOrDomain { if x != nil { return x.Hosts diff --git a/app/dns/fakedns/fakedns.pb.go b/app/dns/fakedns/fakedns.pb.go index 8cf02aee889b..dc9970f9e930 100644 --- a/app/dns/fakedns/fakedns.pb.go +++ b/app/dns/fakedns/fakedns.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/dns/fakedns/fakedns.proto package fakedns diff --git a/app/log/command/config.pb.go b/app/log/command/config.pb.go index ceda9127625a..6a3d66028306 100644 --- a/app/log/command/config.pb.go +++ b/app/log/command/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/log/command/config.proto package command diff --git a/app/log/command/config_grpc.pb.go b/app/log/command/config_grpc.pb.go index 653c395c5480..93a695b0a3d1 100644 --- a/app/log/command/config_grpc.pb.go +++ b/app/log/command/config_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: app/log/command/config.proto package command @@ -18,6 +18,10 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + LoggerService_RestartLogger_FullMethodName = "/xray.app.log.command.LoggerService/RestartLogger" +) + // LoggerServiceClient is the client API for LoggerService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -35,7 +39,7 @@ func NewLoggerServiceClient(cc grpc.ClientConnInterface) LoggerServiceClient { func (c *loggerServiceClient) RestartLogger(ctx context.Context, in *RestartLoggerRequest, opts ...grpc.CallOption) (*RestartLoggerResponse, error) { out := new(RestartLoggerResponse) - err := c.cc.Invoke(ctx, "/xray.app.log.command.LoggerService/RestartLogger", in, out, opts...) + err := c.cc.Invoke(ctx, LoggerService_RestartLogger_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -80,7 +84,7 @@ func _LoggerService_RestartLogger_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.log.command.LoggerService/RestartLogger", + FullMethod: LoggerService_RestartLogger_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(LoggerServiceServer).RestartLogger(ctx, req.(*RestartLoggerRequest)) diff --git a/app/log/config.pb.go b/app/log/config.pb.go index a70d2923d6ba..0bc09d40421c 100644 --- a/app/log/config.pb.go +++ b/app/log/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/log/config.proto package log diff --git a/app/metrics/config.pb.go b/app/metrics/config.pb.go index 24c5629efe60..2cf6761801ba 100644 --- a/app/metrics/config.pb.go +++ b/app/metrics/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/metrics/config.proto package metrics diff --git a/app/observatory/command/command.pb.go b/app/observatory/command/command.pb.go index c5ffdce54690..9eab15333772 100644 --- a/app/observatory/command/command.pb.go +++ b/app/observatory/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/observatory/command/command.proto package command diff --git a/app/observatory/command/command_grpc.pb.go b/app/observatory/command/command_grpc.pb.go index 2a3da93ecae8..b0a59779826e 100644 --- a/app/observatory/command/command_grpc.pb.go +++ b/app/observatory/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: app/observatory/command/command.proto package command @@ -18,6 +18,10 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + ObservatoryService_GetOutboundStatus_FullMethodName = "/xray.core.app.observatory.command.ObservatoryService/GetOutboundStatus" +) + // ObservatoryServiceClient is the client API for ObservatoryService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -35,7 +39,7 @@ func NewObservatoryServiceClient(cc grpc.ClientConnInterface) ObservatoryService func (c *observatoryServiceClient) GetOutboundStatus(ctx context.Context, in *GetOutboundStatusRequest, opts ...grpc.CallOption) (*GetOutboundStatusResponse, error) { out := new(GetOutboundStatusResponse) - err := c.cc.Invoke(ctx, "/xray.core.app.observatory.command.ObservatoryService/GetOutboundStatus", in, out, opts...) + err := c.cc.Invoke(ctx, ObservatoryService_GetOutboundStatus_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -80,7 +84,7 @@ func _ObservatoryService_GetOutboundStatus_Handler(srv interface{}, ctx context. } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.core.app.observatory.command.ObservatoryService/GetOutboundStatus", + FullMethod: ObservatoryService_GetOutboundStatus_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(ObservatoryServiceServer).GetOutboundStatus(ctx, req.(*GetOutboundStatusRequest)) diff --git a/app/observatory/config.pb.go b/app/observatory/config.pb.go index a6d36eada1a9..741da50649ae 100644 --- a/app/observatory/config.pb.go +++ b/app/observatory/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/observatory/config.proto package observatory diff --git a/app/policy/config.pb.go b/app/policy/config.pb.go index 66da6d116a7c..9841fff02c3a 100644 --- a/app/policy/config.pb.go +++ b/app/policy/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/policy/config.proto package policy diff --git a/app/proxyman/command/command.pb.go b/app/proxyman/command/command.pb.go index 5730955c53fd..9add8afbfd84 100644 --- a/app/proxyman/command/command.pb.go +++ b/app/proxyman/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/proxyman/command/command.proto package command diff --git a/app/proxyman/command/command_grpc.pb.go b/app/proxyman/command/command_grpc.pb.go index 979b101f35a9..0765fc80a157 100644 --- a/app/proxyman/command/command_grpc.pb.go +++ b/app/proxyman/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: app/proxyman/command/command.proto package command @@ -18,6 +18,15 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + HandlerService_AddInbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/AddInbound" + HandlerService_RemoveInbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/RemoveInbound" + HandlerService_AlterInbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/AlterInbound" + HandlerService_AddOutbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/AddOutbound" + HandlerService_RemoveOutbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/RemoveOutbound" + HandlerService_AlterOutbound_FullMethodName = "/xray.app.proxyman.command.HandlerService/AlterOutbound" +) + // HandlerServiceClient is the client API for HandlerService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -40,7 +49,7 @@ func NewHandlerServiceClient(cc grpc.ClientConnInterface) HandlerServiceClient { func (c *handlerServiceClient) AddInbound(ctx context.Context, in *AddInboundRequest, opts ...grpc.CallOption) (*AddInboundResponse, error) { out := new(AddInboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/AddInbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_AddInbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -49,7 +58,7 @@ func (c *handlerServiceClient) AddInbound(ctx context.Context, in *AddInboundReq func (c *handlerServiceClient) RemoveInbound(ctx context.Context, in *RemoveInboundRequest, opts ...grpc.CallOption) (*RemoveInboundResponse, error) { out := new(RemoveInboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/RemoveInbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_RemoveInbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -58,7 +67,7 @@ func (c *handlerServiceClient) RemoveInbound(ctx context.Context, in *RemoveInbo func (c *handlerServiceClient) AlterInbound(ctx context.Context, in *AlterInboundRequest, opts ...grpc.CallOption) (*AlterInboundResponse, error) { out := new(AlterInboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/AlterInbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_AlterInbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -67,7 +76,7 @@ func (c *handlerServiceClient) AlterInbound(ctx context.Context, in *AlterInboun func (c *handlerServiceClient) AddOutbound(ctx context.Context, in *AddOutboundRequest, opts ...grpc.CallOption) (*AddOutboundResponse, error) { out := new(AddOutboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/AddOutbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_AddOutbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -76,7 +85,7 @@ func (c *handlerServiceClient) AddOutbound(ctx context.Context, in *AddOutboundR func (c *handlerServiceClient) RemoveOutbound(ctx context.Context, in *RemoveOutboundRequest, opts ...grpc.CallOption) (*RemoveOutboundResponse, error) { out := new(RemoveOutboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/RemoveOutbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_RemoveOutbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -85,7 +94,7 @@ func (c *handlerServiceClient) RemoveOutbound(ctx context.Context, in *RemoveOut func (c *handlerServiceClient) AlterOutbound(ctx context.Context, in *AlterOutboundRequest, opts ...grpc.CallOption) (*AlterOutboundResponse, error) { out := new(AlterOutboundResponse) - err := c.cc.Invoke(ctx, "/xray.app.proxyman.command.HandlerService/AlterOutbound", in, out, opts...) + err := c.cc.Invoke(ctx, HandlerService_AlterOutbound_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -150,7 +159,7 @@ func _HandlerService_AddInbound_Handler(srv interface{}, ctx context.Context, de } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/AddInbound", + FullMethod: HandlerService_AddInbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).AddInbound(ctx, req.(*AddInboundRequest)) @@ -168,7 +177,7 @@ func _HandlerService_RemoveInbound_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/RemoveInbound", + FullMethod: HandlerService_RemoveInbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).RemoveInbound(ctx, req.(*RemoveInboundRequest)) @@ -186,7 +195,7 @@ func _HandlerService_AlterInbound_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/AlterInbound", + FullMethod: HandlerService_AlterInbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).AlterInbound(ctx, req.(*AlterInboundRequest)) @@ -204,7 +213,7 @@ func _HandlerService_AddOutbound_Handler(srv interface{}, ctx context.Context, d } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/AddOutbound", + FullMethod: HandlerService_AddOutbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).AddOutbound(ctx, req.(*AddOutboundRequest)) @@ -222,7 +231,7 @@ func _HandlerService_RemoveOutbound_Handler(srv interface{}, ctx context.Context } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/RemoveOutbound", + FullMethod: HandlerService_RemoveOutbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).RemoveOutbound(ctx, req.(*RemoveOutboundRequest)) @@ -240,7 +249,7 @@ func _HandlerService_AlterOutbound_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.proxyman.command.HandlerService/AlterOutbound", + FullMethod: HandlerService_AlterOutbound_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(HandlerServiceServer).AlterOutbound(ctx, req.(*AlterOutboundRequest)) diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index cd50e664cefe..cabc09dd7c6f 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/proxyman/config.proto package proxyman @@ -326,7 +326,7 @@ type ReceiverConfig struct { // Override domains for the given protocol. // Deprecated. Use sniffing_settings. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/proxyman/config.proto. DomainOverride []KnownProtocols `protobuf:"varint,7,rep,packed,name=domain_override,json=domainOverride,proto3,enum=xray.app.proxyman.KnownProtocols" json:"domain_override,omitempty"` SniffingSettings *SniffingConfig `protobuf:"bytes,8,opt,name=sniffing_settings,json=sniffingSettings,proto3" json:"sniffing_settings,omitempty"` } @@ -398,7 +398,7 @@ func (x *ReceiverConfig) GetReceiveOriginalDestination() bool { return false } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/proxyman/config.proto. func (x *ReceiverConfig) GetDomainOverride() []KnownProtocols { if x != nil { return x.DomainOverride diff --git a/app/reverse/config.pb.go b/app/reverse/config.pb.go index c54782809716..0e1bc941f014 100644 --- a/app/reverse/config.pb.go +++ b/app/reverse/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/reverse/config.proto package reverse diff --git a/app/router/command/command.pb.go b/app/router/command/command.pb.go index 41c52388ee92..eb7c85306985 100644 --- a/app/router/command/command.pb.go +++ b/app/router/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/router/command/command.proto package command diff --git a/app/router/command/command_grpc.pb.go b/app/router/command/command_grpc.pb.go index 50c6de29e811..4d3b4ab4e34b 100644 --- a/app/router/command/command_grpc.pb.go +++ b/app/router/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: app/router/command/command.proto package command @@ -18,6 +18,11 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + RoutingService_SubscribeRoutingStats_FullMethodName = "/xray.app.router.command.RoutingService/SubscribeRoutingStats" + RoutingService_TestRoute_FullMethodName = "/xray.app.router.command.RoutingService/TestRoute" +) + // RoutingServiceClient is the client API for RoutingService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -35,7 +40,7 @@ func NewRoutingServiceClient(cc grpc.ClientConnInterface) RoutingServiceClient { } func (c *routingServiceClient) SubscribeRoutingStats(ctx context.Context, in *SubscribeRoutingStatsRequest, opts ...grpc.CallOption) (RoutingService_SubscribeRoutingStatsClient, error) { - stream, err := c.cc.NewStream(ctx, &RoutingService_ServiceDesc.Streams[0], "/xray.app.router.command.RoutingService/SubscribeRoutingStats", opts...) + stream, err := c.cc.NewStream(ctx, &RoutingService_ServiceDesc.Streams[0], RoutingService_SubscribeRoutingStats_FullMethodName, opts...) if err != nil { return nil, err } @@ -68,7 +73,7 @@ func (x *routingServiceSubscribeRoutingStatsClient) Recv() (*RoutingContext, err func (c *routingServiceClient) TestRoute(ctx context.Context, in *TestRouteRequest, opts ...grpc.CallOption) (*RoutingContext, error) { out := new(RoutingContext) - err := c.cc.Invoke(ctx, "/xray.app.router.command.RoutingService/TestRoute", in, out, opts...) + err := c.cc.Invoke(ctx, RoutingService_TestRoute_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -138,7 +143,7 @@ func _RoutingService_TestRoute_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.router.command.RoutingService/TestRoute", + FullMethod: RoutingService_TestRoute_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(RoutingServiceServer).TestRoute(ctx, req.(*TestRouteRequest)) diff --git a/app/router/config.pb.go b/app/router/config.pb.go index 0089a1a8f83c..6b54e0d6d174 100644 --- a/app/router/config.pb.go +++ b/app/router/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/router/config.proto package router @@ -486,7 +486,7 @@ type RoutingRule struct { // List of CIDRs for target IP address matching. // Deprecated. Use geoip below. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/router/config.proto. Cidr []*CIDR `protobuf:"bytes,3,rep,name=cidr,proto3" json:"cidr,omitempty"` // List of GeoIPs for target IP address matching. If this entry exists, the // cidr above will have no effect. GeoIP fields with the same country code are @@ -496,19 +496,19 @@ type RoutingRule struct { // A range of port [from, to]. If the destination port is in this range, this // rule takes effect. Deprecated. Use port_list. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/router/config.proto. PortRange *net.PortRange `protobuf:"bytes,4,opt,name=port_range,json=portRange,proto3" json:"port_range,omitempty"` // List of ports. PortList *net.PortList `protobuf:"bytes,14,opt,name=port_list,json=portList,proto3" json:"port_list,omitempty"` // List of networks. Deprecated. Use networks. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/router/config.proto. NetworkList *net.NetworkList `protobuf:"bytes,5,opt,name=network_list,json=networkList,proto3" json:"network_list,omitempty"` // List of networks for matching. Networks []net.Network `protobuf:"varint,13,rep,packed,name=networks,proto3,enum=xray.common.net.Network" json:"networks,omitempty"` // List of CIDRs for source IP address matching. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in app/router/config.proto. SourceCidr []*CIDR `protobuf:"bytes,6,rep,name=source_cidr,json=sourceCidr,proto3" json:"source_cidr,omitempty"` // List of GeoIPs for source IP address matching. If this entry exists, the // source_cidr above will have no effect. @@ -582,7 +582,7 @@ func (x *RoutingRule) GetDomain() []*Domain { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/router/config.proto. func (x *RoutingRule) GetCidr() []*CIDR { if x != nil { return x.Cidr @@ -597,7 +597,7 @@ func (x *RoutingRule) GetGeoip() []*GeoIP { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/router/config.proto. func (x *RoutingRule) GetPortRange() *net.PortRange { if x != nil { return x.PortRange @@ -612,7 +612,7 @@ func (x *RoutingRule) GetPortList() *net.PortList { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/router/config.proto. func (x *RoutingRule) GetNetworkList() *net.NetworkList { if x != nil { return x.NetworkList @@ -627,7 +627,7 @@ func (x *RoutingRule) GetNetworks() []net.Network { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in app/router/config.proto. func (x *RoutingRule) GetSourceCidr() []*CIDR { if x != nil { return x.SourceCidr diff --git a/app/stats/command/command.pb.go b/app/stats/command/command.pb.go index 005722b66ffd..6d4d0d38c12d 100644 --- a/app/stats/command/command.pb.go +++ b/app/stats/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/stats/command/command.proto package command diff --git a/app/stats/command/command_grpc.pb.go b/app/stats/command/command_grpc.pb.go index 38e9d3fbfc5f..cbd024852cdf 100644 --- a/app/stats/command/command_grpc.pb.go +++ b/app/stats/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: app/stats/command/command.proto package command @@ -18,6 +18,12 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + StatsService_GetStats_FullMethodName = "/xray.app.stats.command.StatsService/GetStats" + StatsService_QueryStats_FullMethodName = "/xray.app.stats.command.StatsService/QueryStats" + StatsService_GetSysStats_FullMethodName = "/xray.app.stats.command.StatsService/GetSysStats" +) + // StatsServiceClient is the client API for StatsService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -37,7 +43,7 @@ func NewStatsServiceClient(cc grpc.ClientConnInterface) StatsServiceClient { func (c *statsServiceClient) GetStats(ctx context.Context, in *GetStatsRequest, opts ...grpc.CallOption) (*GetStatsResponse, error) { out := new(GetStatsResponse) - err := c.cc.Invoke(ctx, "/xray.app.stats.command.StatsService/GetStats", in, out, opts...) + err := c.cc.Invoke(ctx, StatsService_GetStats_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -46,7 +52,7 @@ func (c *statsServiceClient) GetStats(ctx context.Context, in *GetStatsRequest, func (c *statsServiceClient) QueryStats(ctx context.Context, in *QueryStatsRequest, opts ...grpc.CallOption) (*QueryStatsResponse, error) { out := new(QueryStatsResponse) - err := c.cc.Invoke(ctx, "/xray.app.stats.command.StatsService/QueryStats", in, out, opts...) + err := c.cc.Invoke(ctx, StatsService_QueryStats_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -55,7 +61,7 @@ func (c *statsServiceClient) QueryStats(ctx context.Context, in *QueryStatsReque func (c *statsServiceClient) GetSysStats(ctx context.Context, in *SysStatsRequest, opts ...grpc.CallOption) (*SysStatsResponse, error) { out := new(SysStatsResponse) - err := c.cc.Invoke(ctx, "/xray.app.stats.command.StatsService/GetSysStats", in, out, opts...) + err := c.cc.Invoke(ctx, StatsService_GetSysStats_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -108,7 +114,7 @@ func _StatsService_GetStats_Handler(srv interface{}, ctx context.Context, dec fu } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.stats.command.StatsService/GetStats", + FullMethod: StatsService_GetStats_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(StatsServiceServer).GetStats(ctx, req.(*GetStatsRequest)) @@ -126,7 +132,7 @@ func _StatsService_QueryStats_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.stats.command.StatsService/QueryStats", + FullMethod: StatsService_QueryStats_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(StatsServiceServer).QueryStats(ctx, req.(*QueryStatsRequest)) @@ -144,7 +150,7 @@ func _StatsService_GetSysStats_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/xray.app.stats.command.StatsService/GetSysStats", + FullMethod: StatsService_GetSysStats_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(StatsServiceServer).GetSysStats(ctx, req.(*SysStatsRequest)) diff --git a/app/stats/config.pb.go b/app/stats/config.pb.go index 99c573b5c2d2..216da0448020 100644 --- a/app/stats/config.pb.go +++ b/app/stats/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: app/stats/config.proto package stats diff --git a/common/log/log.pb.go b/common/log/log.pb.go index 321ae16bd944..92ea08116fda 100644 --- a/common/log/log.pb.go +++ b/common/log/log.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/log/log.proto package log diff --git a/common/net/address.pb.go b/common/net/address.pb.go index 5757a0184dc6..82240db35a76 100644 --- a/common/net/address.pb.go +++ b/common/net/address.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/net/address.proto package net diff --git a/common/net/destination.pb.go b/common/net/destination.pb.go index 2d557b84617b..ea6339cbfd64 100644 --- a/common/net/destination.pb.go +++ b/common/net/destination.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/net/destination.proto package net diff --git a/common/net/network.pb.go b/common/net/network.pb.go index 699557f74113..18e0df4b0987 100644 --- a/common/net/network.pb.go +++ b/common/net/network.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/net/network.proto package net @@ -24,7 +24,7 @@ type Network int32 const ( Network_Unknown Network = 0 - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in common/net/network.proto. Network_RawTCP Network = 1 Network_TCP Network = 2 Network_UDP Network = 3 diff --git a/common/net/port.pb.go b/common/net/port.pb.go index cae70bc9e525..255bd9405d98 100644 --- a/common/net/port.pb.go +++ b/common/net/port.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/net/port.proto package net diff --git a/common/protocol/headers.pb.go b/common/protocol/headers.pb.go index 4096d56f9c3c..1392fc620420 100644 --- a/common/protocol/headers.pb.go +++ b/common/protocol/headers.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/protocol/headers.proto package protocol diff --git a/common/protocol/server_spec.pb.go b/common/protocol/server_spec.pb.go index ea12a4bb2827..da69851848d1 100644 --- a/common/protocol/server_spec.pb.go +++ b/common/protocol/server_spec.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/protocol/server_spec.proto package protocol diff --git a/common/protocol/user.pb.go b/common/protocol/user.pb.go index bc3b2bf88142..6f063e73af0a 100644 --- a/common/protocol/user.pb.go +++ b/common/protocol/user.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/protocol/user.proto package protocol diff --git a/common/serial/typed_message.pb.go b/common/serial/typed_message.pb.go index 7bdbbf3a34f8..b03f2aaa469c 100644 --- a/common/serial/typed_message.pb.go +++ b/common/serial/typed_message.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: common/serial/typed_message.proto package serial diff --git a/core/config.pb.go b/core/config.pb.go index 2364674d4d4f..c36e7fd048d2 100644 --- a/core/config.pb.go +++ b/core/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: core/config.proto package core @@ -42,7 +42,7 @@ type Config struct { // Deprecated. Each inbound and outbound should choose their own transport // config. Date to remove: 2020-01-13 // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in core/config.proto. Transport *global.Config `protobuf:"bytes,5,opt,name=transport,proto3" json:"transport,omitempty"` // Configuration for extensions. The config may not work if corresponding // extension is not loaded into Xray. Xray will ignore such config during @@ -103,7 +103,7 @@ func (x *Config) GetApp() []*serial.TypedMessage { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in core/config.proto. func (x *Config) GetTransport() *global.Config { if x != nil { return x.Transport diff --git a/infra/vprotogen/main.go b/infra/vprotogen/main.go index df920751151c..10aaa25445f4 100644 --- a/infra/vprotogen/main.go +++ b/infra/vprotogen/main.go @@ -108,7 +108,7 @@ func getProjectProtocVersion(url string) (string, error) { if err != nil { return "", fmt.Errorf("can not read from body") } - versionRegexp := regexp.MustCompile(`\/\/\s*protoc\s*v(\d+\.\d+\.\d+)`) + versionRegexp := regexp.MustCompile(`\/\/\s*protoc\s*v\d+\.(\d+\.\d+)`) matched := versionRegexp.FindStringSubmatch(string(body)) return matched[1], nil } @@ -120,7 +120,7 @@ func getInstalledProtocVersion(protocPath string) (string, error) { if cmdErr != nil { return "", cmdErr } - versionRegexp := regexp.MustCompile(`protoc\s*(\d+\.\d+\.\d+)`) + versionRegexp := regexp.MustCompile(`protoc\s*(\d+\.\d+)`) matched := versionRegexp.FindStringSubmatch(string(output)) return matched[1], nil } diff --git a/proxy/blackhole/config.pb.go b/proxy/blackhole/config.pb.go index 54d2279e211a..2bc838c6dabb 100644 --- a/proxy/blackhole/config.pb.go +++ b/proxy/blackhole/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/blackhole/config.proto package blackhole diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go index 653fe141755a..8da51b44ffc1 100644 --- a/proxy/dns/config.pb.go +++ b/proxy/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/dns/config.proto package dns diff --git a/proxy/dokodemo/config.pb.go b/proxy/dokodemo/config.pb.go index 82eb0704a4af..6e43def10843 100644 --- a/proxy/dokodemo/config.pb.go +++ b/proxy/dokodemo/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/dokodemo/config.proto package dokodemo @@ -31,11 +31,11 @@ type Config struct { // List of networks that the Dokodemo accepts. // Deprecated. Use networks. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in proxy/dokodemo/config.proto. NetworkList *net.NetworkList `protobuf:"bytes,3,opt,name=network_list,json=networkList,proto3" json:"network_list,omitempty"` // List of networks that the Dokodemo accepts. Networks []net.Network `protobuf:"varint,7,rep,packed,name=networks,proto3,enum=xray.common.net.Network" json:"networks,omitempty"` - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in proxy/dokodemo/config.proto. Timeout uint32 `protobuf:"varint,4,opt,name=timeout,proto3" json:"timeout,omitempty"` FollowRedirect bool `protobuf:"varint,5,opt,name=follow_redirect,json=followRedirect,proto3" json:"follow_redirect,omitempty"` UserLevel uint32 `protobuf:"varint,6,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` @@ -87,7 +87,7 @@ func (x *Config) GetPort() uint32 { return 0 } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in proxy/dokodemo/config.proto. func (x *Config) GetNetworkList() *net.NetworkList { if x != nil { return x.NetworkList @@ -102,7 +102,7 @@ func (x *Config) GetNetworks() []net.Network { return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in proxy/dokodemo/config.proto. func (x *Config) GetTimeout() uint32 { if x != nil { return x.Timeout diff --git a/proxy/freedom/config.pb.go b/proxy/freedom/config.pb.go index 0bfc4cba3f47..2e2fb403cb9f 100644 --- a/proxy/freedom/config.pb.go +++ b/proxy/freedom/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/freedom/config.proto package freedom @@ -213,7 +213,7 @@ type Config struct { unknownFields protoimpl.UnknownFields DomainStrategy Config_DomainStrategy `protobuf:"varint,1,opt,name=domain_strategy,json=domainStrategy,proto3,enum=xray.proxy.freedom.Config_DomainStrategy" json:"domain_strategy,omitempty"` - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in proxy/freedom/config.proto. Timeout uint32 `protobuf:"varint,2,opt,name=timeout,proto3" json:"timeout,omitempty"` DestinationOverride *DestinationOverride `protobuf:"bytes,3,opt,name=destination_override,json=destinationOverride,proto3" json:"destination_override,omitempty"` UserLevel uint32 `protobuf:"varint,4,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` @@ -259,7 +259,7 @@ func (x *Config) GetDomainStrategy() Config_DomainStrategy { return Config_AS_IS } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in proxy/freedom/config.proto. func (x *Config) GetTimeout() uint32 { if x != nil { return x.Timeout diff --git a/proxy/http/config.pb.go b/proxy/http/config.pb.go index 813a56c8d370..986a038a9aa8 100644 --- a/proxy/http/config.pb.go +++ b/proxy/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/http/config.proto package http @@ -82,7 +82,7 @@ type ServerConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in proxy/http/config.proto. Timeout uint32 `protobuf:"varint,1,opt,name=timeout,proto3" json:"timeout,omitempty"` Accounts map[string]string `protobuf:"bytes,2,rep,name=accounts,proto3" json:"accounts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` AllowTransparent bool `protobuf:"varint,3,opt,name=allow_transparent,json=allowTransparent,proto3" json:"allow_transparent,omitempty"` @@ -121,7 +121,7 @@ func (*ServerConfig) Descriptor() ([]byte, []int) { return file_proxy_http_config_proto_rawDescGZIP(), []int{1} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in proxy/http/config.proto. func (x *ServerConfig) GetTimeout() uint32 { if x != nil { return x.Timeout diff --git a/proxy/loopback/config.pb.go b/proxy/loopback/config.pb.go index c13c14af0a55..e25f8425f0a9 100644 --- a/proxy/loopback/config.pb.go +++ b/proxy/loopback/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/loopback/config.proto package loopback diff --git a/proxy/shadowsocks/config.pb.go b/proxy/shadowsocks/config.pb.go index 5e89e40f8690..5fc221da6ed3 100644 --- a/proxy/shadowsocks/config.pb.go +++ b/proxy/shadowsocks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/shadowsocks/config.proto package shadowsocks diff --git a/proxy/shadowsocks_2022/config.pb.go b/proxy/shadowsocks_2022/config.pb.go index fd51459e4737..8ccb848a946a 100644 --- a/proxy/shadowsocks_2022/config.pb.go +++ b/proxy/shadowsocks_2022/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/shadowsocks_2022/config.proto package shadowsocks_2022 diff --git a/proxy/socks/config.pb.go b/proxy/socks/config.pb.go index 3cb7d172cc8a..a1daa2760d21 100644 --- a/proxy/socks/config.pb.go +++ b/proxy/socks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/socks/config.proto package socks @@ -186,7 +186,7 @@ type ServerConfig struct { Accounts map[string]string `protobuf:"bytes,2,rep,name=accounts,proto3" json:"accounts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` Address *net.IPOrDomain `protobuf:"bytes,3,opt,name=address,proto3" json:"address,omitempty"` UdpEnabled bool `protobuf:"varint,4,opt,name=udp_enabled,json=udpEnabled,proto3" json:"udp_enabled,omitempty"` - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in proxy/socks/config.proto. Timeout uint32 `protobuf:"varint,5,opt,name=timeout,proto3" json:"timeout,omitempty"` UserLevel uint32 `protobuf:"varint,6,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` } @@ -251,7 +251,7 @@ func (x *ServerConfig) GetUdpEnabled() bool { return false } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in proxy/socks/config.proto. func (x *ServerConfig) GetTimeout() uint32 { if x != nil { return x.Timeout diff --git a/proxy/trojan/config.pb.go b/proxy/trojan/config.pb.go index 17b485dae062..6d81350f5dc2 100644 --- a/proxy/trojan/config.pb.go +++ b/proxy/trojan/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/trojan/config.proto package trojan diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index a52fc8f1d582..1d0551853439 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vless/account.proto package vless diff --git a/proxy/vless/encoding/addons.pb.go b/proxy/vless/encoding/addons.pb.go index a5b97f814128..b78c878cd338 100644 --- a/proxy/vless/encoding/addons.pb.go +++ b/proxy/vless/encoding/addons.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vless/encoding/addons.proto package encoding diff --git a/proxy/vless/inbound/config.pb.go b/proxy/vless/inbound/config.pb.go index 4061e1209d89..f15f91144e79 100644 --- a/proxy/vless/inbound/config.pb.go +++ b/proxy/vless/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vless/inbound/config.proto package inbound diff --git a/proxy/vless/outbound/config.pb.go b/proxy/vless/outbound/config.pb.go index 4d1b7938f88b..5bd8912a5cf7 100644 --- a/proxy/vless/outbound/config.pb.go +++ b/proxy/vless/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vless/outbound/config.proto package outbound diff --git a/proxy/vmess/account.pb.go b/proxy/vmess/account.pb.go index 0f2f6159cb00..67f2586e8a52 100644 --- a/proxy/vmess/account.pb.go +++ b/proxy/vmess/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vmess/account.proto package vmess diff --git a/proxy/vmess/inbound/config.pb.go b/proxy/vmess/inbound/config.pb.go index fc7bf36f00c6..a301cede12e1 100644 --- a/proxy/vmess/inbound/config.pb.go +++ b/proxy/vmess/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vmess/inbound/config.proto package inbound diff --git a/proxy/vmess/outbound/config.pb.go b/proxy/vmess/outbound/config.pb.go index 700127a8ee0b..b68cbffa42db 100644 --- a/proxy/vmess/outbound/config.pb.go +++ b/proxy/vmess/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/vmess/outbound/config.proto package outbound diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go index 75d5787b7cff..442d78f00927 100644 --- a/proxy/wireguard/config.pb.go +++ b/proxy/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: proxy/wireguard/config.proto package wireguard diff --git a/transport/global/config.pb.go b/transport/global/config.pb.go index eb0fcd0df130..1d763122b44c 100644 --- a/transport/global/config.pb.go +++ b/transport/global/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/global/config.proto package global @@ -24,7 +24,7 @@ const ( // Global transport settings. This affects all type of connections that go // through Xray. Deprecated. Use each settings in StreamConfig. // -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in transport/global/config.proto. type Config struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 20b582c6fc48..a186199f5dc8 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/config.proto package internet @@ -191,7 +191,7 @@ type TransportConfig struct { // Type of network that this settings supports. // Deprecated. Use the string form below. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in transport/internet/config.proto. Protocol TransportProtocol `protobuf:"varint,1,opt,name=protocol,proto3,enum=xray.transport.internet.TransportProtocol" json:"protocol,omitempty"` // Type of network that this settings supports. ProtocolName string `protobuf:"bytes,3,opt,name=protocol_name,json=protocolName,proto3" json:"protocol_name,omitempty"` @@ -231,7 +231,7 @@ func (*TransportConfig) Descriptor() ([]byte, []int) { return file_transport_internet_config_proto_rawDescGZIP(), []int{0} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in transport/internet/config.proto. func (x *TransportConfig) GetProtocol() TransportProtocol { if x != nil { return x.Protocol @@ -260,7 +260,7 @@ type StreamConfig struct { // Effective network. Deprecated. Use the string form below. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in transport/internet/config.proto. Protocol TransportProtocol `protobuf:"varint,1,opt,name=protocol,proto3,enum=xray.transport.internet.TransportProtocol" json:"protocol,omitempty"` // Effective network. ProtocolName string `protobuf:"bytes,5,opt,name=protocol_name,json=protocolName,proto3" json:"protocol_name,omitempty"` @@ -304,7 +304,7 @@ func (*StreamConfig) Descriptor() ([]byte, []int) { return file_transport_internet_config_proto_rawDescGZIP(), []int{1} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in transport/internet/config.proto. func (x *StreamConfig) GetProtocol() TransportProtocol { if x != nil { return x.Protocol diff --git a/transport/internet/domainsocket/config.pb.go b/transport/internet/domainsocket/config.pb.go index 23628e02739f..6089cf34523b 100644 --- a/transport/internet/domainsocket/config.pb.go +++ b/transport/internet/domainsocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/domainsocket/config.proto package domainsocket diff --git a/transport/internet/grpc/config.pb.go b/transport/internet/grpc/config.pb.go index 52d03fd1ebda..91289606b63e 100644 --- a/transport/internet/grpc/config.pb.go +++ b/transport/internet/grpc/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/grpc/config.proto package grpc diff --git a/transport/internet/grpc/encoding/stream.pb.go b/transport/internet/grpc/encoding/stream.pb.go index c605613d65dd..96cf41bd44fb 100644 --- a/transport/internet/grpc/encoding/stream.pb.go +++ b/transport/internet/grpc/encoding/stream.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/grpc/encoding/stream.proto package encoding diff --git a/transport/internet/grpc/encoding/stream_grpc.pb.go b/transport/internet/grpc/encoding/stream_grpc.pb.go index ab75a5d84dda..e7cc8a5e0cb3 100644 --- a/transport/internet/grpc/encoding/stream_grpc.pb.go +++ b/transport/internet/grpc/encoding/stream_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.12 +// - protoc-gen-go-grpc v1.3.0 +// - protoc v4.23.1 // source: transport/internet/grpc/encoding/stream.proto package encoding @@ -18,6 +18,11 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + GRPCService_Tun_FullMethodName = "/xray.transport.internet.grpc.encoding.GRPCService/Tun" + GRPCService_TunMulti_FullMethodName = "/xray.transport.internet.grpc.encoding.GRPCService/TunMulti" +) + // GRPCServiceClient is the client API for GRPCService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -35,7 +40,7 @@ func NewGRPCServiceClient(cc grpc.ClientConnInterface) GRPCServiceClient { } func (c *gRPCServiceClient) Tun(ctx context.Context, opts ...grpc.CallOption) (GRPCService_TunClient, error) { - stream, err := c.cc.NewStream(ctx, &GRPCService_ServiceDesc.Streams[0], "/xray.transport.internet.grpc.encoding.GRPCService/Tun", opts...) + stream, err := c.cc.NewStream(ctx, &GRPCService_ServiceDesc.Streams[0], GRPCService_Tun_FullMethodName, opts...) if err != nil { return nil, err } @@ -66,7 +71,7 @@ func (x *gRPCServiceTunClient) Recv() (*Hunk, error) { } func (c *gRPCServiceClient) TunMulti(ctx context.Context, opts ...grpc.CallOption) (GRPCService_TunMultiClient, error) { - stream, err := c.cc.NewStream(ctx, &GRPCService_ServiceDesc.Streams[1], "/xray.transport.internet.grpc.encoding.GRPCService/TunMulti", opts...) + stream, err := c.cc.NewStream(ctx, &GRPCService_ServiceDesc.Streams[1], GRPCService_TunMulti_FullMethodName, opts...) if err != nil { return nil, err } diff --git a/transport/internet/headers/dns/config.pb.go b/transport/internet/headers/dns/config.pb.go index d42f537e33df..aeadae6a221b 100644 --- a/transport/internet/headers/dns/config.pb.go +++ b/transport/internet/headers/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/dns/config.proto package dns diff --git a/transport/internet/headers/http/config.pb.go b/transport/internet/headers/http/config.pb.go index 382ced8447f6..786bd92810fa 100644 --- a/transport/internet/headers/http/config.pb.go +++ b/transport/internet/headers/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/http/config.proto package http diff --git a/transport/internet/headers/noop/config.pb.go b/transport/internet/headers/noop/config.pb.go index 534b3701b3c1..cd8880a8443f 100644 --- a/transport/internet/headers/noop/config.pb.go +++ b/transport/internet/headers/noop/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/noop/config.proto package noop diff --git a/transport/internet/headers/srtp/config.pb.go b/transport/internet/headers/srtp/config.pb.go index 5c0f9cfff712..553349e85380 100644 --- a/transport/internet/headers/srtp/config.pb.go +++ b/transport/internet/headers/srtp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/srtp/config.proto package srtp diff --git a/transport/internet/headers/tls/config.pb.go b/transport/internet/headers/tls/config.pb.go index 7867f69c253a..8d940553a494 100644 --- a/transport/internet/headers/tls/config.pb.go +++ b/transport/internet/headers/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/tls/config.proto package tls diff --git a/transport/internet/headers/utp/config.pb.go b/transport/internet/headers/utp/config.pb.go index c7658b0b3f5d..9dff1aed9f53 100644 --- a/transport/internet/headers/utp/config.pb.go +++ b/transport/internet/headers/utp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/utp/config.proto package utp diff --git a/transport/internet/headers/wechat/config.pb.go b/transport/internet/headers/wechat/config.pb.go index 1b624b592178..02c4f50d1c50 100644 --- a/transport/internet/headers/wechat/config.pb.go +++ b/transport/internet/headers/wechat/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/wechat/config.proto package wechat diff --git a/transport/internet/headers/wireguard/config.pb.go b/transport/internet/headers/wireguard/config.pb.go index 8d3be7a1df9e..68c72d96560b 100644 --- a/transport/internet/headers/wireguard/config.pb.go +++ b/transport/internet/headers/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/headers/wireguard/config.proto package wireguard diff --git a/transport/internet/http/config.pb.go b/transport/internet/http/config.pb.go index f87a59e8c476..6abb97ddfab5 100644 --- a/transport/internet/http/config.pb.go +++ b/transport/internet/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/http/config.proto package http diff --git a/transport/internet/kcp/config.pb.go b/transport/internet/kcp/config.pb.go index 0e10dac46895..8b6dbd40f520 100644 --- a/transport/internet/kcp/config.pb.go +++ b/transport/internet/kcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/kcp/config.proto package kcp diff --git a/transport/internet/quic/config.pb.go b/transport/internet/quic/config.pb.go index 36aa03da31ad..0b8509002a2b 100644 --- a/transport/internet/quic/config.pb.go +++ b/transport/internet/quic/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/quic/config.proto package quic diff --git a/transport/internet/reality/config.pb.go b/transport/internet/reality/config.pb.go index a140d9ab6a10..799e30d476f8 100644 --- a/transport/internet/reality/config.pb.go +++ b/transport/internet/reality/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/reality/config.proto package reality diff --git a/transport/internet/tcp/config.pb.go b/transport/internet/tcp/config.pb.go index c2b949dea992..1ff79f642b28 100644 --- a/transport/internet/tcp/config.pb.go +++ b/transport/internet/tcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/tcp/config.proto package tcp diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go index d02fa1122043..65c18e6bf1c7 100644 --- a/transport/internet/tls/config.pb.go +++ b/transport/internet/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/tls/config.proto package tls diff --git a/transport/internet/udp/config.pb.go b/transport/internet/udp/config.pb.go index c01b0e6076cf..b3921e46f61e 100644 --- a/transport/internet/udp/config.pb.go +++ b/transport/internet/udp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/udp/config.proto package udp diff --git a/transport/internet/websocket/config.pb.go b/transport/internet/websocket/config.pb.go index 9ba5c1c828c9..7880a1a5b74d 100644 --- a/transport/internet/websocket/config.pb.go +++ b/transport/internet/websocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v4.23.1 // source: transport/internet/websocket/config.proto package websocket From bf4b1fab3c97d44c4381c16ed4c96b91589dac3b Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 21 May 2023 11:26:22 -0400 Subject: [PATCH 139/226] Simplify http attrabute matching In the past, we use Starlark script, it is over engineered and barely used. By switching to simple key value string contains logic we can reduce core size about 0.7MB --- app/router/condition.go | 42 +++-------- app/router/condition_test.go | 4 +- app/router/config.go | 10 ++- app/router/config.pb.go | 138 ++++++++++++++++++----------------- app/router/config.proto | 2 +- go.mod | 1 - go.sum | 41 ----------- infra/conf/router.go | 22 +++--- 8 files changed, 103 insertions(+), 157 deletions(-) diff --git a/app/router/condition.go b/app/router/condition.go index cdcb6747504f..326c13fff86c 100644 --- a/app/router/condition.go +++ b/app/router/condition.go @@ -6,8 +6,6 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/strmatcher" "github.com/xtls/xray-core/features/routing" - "go.starlark.net/starlark" - "go.starlark.net/syntax" ) type Condition interface { @@ -284,44 +282,22 @@ func (m *ProtocolMatcher) Apply(ctx routing.Context) bool { } type AttributeMatcher struct { - program *starlark.Program -} - -func NewAttributeMatcher(code string) (*AttributeMatcher, error) { - starFile, err := syntax.Parse("attr.star", "satisfied=("+code+")", 0) - if err != nil { - return nil, newError("attr rule").Base(err) - } - p, err := starlark.FileProgram(starFile, func(name string) bool { - return name == "attrs" - }) - if err != nil { - return nil, err - } - return &AttributeMatcher{ - program: p, - }, nil + configuredKeys map[string]string } // Match implements attributes matching. func (m *AttributeMatcher) Match(attrs map[string]string) bool { - attrsDict := new(starlark.Dict) + // headers are insensitive most likely. So we do a convert + httpHeaders := make(map[string]string) for key, value := range attrs { - attrsDict.SetKey(starlark.String(key), starlark.String(value)) + httpHeaders[strings.ToLower(key)] = strings.ToLower(value) } - - predefined := make(starlark.StringDict) - predefined["attrs"] = attrsDict - - thread := &starlark.Thread{ - Name: "matcher", - } - results, err := m.program.Init(thread, predefined) - if err != nil { - newError("attr matcher").Base(err).WriteToLog() + for key, value := range m.configuredKeys { + if a, ok := httpHeaders[key]; !ok || !strings.Contains(a, value) { + return false + } } - satisfied := results["satisfied"] - return satisfied != nil && bool(satisfied.Truth()) + return true } // Apply implements Condition. diff --git a/app/router/condition_test.go b/app/router/condition_test.go index 5d98eb43e79b..ca1999ef1f69 100644 --- a/app/router/condition_test.go +++ b/app/router/condition_test.go @@ -308,7 +308,9 @@ func TestRoutingRule(t *testing.T) { { rule: &RoutingRule{ Protocol: []string{"http"}, - Attributes: "attrs[':path'].startswith('/test')", + Attributes: map[string]string { + ":path": "/test", + }, }, test: []ruleTest{ { diff --git a/app/router/config.go b/app/router/config.go index 9bb4bc46738f..3f4fd7c5621f 100644 --- a/app/router/config.go +++ b/app/router/config.go @@ -1,6 +1,8 @@ package router import ( + "strings" + "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/features/outbound" "github.com/xtls/xray-core/features/routing" @@ -143,11 +145,11 @@ func (rr *RoutingRule) BuildCondition() (Condition, error) { } if len(rr.Attributes) > 0 { - cond, err := NewAttributeMatcher(rr.Attributes) - if err != nil { - return nil, err + configuredKeys := make(map[string]string) + for key, value := range rr.Attributes { + configuredKeys[strings.ToLower(key)] = strings.ToLower(value) } - conds.Add(cond) + conds.Add(&AttributeMatcher{configuredKeys}) } if conds.Len() == 0 { diff --git a/app/router/config.pb.go b/app/router/config.pb.go index 6b54e0d6d174..3fd01cc77a0c 100644 --- a/app/router/config.pb.go +++ b/app/router/config.pb.go @@ -514,12 +514,12 @@ type RoutingRule struct { // source_cidr above will have no effect. SourceGeoip []*GeoIP `protobuf:"bytes,11,rep,name=source_geoip,json=sourceGeoip,proto3" json:"source_geoip,omitempty"` // List of ports for source port matching. - SourcePortList *net.PortList `protobuf:"bytes,16,opt,name=source_port_list,json=sourcePortList,proto3" json:"source_port_list,omitempty"` - UserEmail []string `protobuf:"bytes,7,rep,name=user_email,json=userEmail,proto3" json:"user_email,omitempty"` - InboundTag []string `protobuf:"bytes,8,rep,name=inbound_tag,json=inboundTag,proto3" json:"inbound_tag,omitempty"` - Protocol []string `protobuf:"bytes,9,rep,name=protocol,proto3" json:"protocol,omitempty"` - Attributes string `protobuf:"bytes,15,opt,name=attributes,proto3" json:"attributes,omitempty"` - DomainMatcher string `protobuf:"bytes,17,opt,name=domain_matcher,json=domainMatcher,proto3" json:"domain_matcher,omitempty"` + SourcePortList *net.PortList `protobuf:"bytes,16,opt,name=source_port_list,json=sourcePortList,proto3" json:"source_port_list,omitempty"` + UserEmail []string `protobuf:"bytes,7,rep,name=user_email,json=userEmail,proto3" json:"user_email,omitempty"` + InboundTag []string `protobuf:"bytes,8,rep,name=inbound_tag,json=inboundTag,proto3" json:"inbound_tag,omitempty"` + Protocol []string `protobuf:"bytes,9,rep,name=protocol,proto3" json:"protocol,omitempty"` + Attributes map[string]string `protobuf:"bytes,15,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + DomainMatcher string `protobuf:"bytes,17,opt,name=domain_matcher,json=domainMatcher,proto3" json:"domain_matcher,omitempty"` } func (x *RoutingRule) Reset() { @@ -670,11 +670,11 @@ func (x *RoutingRule) GetProtocol() []string { return nil } -func (x *RoutingRule) GetAttributes() string { +func (x *RoutingRule) GetAttributes() map[string]string { if x != nil { return x.Attributes } - return "" + return nil } func (x *RoutingRule) GetDomainMatcher() string { @@ -969,7 +969,7 @@ var file_app_router_config_proto_rawDesc = []byte{ 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x2e, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x47, 0x65, 0x6f, 0x53, 0x69, 0x74, 0x65, 0x52, - 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x22, 0xb5, 0x06, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x69, + 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x22, 0xa2, 0x07, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x03, 0x74, 0x61, 0x67, 0x12, 0x25, 0x0a, 0x0d, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x61, 0x67, 0x18, 0x0c, 0x20, 0x01, 0x28, @@ -1015,43 +1015,49 @@ var file_app_router_config_proto_rawDesc = []byte{ 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x61, 0x67, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x61, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x11, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0d, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, - 0x42, 0x0c, 0x0a, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x61, 0x67, 0x22, 0x6a, - 0x0a, 0x0d, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, - 0x10, 0x0a, 0x03, 0x74, 0x61, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x74, 0x61, - 0x67, 0x12, 0x2b, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x73, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x6f, 0x75, - 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1a, - 0x0a, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x22, 0x9b, 0x02, 0x0a, 0x06, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4f, 0x0a, 0x0f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, - 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, - 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, - 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, - 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, - 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x30, 0x0a, 0x04, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, - 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x75, - 0x6c, 0x65, 0x52, 0x04, 0x72, 0x75, 0x6c, 0x65, 0x12, 0x45, 0x0a, 0x0e, 0x62, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1e, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x72, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, - 0x52, 0x0d, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x22, - 0x47, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, - 0x79, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x73, 0x49, 0x73, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x55, - 0x73, 0x65, 0x49, 0x70, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x70, 0x49, 0x66, 0x4e, 0x6f, - 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x70, 0x4f, 0x6e, - 0x44, 0x65, 0x6d, 0x61, 0x6e, 0x64, 0x10, 0x03, 0x42, 0x4f, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, - 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x50, - 0x01, 0x5a, 0x24, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, - 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x70, - 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0xaa, 0x02, 0x0f, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x41, - 0x70, 0x70, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x4c, 0x0a, 0x0a, 0x61, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x0f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, + 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, + 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x61, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x1a, 0x3d, + 0x0a, 0x0f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x0c, 0x0a, + 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x61, 0x67, 0x22, 0x6a, 0x0a, 0x0d, 0x42, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x10, 0x0a, 0x03, + 0x74, 0x61, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x74, 0x61, 0x67, 0x12, 0x2b, + 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, + 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x62, 0x6f, + 0x75, 0x6e, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x22, 0x9b, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x4f, 0x0a, 0x0f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, + 0x65, 0x67, 0x79, 0x52, 0x0e, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, + 0x65, 0x67, 0x79, 0x12, 0x30, 0x0a, 0x04, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1c, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, + 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, + 0x04, 0x72, 0x75, 0x6c, 0x65, 0x12, 0x45, 0x0a, 0x0e, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, + 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, + 0x78, 0x72, 0x61, 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, + 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0d, 0x62, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x22, 0x47, 0x0a, 0x0e, + 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x08, + 0x0a, 0x04, 0x41, 0x73, 0x49, 0x73, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x73, 0x65, 0x49, + 0x70, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x70, 0x49, 0x66, 0x4e, 0x6f, 0x6e, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x70, 0x4f, 0x6e, 0x44, 0x65, 0x6d, + 0x61, 0x6e, 0x64, 0x10, 0x03, 0x42, 0x4f, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, + 0x79, 0x2e, 0x61, 0x70, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x50, 0x01, 0x5a, 0x24, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, + 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x72, 0xaa, 0x02, 0x0f, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x41, 0x70, 0x70, 0x2e, + 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1067,7 +1073,7 @@ func file_app_router_config_proto_rawDescGZIP() []byte { } var file_app_router_config_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_app_router_config_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_app_router_config_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_app_router_config_proto_goTypes = []interface{}{ (Domain_Type)(0), // 0: xray.app.router.Domain.Type (Config_DomainStrategy)(0), // 1: xray.app.router.Config.DomainStrategy @@ -1081,10 +1087,11 @@ var file_app_router_config_proto_goTypes = []interface{}{ (*BalancingRule)(nil), // 9: xray.app.router.BalancingRule (*Config)(nil), // 10: xray.app.router.Config (*Domain_Attribute)(nil), // 11: xray.app.router.Domain.Attribute - (*net.PortRange)(nil), // 12: xray.common.net.PortRange - (*net.PortList)(nil), // 13: xray.common.net.PortList - (*net.NetworkList)(nil), // 14: xray.common.net.NetworkList - (net.Network)(0), // 15: xray.common.net.Network + nil, // 12: xray.app.router.RoutingRule.AttributesEntry + (*net.PortRange)(nil), // 13: xray.common.net.PortRange + (*net.PortList)(nil), // 14: xray.common.net.PortList + (*net.NetworkList)(nil), // 15: xray.common.net.NetworkList + (net.Network)(0), // 16: xray.common.net.Network } var file_app_router_config_proto_depIdxs = []int32{ 0, // 0: xray.app.router.Domain.type:type_name -> xray.app.router.Domain.Type @@ -1096,21 +1103,22 @@ var file_app_router_config_proto_depIdxs = []int32{ 2, // 6: xray.app.router.RoutingRule.domain:type_name -> xray.app.router.Domain 3, // 7: xray.app.router.RoutingRule.cidr:type_name -> xray.app.router.CIDR 4, // 8: xray.app.router.RoutingRule.geoip:type_name -> xray.app.router.GeoIP - 12, // 9: xray.app.router.RoutingRule.port_range:type_name -> xray.common.net.PortRange - 13, // 10: xray.app.router.RoutingRule.port_list:type_name -> xray.common.net.PortList - 14, // 11: xray.app.router.RoutingRule.network_list:type_name -> xray.common.net.NetworkList - 15, // 12: xray.app.router.RoutingRule.networks:type_name -> xray.common.net.Network + 13, // 9: xray.app.router.RoutingRule.port_range:type_name -> xray.common.net.PortRange + 14, // 10: xray.app.router.RoutingRule.port_list:type_name -> xray.common.net.PortList + 15, // 11: xray.app.router.RoutingRule.network_list:type_name -> xray.common.net.NetworkList + 16, // 12: xray.app.router.RoutingRule.networks:type_name -> xray.common.net.Network 3, // 13: xray.app.router.RoutingRule.source_cidr:type_name -> xray.app.router.CIDR 4, // 14: xray.app.router.RoutingRule.source_geoip:type_name -> xray.app.router.GeoIP - 13, // 15: xray.app.router.RoutingRule.source_port_list:type_name -> xray.common.net.PortList - 1, // 16: xray.app.router.Config.domain_strategy:type_name -> xray.app.router.Config.DomainStrategy - 8, // 17: xray.app.router.Config.rule:type_name -> xray.app.router.RoutingRule - 9, // 18: xray.app.router.Config.balancing_rule:type_name -> xray.app.router.BalancingRule - 19, // [19:19] is the sub-list for method output_type - 19, // [19:19] is the sub-list for method input_type - 19, // [19:19] is the sub-list for extension type_name - 19, // [19:19] is the sub-list for extension extendee - 0, // [0:19] is the sub-list for field type_name + 14, // 15: xray.app.router.RoutingRule.source_port_list:type_name -> xray.common.net.PortList + 12, // 16: xray.app.router.RoutingRule.attributes:type_name -> xray.app.router.RoutingRule.AttributesEntry + 1, // 17: xray.app.router.Config.domain_strategy:type_name -> xray.app.router.Config.DomainStrategy + 8, // 18: xray.app.router.Config.rule:type_name -> xray.app.router.RoutingRule + 9, // 19: xray.app.router.Config.balancing_rule:type_name -> xray.app.router.BalancingRule + 20, // [20:20] is the sub-list for method output_type + 20, // [20:20] is the sub-list for method input_type + 20, // [20:20] is the sub-list for extension type_name + 20, // [20:20] is the sub-list for extension extendee + 0, // [0:20] is the sub-list for field type_name } func init() { file_app_router_config_proto_init() } @@ -1254,7 +1262,7 @@ func file_app_router_config_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_app_router_config_proto_rawDesc, NumEnums: 2, - NumMessages: 10, + NumMessages: 11, NumExtensions: 0, NumServices: 0, }, diff --git a/app/router/config.proto b/app/router/config.proto index 2886077a865d..ab9957f3d08c 100644 --- a/app/router/config.proto +++ b/app/router/config.proto @@ -119,7 +119,7 @@ message RoutingRule { repeated string inbound_tag = 8; repeated string protocol = 9; - string attributes = 15; + map attributes = 15; string domain_matcher = 17; } diff --git a/go.mod b/go.mod index 883de3c9b603..629c89e512fb 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,6 @@ require ( github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda - go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 golang.org/x/crypto v0.9.0 golang.org/x/net v0.10.0 golang.org/x/sync v0.2.0 diff --git a/go.sum b/go.sum index 135e85e26b52..6b73d1d3d547 100644 --- a/go.sum +++ b/go.sum @@ -14,10 +14,6 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYU github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -27,8 +23,6 @@ github.com/dgryski/go-metro v0.0.0-20200812162917-85c65e2d0165/go.mod h1:c9O8+fp github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 h1:y7y0Oa6UawqTFPCDw9JG6pdKt4F9pAhHv0B7FMGaGD0= github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= @@ -52,13 +46,6 @@ github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= @@ -66,11 +53,6 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -128,7 +110,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U= @@ -189,8 +170,6 @@ github.com/xtls/reality v0.0.0-20230331223127-176a94313eda h1:psRJD2RrZbnI0OWyHv github.com/xtls/reality v0.0.0-20230331223127-176a94313eda/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg= -go.starlark.net v0.0.0-20230302034142-4b1e35fe2254/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -207,7 +186,6 @@ golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZ golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= @@ -218,7 +196,6 @@ golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -247,13 +224,10 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -268,8 +242,6 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= @@ -290,26 +262,14 @@ google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= @@ -333,7 +293,6 @@ h12.io/socks v1.0.3/go.mod h1:AIhxy1jOId/XCz9BO+EIgNL2rQiPTBNnOfnVnQ+3Eck= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI= lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= diff --git a/infra/conf/router.go b/infra/conf/router.go index e10317bd31a4..135454bc4ac8 100644 --- a/infra/conf/router.go +++ b/infra/conf/router.go @@ -504,17 +504,17 @@ func ToCidrList(ips StringList) ([]*router.GeoIP, error) { func parseFieldRule(msg json.RawMessage) (*router.RoutingRule, error) { type RawFieldRule struct { RouterRule - Domain *StringList `json:"domain"` - Domains *StringList `json:"domains"` - IP *StringList `json:"ip"` - Port *PortList `json:"port"` - Network *NetworkList `json:"network"` - SourceIP *StringList `json:"source"` - SourcePort *PortList `json:"sourcePort"` - User *StringList `json:"user"` - InboundTag *StringList `json:"inboundTag"` - Protocols *StringList `json:"protocol"` - Attributes string `json:"attrs"` + Domain *StringList `json:"domain"` + Domains *StringList `json:"domains"` + IP *StringList `json:"ip"` + Port *PortList `json:"port"` + Network *NetworkList `json:"network"` + SourceIP *StringList `json:"source"` + SourcePort *PortList `json:"sourcePort"` + User *StringList `json:"user"` + InboundTag *StringList `json:"inboundTag"` + Protocols *StringList `json:"protocol"` + Attributes map[string]string `json:"attrs"` } rawFieldRule := new(RawFieldRule) err := json.Unmarshal(msg, rawFieldRule) From 9112cfd39c2105d5b513275f9659b26e92fa7b67 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 12 Jun 2023 10:32:25 -0400 Subject: [PATCH 140/226] Clean legacy vmess (#2199) * Remove legacy Vmess * validators * protos --- .github/docker/files/config.json | 3 +- common/protocol/headers.go | 6 +- common/protocol/headers.pb.go | 30 ++--- common/protocol/headers.proto | 3 +- common/protocol/id.go | 33 ----- infra/conf/vmess.go | 9 +- infra/conf/vmess_test.go | 1 - proxy/vmess/account.go | 13 -- proxy/vmess/account.pb.go | 41 +++--- proxy/vmess/account.proto | 2 - proxy/vmess/encoding/auth.go | 29 +---- proxy/vmess/encoding/auth_test.go | 26 ---- proxy/vmess/encoding/client.go | 163 ++++++++---------------- proxy/vmess/encoding/commands.go | 9 +- proxy/vmess/encoding/commands_test.go | 2 - proxy/vmess/encoding/encoding_test.go | 12 +- proxy/vmess/encoding/server.go | 142 ++++----------------- proxy/vmess/inbound/config.pb.go | 75 ++++------- proxy/vmess/inbound/config.proto | 3 +- proxy/vmess/inbound/inbound.go | 45 +------ proxy/vmess/outbound/command.go | 3 +- proxy/vmess/outbound/outbound.go | 13 +- proxy/vmess/validator.go | 175 ++------------------------ proxy/vmess/validator_test.go | 75 +---------- proxy/vmess/vmessCtxInterface.go | 4 - 25 files changed, 153 insertions(+), 764 deletions(-) delete mode 100644 proxy/vmess/encoding/auth_test.go delete mode 100644 proxy/vmess/vmessCtxInterface.go diff --git a/.github/docker/files/config.json b/.github/docker/files/config.json index 9dded72879f7..10675856bb55 100644 --- a/.github/docker/files/config.json +++ b/.github/docker/files/config.json @@ -6,8 +6,7 @@ "clients": [ { "id": "1eb6e917-774b-4a84-aff6-b058577c60a5", - "level": 1, - "alterId": 64 + "level": 1 } ] } diff --git a/common/protocol/headers.go b/common/protocol/headers.go index 0058d1c5c1f0..261e21d93413 100644 --- a/common/protocol/headers.go +++ b/common/protocol/headers.go @@ -30,11 +30,10 @@ func (c RequestCommand) TransferType() TransferType { } const ( - // RequestOptionChunkStream indicates request payload is chunked. Each chunk consists of length, authentication and payload. + // [DEPRECATED 2023-06] RequestOptionChunkStream indicates request payload is chunked. Each chunk consists of length, authentication and payload. RequestOptionChunkStream bitmask.Byte = 0x01 - // RequestOptionConnectionReuse indicates client side expects to reuse the connection. - RequestOptionConnectionReuse bitmask.Byte = 0x02 + // 0x02 legacy setting RequestOptionChunkMasking bitmask.Byte = 0x04 @@ -76,7 +75,6 @@ type CommandSwitchAccount struct { Port net.Port ID uuid.UUID Level uint32 - AlterIds uint16 ValidMin byte } diff --git a/common/protocol/headers.pb.go b/common/protocol/headers.pb.go index 1392fc620420..b90db8c7336a 100644 --- a/common/protocol/headers.pb.go +++ b/common/protocol/headers.pb.go @@ -24,7 +24,6 @@ type SecurityType int32 const ( SecurityType_UNKNOWN SecurityType = 0 - SecurityType_LEGACY SecurityType = 1 SecurityType_AUTO SecurityType = 2 SecurityType_AES128_GCM SecurityType = 3 SecurityType_CHACHA20_POLY1305 SecurityType = 4 @@ -36,7 +35,6 @@ const ( var ( SecurityType_name = map[int32]string{ 0: "UNKNOWN", - 1: "LEGACY", 2: "AUTO", 3: "AES128_GCM", 4: "CHACHA20_POLY1305", @@ -45,7 +43,6 @@ var ( } SecurityType_value = map[string]int32{ "UNKNOWN": 0, - "LEGACY": 1, "AUTO": 2, "AES128_GCM": 3, "CHACHA20_POLY1305": 4, @@ -139,20 +136,19 @@ var file_common_protocol_headers_proto_rawDesc = []byte{ 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x2a, - 0x6c, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x4c, 0x45, 0x47, 0x41, 0x43, 0x59, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x54, 0x4f, - 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, - 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, - 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, - 0x45, 0x10, 0x05, 0x12, 0x08, 0x0a, 0x04, 0x5a, 0x45, 0x52, 0x4f, 0x10, 0x06, 0x42, 0x5e, 0x0a, - 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, - 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x43, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x60, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, + 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, + 0x41, 0x55, 0x54, 0x4f, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x45, 0x53, 0x31, 0x32, 0x38, + 0x5f, 0x47, 0x43, 0x4d, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, + 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x04, 0x12, 0x08, 0x0a, + 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x05, 0x12, 0x08, 0x0a, 0x04, 0x5a, 0x45, 0x52, 0x4f, 0x10, + 0x06, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x50, 0x01, 0x5a, + 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, + 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, + 0x79, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/common/protocol/headers.proto b/common/protocol/headers.proto index cb0b8ff0498c..1ae3537f52d9 100644 --- a/common/protocol/headers.proto +++ b/common/protocol/headers.proto @@ -8,11 +8,10 @@ option java_multiple_files = true; enum SecurityType { UNKNOWN = 0; - LEGACY = 1; AUTO = 2; AES128_GCM = 3; CHACHA20_POLY1305 = 4; - NONE = 5; + NONE = 5; // [DEPRECATED 2023-06] ZERO = 6; } diff --git a/common/protocol/id.go b/common/protocol/id.go index 2a1eb17adcbb..211fc5782568 100644 --- a/common/protocol/id.go +++ b/common/protocol/id.go @@ -1,9 +1,7 @@ package protocol import ( - "crypto/hmac" "crypto/md5" - "hash" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/uuid" @@ -13,12 +11,6 @@ const ( IDBytesLen = 16 ) -type IDHash func(key []byte) hash.Hash - -func DefaultIDHash(key []byte) hash.Hash { - return hmac.New(md5.New, key) -} - // The ID of en entity, in the form of a UUID. type ID struct { uuid uuid.UUID @@ -55,28 +47,3 @@ func NewID(uuid uuid.UUID) *ID { md5hash.Sum(id.cmdKey[:0]) return id } - -func nextID(u *uuid.UUID) uuid.UUID { - md5hash := md5.New() - common.Must2(md5hash.Write(u.Bytes())) - common.Must2(md5hash.Write([]byte("16167dc8-16b6-4e6d-b8bb-65dd68113a81"))) - var newid uuid.UUID - for { - md5hash.Sum(newid[:0]) - if !newid.Equals(u) { - return newid - } - common.Must2(md5hash.Write([]byte("533eff8a-4113-4b10-b5ce-0f5d76b98cd2"))) - } -} - -func NewAlterIDs(primary *ID, alterIDCount uint16) []*ID { - alterIDs := make([]*ID, alterIDCount) - prevID := primary.UUID() - for idx := range alterIDs { - newid := nextID(&prevID) - alterIDs[idx] = NewID(newid) - prevID = newid - } - return alterIDs -} diff --git a/infra/conf/vmess.go b/infra/conf/vmess.go index c646bebbd0ed..e3361646fe96 100644 --- a/infra/conf/vmess.go +++ b/infra/conf/vmess.go @@ -15,7 +15,6 @@ import ( type VMessAccount struct { ID string `json:"id"` - AlterIds uint16 `json:"alterId"` Security string `json:"security"` Experiments string `json:"experiments"` } @@ -39,7 +38,6 @@ func (a *VMessAccount) Build() *vmess.Account { } return &vmess.Account{ Id: a.ID, - AlterId: uint32(a.AlterIds), SecuritySettings: &protocol.SecurityConfig{ Type: st, }, @@ -63,14 +61,12 @@ type FeaturesConfig struct { } type VMessDefaultConfig struct { - AlterIDs uint16 `json:"alterId"` Level byte `json:"level"` } // Build implements Buildable func (c *VMessDefaultConfig) Build() *inbound.DefaultConfig { config := new(inbound.DefaultConfig) - config.AlterId = uint32(c.AlterIDs) config.Level = uint32(c.Level) return config } @@ -80,14 +76,11 @@ type VMessInboundConfig struct { Features *FeaturesConfig `json:"features"` Defaults *VMessDefaultConfig `json:"default"` DetourConfig *VMessDetourConfig `json:"detour"` - SecureOnly bool `json:"disableInsecureEncryption"` } // Build implements Buildable func (c *VMessInboundConfig) Build() (proto.Message, error) { - config := &inbound.Config{ - SecureEncryptionOnly: c.SecureOnly, - } + config := &inbound.Config{} if c.Defaults != nil { config.Default = c.Defaults.Build() diff --git a/infra/conf/vmess_test.go b/infra/conf/vmess_test.go index 17cda04d5053..8adda170542a 100644 --- a/infra/conf/vmess_test.go +++ b/infra/conf/vmess_test.go @@ -105,7 +105,6 @@ func TestVMessInbound(t *testing.T) { Detour: &inbound.DetourConfig{ To: "tag_to_detour", }, - SecureEncryptionOnly: true, }, }, }) diff --git a/proxy/vmess/account.go b/proxy/vmess/account.go index 809bca213f4c..d0a776e6d3c7 100644 --- a/proxy/vmess/account.go +++ b/proxy/vmess/account.go @@ -3,7 +3,6 @@ package vmess import ( "strings" - "github.com/xtls/xray-core/common/dice" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/uuid" ) @@ -12,8 +11,6 @@ import ( type MemoryAccount struct { // ID is the main ID of the account. ID *protocol.ID - // AlterIDs are the alternative IDs of the account. - AlterIDs []*protocol.ID // Security type of the account. Used for client connections. Security protocol.SecurityType @@ -21,21 +18,12 @@ type MemoryAccount struct { NoTerminationSignal bool } -// AnyValidID returns an ID that is either the main ID or one of the alternative IDs if any. -func (a *MemoryAccount) AnyValidID() *protocol.ID { - if len(a.AlterIDs) == 0 { - return a.ID - } - return a.AlterIDs[dice.Roll(len(a.AlterIDs))] -} - // Equals implements protocol.Account. func (a *MemoryAccount) Equals(account protocol.Account) bool { vmessAccount, ok := account.(*MemoryAccount) if !ok { return false } - // TODO: handle AlterIds difference return a.ID.Equals(vmessAccount.ID) } @@ -55,7 +43,6 @@ func (a *Account) AsAccount() (protocol.Account, error) { } return &MemoryAccount{ ID: protoID, - AlterIDs: protocol.NewAlterIDs(protoID, uint16(a.AlterId)), Security: a.SecuritySettings.GetSecurityType(), AuthenticatedLengthExperiment: AuthenticatedLength, NoTerminationSignal: NoTerminationSignal, diff --git a/proxy/vmess/account.pb.go b/proxy/vmess/account.pb.go index 67f2586e8a52..9938cfb11b7a 100644 --- a/proxy/vmess/account.pb.go +++ b/proxy/vmess/account.pb.go @@ -29,8 +29,6 @@ type Account struct { // ID of the account, in the form of a UUID, e.g., // "66ad4540-b58c-4ad2-9926-ea63445a9b57". Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Number of alternative IDs. Client and server must share the same number. - AlterId uint32 `protobuf:"varint,2,opt,name=alter_id,json=alterId,proto3" json:"alter_id,omitempty"` // Security settings. Only applies to client side. SecuritySettings *protocol.SecurityConfig `protobuf:"bytes,3,opt,name=security_settings,json=securitySettings,proto3" json:"security_settings,omitempty"` // Define tests enabled for this account @@ -76,13 +74,6 @@ func (x *Account) GetId() string { return "" } -func (x *Account) GetAlterId() uint32 { - if x != nil { - return x.AlterId - } - return 0 -} - func (x *Account) GetSecuritySettings() *protocol.SecurityConfig { if x != nil { return x.SecuritySettings @@ -104,24 +95,22 @@ var file_proxy_vmess_account_proto_rawDesc = []byte{ 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x1a, 0x1d, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xac, 0x01, 0x0a, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x91, 0x01, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x6c, 0x74, 0x65, - 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x61, 0x6c, 0x74, 0x65, - 0x72, 0x49, 0x64, 0x12, 0x51, 0x0a, 0x11, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, - 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x65, 0x73, 0x74, 0x73, 0x5f, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x74, - 0x65, 0x73, 0x74, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x42, 0x52, 0x0a, 0x14, 0x63, - 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, - 0x65, 0x73, 0x73, 0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6d, 0x65, 0x73, 0x73, 0xaa, 0x02, 0x10, 0x58, - 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6d, 0x65, 0x73, 0x73, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x51, 0x0a, 0x11, 0x73, 0x65, 0x63, 0x75, + 0x72, 0x69, 0x74, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, + 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x73, 0x65, 0x63, 0x75, 0x72, + 0x69, 0x74, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x74, + 0x65, 0x73, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0c, 0x74, 0x65, 0x73, 0x74, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x42, 0x52, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, + 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6d, 0x65, 0x73, + 0x73, 0xaa, 0x02, 0x10, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, + 0x6d, 0x65, 0x73, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/vmess/account.proto b/proxy/vmess/account.proto index 98dc681ea7d2..3fac639909c4 100644 --- a/proxy/vmess/account.proto +++ b/proxy/vmess/account.proto @@ -12,8 +12,6 @@ message Account { // ID of the account, in the form of a UUID, e.g., // "66ad4540-b58c-4ad2-9926-ea63445a9b57". string id = 1; - // Number of alternative IDs. Client and server must share the same number. - uint32 alter_id = 2; // Security settings. Only applies to client side. xray.common.protocol.SecurityConfig security_settings = 3; // Define tests enabled for this account diff --git a/proxy/vmess/encoding/auth.go b/proxy/vmess/encoding/auth.go index 09689cea895f..5d9623b16990 100644 --- a/proxy/vmess/encoding/auth.go +++ b/proxy/vmess/encoding/auth.go @@ -17,6 +17,7 @@ func Authenticate(b []byte) uint32 { return fnv1hash.Sum32() } +// [DEPRECATED 2023-06] type NoOpAuthenticator struct{} func (NoOpAuthenticator) NonceSize() int { @@ -37,34 +38,6 @@ func (NoOpAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([] return append(dst[:0], ciphertext...), nil } -// FnvAuthenticator is an AEAD based on Fnv hash. -type FnvAuthenticator struct{} - -// NonceSize implements AEAD.NonceSize(). -func (*FnvAuthenticator) NonceSize() int { - return 0 -} - -// Overhead impelements AEAD.Overhead(). -func (*FnvAuthenticator) Overhead() int { - return 4 -} - -// Seal implements AEAD.Seal(). -func (*FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte { - dst = append(dst, 0, 0, 0, 0) - binary.BigEndian.PutUint32(dst, Authenticate(plaintext)) - return append(dst, plaintext...) -} - -// Open implements AEAD.Open(). -func (*FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { - if binary.BigEndian.Uint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) { - return dst, newError("invalid authentication") - } - return append(dst, ciphertext[4:]...), nil -} - // GenerateChacha20Poly1305Key generates a 32-byte key from a given 16-byte array. func GenerateChacha20Poly1305Key(b []byte) []byte { key := make([]byte, 32) diff --git a/proxy/vmess/encoding/auth_test.go b/proxy/vmess/encoding/auth_test.go deleted file mode 100644 index ae83076f619d..000000000000 --- a/proxy/vmess/encoding/auth_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package encoding_test - -import ( - "crypto/rand" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/xtls/xray-core/common" - . "github.com/xtls/xray-core/proxy/vmess/encoding" -) - -func TestFnvAuth(t *testing.T) { - fnvAuth := new(FnvAuthenticator) - - expectedText := make([]byte, 256) - _, err := rand.Read(expectedText) - common.Must(err) - - buffer := make([]byte, 512) - b := fnvAuth.Seal(buffer[:0], nil, expectedText, nil) - b, err = fnvAuth.Open(buffer[:0], nil, b, nil) - common.Must(err) - if r := cmp.Diff(b, expectedText); r != "" { - t.Error(r) - } -} diff --git a/proxy/vmess/encoding/client.go b/proxy/vmess/encoding/client.go index ba08843e4d3e..0b7a00981463 100644 --- a/proxy/vmess/encoding/client.go +++ b/proxy/vmess/encoding/client.go @@ -5,11 +5,9 @@ import ( "context" "crypto/aes" "crypto/cipher" - "crypto/md5" "crypto/rand" "crypto/sha256" "encoding/binary" - "hash" "hash/fnv" "io" @@ -20,24 +18,13 @@ import ( "github.com/xtls/xray-core/common/dice" "github.com/xtls/xray-core/common/drain" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/vmess" vmessaead "github.com/xtls/xray-core/proxy/vmess/aead" "golang.org/x/crypto/chacha20poly1305" ) -func hashTimestamp(h hash.Hash, t protocol.Timestamp) []byte { - common.Must2(serial.WriteUint64(h, uint64(t))) - common.Must2(serial.WriteUint64(h, uint64(t))) - common.Must2(serial.WriteUint64(h, uint64(t))) - common.Must2(serial.WriteUint64(h, uint64(t))) - return h.Sum(nil) -} - // ClientSession stores connection session info for VMess client. type ClientSession struct { - isAEAD bool - idHash protocol.IDHash requestBodyKey [16]byte requestBodyIV [16]byte responseBodyKey [16]byte @@ -49,11 +36,8 @@ type ClientSession struct { } // NewClientSession creates a new ClientSession. -func NewClientSession(ctx context.Context, isAEAD bool, idHash protocol.IDHash, behaviorSeed int64) *ClientSession { - session := &ClientSession{ - isAEAD: isAEAD, - idHash: idHash, - } +func NewClientSession(ctx context.Context, behaviorSeed int64) *ClientSession { + session := &ClientSession{} randomBytes := make([]byte, 33) // 16 + 16 + 1 common.Must2(rand.Read(randomBytes)) @@ -61,15 +45,10 @@ func NewClientSession(ctx context.Context, isAEAD bool, idHash protocol.IDHash, copy(session.requestBodyIV[:], randomBytes[16:32]) session.responseHeader = randomBytes[32] - if !session.isAEAD { - session.responseBodyKey = md5.Sum(session.requestBodyKey[:]) - session.responseBodyIV = md5.Sum(session.requestBodyIV[:]) - } else { - BodyKey := sha256.Sum256(session.requestBodyKey[:]) - copy(session.responseBodyKey[:], BodyKey[:16]) - BodyIV := sha256.Sum256(session.requestBodyIV[:]) - copy(session.responseBodyIV[:], BodyIV[:16]) - } + BodyKey := sha256.Sum256(session.requestBodyKey[:]) + copy(session.responseBodyKey[:], BodyKey[:16]) + BodyIV := sha256.Sum256(session.requestBodyIV[:]) + copy(session.responseBodyIV[:], BodyIV[:16]) { var err error session.readDrainer, err = drain.NewBehaviorSeedLimitedDrainer(behaviorSeed, 18, 3266, 64) @@ -83,13 +62,7 @@ func NewClientSession(ctx context.Context, isAEAD bool, idHash protocol.IDHash, } func (c *ClientSession) EncodeRequestHeader(header *protocol.RequestHeader, writer io.Writer) error { - timestamp := protocol.NewTimestampGenerator(protocol.NowTime(), 30)() account := header.User.Account.(*vmess.MemoryAccount) - if !c.isAEAD { - idHash := c.idHash(account.AnyValidID().Bytes()) - common.Must2(serial.WriteUint64(idHash, uint64(timestamp))) - common.Must2(writer.Write(idHash.Sum(nil))) - } buffer := buf.New() defer buffer.Release() @@ -121,17 +94,10 @@ func (c *ClientSession) EncodeRequestHeader(header *protocol.RequestHeader, writ fnv1a.Sum(hashBytes[:0]) } - if !c.isAEAD { - iv := hashTimestamp(md5.New(), timestamp) - aesStream := crypto.NewAesEncryptionStream(account.ID.CmdKey(), iv) - aesStream.XORKeyStream(buffer.Bytes(), buffer.Bytes()) - common.Must2(writer.Write(buffer.Bytes())) - } else { - var fixedLengthCmdKey [16]byte - copy(fixedLengthCmdKey[:], account.ID.CmdKey()) - vmessout := vmessaead.SealVMessAEADHeader(fixedLengthCmdKey, buffer.Bytes()) - common.Must2(io.Copy(writer, bytes.NewReader(vmessout))) - } + var fixedLengthCmdKey [16]byte + copy(fixedLengthCmdKey[:], account.ID.CmdKey()) + vmessout := vmessaead.SealVMessAEADHeader(fixedLengthCmdKey, buffer.Bytes()) + common.Must2(io.Copy(writer, bytes.NewReader(vmessout))) return nil } @@ -165,19 +131,6 @@ func (c *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write } return buf.NewWriter(writer), nil - case protocol.SecurityType_LEGACY: - aesStream := crypto.NewAesEncryptionStream(c.requestBodyKey[:], c.requestBodyIV[:]) - cryptionWriter := crypto.NewCryptionWriter(aesStream, writer) - if request.Option.Has(protocol.RequestOptionChunkStream) { - auth := &crypto.AEADAuthenticator{ - AEAD: new(FnvAuthenticator), - NonceGenerator: crypto.GenerateEmptyBytes(), - AdditionalDataGenerator: crypto.GenerateEmptyBytes(), - } - return crypto.NewAuthenticationWriter(auth, sizeParser, cryptionWriter, request.Command.TransferType(), padding), nil - } - - return &buf.SequentialWriter{Writer: cryptionWriter}, nil case protocol.SecurityType_AES128_GCM: aead := crypto.NewAesGcm(c.requestBodyKey[:]) auth := &crypto.AEADAuthenticator{ @@ -225,53 +178,48 @@ func (c *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write } func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.ResponseHeader, error) { - if !c.isAEAD { - aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:]) - c.responseReader = crypto.NewCryptionReader(aesStream, reader) - } else { - aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderLenKey) - aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderLenIV)[:12] - - aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block) - aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD) - - var aeadEncryptedResponseHeaderLength [18]byte - var decryptedResponseHeaderLength int - var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16 - - if n, err := io.ReadFull(reader, aeadEncryptedResponseHeaderLength[:]); err != nil { - c.readDrainer.AcknowledgeReceive(n) - return nil, drain.WithError(c.readDrainer, reader, newError("Unable to Read Header Len").Base(err)) - } else { // nolint: golint - c.readDrainer.AcknowledgeReceive(n) - } - if decryptedResponseHeaderLengthBinaryBuffer, err := aeadResponseHeaderLengthEncryptionAEAD.Open(nil, aeadResponseHeaderLengthEncryptionIV, aeadEncryptedResponseHeaderLength[:], nil); err != nil { - return nil, drain.WithError(c.readDrainer, reader, newError("Failed To Decrypt Length").Base(err)) - } else { // nolint: golint - common.Must(binary.Read(bytes.NewReader(decryptedResponseHeaderLengthBinaryBuffer), binary.BigEndian, &decryptedResponseHeaderLengthBinaryDeserializeBuffer)) - decryptedResponseHeaderLength = int(decryptedResponseHeaderLengthBinaryDeserializeBuffer) - } + aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderLenKey) + aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderLenIV)[:12] - aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadKey) - aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadIV)[:12] + aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block) + aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD) - aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block) - aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD) + var aeadEncryptedResponseHeaderLength [18]byte + var decryptedResponseHeaderLength int + var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16 - encryptedResponseHeaderBuffer := make([]byte, decryptedResponseHeaderLength+16) + if n, err := io.ReadFull(reader, aeadEncryptedResponseHeaderLength[:]); err != nil { + c.readDrainer.AcknowledgeReceive(n) + return nil, drain.WithError(c.readDrainer, reader, newError("Unable to Read Header Len").Base(err)) + } else { // nolint: golint + c.readDrainer.AcknowledgeReceive(n) + } + if decryptedResponseHeaderLengthBinaryBuffer, err := aeadResponseHeaderLengthEncryptionAEAD.Open(nil, aeadResponseHeaderLengthEncryptionIV, aeadEncryptedResponseHeaderLength[:], nil); err != nil { + return nil, drain.WithError(c.readDrainer, reader, newError("Failed To Decrypt Length").Base(err)) + } else { // nolint: golint + common.Must(binary.Read(bytes.NewReader(decryptedResponseHeaderLengthBinaryBuffer), binary.BigEndian, &decryptedResponseHeaderLengthBinaryDeserializeBuffer)) + decryptedResponseHeaderLength = int(decryptedResponseHeaderLengthBinaryDeserializeBuffer) + } - if n, err := io.ReadFull(reader, encryptedResponseHeaderBuffer); err != nil { - c.readDrainer.AcknowledgeReceive(n) - return nil, drain.WithError(c.readDrainer, reader, newError("Unable to Read Header Data").Base(err)) - } else { // nolint: golint - c.readDrainer.AcknowledgeReceive(n) - } + aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadKey) + aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadIV)[:12] - if decryptedResponseHeaderBuffer, err := aeadResponseHeaderPayloadEncryptionAEAD.Open(nil, aeadResponseHeaderPayloadEncryptionIV, encryptedResponseHeaderBuffer, nil); err != nil { - return nil, drain.WithError(c.readDrainer, reader, newError("Failed To Decrypt Payload").Base(err)) - } else { // nolint: golint - c.responseReader = bytes.NewReader(decryptedResponseHeaderBuffer) - } + aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block) + aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD) + + encryptedResponseHeaderBuffer := make([]byte, decryptedResponseHeaderLength+16) + + if n, err := io.ReadFull(reader, encryptedResponseHeaderBuffer); err != nil { + c.readDrainer.AcknowledgeReceive(n) + return nil, drain.WithError(c.readDrainer, reader, newError("Unable to Read Header Data").Base(err)) + } else { // nolint: golint + c.readDrainer.AcknowledgeReceive(n) + } + + if decryptedResponseHeaderBuffer, err := aeadResponseHeaderPayloadEncryptionAEAD.Open(nil, aeadResponseHeaderPayloadEncryptionIV, encryptedResponseHeaderBuffer, nil); err != nil { + return nil, drain.WithError(c.readDrainer, reader, newError("Failed To Decrypt Payload").Base(err)) + } else { // nolint: golint + c.responseReader = bytes.NewReader(decryptedResponseHeaderBuffer) } buffer := buf.StackNew() @@ -302,10 +250,8 @@ func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon header.Command = command } } - if c.isAEAD { - aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:]) - c.responseReader = crypto.NewCryptionReader(aesStream, reader) - } + aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:]) + c.responseReader = crypto.NewCryptionReader(aesStream, reader) return header, nil } @@ -340,17 +286,6 @@ func (c *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read } return buf.NewReader(reader), nil - case protocol.SecurityType_LEGACY: - if request.Option.Has(protocol.RequestOptionChunkStream) { - auth := &crypto.AEADAuthenticator{ - AEAD: new(FnvAuthenticator), - NonceGenerator: crypto.GenerateEmptyBytes(), - AdditionalDataGenerator: crypto.GenerateEmptyBytes(), - } - return crypto.NewAuthenticationReader(auth, sizeParser, c.responseReader, request.Command.TransferType(), padding), nil - } - - return buf.NewReader(c.responseReader), nil case protocol.SecurityType_AES128_GCM: aead := crypto.NewAesGcm(c.responseBodyKey[:]) diff --git a/proxy/vmess/encoding/commands.go b/proxy/vmess/encoding/commands.go index 1b42002141cb..5a4d3708828a 100644 --- a/proxy/vmess/encoding/commands.go +++ b/proxy/vmess/encoding/commands.go @@ -101,7 +101,7 @@ func (f *CommandSwitchAccountFactory) Marshal(command interface{}, writer io.Wri idBytes := cmd.ID.Bytes() common.Must2(writer.Write(idBytes)) - common.Must2(serial.WriteUint16(writer, cmd.AlterIds)) + common.Must2(serial.WriteUint16(writer, 0)) // compatible with legacy alterId common.Must2(writer.Write([]byte{byte(cmd.Level)})) common.Must2(writer.Write([]byte{cmd.ValidMin})) @@ -130,12 +130,7 @@ func (f *CommandSwitchAccountFactory) Unmarshal(data []byte) (interface{}, error return nil, ErrInsufficientLength } cmd.ID, _ = uuid.ParseBytes(data[idStart : idStart+16]) - alterIDStart := idStart + 16 - if len(data) < alterIDStart+2 { - return nil, ErrInsufficientLength - } - cmd.AlterIds = binary.BigEndian.Uint16(data[alterIDStart : alterIDStart+2]) - levelStart := alterIDStart + 2 + levelStart := idStart + 16 + 2 if len(data) < levelStart+1 { return nil, ErrInsufficientLength } diff --git a/proxy/vmess/encoding/commands_test.go b/proxy/vmess/encoding/commands_test.go index 17892bb638f5..c54159596193 100644 --- a/proxy/vmess/encoding/commands_test.go +++ b/proxy/vmess/encoding/commands_test.go @@ -16,7 +16,6 @@ func TestSwitchAccount(t *testing.T) { sa := &protocol.CommandSwitchAccount{ Port: 1234, ID: uuid.New(), - AlterIds: 1024, Level: 128, ValidMin: 16, } @@ -40,7 +39,6 @@ func TestSwitchAccountBugOffByOne(t *testing.T) { sa := &protocol.CommandSwitchAccount{ Port: 1234, ID: uuid.New(), - AlterIds: 1024, Level: 128, ValidMin: 16, } diff --git a/proxy/vmess/encoding/encoding_test.go b/proxy/vmess/encoding/encoding_test.go index a8fd8f3af396..ddae29e15e20 100644 --- a/proxy/vmess/encoding/encoding_test.go +++ b/proxy/vmess/encoding/encoding_test.go @@ -41,7 +41,7 @@ func TestRequestSerialization(t *testing.T) { } buffer := buf.New() - client := NewClientSession(context.TODO(), true, protocol.DefaultIDHash, 0) + client := NewClientSession(context.TODO(), 0) common.Must(client.EncodeRequestHeader(expectedRequest, buffer)) buffer2 := buf.New() @@ -50,7 +50,7 @@ func TestRequestSerialization(t *testing.T) { sessionHistory := NewSessionHistory() defer common.Close(sessionHistory) - userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash) + userValidator := vmess.NewTimedUserValidator() userValidator.Add(user) defer common.Close(userValidator) @@ -90,7 +90,7 @@ func TestInvalidRequest(t *testing.T) { } buffer := buf.New() - client := NewClientSession(context.TODO(), true, protocol.DefaultIDHash, 0) + client := NewClientSession(context.TODO(), 0) common.Must(client.EncodeRequestHeader(expectedRequest, buffer)) buffer2 := buf.New() @@ -99,7 +99,7 @@ func TestInvalidRequest(t *testing.T) { sessionHistory := NewSessionHistory() defer common.Close(sessionHistory) - userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash) + userValidator := vmess.NewTimedUserValidator() userValidator.Add(user) defer common.Close(userValidator) @@ -130,7 +130,7 @@ func TestMuxRequest(t *testing.T) { } buffer := buf.New() - client := NewClientSession(context.TODO(), true, protocol.DefaultIDHash, 0) + client := NewClientSession(context.TODO(), 0) common.Must(client.EncodeRequestHeader(expectedRequest, buffer)) buffer2 := buf.New() @@ -139,7 +139,7 @@ func TestMuxRequest(t *testing.T) { sessionHistory := NewSessionHistory() defer common.Close(sessionHistory) - userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash) + userValidator := vmess.NewTimedUserValidator() userValidator.Add(user) defer common.Close(userValidator) diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go index 4bdb6fb7bc24..371bfdc0a00e 100644 --- a/proxy/vmess/encoding/server.go +++ b/proxy/vmess/encoding/server.go @@ -4,7 +4,6 @@ import ( "bytes" "crypto/aes" "crypto/cipher" - "crypto/md5" "crypto/sha256" "encoding/binary" "hash/fnv" @@ -102,10 +101,6 @@ type ServerSession struct { responseBodyIV [16]byte responseWriter io.Writer responseHeader byte - - isAEADRequest bool - - isAEADForced bool } // NewServerSession creates a new ServerSession, using the given UserValidator. @@ -117,17 +112,12 @@ func NewServerSession(validator *vmess.TimedUserValidator, sessionHistory *Sessi } } -// SetAEADForced sets isAEADForced for a ServerSession. -func (s *ServerSession) SetAEADForced(isAEADForced bool) { - s.isAEADForced = isAEADForced -} - func parseSecurityType(b byte) protocol.SecurityType { if _, f := protocol.SecurityType_name[int32(b)]; f { st := protocol.SecurityType(b) // For backward compatibility. if st == protocol.SecurityType_UNKNOWN { - st = protocol.SecurityType_LEGACY + st = protocol.SecurityType_AUTO } return st } @@ -183,26 +173,6 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader, isDrain bool) (*pr } } decryptor = bytes.NewReader(aeadData) - s.isAEADRequest = true - - case errorAEAD == vmessaead.ErrNotFound: - userLegacy, timestamp, valid, userValidationError := s.userValidator.Get(buffer.Bytes()) - if !valid || userValidationError != nil { - return nil, drainConnection(newError("invalid user").Base(userValidationError)) - } - if s.isAEADForced { - return nil, drainConnection(newError("invalid user: VMessAEAD is enforced and a non VMessAEAD connection is received. You can still disable this security feature with environment variable xray.vmess.aead.forced = false . You will not be able to enable legacy header workaround in the future.")) - } - if s.userValidator.ShouldShowLegacyWarn() { - newError("Critical Warning: potentially invalid user: a non VMessAEAD connection is received. From 2022 Jan 1st, this kind of connection will be rejected by default. You should update or replace your client software now. This message will not be shown for further violation on this inbound.").AtWarning().WriteToLog() - } - user = userLegacy - iv := hashTimestamp(md5.New(), timestamp) - vmessAccount = userLegacy.Account.(*vmess.MemoryAccount) - - aesStream := crypto.NewAesDecryptionStream(vmessAccount.ID.CmdKey(), iv) - decryptor = crypto.NewCryptionReader(aesStream, reader) - default: return nil, drainConnection(newError("invalid user").Base(errorAEAD)) } @@ -225,15 +195,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader, isDrain bool) (*pr sid.key = s.requestBodyKey sid.nonce = s.requestBodyIV if !s.sessionHistory.addIfNotExits(sid) { - if !s.isAEADRequest { - drainErr := s.userValidator.BurnTaintFuse(fixedSizeAuthID[:]) - if drainErr != nil { - return nil, drainConnection(newError("duplicated session id, possibly under replay attack, and failed to taint userHash").Base(drainErr)) - } - return nil, drainConnection(newError("duplicated session id, possibly under replay attack, userHash tainted")) - } else { - return nil, newError("duplicated session id, possibly under replay attack, but this is a AEAD request") - } + return nil, newError("duplicated session id, possibly under replay attack, but this is a AEAD request") } s.responseHeader = buffer.Byte(33) // 1 byte @@ -257,25 +219,11 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader, isDrain bool) (*pr if paddingLen > 0 { if _, err := buffer.ReadFullFrom(decryptor, int32(paddingLen)); err != nil { - if !s.isAEADRequest { - burnErr := s.userValidator.BurnTaintFuse(fixedSizeAuthID[:]) - if burnErr != nil { - return nil, newError("failed to read padding, failed to taint userHash").Base(burnErr).Base(err) - } - return nil, newError("failed to read padding, userHash tainted").Base(err) - } return nil, newError("failed to read padding").Base(err) } } if _, err := buffer.ReadFullFrom(decryptor, 4); err != nil { - if !s.isAEADRequest { - burnErr := s.userValidator.BurnTaintFuse(fixedSizeAuthID[:]) - if burnErr != nil { - return nil, newError("failed to read checksum, failed to taint userHash").Base(burnErr).Base(err) - } - return nil, newError("failed to read checksum, userHash tainted").Base(err) - } return nil, newError("failed to read checksum").Base(err) } @@ -285,17 +233,7 @@ func (s *ServerSession) DecodeRequestHeader(reader io.Reader, isDrain bool) (*pr expectedHash := binary.BigEndian.Uint32(buffer.BytesFrom(-4)) if actualHash != expectedHash { - if !s.isAEADRequest { - Autherr := newError("invalid auth, legacy userHash tainted") - burnErr := s.userValidator.BurnTaintFuse(fixedSizeAuthID[:]) - if burnErr != nil { - Autherr = newError("invalid auth, can't taint legacy userHash").Base(burnErr) - } - // It is possible that we are under attack described in https://github.com/xray/xray-core/issues/2523 - return nil, drainConnection(Autherr) - } else { - return nil, newError("invalid auth, but this is a AEAD request") - } + return nil, newError("invalid auth, but this is a AEAD request") } if request.Address == nil { @@ -340,19 +278,6 @@ func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade } return buf.NewReader(reader), nil - case protocol.SecurityType_LEGACY: - aesStream := crypto.NewAesDecryptionStream(s.requestBodyKey[:], s.requestBodyIV[:]) - cryptionReader := crypto.NewCryptionReader(aesStream, reader) - if request.Option.Has(protocol.RequestOptionChunkStream) { - auth := &crypto.AEADAuthenticator{ - AEAD: new(FnvAuthenticator), - NonceGenerator: crypto.GenerateEmptyBytes(), - AdditionalDataGenerator: crypto.GenerateEmptyBytes(), - } - return crypto.NewAuthenticationReader(auth, sizeParser, cryptionReader, request.Command.TransferType(), padding), nil - } - return buf.NewReader(cryptionReader), nil - case protocol.SecurityType_AES128_GCM: aead := crypto.NewAesGcm(s.requestBodyKey[:]) auth := &crypto.AEADAuthenticator{ @@ -403,25 +328,17 @@ func (s *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade // EncodeResponseHeader writes encoded response header into the given writer. func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, writer io.Writer) { var encryptionWriter io.Writer - if !s.isAEADRequest { - s.responseBodyKey = md5.Sum(s.requestBodyKey[:]) - s.responseBodyIV = md5.Sum(s.requestBodyIV[:]) - } else { - BodyKey := sha256.Sum256(s.requestBodyKey[:]) - copy(s.responseBodyKey[:], BodyKey[:16]) - BodyIV := sha256.Sum256(s.requestBodyIV[:]) - copy(s.responseBodyIV[:], BodyIV[:16]) - } + BodyKey := sha256.Sum256(s.requestBodyKey[:]) + copy(s.responseBodyKey[:], BodyKey[:16]) + BodyIV := sha256.Sum256(s.requestBodyIV[:]) + copy(s.responseBodyIV[:], BodyIV[:16]) aesStream := crypto.NewAesEncryptionStream(s.responseBodyKey[:], s.responseBodyIV[:]) encryptionWriter = crypto.NewCryptionWriter(aesStream, writer) s.responseWriter = encryptionWriter aeadEncryptedHeaderBuffer := bytes.NewBuffer(nil) - - if s.isAEADRequest { - encryptionWriter = aeadEncryptedHeaderBuffer - } + encryptionWriter = aeadEncryptedHeaderBuffer common.Must2(encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)})) err := MarshalCommand(header.Command, encryptionWriter) @@ -429,31 +346,29 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr common.Must2(encryptionWriter.Write([]byte{0x00, 0x00})) } - if s.isAEADRequest { - aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderLenKey) - aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderLenIV)[:12] + aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderLenKey) + aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderLenIV)[:12] - aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block) - aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD) + aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block) + aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD) - aeadResponseHeaderLengthEncryptionBuffer := bytes.NewBuffer(nil) + aeadResponseHeaderLengthEncryptionBuffer := bytes.NewBuffer(nil) - decryptedResponseHeaderLengthBinaryDeserializeBuffer := uint16(aeadEncryptedHeaderBuffer.Len()) + decryptedResponseHeaderLengthBinaryDeserializeBuffer := uint16(aeadEncryptedHeaderBuffer.Len()) - common.Must(binary.Write(aeadResponseHeaderLengthEncryptionBuffer, binary.BigEndian, decryptedResponseHeaderLengthBinaryDeserializeBuffer)) + common.Must(binary.Write(aeadResponseHeaderLengthEncryptionBuffer, binary.BigEndian, decryptedResponseHeaderLengthBinaryDeserializeBuffer)) - AEADEncryptedLength := aeadResponseHeaderLengthEncryptionAEAD.Seal(nil, aeadResponseHeaderLengthEncryptionIV, aeadResponseHeaderLengthEncryptionBuffer.Bytes(), nil) - common.Must2(io.Copy(writer, bytes.NewReader(AEADEncryptedLength))) + AEADEncryptedLength := aeadResponseHeaderLengthEncryptionAEAD.Seal(nil, aeadResponseHeaderLengthEncryptionIV, aeadResponseHeaderLengthEncryptionBuffer.Bytes(), nil) + common.Must2(io.Copy(writer, bytes.NewReader(AEADEncryptedLength))) - aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadKey) - aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadIV)[:12] + aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadKey) + aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConstAEADRespHeaderPayloadIV)[:12] - aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block) - aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD) + aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block) + aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD) - aeadEncryptedHeaderPayload := aeadResponseHeaderPayloadEncryptionAEAD.Seal(nil, aeadResponseHeaderPayloadEncryptionIV, aeadEncryptedHeaderBuffer.Bytes(), nil) - common.Must2(io.Copy(writer, bytes.NewReader(aeadEncryptedHeaderPayload))) - } + aeadEncryptedHeaderPayload := aeadResponseHeaderPayloadEncryptionAEAD.Seal(nil, aeadResponseHeaderPayloadEncryptionIV, aeadEncryptedHeaderBuffer.Bytes(), nil) + common.Must2(io.Copy(writer, bytes.NewReader(aeadEncryptedHeaderPayload))) } // EncodeResponseBody returns a Writer that auto-encrypt content written by caller. @@ -487,17 +402,6 @@ func (s *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ } return buf.NewWriter(writer), nil - case protocol.SecurityType_LEGACY: - if request.Option.Has(protocol.RequestOptionChunkStream) { - auth := &crypto.AEADAuthenticator{ - AEAD: new(FnvAuthenticator), - NonceGenerator: crypto.GenerateEmptyBytes(), - AdditionalDataGenerator: crypto.GenerateEmptyBytes(), - } - return crypto.NewAuthenticationWriter(auth, sizeParser, s.responseWriter, request.Command.TransferType(), padding), nil - } - return &buf.SequentialWriter{Writer: s.responseWriter}, nil - case protocol.SecurityType_AES128_GCM: aead := crypto.NewAesGcm(s.responseBodyKey[:]) auth := &crypto.AEADAuthenticator{ diff --git a/proxy/vmess/inbound/config.pb.go b/proxy/vmess/inbound/config.pb.go index a301cede12e1..663256aac057 100644 --- a/proxy/vmess/inbound/config.pb.go +++ b/proxy/vmess/inbound/config.pb.go @@ -73,8 +73,7 @@ type DefaultConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - AlterId uint32 `protobuf:"varint,1,opt,name=alter_id,json=alterId,proto3" json:"alter_id,omitempty"` - Level uint32 `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"` + Level uint32 `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"` } func (x *DefaultConfig) Reset() { @@ -109,13 +108,6 @@ func (*DefaultConfig) Descriptor() ([]byte, []int) { return file_proxy_vmess_inbound_config_proto_rawDescGZIP(), []int{1} } -func (x *DefaultConfig) GetAlterId() uint32 { - if x != nil { - return x.AlterId - } - return 0 -} - func (x *DefaultConfig) GetLevel() uint32 { if x != nil { return x.Level @@ -128,10 +120,9 @@ type Config struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - User []*protocol.User `protobuf:"bytes,1,rep,name=user,proto3" json:"user,omitempty"` - Default *DefaultConfig `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` - Detour *DetourConfig `protobuf:"bytes,3,opt,name=detour,proto3" json:"detour,omitempty"` - SecureEncryptionOnly bool `protobuf:"varint,4,opt,name=secure_encryption_only,json=secureEncryptionOnly,proto3" json:"secure_encryption_only,omitempty"` + User []*protocol.User `protobuf:"bytes,1,rep,name=user,proto3" json:"user,omitempty"` + Default *DefaultConfig `protobuf:"bytes,2,opt,name=default,proto3" json:"default,omitempty"` + Detour *DetourConfig `protobuf:"bytes,3,opt,name=detour,proto3" json:"detour,omitempty"` // 4 is for legacy setting } func (x *Config) Reset() { @@ -187,13 +178,6 @@ func (x *Config) GetDetour() *DetourConfig { return nil } -func (x *Config) GetSecureEncryptionOnly() bool { - if x != nil { - return x.SecureEncryptionOnly - } - return false -} - var File_proxy_vmess_inbound_config_proto protoreflect.FileDescriptor var file_proxy_vmess_inbound_config_proto_rawDesc = []byte{ @@ -204,34 +188,29 @@ var file_proxy_vmess_inbound_config_proto_rawDesc = []byte{ 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1e, 0x0a, 0x0c, 0x44, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x22, 0x40, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x6c, 0x74, - 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x61, 0x6c, 0x74, - 0x65, 0x72, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xf1, 0x01, 0x0a, 0x06, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, - 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, - 0x64, 0x2e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x6f, - 0x75, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, - 0x75, 0x6e, 0x64, 0x2e, 0x44, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x52, 0x06, 0x64, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x6e, - 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x6e, 0x6c, 0x79, 0x42, 0x6a, - 0x0a, 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x01, - 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, - 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x2f, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0xaa, - 0x02, 0x18, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6d, 0x65, - 0x73, 0x73, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x22, 0x25, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x65, 0x76, + 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, + 0xbb, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x0a, 0x04, 0x75, 0x73, + 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, + 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x07, 0x64, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, + 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x2e, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, + 0x06, 0x64, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, + 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6d, 0x65, 0x73, 0x73, + 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x2e, 0x44, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x64, 0x65, 0x74, 0x6f, 0x75, 0x72, 0x42, 0x6a, 0x0a, + 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, + 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x01, 0x5a, + 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, + 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x2f, 0x76, 0x6d, 0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0xaa, 0x02, + 0x18, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6d, 0x65, 0x73, + 0x73, 0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( diff --git a/proxy/vmess/inbound/config.proto b/proxy/vmess/inbound/config.proto index 9fc7e36f6076..7da1d5810415 100644 --- a/proxy/vmess/inbound/config.proto +++ b/proxy/vmess/inbound/config.proto @@ -13,7 +13,6 @@ message DetourConfig { } message DefaultConfig { - uint32 alter_id = 1; uint32 level = 2; } @@ -21,5 +20,5 @@ message Config { repeated xray.common.protocol.User user = 1; DefaultConfig default = 2; DetourConfig detour = 3; - bool secure_encryption_only = 4; + // 4 is for legacy setting } diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go index eb24a6c6ddd1..f427bc6bb881 100644 --- a/proxy/vmess/inbound/inbound.go +++ b/proxy/vmess/inbound/inbound.go @@ -14,7 +14,6 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" @@ -29,23 +28,16 @@ import ( "github.com/xtls/xray-core/transport/internet/stat" ) -var ( - aeadForced = false - aeadForced2022 = false -) - type userByEmail struct { sync.Mutex cache map[string]*protocol.MemoryUser defaultLevel uint32 - defaultAlterIDs uint16 } func newUserByEmail(config *DefaultConfig) *userByEmail { return &userByEmail{ cache: make(map[string]*protocol.MemoryUser), defaultLevel: config.Level, - defaultAlterIDs: uint16(config.AlterId), } } @@ -77,7 +69,6 @@ func (v *userByEmail) Get(email string) (*protocol.MemoryUser, bool) { id := uuid.New() rawAccount := &vmess.Account{ Id: id.String(), - AlterId: uint32(v.defaultAlterIDs), } account, err := rawAccount.AsAccount() common.Must(err) @@ -112,7 +103,6 @@ type Handler struct { usersByEmail *userByEmail detours *DetourConfig sessionHistory *encoding.SessionHistory - secure bool } // New creates a new VMess inbound handler. @@ -121,11 +111,10 @@ func New(ctx context.Context, config *Config) (*Handler, error) { handler := &Handler{ policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager), inboundHandlerManager: v.GetFeature(feature_inbound.ManagerType()).(feature_inbound.Manager), - clients: vmess.NewTimedUserValidator(protocol.DefaultIDHash), + clients: vmess.NewTimedUserValidator(), detours: config.Detour, usersByEmail: newUserByEmail(config.GetDefaultValue()), sessionHistory: encoding.NewSessionHistory(), - secure: config.SecureEncryptionOnly, } for _, user := range config.User { @@ -145,7 +134,6 @@ func New(ctx context.Context, config *Config) (*Handler, error) { // Close implements common.Closable. func (h *Handler) Close() error { return errors.Combine( - h.clients.Close(), h.sessionHistory.Close(), common.Close(h.usersByEmail)) } @@ -219,10 +207,6 @@ func transferResponse(timer signal.ActivityUpdater, session *encoding.ServerSess return nil } -func isInsecureEncryption(s protocol.SecurityType) bool { - return s == protocol.SecurityType_NONE || s == protocol.SecurityType_LEGACY || s == protocol.SecurityType_UNKNOWN -} - // Process implements proxy.Inbound.Process(). func (h *Handler) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { sessionPolicy := h.policyManager.ForLevel(0) @@ -241,7 +225,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s reader := &buf.BufferedReader{Reader: buf.NewReader(connection)} svrSession := encoding.NewServerSession(h.clients, h.sessionHistory) - svrSession.SetAEADForced(aeadForced) request, err := svrSession.DecodeRequestHeader(reader, isDrain) if err != nil { if errors.Cause(err) != io.EOF { @@ -256,17 +239,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return err } - if h.secure && isInsecureEncryption(request.Security) { - log.Record(&log.AccessMessage{ - From: connection.RemoteAddr(), - To: "", - Status: log.AccessRejected, - Reason: "Insecure encryption", - Email: request.User.Email, - }) - return newError("client is using insecure encryption: ", request.Security) - } - if request.Command != protocol.RequestCommandMux { ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ From: connection.RemoteAddr(), @@ -361,7 +333,6 @@ func (h *Handler) generateCommand(ctx context.Context, request *protocol.Request return &protocol.CommandSwitchAccount{ Port: port, ID: account.ID.UUID(), - AlterIds: uint16(len(account.AlterIDs)), Level: user.Level, ValidMin: byte(availableMin), } @@ -376,18 +347,4 @@ func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config)) })) - - defaultFlagValue := "NOT_DEFINED_AT_ALL" - - if time.Now().Year() >= 2022 { - defaultFlagValue = "true_by_default_2022" - } - - isAeadForced := platform.NewEnvFlag("xray.vmess.aead.forced").GetValue(func() string { return defaultFlagValue }) - aeadForced = (isAeadForced == "true") - - if isAeadForced == "true_by_default_2022" { - aeadForced = true - aeadForced2022 = true - } } diff --git a/proxy/vmess/outbound/command.go b/proxy/vmess/outbound/command.go index 00c6fac5b66f..07df935cac8d 100644 --- a/proxy/vmess/outbound/command.go +++ b/proxy/vmess/outbound/command.go @@ -12,9 +12,8 @@ import ( func (h *Handler) handleSwitchAccount(cmd *protocol.CommandSwitchAccount) { rawAccount := &vmess.Account{ Id: cmd.ID.String(), - AlterId: uint32(cmd.AlterIds), SecuritySettings: &protocol.SecurityConfig{ - Type: protocol.SecurityType_LEGACY, + Type: protocol.SecurityType_AUTO, }, } diff --git a/proxy/vmess/outbound/outbound.go b/proxy/vmess/outbound/outbound.go index 64c292253bd6..fc77f07feb24 100644 --- a/proxy/vmess/outbound/outbound.go +++ b/proxy/vmess/outbound/outbound.go @@ -128,11 +128,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte input := link.Reader output := link.Writer - isAEAD := false - if !aeadDisabled && len(account.AlterIDs) == 0 { - isAEAD = true - } - hashkdf := hmac.New(sha256.New, []byte("VMessBF")) hashkdf.Write(account.ID.Bytes()) @@ -144,7 +139,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte newCtx, newCancel = context.WithCancel(context.Background()) } - session := encoding.NewClientSession(ctx, isAEAD, protocol.DefaultIDHash, int64(behaviorSeed)) + session := encoding.NewClientSession(ctx, int64(behaviorSeed)) sessionPolicy := h.policyManager.ForLevel(request.User.Level) ctx, cancel := context.WithCancel(ctx) @@ -233,7 +228,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var ( enablePadding = false - aeadDisabled = false ) func shouldEnablePadding(s protocol.SecurityType) bool { @@ -251,9 +245,4 @@ func init() { if paddingValue != defaultFlagValue { enablePadding = true } - - isAeadDisabled := platform.NewEnvFlag("xray.vmess.aead.disabled").GetValue(func() string { return defaultFlagValue }) - if isAeadDisabled == "true" { - aeadDisabled = true - } } diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go index c638a23b1cc5..6cc96927c45e 100644 --- a/proxy/vmess/validator.go +++ b/proxy/vmess/validator.go @@ -6,146 +6,39 @@ import ( "hash/crc64" "strings" "sync" - "sync/atomic" - "time" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/dice" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/serial" - "github.com/xtls/xray-core/common/task" "github.com/xtls/xray-core/proxy/vmess/aead" ) -const ( - updateInterval = 10 * time.Second - cacheDurationSec = 120 -) - -type user struct { - user protocol.MemoryUser - lastSec protocol.Timestamp -} - // TimedUserValidator is a user Validator based on time. type TimedUserValidator struct { sync.RWMutex - users []*user - userHash map[[16]byte]indexTimePair - hasher protocol.IDHash - baseTime protocol.Timestamp - task *task.Periodic + users []*protocol.MemoryUser behaviorSeed uint64 behaviorFused bool aeadDecoderHolder *aead.AuthIDDecoderHolder - - legacyWarnShown bool -} - -type indexTimePair struct { - user *user - timeInc uint32 - - taintedFuse *uint32 } // NewTimedUserValidator creates a new TimedUserValidator. -func NewTimedUserValidator(hasher protocol.IDHash) *TimedUserValidator { +func NewTimedUserValidator() *TimedUserValidator { tuv := &TimedUserValidator{ - users: make([]*user, 0, 16), - userHash: make(map[[16]byte]indexTimePair, 1024), - hasher: hasher, - baseTime: protocol.Timestamp(time.Now().Unix() - cacheDurationSec*2), + users: make([]*protocol.MemoryUser, 0, 16), aeadDecoderHolder: aead.NewAuthIDDecoderHolder(), } - tuv.task = &task.Periodic{ - Interval: updateInterval, - Execute: func() error { - tuv.updateUserHash() - return nil - }, - } - common.Must(tuv.task.Start()) return tuv } -// visible for testing -func (v *TimedUserValidator) GetBaseTime() protocol.Timestamp { - return v.baseTime -} - -func (v *TimedUserValidator) generateNewHashes(nowSec protocol.Timestamp, user *user) { - var hashValue [16]byte - genEndSec := nowSec + cacheDurationSec - genHashForID := func(id *protocol.ID) { - idHash := v.hasher(id.Bytes()) - genBeginSec := user.lastSec - if genBeginSec < nowSec-cacheDurationSec { - genBeginSec = nowSec - cacheDurationSec - } - for ts := genBeginSec; ts <= genEndSec; ts++ { - common.Must2(serial.WriteUint64(idHash, uint64(ts))) - idHash.Sum(hashValue[:0]) - idHash.Reset() - - v.userHash[hashValue] = indexTimePair{ - user: user, - timeInc: uint32(ts - v.baseTime), - taintedFuse: new(uint32), - } - } - } - - account := user.user.Account.(*MemoryAccount) - - genHashForID(account.ID) - for _, id := range account.AlterIDs { - genHashForID(id) - } - user.lastSec = genEndSec -} - -func (v *TimedUserValidator) removeExpiredHashes(expire uint32) { - for key, pair := range v.userHash { - if pair.timeInc < expire { - delete(v.userHash, key) - } - } -} - -func (v *TimedUserValidator) updateUserHash() { - now := time.Now() - nowSec := protocol.Timestamp(now.Unix()) - - v.Lock() - defer v.Unlock() - - for _, user := range v.users { - v.generateNewHashes(nowSec, user) - } - - expire := protocol.Timestamp(now.Unix() - cacheDurationSec) - if expire > v.baseTime { - v.removeExpiredHashes(uint32(expire - v.baseTime)) - } -} - func (v *TimedUserValidator) Add(u *protocol.MemoryUser) error { v.Lock() defer v.Unlock() - nowSec := time.Now().Unix() - - uu := &user{ - user: *u, - lastSec: protocol.Timestamp(nowSec - cacheDurationSec), - } - v.users = append(v.users, uu) - v.generateNewHashes(protocol.Timestamp(nowSec), uu) + v.users = append(v.users, u) - account := uu.user.Account.(*MemoryAccount) + account := u.Account.(*MemoryAccount) if !v.behaviorFused { hashkdf := hmac.New(sha256.New, []byte("VMESSBSKDF")) hashkdf.Write(account.ID.Bytes()) @@ -159,25 +52,6 @@ func (v *TimedUserValidator) Add(u *protocol.MemoryUser) error { return nil } -func (v *TimedUserValidator) Get(userHash []byte) (*protocol.MemoryUser, protocol.Timestamp, bool, error) { - v.RLock() - defer v.RUnlock() - - v.behaviorFused = true - - var fixedSizeHash [16]byte - copy(fixedSizeHash[:], userHash) - pair, found := v.userHash[fixedSizeHash] - if found { - user := pair.user.user - if atomic.LoadUint32(pair.taintedFuse) == 0 { - return &user, protocol.Timestamp(pair.timeInc) + v.baseTime, true, nil - } - return nil, 0, false, ErrTainted - } - return nil, 0, false, ErrNotFound -} - func (v *TimedUserValidator) GetAEAD(userHash []byte) (*protocol.MemoryUser, bool, error) { v.RLock() defer v.RUnlock() @@ -199,10 +73,10 @@ func (v *TimedUserValidator) Remove(email string) bool { email = strings.ToLower(email) idx := -1 for i, u := range v.users { - if strings.EqualFold(u.user.Email, email) { + if strings.EqualFold(u.Email, email) { idx = i var cmdkeyfl [16]byte - copy(cmdkeyfl[:], u.user.Account.(*MemoryAccount).ID.CmdKey()) + copy(cmdkeyfl[:], u.Account.(*MemoryAccount).ID.CmdKey()) v.aeadDecoderHolder.RemoveUser(cmdkeyfl) break } @@ -219,11 +93,6 @@ func (v *TimedUserValidator) Remove(email string) bool { return true } -// Close implements common.Closable. -func (v *TimedUserValidator) Close() error { - return v.task.Close() -} - func (v *TimedUserValidator) GetBehaviorSeed() uint64 { v.Lock() defer v.Unlock() @@ -235,36 +104,6 @@ func (v *TimedUserValidator) GetBehaviorSeed() uint64 { return v.behaviorSeed } -func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error { - v.RLock() - defer v.RUnlock() - - var userHashFL [16]byte - copy(userHashFL[:], userHash) - - pair, found := v.userHash[userHashFL] - if found { - if atomic.CompareAndSwapUint32(pair.taintedFuse, 0, 1) { - return nil - } - return ErrTainted - } - return ErrNotFound -} - -/* - ShouldShowLegacyWarn will return whether a Legacy Warning should be shown - -Not guaranteed to only return true once for every inbound, but it is okay. -*/ -func (v *TimedUserValidator) ShouldShowLegacyWarn() bool { - if v.legacyWarnShown { - return false - } - v.legacyWarnShown = true - return true -} - var ErrNotFound = newError("Not Found") var ErrTainted = newError("ErrTainted") diff --git a/proxy/vmess/validator_test.go b/proxy/vmess/validator_test.go index ee170655ee63..83313cbc4c4e 100644 --- a/proxy/vmess/validator_test.go +++ b/proxy/vmess/validator_test.go @@ -5,7 +5,6 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/common/uuid" . "github.com/xtls/xray-core/proxy/vmess" ) @@ -16,81 +15,9 @@ func toAccount(a *Account) protocol.Account { return account } -func TestUserValidator(t *testing.T) { - hasher := protocol.DefaultIDHash - v := NewTimedUserValidator(hasher) - defer common.Close(v) - - id := uuid.New() - user := &protocol.MemoryUser{ - Email: "test", - Account: toAccount(&Account{ - Id: id.String(), - }), - } - common.Must(v.Add(user)) - - { - testSmallLag := func(lag int64) { - ts := int64(v.GetBaseTime()) + lag + 240 - idHash := hasher(id.Bytes()) - common.Must2(serial.WriteUint64(idHash, uint64(ts))) - userHash := idHash.Sum(nil) - - euser, ets, found, _ := v.Get(userHash) - if !found { - t.Fatal("user not found") - } - if euser.Email != user.Email { - t.Error("unexpected user email: ", euser.Email, " want ", user.Email) - } - if int64(ets) != ts { - t.Error("unexpected timestamp: ", ets, " want ", ts) - } - } - - testSmallLag(0) - testSmallLag(40) - testSmallLag(-40) - testSmallLag(80) - testSmallLag(-80) - testSmallLag(120) - testSmallLag(-120) - } - - { - testBigLag := func(lag int64) { - ts := int64(v.GetBaseTime()) + lag + 240 - idHash := hasher(id.Bytes()) - common.Must2(serial.WriteUint64(idHash, uint64(ts))) - userHash := idHash.Sum(nil) - - euser, _, found, _ := v.Get(userHash) - if found || euser != nil { - t.Error("unexpected user") - } - } - - testBigLag(121) - testBigLag(-121) - testBigLag(310) - testBigLag(-310) - testBigLag(500) - testBigLag(-500) - } - - if v := v.Remove(user.Email); !v { - t.Error("unable to remove user") - } - if v := v.Remove(user.Email); v { - t.Error("remove user twice") - } -} - func BenchmarkUserValidator(b *testing.B) { for i := 0; i < b.N; i++ { - hasher := protocol.DefaultIDHash - v := NewTimedUserValidator(hasher) + v := NewTimedUserValidator() for j := 0; j < 1500; j++ { id := uuid.New() diff --git a/proxy/vmess/vmessCtxInterface.go b/proxy/vmess/vmessCtxInterface.go deleted file mode 100644 index 5d26f9e5d27c..000000000000 --- a/proxy/vmess/vmessCtxInterface.go +++ /dev/null @@ -1,4 +0,0 @@ -package vmess - -// example -const AlterID = "VMessCtxInterface_AlterID" From 8852d0209936f577daf209de9754625cea818db1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 00:59:09 +0000 Subject: [PATCH 141/226] Bump golang.org/x/sys from 0.8.0 to 0.9.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/sys/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 629c89e512fb..6ca4745de7a7 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( golang.org/x/crypto v0.9.0 golang.org/x/net v0.10.0 golang.org/x/sync v0.2.0 - golang.org/x/sys v0.8.0 + golang.org/x/sys v0.9.0 google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index 6b73d1d3d547..741608d435fd 100644 --- a/go.sum +++ b/go.sum @@ -225,8 +225,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From ca6af4c19ddcef09821e2c33e91e075bf661d44a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 00:59:41 +0000 Subject: [PATCH 142/226] Bump golang.org/x/crypto from 0.9.0 to 0.10.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6ca4745de7a7..6d2c6762ce4f 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda - golang.org/x/crypto v0.9.0 + golang.org/x/crypto v0.10.0 golang.org/x/net v0.10.0 golang.org/x/sync v0.2.0 golang.org/x/sys v0.9.0 @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/mod v0.10.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.8.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect diff --git a/go.sum b/go.sum index 741608d435fd..4e5bf3def570 100644 --- a/go.sum +++ b/go.sum @@ -178,8 +178,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -231,8 +231,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From e8616c60871187b95fde09bf1c0cccf0ee8b88e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 02:27:06 +0000 Subject: [PATCH 143/226] Bump golang.org/x/net from 0.10.0 to 0.11.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6d2c6762ce4f..583eac3e5b47 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230331223127-176a94313eda golang.org/x/crypto v0.10.0 - golang.org/x/net v0.10.0 + golang.org/x/net v0.11.0 golang.org/x/sync v0.2.0 golang.org/x/sys v0.9.0 google.golang.org/grpc v1.55.0 diff --git a/go.sum b/go.sum index 4e5bf3def570..e8214a5cd9ff 100644 --- a/go.sum +++ b/go.sum @@ -200,8 +200,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From 37e1e401a87e5083586b08ade6963adce332f038 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 16:22:36 +0000 Subject: [PATCH 144/226] Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#2210) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 583eac3e5b47..c15f889080b8 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/xtls/reality v0.0.0-20230331223127-176a94313eda golang.org/x/crypto v0.10.0 golang.org/x/net v0.11.0 - golang.org/x/sync v0.2.0 + golang.org/x/sync v0.3.0 golang.org/x/sys v0.9.0 google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 diff --git a/go.sum b/go.sum index e8214a5cd9ff..de4084a7a28c 100644 --- a/go.sum +++ b/go.sum @@ -213,8 +213,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From 65b467e448d7450f832dbf7dbf2eac610d0c3a2e Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Fri, 16 Jun 2023 00:22:53 +0800 Subject: [PATCH 145/226] REALITY protocol: Add ChaCha20-Poly1305 auth mode (#2212) https://github.com/XTLS/REALITY/pull/4 --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/reality/reality.go | 15 ++++++++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index c15f889080b8..8fd182170af4 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230331223127-176a94313eda + github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 golang.org/x/crypto v0.10.0 golang.org/x/net v0.11.0 golang.org/x/sync v0.3.0 diff --git a/go.sum b/go.sum index de4084a7a28c..1f53d6d20bee 100644 --- a/go.sum +++ b/go.sum @@ -166,8 +166,8 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230331223127-176a94313eda h1:psRJD2RrZbnI0OWyHvXfgYCPqlRM5q5SPDcjDoDBWhE= -github.com/xtls/reality v0.0.0-20230331223127-176a94313eda/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 h1:AMyzgjkh54WocjQSlCnT1LhDc/BKiUqtNOv40AkpURs= +github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 6355687b20fd..ff2d3f38a96d 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -30,12 +30,16 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/transport/internet/tls" + "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/hkdf" "golang.org/x/net/http2" ) //go:generate go run github.com/xtls/xray-core/common/errors/errorgen +//go:linkname aesgcmPreferred github.com/refraction-networking/utls.aesgcmPreferred +func aesgcmPreferred(ciphers []uint16) bool + type Conn struct { *reality.Conn } @@ -136,11 +140,16 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati if _, err := hkdf.New(sha256.New, uConn.AuthKey, hello.Random[:20], []byte("REALITY")).Read(uConn.AuthKey); err != nil { return nil, err } + var aead cipher.AEAD + if aesgcmPreferred(hello.CipherSuites) { + block, _ := aes.NewCipher(uConn.AuthKey) + aead, _ = cipher.NewGCM(block) + } else { + aead, _ = chacha20poly1305.New(uConn.AuthKey) + } if config.Show { - fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey[:16]: %v\n", localAddr, uConn.AuthKey[:16]) + fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey[:16]: %v\tAEAD: %T\n", localAddr, uConn.AuthKey[:16], aead) } - block, _ := aes.NewCipher(uConn.AuthKey) - aead, _ := cipher.NewGCM(block) aead.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw) copy(hello.Raw[39:], hello.SessionId) } From 084f4f2e4c5d0a058b885341ee27dc450b0ceaf3 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 15 Jun 2023 16:37:46 +0000 Subject: [PATCH 146/226] Update comments in reality.go --- transport/internet/reality/reality.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index ff2d3f38a96d..e55f941731c8 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -124,10 +124,11 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati uConn.BuildHandshakeState() hello := uConn.HandshakeState.Hello hello.SessionId = make([]byte, 32) - copy(hello.Raw[39:], hello.SessionId) // the location of session ID + copy(hello.Raw[39:], hello.SessionId) // the fixed location of `Session ID` hello.SessionId[0] = core.Version_x hello.SessionId[1] = core.Version_y hello.SessionId[2] = core.Version_z + hello.SessionId[3] = 0 // reserved binary.BigEndian.PutUint32(hello.SessionId[4:], uint32(time.Now().Unix())) copy(hello.SessionId[8:], config.ShortId) if config.Show { From def5807c647e10a660ca1f4ac870c040d276a15f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 18 Jun 2023 10:06:33 +0000 Subject: [PATCH 147/226] Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#2216) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8fd182170af4..0ad66d301b77 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/net v0.11.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.9.0 - google.golang.org/grpc v1.55.0 + google.golang.org/grpc v1.56.0 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 1f53d6d20bee..0fa9578a4bc4 100644 --- a/go.sum +++ b/go.sum @@ -268,8 +268,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= +google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= From 9122d0f056ed5b0e6fc9b290fdc7b39f47b49a39 Mon Sep 17 00:00:00 2001 From: rrouzbeh Date: Sun, 18 Jun 2023 07:12:42 -0700 Subject: [PATCH 148/226] Add TLS Hello Fragmentation for freedom outbound (#2131) * Replace TCP Segmentation with TLS Hello Fragmentation * Update infra/conf/freedom.go * Refine proxy/freedom/freedom.go --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- infra/conf/freedom.go | 15 ++++-- proxy/freedom/freedom.go | 98 +++++++++++++++++++++++++++++++++++----- 2 files changed, 98 insertions(+), 15 deletions(-) diff --git a/infra/conf/freedom.go b/infra/conf/freedom.go index b37902784d0d..c35104775a73 100644 --- a/infra/conf/freedom.go +++ b/infra/conf/freedom.go @@ -90,7 +90,17 @@ func (c *FreedomConfig) Build() (proto.Message, error) { MaxLength: int32(maxLength), } - if len(c.Fragment.Packets) > 0 { + switch strings.ToLower(c.Fragment.Packets) { + case "tlshello": + // TLS Hello Fragmentation (into multiple handshake messages) + config.Fragment.StartPacket = 0 + config.Fragment.EndPacket = 1 + case "": + // TCP Segmentation (all packets) + config.Fragment.StartPacket = 0 + config.Fragment.EndPacket = 0 + default: + // TCP Segmentation (range) packetRange := strings.Split(c.Fragment.Packets, "-") var startPacket, endPacket int64 if len(packetRange) == 2 { @@ -114,9 +124,6 @@ func (c *FreedomConfig) Build() (proto.Message, error) { } config.Fragment.StartPacket = int32(startPacket) config.Fragment.EndPacket = int32(endPacket) - } else { - config.Fragment.StartPacket = 0 - config.Fragment.EndPacket = 0 } } diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index d5d147bd8382..b881ffde0de4 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -5,6 +5,7 @@ package freedom import ( "context" "crypto/rand" + "encoding/binary" "io" "math/big" "time" @@ -12,6 +13,7 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/dice" + "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -173,17 +175,28 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var writer buf.Writer if destination.Network == net.Network_TCP { if h.config.Fragment != nil { - writer = buf.NewWriter( - &FragmentWriter{ - Writer: conn, - minLength: int(h.config.Fragment.MinLength), - maxLength: int(h.config.Fragment.MaxLength), - minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, - maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, - startPacket: int(h.config.Fragment.StartPacket), - endPacket: int(h.config.Fragment.EndPacket), - PacketCount: 0, - }) + if h.config.Fragment.StartPacket == 0 && h.config.Fragment.EndPacket == 1 { + newError("FRAGMENT", int(h.config.Fragment.MaxLength)).WriteToLog(session.ExportIDToError(ctx)) + writer = buf.NewWriter( + &FragmentedClientHelloConn{ + Conn: conn, + maxLength: int(h.config.Fragment.MaxLength), + minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, + maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, + }) + } else { + writer = buf.NewWriter( + &FragmentWriter{ + Writer: conn, + minLength: int(h.config.Fragment.MinLength), + maxLength: int(h.config.Fragment.MaxLength), + minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, + maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, + startPacket: int(h.config.Fragment.StartPacket), + endPacket: int(h.config.Fragment.EndPacket), + PacketCount: 0, + }) + } } else { writer = buf.NewWriter(conn) } @@ -388,3 +401,66 @@ func randBetween(left int64, right int64) int64 { bigInt, _ := rand.Int(rand.Reader, big.NewInt(right-left)) return left + bigInt.Int64() } + +type FragmentedClientHelloConn struct { + net.Conn + PacketCount int + minLength int + maxLength int + minInterval time.Duration + maxInterval time.Duration +} + +func (c *FragmentedClientHelloConn) Write(b []byte) (n int, err error) { + if len(b) >= 5 && b[0] == 22 && c.PacketCount == 0 { + n, err = sendFragmentedClientHello(c, b, c.minLength, c.maxLength) + + if err == nil { + c.PacketCount++ + return n, err + } + } + + return c.Conn.Write(b) +} + +func sendFragmentedClientHello(conn *FragmentedClientHelloConn, clientHello []byte, minFragmentSize, maxFragmentSize int) (n int, err error) { + if len(clientHello) < 5 || clientHello[0] != 22 { + return 0, errors.New("not a valid TLS ClientHello message") + } + + clientHelloLen := (int(clientHello[3]) << 8) | int(clientHello[4]) + + clientHelloData := clientHello[5:] + for i := 0; i < clientHelloLen; { + fragmentEnd := i + int(randBetween(int64(minFragmentSize), int64(maxFragmentSize))) + if fragmentEnd > clientHelloLen { + fragmentEnd = clientHelloLen + } + + fragment := clientHelloData[i:fragmentEnd] + i = fragmentEnd + + err = writeFragmentedRecord(conn, 22, fragment, clientHello) + if err != nil { + return 0, err + } + } + + return len(clientHello), nil +} + +func writeFragmentedRecord(c *FragmentedClientHelloConn, contentType uint8, data []byte, clientHello []byte) error { + header := make([]byte, 5) + header[0] = byte(clientHello[0]) + + tlsVersion := (int(clientHello[1]) << 8) | int(clientHello[2]) + binary.BigEndian.PutUint16(header[1:], uint16(tlsVersion)) + + binary.BigEndian.PutUint16(header[3:], uint16(len(data))) + _, err := c.Conn.Write(append(header, data...)) + randomInterval := randBetween(int64(c.minInterval), int64(c.maxInterval)) + time.Sleep(time.Duration(randomInterval)) + + return err +} From 62e881b01a9a752c7ceb39c085d38b2afad33c79 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 18 Jun 2023 15:33:30 +0000 Subject: [PATCH 149/226] 5*60 -> 2*60 --- app/proxyman/inbound/worker.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/proxyman/inbound/worker.go b/app/proxyman/inbound/worker.go index 5b227c068439..8ed4090a0484 100644 --- a/app/proxyman/inbound/worker.go +++ b/app/proxyman/inbound/worker.go @@ -362,7 +362,7 @@ func (w *udpWorker) clean() error { } for addr, conn := range w.activeConn { - if nowSec-atomic.LoadInt64(&conn.lastActivityTime) > 5*60 { // TODO Timeout too small + if nowSec-atomic.LoadInt64(&conn.lastActivityTime) > 2*60 { if !conn.inactive { conn.setInactive() delete(w.activeConn, addr) From 667279af57e8aca8e1da588a740e4e2d8da53bd1 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 18 Jun 2023 17:20:16 +0000 Subject: [PATCH 150/226] Add "nonIPQuery" to DNS outbound ("drop" by default) And fixed a memory leak And regenerated *.pb.go --- common/protocol/headers.pb.go | 2 +- infra/conf/dns_proxy.go | 16 ++++++++++++---- proxy/dns/config.pb.go | 28 +++++++++++++++++++--------- proxy/dns/config.proto | 1 + proxy/dns/dns.go | 5 +++++ 5 files changed, 38 insertions(+), 14 deletions(-) diff --git a/common/protocol/headers.pb.go b/common/protocol/headers.pb.go index b90db8c7336a..96c427d4080a 100644 --- a/common/protocol/headers.pb.go +++ b/common/protocol/headers.pb.go @@ -27,7 +27,7 @@ const ( SecurityType_AUTO SecurityType = 2 SecurityType_AES128_GCM SecurityType = 3 SecurityType_CHACHA20_POLY1305 SecurityType = 4 - SecurityType_NONE SecurityType = 5 + SecurityType_NONE SecurityType = 5 // [DEPRECATED 2023-06] SecurityType_ZERO SecurityType = 6 ) diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go index 90a5d65e3b5c..15630cfe4312 100644 --- a/infra/conf/dns_proxy.go +++ b/infra/conf/dns_proxy.go @@ -7,10 +7,11 @@ import ( ) type DNSOutboundConfig struct { - Network Network `json:"network"` - Address *Address `json:"address"` - Port uint16 `json:"port"` - UserLevel uint32 `json:"userLevel"` + Network Network `json:"network"` + Address *Address `json:"address"` + Port uint16 `json:"port"` + UserLevel uint32 `json:"userLevel"` + NonIPQuery string `json:"nonIPQuery"` } func (c *DNSOutboundConfig) Build() (proto.Message, error) { @@ -24,5 +25,12 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) { if c.Address != nil { config.Server.Address = c.Address.Build() } + switch c.NonIPQuery { + case "": + c.NonIPQuery = "drop" + case "drop", "skip": + default: + return nil, newError(`unknown "nonIPQuery": `, c.NonIPQuery) + } return config, nil } diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go index 8da51b44ffc1..24016460325b 100644 --- a/proxy/dns/config.pb.go +++ b/proxy/dns/config.pb.go @@ -28,8 +28,9 @@ type Config struct { // Server is the DNS server address. If specified, this address overrides the // original one. - Server *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` - UserLevel uint32 `protobuf:"varint,2,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` + Server *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` + UserLevel uint32 `protobuf:"varint,2,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` + Non_IPQuery string `protobuf:"bytes,3,opt,name=non_IP_query,json=nonIPQuery,proto3" json:"non_IP_query,omitempty"` } func (x *Config) Reset() { @@ -78,6 +79,13 @@ func (x *Config) GetUserLevel() uint32 { return 0 } +func (x *Config) GetNon_IPQuery() string { + if x != nil { + return x.Non_IPQuery + } + return "" +} + var File_proxy_dns_config_proto protoreflect.FileDescriptor var file_proxy_dns_config_proto_rawDesc = []byte{ @@ -85,18 +93,20 @@ var file_proxy_dns_config_proto_rawDesc = []byte{ 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x1a, 0x1c, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x6e, 0x65, 0x74, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7c, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x23, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, - 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x64, 0x6e, 0x73, 0xaa, - 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x44, 0x6e, 0x73, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x6c, 0x12, 0x20, 0x0a, 0x0c, 0x6e, 0x6f, 0x6e, 0x5f, 0x49, 0x50, 0x5f, 0x71, 0x75, 0x65, + 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x6f, 0x6e, 0x49, 0x50, 0x51, + 0x75, 0x65, 0x72, 0x79, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x23, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, + 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x64, 0x6e, + 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x44, + 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/dns/config.proto b/proxy/dns/config.proto index 0b3247255ed1..e9304a510c7a 100644 --- a/proxy/dns/config.proto +++ b/proxy/dns/config.proto @@ -13,4 +13,5 @@ message Config { // original one. xray.common.net.Endpoint server = 1; uint32 user_level = 2; + string non_IP_query = 3; } diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index 4aa5dac09e59..d8a3244d8d24 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -44,6 +44,7 @@ type Handler struct { ownLinkVerifier ownLinkVerifier server net.Destination timeout time.Duration + nonIPQuery string } func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager policy.Manager) error { @@ -57,6 +58,7 @@ func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager polic if config.Server != nil { h.server = config.Server.AsDestination() } + h.nonIPQuery = config.Non_IPQuery return nil } @@ -175,6 +177,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet. isIPQuery, domain, id, qType := parseIPQuery(b.Bytes()) if isIPQuery { go h.handleIPQuery(id, qType, domain, writer) + } + if isIPQuery || h.nonIPQuery == "drop" { + b.Release() continue } } From ee2176392815cdc98b0a5b29fd9ba565ebf7ebb5 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 18 Jun 2023 17:42:17 +0000 Subject: [PATCH 151/226] Run "go fmt ./..." --- app/router/condition_test.go | 4 ++-- infra/conf/vmess.go | 4 ++-- proxy/vmess/encoding/auth.go | 2 +- proxy/vmess/inbound/inbound.go | 10 +++++----- proxy/vmess/outbound/command.go | 2 +- proxy/vmess/validator.go | 2 +- transport/internet/headers/dns/dns.go | 6 +++--- transport/internet/quic/dialer.go | 2 +- transport/internet/quic/hub.go | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/app/router/condition_test.go b/app/router/condition_test.go index ca1999ef1f69..395a04c98705 100644 --- a/app/router/condition_test.go +++ b/app/router/condition_test.go @@ -307,8 +307,8 @@ func TestRoutingRule(t *testing.T) { }, { rule: &RoutingRule{ - Protocol: []string{"http"}, - Attributes: map[string]string { + Protocol: []string{"http"}, + Attributes: map[string]string{ ":path": "/test", }, }, diff --git a/infra/conf/vmess.go b/infra/conf/vmess.go index e3361646fe96..93d0e75be512 100644 --- a/infra/conf/vmess.go +++ b/infra/conf/vmess.go @@ -37,7 +37,7 @@ func (a *VMessAccount) Build() *vmess.Account { st = protocol.SecurityType_AUTO } return &vmess.Account{ - Id: a.ID, + Id: a.ID, SecuritySettings: &protocol.SecurityConfig{ Type: st, }, @@ -61,7 +61,7 @@ type FeaturesConfig struct { } type VMessDefaultConfig struct { - Level byte `json:"level"` + Level byte `json:"level"` } // Build implements Buildable diff --git a/proxy/vmess/encoding/auth.go b/proxy/vmess/encoding/auth.go index 5d9623b16990..99bdaa49c82f 100644 --- a/proxy/vmess/encoding/auth.go +++ b/proxy/vmess/encoding/auth.go @@ -17,7 +17,7 @@ func Authenticate(b []byte) uint32 { return fnv1hash.Sum32() } -// [DEPRECATED 2023-06] +// [DEPRECATED 2023-06] type NoOpAuthenticator struct{} func (NoOpAuthenticator) NonceSize() int { diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go index f427bc6bb881..f48a26e15ad5 100644 --- a/proxy/vmess/inbound/inbound.go +++ b/proxy/vmess/inbound/inbound.go @@ -30,14 +30,14 @@ import ( type userByEmail struct { sync.Mutex - cache map[string]*protocol.MemoryUser - defaultLevel uint32 + cache map[string]*protocol.MemoryUser + defaultLevel uint32 } func newUserByEmail(config *DefaultConfig) *userByEmail { return &userByEmail{ - cache: make(map[string]*protocol.MemoryUser), - defaultLevel: config.Level, + cache: make(map[string]*protocol.MemoryUser), + defaultLevel: config.Level, } } @@ -68,7 +68,7 @@ func (v *userByEmail) Get(email string) (*protocol.MemoryUser, bool) { if !found { id := uuid.New() rawAccount := &vmess.Account{ - Id: id.String(), + Id: id.String(), } account, err := rawAccount.AsAccount() common.Must(err) diff --git a/proxy/vmess/outbound/command.go b/proxy/vmess/outbound/command.go index 07df935cac8d..2d4747dc288b 100644 --- a/proxy/vmess/outbound/command.go +++ b/proxy/vmess/outbound/command.go @@ -11,7 +11,7 @@ import ( func (h *Handler) handleSwitchAccount(cmd *protocol.CommandSwitchAccount) { rawAccount := &vmess.Account{ - Id: cmd.ID.String(), + Id: cmd.ID.String(), SecuritySettings: &protocol.SecurityConfig{ Type: protocol.SecurityType_AUTO, }, diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go index 6cc96927c45e..bc844061b94a 100644 --- a/proxy/vmess/validator.go +++ b/proxy/vmess/validator.go @@ -15,7 +15,7 @@ import ( // TimedUserValidator is a user Validator based on time. type TimedUserValidator struct { sync.RWMutex - users []*protocol.MemoryUser + users []*protocol.MemoryUser behaviorSeed uint64 behaviorFused bool diff --git a/transport/internet/headers/dns/dns.go b/transport/internet/headers/dns/dns.go index df209ff67d2c..b6345213983b 100644 --- a/transport/internet/headers/dns/dns.go +++ b/transport/internet/headers/dns/dns.go @@ -36,7 +36,7 @@ func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { buf := make([]byte, 0x100) - off1, err := packDomainName(config.(*Config).Domain + ".", buf) + off1, err := packDomainName(config.(*Config).Domain+".", buf) if err != nil { return nil, err } @@ -62,8 +62,8 @@ func packDomainName(s string, msg []byte) (off1 int, err error) { // Emit sequence of counted strings, chopping at dots. var ( - begin int - bs []byte + begin int + bs []byte ) for i := 0; i < ls; i++ { var c byte diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index f0d8e4e1331b..f6083561ba4a 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -143,7 +143,7 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, Tracer: func(ctx context.Context, p logging.Perspective, ci quic.ConnectionID) logging.ConnectionTracer { - return qlog.NewConnectionTracer( &QlogWriter{connID: ci}, p, ci); + return qlog.NewConnectionTracer(&QlogWriter{connID: ci}, p, ci) }, } udpConn, _ := rawConn.(*net.UDPConn) diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 15f072ec1d8f..8bab5bf35d9a 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -109,7 +109,7 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti MaxIncomingStreams: 32, MaxIncomingUniStreams: -1, Tracer: func(ctx context.Context, p logging.Perspective, ci quic.ConnectionID) logging.ConnectionTracer { - return qlog.NewConnectionTracer( &QlogWriter{connID: ci}, p, ci); + return qlog.NewConnectionTracer(&QlogWriter{connID: ci}, p, ci) }, } From 72bbc5ae0e8173b550847eebb8df5102f5893eae Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 18 Jun 2023 20:43:20 +0000 Subject: [PATCH 152/226] v1.8.2 --- core/core.go | 2 +- go.mod | 22 +++++++++++----------- go.sum | 50 +++++++++++++++++++++++++------------------------- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/core/core.go b/core/core.go index 07ec158db03d..23bd11e80a4c 100644 --- a/core/core.go +++ b/core/core.go @@ -21,7 +21,7 @@ import ( var ( Version_x byte = 1 Version_y byte = 8 - Version_z byte = 1 + Version_z byte = 2 ) var ( diff --git a/go.mod b/go.mod index 0ad66d301b77..d8f3566c3070 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,8 @@ require ( github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.35.1 github.com/refraction-networking/utls v1.3.2 - github.com/sagernet/sing v0.2.4 - github.com/sagernet/sing-shadowsocks v0.2.1 + github.com/sagernet/sing v0.2.5 + github.com/sagernet/sing-shadowsocks v0.2.2 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.4 @@ -39,21 +39,21 @@ require ( github.com/gaukas/godicttls v0.0.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230406165453-00490a63f317 // indirect - github.com/klauspost/compress v1.16.5 // indirect - github.com/klauspost/cpuid/v2 v2.2.4 // indirect - github.com/onsi/ginkgo/v2 v2.9.2 // indirect + github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect + github.com/klauspost/compress v1.16.6 // indirect + github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-19 v0.3.2 // indirect github.com/quic-go/qtls-go1-20 v0.2.2 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect - go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect - golang.org/x/mod v0.10.0 // indirect + go.uber.org/atomic v1.11.0 // indirect + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect + golang.org/x/mod v0.11.0 // indirect golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.8.0 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + golang.org/x/tools v0.10.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 0fa9578a4bc4..4d21ae0a2984 100644 --- a/go.sum +++ b/go.sum @@ -34,7 +34,7 @@ github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -60,8 +60,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ= -github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -75,10 +75,10 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= -github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= -github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= +github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= +github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -95,9 +95,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= -github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= -github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= +github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -123,10 +123,10 @@ github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvj github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.4 h1:gC8BR5sglbJZX23RtMyFa8EETP9YEUADhfbEzU1yVbo= -github.com/sagernet/sing v0.2.4/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= -github.com/sagernet/sing-shadowsocks v0.2.1 h1:FvdLQOqpvxHBJUcUe4fvgiYP2XLLwH5i1DtXQviVEPw= -github.com/sagernet/sing-shadowsocks v0.2.1/go.mod h1:T/OgurSjsAe+Ug3+6PprXjmgHFmJidjOvQcjXGTKb3I= +github.com/sagernet/sing v0.2.5 h1:N8sUluR8GZvR9DqUiH3FA3vBb4m/EDdOVTYUrDzJvmY= +github.com/sagernet/sing v0.2.5/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing-shadowsocks v0.2.2 h1:ezSdVhrmIcwDXmCZF3bOJVMuVtTQWpda+1Op+Ie2TA4= +github.com/sagernet/sing-shadowsocks v0.2.2/go.mod h1:JIBWG6a7orB2HxBxYElViQFLUQxFVG7DuqIj8gD7uCQ= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= @@ -170,8 +170,8 @@ github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 h1:AMyzgjkh54WocjQSlC github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -181,14 +181,14 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -224,7 +224,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -244,8 +244,8 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= -golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= +golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -262,8 +262,8 @@ google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 253a4224672a00496f92cd96840c1e5aefa83940 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 19 Jun 2023 00:33:59 +0000 Subject: [PATCH 153/226] Fix "nonIPQuery" --- infra/conf/dns_proxy.go | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go index 15630cfe4312..564084e0f856 100644 --- a/infra/conf/dns_proxy.go +++ b/infra/conf/dns_proxy.go @@ -32,5 +32,6 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) { default: return nil, newError(`unknown "nonIPQuery": `, c.NonIPQuery) } + config.Non_IPQuery = c.NonIPQuery return config, nil } From 6f9df63c701bb7f71abe335112b6b3819481feaa Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 19 Jun 2023 00:35:46 +0000 Subject: [PATCH 154/226] v1.8.3 --- core/core.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/core.go b/core/core.go index 23bd11e80a4c..4d704306e156 100644 --- a/core/core.go +++ b/core/core.go @@ -21,7 +21,7 @@ import ( var ( Version_x byte = 1 Version_y byte = 8 - Version_z byte = 2 + Version_z byte = 3 ) var ( From a9ed1a03aa39f24a663f1f64d37bc3998df96315 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 19 Jun 2023 00:51:03 +0000 Subject: [PATCH 155/226] Fix dns_proxy_test.go --- infra/conf/dns_proxy_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/conf/dns_proxy_test.go b/infra/conf/dns_proxy_test.go index 805ac323a2f9..5c5dfecddd9c 100644 --- a/infra/conf/dns_proxy_test.go +++ b/infra/conf/dns_proxy_test.go @@ -27,6 +27,7 @@ func TestDnsProxyConfig(t *testing.T) { Address: net.NewIPOrDomain(net.IPAddress([]byte{8, 8, 8, 8})), Port: 53, }, + Non_IPQuery: "drop", }, }, }) From 4f8f49024b024d450f2bc7b3e23422bf983e5a7f Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 19 Jun 2023 01:07:19 +0000 Subject: [PATCH 156/226] Fix xray_test.go --- infra/conf/xray_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infra/conf/xray_test.go b/infra/conf/xray_test.go index b39da7c9db22..a48984573da5 100644 --- a/infra/conf/xray_test.go +++ b/infra/conf/xray_test.go @@ -221,7 +221,8 @@ func TestXrayConfig(t *testing.T) { }, }), ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{ - Server: &net.Endpoint{}, + Server: &net.Endpoint{}, + Non_IPQuery: "drop", }), }, }, From 449affc7311a352a3895dbc2a47e7391f99dc994 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 00:58:34 +0000 Subject: [PATCH 157/226] Bump github.com/miekg/dns from 1.1.54 to 1.1.55 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.54 to 1.1.55. - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.54...v1.1.55) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d8f3566c3070..3932ac27352e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.54 + github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.35.1 diff --git a/go.sum b/go.sum index 4d21ae0a2984..fa995566e7be 100644 --- a/go.sum +++ b/go.sum @@ -89,8 +89,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI= -github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= +github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= From 828a6320768d0ab41b89e4119287ce18d3e8de1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 00:58:38 +0000 Subject: [PATCH 158/226] Bump github.com/sagernet/sing from 0.2.5 to 0.2.6 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.2.5 to 0.2.6. - [Commits](https://github.com/sagernet/sing/compare/v0.2.5...v0.2.6) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3932ac27352e..1be0b8081dfd 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.35.1 github.com/refraction-networking/utls v1.3.2 - github.com/sagernet/sing v0.2.5 + github.com/sagernet/sing v0.2.6 github.com/sagernet/sing-shadowsocks v0.2.2 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index fa995566e7be..6a9f0b8f6c3f 100644 --- a/go.sum +++ b/go.sum @@ -123,8 +123,8 @@ github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvj github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.5 h1:N8sUluR8GZvR9DqUiH3FA3vBb4m/EDdOVTYUrDzJvmY= -github.com/sagernet/sing v0.2.5/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing v0.2.6 h1:Fvqv7/Bwc72ERT6dE8yQLLY6SMc/syO3VMCtxVO4DNw= +github.com/sagernet/sing v0.2.6/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= github.com/sagernet/sing-shadowsocks v0.2.2 h1:ezSdVhrmIcwDXmCZF3bOJVMuVtTQWpda+1Op+Ie2TA4= github.com/sagernet/sing-shadowsocks v0.2.2/go.mod h1:JIBWG6a7orB2HxBxYElViQFLUQxFVG7DuqIj8gD7uCQ= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 6d8fe7315f3f1ead41da329e967d665d4f3e51c4 Mon Sep 17 00:00:00 2001 From: Eken Chan Date: Thu, 22 Jun 2023 14:43:22 +0800 Subject: [PATCH 159/226] XRV should work without rawConn --- proxy/vless/encoding/encoding.go | 6 +++++- proxy/vless/inbound/inbound.go | 4 ++-- proxy/vless/outbound/outbound.go | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index f668c4024f5b..cf9624929880 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -247,7 +247,11 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } } } - reader = buf.NewReadVReader(conn, rawConn, nil) + if rawConn != nil { + reader = buf.NewReadVReader(conn, rawConn, nil) + } else { + reader = buf.NewReader(conn) + } ct = counter newError("XtlsRead readV").WriteToLog(session.ExportIDToError(ctx)) } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 688c98a3919a..8653e1e31b5d 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -539,7 +539,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var err error - if rawConn != nil { + if requestAddons.Flow == vless.XRV { var counter stats.Counter if statConn != nil { counter = statConn.ReadCounter @@ -591,7 +591,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } var err error - if rawConn != nil && requestAddons.Flow == vless.XRV { + if requestAddons.Flow == vless.XRV { var counter stats.Counter if statConn != nil { counter = statConn.WriteCounter diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 4f42ea9fa3cf..12962a4710c9 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -247,7 +247,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } var err error - if rawConn != nil && requestAddons.Flow == vless.XRV { + if requestAddons.Flow == vless.XRV { if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() @@ -292,7 +292,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte serverReader = xudp.NewPacketReader(conn) } - if rawConn != nil { + if requestAddons.Flow == vless.XRV { var counter stats.Counter if statConn != nil { counter = statConn.ReadCounter From 6152868dfe2c5c08b731665b00f5c9352a35f0c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 00:59:02 +0000 Subject: [PATCH 160/226] Bump google.golang.org/grpc from 1.56.0 to 1.56.1 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1be0b8081dfd..332f282f015e 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/net v0.11.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.9.0 - google.golang.org/grpc v1.56.0 + google.golang.org/grpc v1.56.1 google.golang.org/protobuf v1.30.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 6a9f0b8f6c3f..0e210d651e2f 100644 --- a/go.sum +++ b/go.sum @@ -268,8 +268,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= From 07389eca9618ad50ecb9cf524857ceef16ac392a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 00:59:14 +0000 Subject: [PATCH 161/226] Bump github.com/quic-go/quic-go from 0.35.1 to 0.36.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.35.1 to 0.36.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.35.1...v0.36.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 332f282f015e..495b161807ac 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.35.1 + github.com/quic-go/quic-go v0.36.0 github.com/refraction-networking/utls v1.3.2 github.com/sagernet/sing v0.2.6 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 0e210d651e2f..304ef2222067 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo= -github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g= +github.com/quic-go/quic-go v0.36.0 h1:JIrO7p7Ug6hssFcARjWDiqS2RAKJHCiwPxBAA989rbI= +github.com/quic-go/quic-go v0.36.0/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From a6c5c579307a8b38b2121eab578547627a0206b3 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Tue, 27 Jun 2023 04:04:09 -0400 Subject: [PATCH 162/226] Support regex matching with attr (#2258) * Support regex matching with attr * Add test case * Optimizing regex parsing at core start * simpliy --- app/router/condition.go | 11 ++++++----- app/router/condition_test.go | 13 +++++++++++++ app/router/config.go | 5 +++-- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/app/router/condition.go b/app/router/condition.go index 326c13fff86c..29056555e260 100644 --- a/app/router/condition.go +++ b/app/router/condition.go @@ -1,6 +1,7 @@ package router import ( + "regexp" "strings" "github.com/xtls/xray-core/common/net" @@ -282,18 +283,18 @@ func (m *ProtocolMatcher) Apply(ctx routing.Context) bool { } type AttributeMatcher struct { - configuredKeys map[string]string + configuredKeys map[string]*regexp.Regexp } // Match implements attributes matching. func (m *AttributeMatcher) Match(attrs map[string]string) bool { - // headers are insensitive most likely. So we do a convert + // header keys are case insensitive most likely. So we do a convert httpHeaders := make(map[string]string) for key, value := range attrs { - httpHeaders[strings.ToLower(key)] = strings.ToLower(value) + httpHeaders[strings.ToLower(key)] = value } - for key, value := range m.configuredKeys { - if a, ok := httpHeaders[key]; !ok || !strings.Contains(a, value) { + for key, regex := range m.configuredKeys { + if a, ok := httpHeaders[key]; !ok || !regex.MatchString(a) { return false } } diff --git a/app/router/condition_test.go b/app/router/condition_test.go index 395a04c98705..fd8984179c17 100644 --- a/app/router/condition_test.go +++ b/app/router/condition_test.go @@ -319,6 +319,19 @@ func TestRoutingRule(t *testing.T) { }, }, }, + { + rule: &RoutingRule{ + Attributes: map[string]string{ + "Custom": "p([a-z]+)ch", + }, + }, + test: []ruleTest{ + { + input: withContent(&session.Content{Attributes: map[string]string{"custom": "peach"}}), + output: true, + }, + }, + }, } for _, test := range cases { diff --git a/app/router/config.go b/app/router/config.go index 3f4fd7c5621f..80b88781165d 100644 --- a/app/router/config.go +++ b/app/router/config.go @@ -1,6 +1,7 @@ package router import ( + "regexp" "strings" "github.com/xtls/xray-core/common/net" @@ -145,9 +146,9 @@ func (rr *RoutingRule) BuildCondition() (Condition, error) { } if len(rr.Attributes) > 0 { - configuredKeys := make(map[string]string) + configuredKeys := make(map[string]*regexp.Regexp) for key, value := range rr.Attributes { - configuredKeys[strings.ToLower(key)] = strings.ToLower(value) + configuredKeys[strings.ToLower(key)] = regexp.MustCompile(value) } conds.Add(&AttributeMatcher{configuredKeys}) } From fb0cd0db4d881330797af97a5b3b0258765edc78 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 08:04:26 +0000 Subject: [PATCH 163/226] Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#2264) Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 495b161807ac..57d2446e0977 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/sync v0.3.0 golang.org/x/sys v0.9.0 google.golang.org/grpc v1.56.1 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 lukechampine.com/blake3 v1.2.1 diff --git a/go.sum b/go.sum index 304ef2222067..253312674720 100644 --- a/go.sum +++ b/go.sum @@ -272,8 +272,8 @@ google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= From 34b68518fd649e2502e12c4676ee47633617d560 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 08:04:42 +0000 Subject: [PATCH 164/226] Bump github.com/sagernet/sing from 0.2.6 to 0.2.7 (#2265) Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.2.6 to 0.2.7. - [Commits](https://github.com/sagernet/sing/compare/v0.2.6...v0.2.7) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 57d2446e0977..0249c0ea852b 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.36.0 github.com/refraction-networking/utls v1.3.2 - github.com/sagernet/sing v0.2.6 + github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 253312674720..833a9e376c46 100644 --- a/go.sum +++ b/go.sum @@ -123,8 +123,8 @@ github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvj github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.6 h1:Fvqv7/Bwc72ERT6dE8yQLLY6SMc/syO3VMCtxVO4DNw= -github.com/sagernet/sing v0.2.6/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing v0.2.7 h1:cOy0FfPS8q7m0aJ51wS7LRQAGc9wF+fWhHtBDj99wy8= +github.com/sagernet/sing v0.2.7/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= github.com/sagernet/sing-shadowsocks v0.2.2 h1:ezSdVhrmIcwDXmCZF3bOJVMuVtTQWpda+1Op+Ie2TA4= github.com/sagernet/sing-shadowsocks v0.2.2/go.mod h1:JIBWG6a7orB2HxBxYElViQFLUQxFVG7DuqIj8gD7uCQ= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 46d8bb58fc193edf3d72e5d51395ea1a336605a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Jul 2023 01:21:02 +0000 Subject: [PATCH 165/226] Bump github.com/quic-go/quic-go from 0.36.0 to 0.36.1 (#2286) Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.36.0 to 0.36.1. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.36.0...v0.36.1) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0249c0ea852b..a878bb2f1d31 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.36.0 + github.com/quic-go/quic-go v0.36.1 github.com/refraction-networking/utls v1.3.2 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 833a9e376c46..d824c4c9d129 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.36.0 h1:JIrO7p7Ug6hssFcARjWDiqS2RAKJHCiwPxBAA989rbI= -github.com/quic-go/quic-go v0.36.0/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= +github.com/quic-go/quic-go v0.36.1 h1:WsG73nVtnDy1TiACxFxhQ3TqaW+DipmqzLEtNlAwZyY= +github.com/quic-go/quic-go v0.36.1/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From b870cc097b7d0aee11c90f218105d870f2215365 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 00:56:44 +0000 Subject: [PATCH 166/226] Bump golang.org/x/sys from 0.9.0 to 0.10.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a878bb2f1d31..154c6ee5cbb0 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( golang.org/x/crypto v0.10.0 golang.org/x/net v0.11.0 golang.org/x/sync v0.3.0 - golang.org/x/sys v0.9.0 + golang.org/x/sys v0.10.0 google.golang.org/grpc v1.56.1 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index d824c4c9d129..3ffe2061075d 100644 --- a/go.sum +++ b/go.sum @@ -225,8 +225,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From a1ff507ef2de79082a593b2d2642b8f872863354 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 00:20:57 +0000 Subject: [PATCH 167/226] Bump golang.org/x/crypto from 0.10.0 to 0.11.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/crypto/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 154c6ee5cbb0..e96b651d8d5f 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 - golang.org/x/crypto v0.10.0 + golang.org/x/crypto v0.11.0 golang.org/x/net v0.11.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.10.0 @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect golang.org/x/mod v0.11.0 // indirect - golang.org/x/text v0.10.0 // indirect + golang.org/x/text v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.10.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect diff --git a/go.sum b/go.sum index 3ffe2061075d..e4c28878693d 100644 --- a/go.sum +++ b/go.sum @@ -178,8 +178,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= @@ -231,8 +231,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From 846d3ebd6c2d63a3bad23bc50141d9cb7c87d142 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 06:34:06 +0000 Subject: [PATCH 168/226] Bump golang.org/x/net from 0.11.0 to 0.12.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e96b651d8d5f..162037c71a28 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 golang.org/x/crypto v0.11.0 - golang.org/x/net v0.11.0 + golang.org/x/net v0.12.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.10.0 google.golang.org/grpc v1.56.1 diff --git a/go.sum b/go.sum index e4c28878693d..8a2c5db1bdbe 100644 --- a/go.sum +++ b/go.sum @@ -200,8 +200,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= +golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From 6d4194415d903523eb243a172f0beb1621c9267a Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 6 Jul 2023 15:18:05 +0000 Subject: [PATCH 169/226] Clean unnecessary code in Trojan --- infra/conf/trojan.go | 59 ++++++++++++++------------------- proxy/trojan/client.go | 18 +++------- proxy/trojan/config.go | 2 -- proxy/trojan/config.pb.go | 69 +++++++++++++++++---------------------- proxy/trojan/config.proto | 3 +- proxy/trojan/protocol.go | 1 - proxy/trojan/server.go | 4 +-- proxy/trojan/trojan.go | 4 +-- 8 files changed, 63 insertions(+), 97 deletions(-) diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index e7d8738b92ce..e9d78f8ae0ff 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -30,13 +30,14 @@ type TrojanClientConfig struct { // Build implements Buildable func (c *TrojanClientConfig) Build() (proto.Message, error) { - config := new(trojan.ClientConfig) - if len(c.Servers) == 0 { return nil, newError("0 Trojan server configured.") } - serverSpecs := make([]*protocol.ServerEndpoint, len(c.Servers)) + config := &trojan.ClientConfig{ + Server: make([]*protocol.ServerEndpoint, len(c.Servers)), + } + for idx, rec := range c.Servers { if rec.Address == nil { return nil, newError("Trojan server address is not set.") @@ -47,34 +48,25 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) { if rec.Password == "" { return nil, newError("Trojan password is not specified.") } - account := &trojan.Account{ - Password: rec.Password, - Flow: rec.Flow, - } - - switch account.Flow { - case "": - default: - return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`) + if rec.Flow != "" { + return nil, newError(`Trojan doesn't support "flow" anymore.`) } - trojan := &protocol.ServerEndpoint{ + config.Server[idx] = &protocol.ServerEndpoint{ Address: rec.Address.Build(), Port: uint32(rec.Port), User: []*protocol.User{ { - Level: uint32(rec.Level), - Email: rec.Email, - Account: serial.ToTypedMessage(account), + Level: uint32(rec.Level), + Email: rec.Email, + Account: serial.ToTypedMessage(&trojan.Account{ + Password: rec.Password, + }), }, }, } - - serverSpecs[idx] = trojan } - config.Server = serverSpecs - return config, nil } @@ -105,25 +97,22 @@ type TrojanServerConfig struct { // Build implements Buildable func (c *TrojanServerConfig) Build() (proto.Message, error) { - config := new(trojan.ServerConfig) - config.Users = make([]*protocol.User, len(c.Clients)) + config := &trojan.ServerConfig{ + Users: make([]*protocol.User, len(c.Clients)), + } + for idx, rawUser := range c.Clients { - user := new(protocol.User) - account := &trojan.Account{ - Password: rawUser.Password, - Flow: rawUser.Flow, + if rawUser.Flow != "" { + return nil, newError(`Trojan doesn't support "flow" anymore.`) } - switch account.Flow { - case "": - default: - return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`) + config.Users[idx] = &protocol.User{ + Level: uint32(rawUser.Level), + Email: rawUser.Email, + Account: serial.ToTypedMessage(&trojan.Account{ + Password: rawUser.Password, + }), } - - user.Email = rawUser.Email - user.Level = uint32(rawUser.Level) - user.Account = serial.ToTypedMessage(account) - config.Users[idx] = user } if c.Fallback != nil { diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 2605239d377b..0c6f16d3aba5 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -77,22 +77,12 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter defer conn.Close() - iConn := conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - user := server.PickUser() account, ok := user.Account.(*MemoryAccount) if !ok { return newError("user account is not valid") } - connWriter := &ConnWriter{ - Flow: account.Flow, - } - var newCtx context.Context var newCancel context.CancelFunc if session.TimeoutOnlyFromContext(ctx) { @@ -113,9 +103,11 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter bufferWriter := buf.NewBufferedWriter(buf.NewWriter(conn)) - connWriter.Writer = bufferWriter - connWriter.Target = destination - connWriter.Account = account + connWriter := &ConnWriter{ + Writer: bufferWriter, + Target: destination, + Account: account, + } var bodyWriter buf.Writer if destination.Network == net.Network_UDP { diff --git a/proxy/trojan/config.go b/proxy/trojan/config.go index ffac7854c529..a02dfe98afc8 100644 --- a/proxy/trojan/config.go +++ b/proxy/trojan/config.go @@ -13,7 +13,6 @@ import ( type MemoryAccount struct { Password string Key []byte - Flow string } // AsAccount implements protocol.AsAccount. @@ -23,7 +22,6 @@ func (a *Account) AsAccount() (protocol.Account, error) { return &MemoryAccount{ Password: password, Key: key, - Flow: a.Flow, }, nil } diff --git a/proxy/trojan/config.pb.go b/proxy/trojan/config.pb.go index 6d81350f5dc2..493740019171 100644 --- a/proxy/trojan/config.pb.go +++ b/proxy/trojan/config.pb.go @@ -27,7 +27,6 @@ type Account struct { unknownFields protoimpl.UnknownFields Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"` - Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` } func (x *Account) Reset() { @@ -69,13 +68,6 @@ func (x *Account) GetPassword() string { return "" } -func (x *Account) GetFlow() string { - if x != nil { - return x.Flow - } - return "" -} - type Fallback struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -216,7 +208,7 @@ type ServerConfig struct { unknownFields protoimpl.UnknownFields Users []*protocol.User `protobuf:"bytes,1,rep,name=users,proto3" json:"users,omitempty"` - Fallbacks []*Fallback `protobuf:"bytes,3,rep,name=fallbacks,proto3" json:"fallbacks,omitempty"` + Fallbacks []*Fallback `protobuf:"bytes,2,rep,name=fallbacks,proto3" json:"fallbacks,omitempty"` } func (x *ServerConfig) Reset() { @@ -274,38 +266,37 @@ var file_proxy_trojan_config_proto_rawDesc = []byte{ 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, + 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x25, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, - 0x77, 0x6f, 0x72, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x22, 0x82, 0x01, 0x0a, 0x08, 0x46, 0x61, 0x6c, - 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x70, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, 0x0a, - 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, - 0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, - 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x4c, 0x0a, - 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, - 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x7b, 0x0a, 0x0c, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x05, 0x75, - 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, - 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x39, 0x0a, - 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, - 0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66, - 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, - 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, - 0x6e, 0x50, 0x01, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, - 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x77, 0x6f, 0x72, 0x64, 0x22, 0x82, 0x01, 0x0a, 0x08, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, + 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, + 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x4c, 0x0a, 0x0c, 0x43, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x06, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x72, 0x61, 0x79, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, + 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x7b, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, + 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x39, 0x0a, 0x09, 0x66, 0x61, 0x6c, + 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, + 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, + 0x61, 0x63, 0x6b, 0x73, 0x42, 0x55, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, + 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, + 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x2f, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x11, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/trojan/config.proto b/proxy/trojan/config.proto index 6ebed36b0d1a..4229e2edcfa9 100644 --- a/proxy/trojan/config.proto +++ b/proxy/trojan/config.proto @@ -11,7 +11,6 @@ import "common/protocol/server_spec.proto"; message Account { string password = 1; - string flow = 2; } message Fallback { @@ -29,5 +28,5 @@ message ClientConfig { message ServerConfig { repeated xray.common.protocol.User users = 1; - repeated Fallback fallbacks = 3; + repeated Fallback fallbacks = 2; } diff --git a/proxy/trojan/protocol.go b/proxy/trojan/protocol.go index 363cf9e02d12..6fcfb4d4ae8c 100644 --- a/proxy/trojan/protocol.go +++ b/proxy/trojan/protocol.go @@ -31,7 +31,6 @@ type ConnWriter struct { io.Writer Target net.Destination Account *MemoryAccount - Flow string headerSent bool } diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 368374ffbe3f..41245ba4bd2e 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -234,7 +234,7 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con }) newError("received request for ", destination).WriteToLog(sid) - return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher, iConn, statConn) + return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher) } func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReader, clientWriter *PacketWriter, dispatcher routing.Dispatcher) error { @@ -300,7 +300,7 @@ func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReade func (s *Server) handleConnection(ctx context.Context, sessionPolicy policy.Session, destination net.Destination, clientReader buf.Reader, - clientWriter buf.Writer, dispatcher routing.Dispatcher, iConn stat.Connection, statConn *stat.CounterConnection, + clientWriter buf.Writer, dispatcher routing.Dispatcher, ) error { ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) diff --git a/proxy/trojan/trojan.go b/proxy/trojan/trojan.go index 4639b7d9b593..d0cf5de40233 100644 --- a/proxy/trojan/trojan.go +++ b/proxy/trojan/trojan.go @@ -1,5 +1,3 @@ package trojan -const ( - muxCoolAddress = "v1.mux.cool" -) +//go:generate go run github.com/xtls/xray-core/common/errors/errorgen From f0f3b417f779d1d76d9d515bd0070877d9975019 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 6 Jul 2023 16:30:39 +0000 Subject: [PATCH 170/226] Refactor: Fragmentation https://github.com/XTLS/Xray-core/commit/5f5ae375714abd67eb2f0a0f2e86410b6f29f7c2 https://github.com/XTLS/Xray-core/commit/9122d0f056ed5b0e6fc9b290fdc7b39f47b49a39 --- infra/conf/freedom.go | 134 ++++++++++++++--------------- proxy/freedom/config.pb.go | 62 +++++++------- proxy/freedom/config.proto | 12 +-- proxy/freedom/freedom.go | 171 +++++++++++++------------------------ 4 files changed, 161 insertions(+), 218 deletions(-) diff --git a/infra/conf/freedom.go b/infra/conf/freedom.go index c35104775a73..60c5b7f1726d 100644 --- a/infra/conf/freedom.go +++ b/infra/conf/freedom.go @@ -39,91 +39,89 @@ func (c *FreedomConfig) Build() (proto.Message, error) { } if c.Fragment != nil { - if len(c.Fragment.Interval) == 0 || len(c.Fragment.Length) == 0 { - return nil, newError("Invalid interval or length") - } - intervalMinMax := strings.Split(c.Fragment.Interval, "-") - var minInterval, maxInterval int64 + config.Fragment = new(freedom.Fragment) var err, err2 error - if len(intervalMinMax) == 2 { - minInterval, err = strconv.ParseInt(intervalMinMax[0], 10, 64) - maxInterval, err2 = strconv.ParseInt(intervalMinMax[1], 10, 64) - } else { - minInterval, err = strconv.ParseInt(intervalMinMax[0], 10, 64) - maxInterval = minInterval - } - if err != nil { - return nil, newError("Invalid minimum interval: ", err).Base(err) - } - if err2 != nil { - return nil, newError("Invalid maximum interval: ", err2).Base(err2) - } - - lengthMinMax := strings.Split(c.Fragment.Length, "-") - var minLength, maxLength int64 - if len(lengthMinMax) == 2 { - minLength, err = strconv.ParseInt(lengthMinMax[0], 10, 64) - maxLength, err2 = strconv.ParseInt(lengthMinMax[1], 10, 64) - - } else { - minLength, err = strconv.ParseInt(lengthMinMax[0], 10, 64) - maxLength = minLength - } - if err != nil { - return nil, newError("Invalid minimum length: ", err).Base(err) - } - if err2 != nil { - return nil, newError("Invalid maximum length: ", err2).Base(err2) - } - - if minInterval > maxInterval { - minInterval, maxInterval = maxInterval, minInterval - } - if minLength > maxLength { - minLength, maxLength = maxLength, minLength - } - - config.Fragment = &freedom.Fragment{ - MinInterval: int32(minInterval), - MaxInterval: int32(maxInterval), - MinLength: int32(minLength), - MaxLength: int32(maxLength), - } switch strings.ToLower(c.Fragment.Packets) { case "tlshello": // TLS Hello Fragmentation (into multiple handshake messages) - config.Fragment.StartPacket = 0 - config.Fragment.EndPacket = 1 + config.Fragment.PacketsFrom = 0 + config.Fragment.PacketsTo = 1 case "": // TCP Segmentation (all packets) - config.Fragment.StartPacket = 0 - config.Fragment.EndPacket = 0 + config.Fragment.PacketsFrom = 0 + config.Fragment.PacketsTo = 0 default: // TCP Segmentation (range) - packetRange := strings.Split(c.Fragment.Packets, "-") - var startPacket, endPacket int64 - if len(packetRange) == 2 { - startPacket, err = strconv.ParseInt(packetRange[0], 10, 64) - endPacket, err2 = strconv.ParseInt(packetRange[1], 10, 64) + packetsFromTo := strings.Split(c.Fragment.Packets, "-") + if len(packetsFromTo) == 2 { + config.Fragment.PacketsFrom, err = strconv.ParseUint(packetsFromTo[0], 10, 64) + config.Fragment.PacketsTo, err2 = strconv.ParseUint(packetsFromTo[1], 10, 64) } else { - startPacket, err = strconv.ParseInt(packetRange[0], 10, 64) - endPacket = startPacket + config.Fragment.PacketsFrom, err = strconv.ParseUint(packetsFromTo[0], 10, 64) + config.Fragment.PacketsTo = config.Fragment.PacketsFrom } if err != nil { - return nil, newError("Invalid start packet: ", err).Base(err) + return nil, newError("Invalid PacketsFrom").Base(err) } if err2 != nil { - return nil, newError("Invalid end packet: ", err2).Base(err2) + return nil, newError("Invalid PacketsTo").Base(err2) + } + if config.Fragment.PacketsFrom > config.Fragment.PacketsTo { + config.Fragment.PacketsFrom, config.Fragment.PacketsTo = config.Fragment.PacketsTo, config.Fragment.PacketsFrom } - if startPacket > endPacket { - return nil, newError("Invalid packet range: ", c.Fragment.Packets) + if config.Fragment.PacketsFrom == 0 { + return nil, newError("PacketsFrom can't be 0") + } + } + + { + if c.Fragment.Length == "" { + return nil, newError("Length can't be empty") + } + lengthMinMax := strings.Split(c.Fragment.Length, "-") + if len(lengthMinMax) == 2 { + config.Fragment.LengthMin, err = strconv.ParseUint(lengthMinMax[0], 10, 64) + config.Fragment.LengthMax, err2 = strconv.ParseUint(lengthMinMax[1], 10, 64) + } else { + config.Fragment.LengthMin, err = strconv.ParseUint(lengthMinMax[0], 10, 64) + config.Fragment.LengthMax = config.Fragment.LengthMin + } + if err != nil { + return nil, newError("Invalid LengthMin").Base(err) + } + if err2 != nil { + return nil, newError("Invalid LengthMax").Base(err2) + } + if config.Fragment.LengthMin > config.Fragment.LengthMax { + config.Fragment.LengthMin, config.Fragment.LengthMax = config.Fragment.LengthMax, config.Fragment.LengthMin + } + if config.Fragment.LengthMin == 0 { + return nil, newError("LengthMin can't be 0") + } + } + + { + if c.Fragment.Interval == "" { + return nil, newError("Interval can't be empty") + } + intervalMinMax := strings.Split(c.Fragment.Interval, "-") + if len(intervalMinMax) == 2 { + config.Fragment.IntervalMin, err = strconv.ParseUint(intervalMinMax[0], 10, 64) + config.Fragment.IntervalMax, err2 = strconv.ParseUint(intervalMinMax[1], 10, 64) + } else { + config.Fragment.IntervalMin, err = strconv.ParseUint(intervalMinMax[0], 10, 64) + config.Fragment.IntervalMax = config.Fragment.IntervalMin + } + if err != nil { + return nil, newError("Invalid IntervalMin").Base(err) + } + if err2 != nil { + return nil, newError("Invalid IntervalMax").Base(err2) } - if startPacket < 1 { - return nil, newError("Cannot start from packet 0") + if config.Fragment.IntervalMin > config.Fragment.IntervalMax { + config.Fragment.IntervalMin, config.Fragment.IntervalMax = config.Fragment.IntervalMax, config.Fragment.IntervalMin } - config.Fragment.StartPacket = int32(startPacket) - config.Fragment.EndPacket = int32(endPacket) } } diff --git a/proxy/freedom/config.pb.go b/proxy/freedom/config.pb.go index 2e2fb403cb9f..7561f7fd9f10 100644 --- a/proxy/freedom/config.pb.go +++ b/proxy/freedom/config.pb.go @@ -125,12 +125,12 @@ type Fragment struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - MinInterval int32 `protobuf:"varint,1,opt,name=min_interval,json=minInterval,proto3" json:"min_interval,omitempty"` - MaxInterval int32 `protobuf:"varint,2,opt,name=max_interval,json=maxInterval,proto3" json:"max_interval,omitempty"` - MinLength int32 `protobuf:"varint,3,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"` - MaxLength int32 `protobuf:"varint,4,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"` - StartPacket int32 `protobuf:"varint,5,opt,name=start_packet,json=startPacket,proto3" json:"start_packet,omitempty"` - EndPacket int32 `protobuf:"varint,6,opt,name=end_packet,json=endPacket,proto3" json:"end_packet,omitempty"` + PacketsFrom uint64 `protobuf:"varint,1,opt,name=packets_from,json=packetsFrom,proto3" json:"packets_from,omitempty"` + PacketsTo uint64 `protobuf:"varint,2,opt,name=packets_to,json=packetsTo,proto3" json:"packets_to,omitempty"` + LengthMin uint64 `protobuf:"varint,3,opt,name=length_min,json=lengthMin,proto3" json:"length_min,omitempty"` + LengthMax uint64 `protobuf:"varint,4,opt,name=length_max,json=lengthMax,proto3" json:"length_max,omitempty"` + IntervalMin uint64 `protobuf:"varint,5,opt,name=interval_min,json=intervalMin,proto3" json:"interval_min,omitempty"` + IntervalMax uint64 `protobuf:"varint,6,opt,name=interval_max,json=intervalMax,proto3" json:"interval_max,omitempty"` } func (x *Fragment) Reset() { @@ -165,44 +165,44 @@ func (*Fragment) Descriptor() ([]byte, []int) { return file_proxy_freedom_config_proto_rawDescGZIP(), []int{1} } -func (x *Fragment) GetMinInterval() int32 { +func (x *Fragment) GetPacketsFrom() uint64 { if x != nil { - return x.MinInterval + return x.PacketsFrom } return 0 } -func (x *Fragment) GetMaxInterval() int32 { +func (x *Fragment) GetPacketsTo() uint64 { if x != nil { - return x.MaxInterval + return x.PacketsTo } return 0 } -func (x *Fragment) GetMinLength() int32 { +func (x *Fragment) GetLengthMin() uint64 { if x != nil { - return x.MinLength + return x.LengthMin } return 0 } -func (x *Fragment) GetMaxLength() int32 { +func (x *Fragment) GetLengthMax() uint64 { if x != nil { - return x.MaxLength + return x.LengthMax } return 0 } -func (x *Fragment) GetStartPacket() int32 { +func (x *Fragment) GetIntervalMin() uint64 { if x != nil { - return x.StartPacket + return x.IntervalMin } return 0 } -func (x *Fragment) GetEndPacket() int32 { +func (x *Fragment) GetIntervalMax() uint64 { if x != nil { - return x.EndPacket + return x.IntervalMax } return 0 } @@ -302,19 +302,19 @@ var file_proxy_freedom_config_proto_rawDesc = []byte{ 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x46, 0x72, 0x61, - 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x78, 0x5f, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b, - 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, - 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, - 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x74, 0x61, - 0x72, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0b, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1d, 0x0a, 0x0a, - 0x65, 0x6e, 0x64, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x09, 0x65, 0x6e, 0x64, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x22, 0xf2, 0x02, 0x0a, 0x06, + 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, + 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x70, 0x61, 0x63, + 0x6b, 0x65, 0x74, 0x73, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x63, 0x6b, + 0x65, 0x74, 0x73, 0x5f, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x74, 0x73, 0x54, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x65, 0x6e, 0x67, 0x74, + 0x68, 0x5f, 0x6d, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x6c, 0x65, 0x6e, + 0x67, 0x74, 0x68, 0x4d, 0x69, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, + 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x6c, 0x65, 0x6e, 0x67, + 0x74, 0x68, 0x4d, 0x61, 0x78, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, + 0x6c, 0x5f, 0x6d, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x76, 0x61, 0x6c, 0x4d, 0x69, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x76, 0x61, 0x6c, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x4d, 0x61, 0x78, 0x22, 0xf2, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x52, 0x0a, 0x0f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x5f, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x66, 0x72, 0x65, diff --git a/proxy/freedom/config.proto b/proxy/freedom/config.proto index 4422edd3a2e5..53524e197af0 100644 --- a/proxy/freedom/config.proto +++ b/proxy/freedom/config.proto @@ -13,12 +13,12 @@ message DestinationOverride { } message Fragment { - int32 min_interval = 1; - int32 max_interval = 2; - int32 min_length = 3; - int32 max_length = 4; - int32 start_packet = 5; - int32 end_packet = 6; + uint64 packets_from = 1; + uint64 packets_to = 2; + uint64 length_min = 3; + uint64 length_max = 4; + uint64 interval_min = 5; + uint64 interval_max = 6; } message Config { diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index b881ffde0de4..c6907b4c62c8 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -5,7 +5,6 @@ package freedom import ( "context" "crypto/rand" - "encoding/binary" "io" "math/big" "time" @@ -13,7 +12,6 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/dice" - "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -175,28 +173,12 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var writer buf.Writer if destination.Network == net.Network_TCP { if h.config.Fragment != nil { - if h.config.Fragment.StartPacket == 0 && h.config.Fragment.EndPacket == 1 { - newError("FRAGMENT", int(h.config.Fragment.MaxLength)).WriteToLog(session.ExportIDToError(ctx)) - writer = buf.NewWriter( - &FragmentedClientHelloConn{ - Conn: conn, - maxLength: int(h.config.Fragment.MaxLength), - minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, - maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, - }) - } else { - writer = buf.NewWriter( - &FragmentWriter{ - Writer: conn, - minLength: int(h.config.Fragment.MinLength), - maxLength: int(h.config.Fragment.MaxLength), - minInterval: time.Duration(h.config.Fragment.MinInterval) * time.Millisecond, - maxInterval: time.Duration(h.config.Fragment.MaxInterval) * time.Millisecond, - startPacket: int(h.config.Fragment.StartPacket), - endPacket: int(h.config.Fragment.EndPacket), - PacketCount: 0, - }) - } + newError("FRAGMENT", h.config.Fragment.PacketsFrom, h.config.Fragment.PacketsTo, h.config.Fragment.LengthMin, h.config.Fragment.LengthMax, + h.config.Fragment.IntervalMin, h.config.Fragment.IntervalMax).AtDebug().WriteToLog(session.ExportIDToError(ctx)) + writer = buf.NewWriter(&FragmentWriter{ + fragment: h.config.Fragment, + writer: conn, + }) } else { writer = buf.NewWriter(conn) } @@ -356,40 +338,66 @@ func (w *PacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { } type FragmentWriter struct { - io.Writer - minLength int - maxLength int - minInterval time.Duration - maxInterval time.Duration - startPacket int - endPacket int - PacketCount int + fragment *Fragment + writer io.Writer + count uint64 } -func (w *FragmentWriter) Write(buf []byte) (int, error) { - w.PacketCount += 1 - if (w.startPacket != 0 && (w.PacketCount < w.startPacket || w.PacketCount > w.endPacket)) || len(buf) <= w.minLength { - return w.Writer.Write(buf) +func (f *FragmentWriter) Write(b []byte) (int, error) { + f.count++ + + if f.fragment.PacketsFrom == 0 && f.fragment.PacketsTo == 1 { + if f.count != 1 || len(b) <= 5 || b[0] != 22 { + return f.writer.Write(b) + } + recordLen := 5 + ((int(b[3]) << 8) | int(b[4])) + data := b[5:recordLen] + buf := make([]byte, 1024) + for from := 0; ; { + to := from + int(randBetween(int64(f.fragment.LengthMin), int64(f.fragment.LengthMax))) + if to > len(data) { + to = len(data) + } + copy(buf[:3], b) + copy(buf[5:], data[from:to]) + l := to - from + from = to + buf[3] = byte(l >> 8) + buf[4] = byte(l) + _, err := f.writer.Write(buf[:5+l]) + time.Sleep(time.Duration(randBetween(int64(f.fragment.IntervalMin), int64(f.fragment.IntervalMax))) * time.Millisecond) + if err != nil { + return 0, err + } + if from == len(data) { + if len(b) > recordLen { + n, err := f.writer.Write(b[recordLen:]) + if err != nil { + return recordLen + n, err + } + } + return len(b), nil + } + } } - nTotal := 0 - for { - randomBytesTo := int(randBetween(int64(w.minLength), int64(w.maxLength))) + nTotal - if randomBytesTo > len(buf) { - randomBytesTo = len(buf) + if f.fragment.PacketsFrom != 0 && (f.count < f.fragment.PacketsFrom || f.count > f.fragment.PacketsTo) { + return f.writer.Write(b) + } + for from := 0; ; { + to := from + int(randBetween(int64(f.fragment.LengthMin), int64(f.fragment.LengthMax))) + if to > len(b) { + to = len(b) } - n, err := w.Writer.Write(buf[nTotal:randomBytesTo]) + n, err := f.writer.Write(b[from:to]) + from += n + time.Sleep(time.Duration(randBetween(int64(f.fragment.IntervalMin), int64(f.fragment.IntervalMax))) * time.Millisecond) if err != nil { - return nTotal + n, err + return from, err } - nTotal += n - - if nTotal >= len(buf) { - return nTotal, nil + if from >= len(b) { + return from, nil } - - randomInterval := randBetween(int64(w.minInterval), int64(w.maxInterval)) - time.Sleep(time.Duration(randomInterval)) } } @@ -401,66 +409,3 @@ func randBetween(left int64, right int64) int64 { bigInt, _ := rand.Int(rand.Reader, big.NewInt(right-left)) return left + bigInt.Int64() } - -type FragmentedClientHelloConn struct { - net.Conn - PacketCount int - minLength int - maxLength int - minInterval time.Duration - maxInterval time.Duration -} - -func (c *FragmentedClientHelloConn) Write(b []byte) (n int, err error) { - if len(b) >= 5 && b[0] == 22 && c.PacketCount == 0 { - n, err = sendFragmentedClientHello(c, b, c.minLength, c.maxLength) - - if err == nil { - c.PacketCount++ - return n, err - } - } - - return c.Conn.Write(b) -} - -func sendFragmentedClientHello(conn *FragmentedClientHelloConn, clientHello []byte, minFragmentSize, maxFragmentSize int) (n int, err error) { - if len(clientHello) < 5 || clientHello[0] != 22 { - return 0, errors.New("not a valid TLS ClientHello message") - } - - clientHelloLen := (int(clientHello[3]) << 8) | int(clientHello[4]) - - clientHelloData := clientHello[5:] - for i := 0; i < clientHelloLen; { - fragmentEnd := i + int(randBetween(int64(minFragmentSize), int64(maxFragmentSize))) - if fragmentEnd > clientHelloLen { - fragmentEnd = clientHelloLen - } - - fragment := clientHelloData[i:fragmentEnd] - i = fragmentEnd - - err = writeFragmentedRecord(conn, 22, fragment, clientHello) - if err != nil { - return 0, err - } - } - - return len(clientHello), nil -} - -func writeFragmentedRecord(c *FragmentedClientHelloConn, contentType uint8, data []byte, clientHello []byte) error { - header := make([]byte, 5) - header[0] = byte(clientHello[0]) - - tlsVersion := (int(clientHello[1]) << 8) | int(clientHello[2]) - binary.BigEndian.PutUint16(header[1:], uint16(tlsVersion)) - - binary.BigEndian.PutUint16(header[3:], uint16(len(data))) - _, err := c.Conn.Write(append(header, data...)) - randomInterval := randBetween(int64(c.minInterval), int64(c.maxInterval)) - time.Sleep(time.Duration(randomInterval)) - - return err -} From dca57aab2669ffdff5fc87020e41899f548d8308 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jul 2023 00:27:17 +0000 Subject: [PATCH 171/226] Bump google.golang.org/grpc from 1.56.1 to 1.56.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.1 to 1.56.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.56.1...v1.56.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 162037c71a28..6c47723df5ef 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/net v0.12.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.10.0 - google.golang.org/grpc v1.56.1 + google.golang.org/grpc v1.56.2 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 8a2c5db1bdbe..9e00d90639f8 100644 --- a/go.sum +++ b/go.sum @@ -268,8 +268,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= -google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI= +google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= From 929f286c2cbeb76913e9679205d68017402d71fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 00:31:59 +0000 Subject: [PATCH 172/226] Bump github.com/quic-go/quic-go from 0.36.1 to 0.36.2 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.36.1 to 0.36.2. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.36.1...v0.36.2) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6c47723df5ef..8fc28fd2d001 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.36.1 + github.com/quic-go/quic-go v0.36.2 github.com/refraction-networking/utls v1.3.2 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 9e00d90639f8..284fb64b32e9 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.36.1 h1:WsG73nVtnDy1TiACxFxhQ3TqaW+DipmqzLEtNlAwZyY= -github.com/quic-go/quic-go v0.36.1/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= +github.com/quic-go/quic-go v0.36.2 h1:ZX/UNQ4gvpCv2RmwdbA6lrRjF6EBm5yZ7TMoT4NQVrA= +github.com/quic-go/quic-go v0.36.2/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From 8eb3cfe1444afc8217a9e11373957eba828669ea Mon Sep 17 00:00:00 2001 From: cty123 Date: Sat, 15 Jul 2023 23:58:08 +0200 Subject: [PATCH 173/226] fix: Patch potential nil pointer deference in proxy::http::client::fillRequestHeader(). --- proxy/http/client.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proxy/http/client.go b/proxy/http/client.go index b1661011afa8..f597a5021897 100644 --- a/proxy/http/client.go +++ b/proxy/http/client.go @@ -172,6 +172,10 @@ func fillRequestHeader(ctx context.Context, header []*Header) ([]*Header, error) inbound := session.InboundFromContext(ctx) outbound := session.OutboundFromContext(ctx) + if inbound == nil || outbound == nil { + return nil, newError("missing inbound or outbound metadata from context") + } + data := struct { Source net.Destination Target net.Destination From 2df418abf1df4ad4a2d962bf21d26ed027ebd828 Mon Sep 17 00:00:00 2001 From: cty123 Date: Sun, 16 Jul 2023 23:02:15 +0200 Subject: [PATCH 174/226] fix: Check if address is nil for IsValid() function. --- common/net/destination.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/net/destination.go b/common/net/destination.go index 055395e9d22d..2d0d09edbc81 100644 --- a/common/net/destination.go +++ b/common/net/destination.go @@ -113,7 +113,7 @@ func (d Destination) String() string { // IsValid returns true if this Destination is valid. func (d Destination) IsValid() bool { - return d.Network != Network_Unknown + return d.Address != nil && d.Network != Network_Unknown } // AsDestination converts current Endpoint into Destination. From 7aeca337298e3344c2ef983d1b6e0f1547ae83eb Mon Sep 17 00:00:00 2001 From: cty123 Date: Tue, 18 Jul 2023 22:11:09 +0200 Subject: [PATCH 175/226] fix: revert previous change on IsValid() function; add validation in getUoTConnection(); --- app/proxyman/outbound/uot.go | 3 +++ common/net/destination.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app/proxyman/outbound/uot.go b/app/proxyman/outbound/uot.go index 4610bd79fde7..f3c7426e683f 100644 --- a/app/proxyman/outbound/uot.go +++ b/app/proxyman/outbound/uot.go @@ -11,6 +11,9 @@ import ( ) func (h *Handler) getUoTConnection(ctx context.Context, dest net.Destination) (stat.Connection, error) { + if dest.Address == nil { + return nil, newError("nil destination address") + } if !dest.Address.Family().IsDomain() { return nil, os.ErrInvalid } diff --git a/common/net/destination.go b/common/net/destination.go index 2d0d09edbc81..055395e9d22d 100644 --- a/common/net/destination.go +++ b/common/net/destination.go @@ -113,7 +113,7 @@ func (d Destination) String() string { // IsValid returns true if this Destination is valid. func (d Destination) IsValid() bool { - return d.Address != nil && d.Network != Network_Unknown + return d.Network != Network_Unknown } // AsDestination converts current Endpoint into Destination. From b68a43f4fc2ae40aab344b1c720984326904f10f Mon Sep 17 00:00:00 2001 From: cty123 Date: Wed, 19 Jul 2023 00:28:51 +0200 Subject: [PATCH 176/226] fix: correct the logic of converting SocksAddr into net.Destination. --- common/singbridge/destination.go | 8 +++++++- proxy/shadowsocks_2022/inbound_multi.go | 7 ++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/common/singbridge/destination.go b/common/singbridge/destination.go index 7a89c9ef5a24..98aed2587119 100644 --- a/common/singbridge/destination.go +++ b/common/singbridge/destination.go @@ -18,19 +18,25 @@ func ToNetwork(network string) net.Network { } func ToDestination(socksaddr M.Socksaddr, network net.Network) net.Destination { + // IsFqdn() implicitly checks if the domain name is valid if socksaddr.IsFqdn() { return net.Destination{ Network: network, Address: net.DomainAddress(socksaddr.Fqdn), Port: net.Port(socksaddr.Port), } - } else { + } + + // IsIP() implicitly checks if the IP address is valid + if socksaddr.IsIP() { return net.Destination{ Network: network, Address: net.IPAddress(socksaddr.Addr.AsSlice()), Port: net.Port(socksaddr.Port), } } + + return net.Destination{} } func ToSocksaddr(destination net.Destination) M.Socksaddr { diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 04cac573e793..c992747691e4 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -204,7 +204,12 @@ func (i *MultiUserInbound) NewConnection(ctx context.Context, conn net.Conn, met }) newError("tunnelling request to tcp:", metadata.Destination).WriteToLog(session.ExportIDToError(ctx)) dispatcher := session.DispatcherFromContext(ctx) - link, err := dispatcher.Dispatch(ctx, singbridge.ToDestination(metadata.Destination, net.Network_TCP)) + destination := singbridge.ToDestination(metadata.Destination, net.Network_TCP) + if !destination.IsValid() { + return newError("invalid destination") + } + + link, err := dispatcher.Dispatch(ctx, destination) if err != nil { return err } From 4a496f94e80b6c9e2c8e687227f4abb48c9ecdd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 00:56:06 +0000 Subject: [PATCH 177/226] Bump github.com/refraction-networking/utls from 1.3.2 to 1.3.3 Bumps [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls) from 1.3.2 to 1.3.3. - [Release notes](https://github.com/refraction-networking/utls/releases) - [Commits](https://github.com/refraction-networking/utls/compare/v1.3.2...v1.3.3) --- updated-dependencies: - dependency-name: github.com/refraction-networking/utls dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8fc28fd2d001..aac94b41eb30 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.36.2 - github.com/refraction-networking/utls v1.3.2 + github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c diff --git a/go.sum b/go.sum index 284fb64b32e9..4324d9797389 100644 --- a/go.sum +++ b/go.sum @@ -118,8 +118,8 @@ github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8G github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.36.2 h1:ZX/UNQ4gvpCv2RmwdbA6lrRjF6EBm5yZ7TMoT4NQVrA= github.com/quic-go/quic-go v0.36.2/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= -github.com/refraction-networking/utls v1.3.2 h1:o+AkWB57mkcoW36ET7uJ002CpBWHu0KPxi6vzxvPnv8= -github.com/refraction-networking/utls v1.3.2/go.mod h1:fmoaOww2bxzzEpIKOebIsnBvjQpqP7L2vcm/9KUfm/E= +github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= +github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= From 316034226cbe964065c46e1b3cc31dc492778f08 Mon Sep 17 00:00:00 2001 From: KatyushaScarlet Date: Mon, 17 Jul 2023 15:09:02 +0800 Subject: [PATCH 178/226] CI: Add Linux loong64 build task --- .github/build/friendly-filenames.json | 3 ++- .github/workflows/release.yml | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/build/friendly-filenames.json b/.github/build/friendly-filenames.json index 65c20300e1c6..f7a3e52620f3 100644 --- a/.github/build/friendly-filenames.json +++ b/.github/build/friendly-filenames.json @@ -22,6 +22,7 @@ "linux-ppc64le": { "friendlyName": "linux-ppc64le" }, "linux-ppc64": { "friendlyName": "linux-ppc64" }, "linux-riscv64": { "friendlyName": "linux-riscv64" }, + "linux-loong64": { "friendlyName": "linux-loong64" }, "linux-s390x": { "friendlyName": "linux-s390x" }, "openbsd-386": { "friendlyName": "openbsd-32" }, "openbsd-amd64": { "friendlyName": "openbsd-64" }, @@ -31,4 +32,4 @@ "windows-amd64": { "friendlyName": "windows-64" }, "windows-arm64": { "friendlyName": "windows-arm64-v8a" }, "windows-arm7": { "friendlyName": "windows-arm32-v7a" } -} \ No newline at end of file +} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 98ee485aa3c8..03c188110167 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -105,12 +105,14 @@ jobs: goarch: arm goarm: 7 # BEGIN Other architectures - # BEGIN riscv64 & ARM64 + # BEGIN riscv64 & ARM64 & LOONG64 - goos: linux goarch: arm64 - goos: linux goarch: riscv64 - # END riscv64 & ARM64 + - goos: linux + goarch: loong64 + # END riscv64 & ARM64 & LOONG64 # BEGIN MIPS - goos: linux goarch: mips64 From e603b97ab4f2faeae723381860e7720569723bc4 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 21 Jul 2023 14:42:09 +0000 Subject: [PATCH 179/226] Add NekoRay and V2rayU to README/GUI Clients Closes https://github.com/XTLS/Xray-core/issues/2354 --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 00a2a8116e5e..3e67915bad37 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ - [luci-app-xray](https://github.com/yichya/luci-app-xray) ([openwrt-xray](https://github.com/yichya/openwrt-xray)) - Windows - [v2rayN](https://github.com/2dust/v2rayN) + - [NekoRay](https://github.com/Matsuridayo/nekoray) - [HiddifyN](https://github.com/hiddify/HiddifyN) - [Invisible Man - Xray](https://github.com/InvisibleManVPN/InvisibleMan-XRayClient) - Android @@ -73,10 +74,12 @@ - [Mango](https://github.com/arror/Mango) - [FoXray](https://apps.apple.com/app/foxray/id6448898396) - macOS arm64 & x64 + - [V2rayU](https://github.com/yanue/V2rayU) - [V2RayXS](https://github.com/tzmax/V2RayXS) - [FoXray](https://apps.apple.com/app/foxray/id6448898396) - Linux - [v2rayA](https://github.com/v2rayA/v2rayA) + - [NekoRay](https://github.com/Matsuridayo/nekoray) ## Others that support VLESS, XTLS, REALITY, XUDP, PLUX... From 51769fdde1ca663dcb08d942618e480bee13109f Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 22 Jul 2023 06:06:25 +0800 Subject: [PATCH 180/226] H2 transport: Abandon `client` if `client.Do(request)` failed See https://github.com/golang/go/issues/30702 Fixes https://github.com/XTLS/Xray-core/issues/2355 --- transport/internet/http/dialer.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 010a95a5936b..f2e55de83640 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -173,6 +173,15 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if err != nil { newError("failed to dial to ", dest).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx)) wrc.Close() + { + // Abandon `client` if `client.Do(request)` failed + // See https://github.com/golang/go/issues/30702 + globalDialerAccess.Lock() + if globalDialerMap[dialerConf{dest, streamSettings}] == client { + delete(globalDialerMap, dialerConf{dest, streamSettings}) + } + globalDialerAccess.Unlock() + } return } if response.StatusCode != 200 { From 1e9d288b99376799732c0c1842f0b5b659b395f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jul 2023 00:32:59 +0000 Subject: [PATCH 181/226] Bump google.golang.org/grpc from 1.56.2 to 1.57.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index aac94b41eb30..ca55dfd7455e 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/net v0.12.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.10.0 - google.golang.org/grpc v1.56.2 + google.golang.org/grpc v1.57.0 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 4324d9797389..f4dd02295349 100644 --- a/go.sum +++ b/go.sum @@ -268,8 +268,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI= -google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= +google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= From 81b27aa4cc15f481c11e347ca6e56befbf9514a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 00:27:44 +0000 Subject: [PATCH 182/226] Bump github.com/quic-go/quic-go from 0.36.2 to 0.37.1 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.36.2 to 0.37.1. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.36.2...v0.37.1) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 5 ++--- go.sum | 10 ++++------ 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index ca55dfd7455e..dd9fde532775 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.36.2 + github.com/quic-go/quic-go v0.37.1 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 @@ -44,8 +44,7 @@ require ( github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-19 v0.3.2 // indirect - github.com/quic-go/qtls-go1-20 v0.2.2 // indirect + github.com/quic-go/qtls-go1-20 v0.3.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect diff --git a/go.sum b/go.sum index f4dd02295349..e88175a6caf9 100644 --- a/go.sum +++ b/go.sum @@ -112,12 +112,10 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U= -github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= -github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E= -github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.36.2 h1:ZX/UNQ4gvpCv2RmwdbA6lrRjF6EBm5yZ7TMoT4NQVrA= -github.com/quic-go/quic-go v0.36.2/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ= +github.com/quic-go/qtls-go1-20 v0.3.0 h1:NrCXmDl8BddZwO67vlvEpBTwT89bJfKYygxv4HQvuDk= +github.com/quic-go/qtls-go1-20 v0.3.0/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/quic-go v0.37.1 h1:M+mcsFq9KoxVjCetIwH65TvusW1UdRBc6zmxI6pkeD0= +github.com/quic-go/quic-go v0.37.1/go.mod h1:XtCUOCALTTWbPyd0IxFfHf6h0sEMubRFvEYHl3QxKw8= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From a45c343b89e27cc960ea1f7f011a05df047e15d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Aug 2023 00:19:26 +0000 Subject: [PATCH 183/226] Bump golang.org/x/net from 0.12.0 to 0.13.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/net/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dd9fde532775..0595f906819d 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 golang.org/x/crypto v0.11.0 - golang.org/x/net v0.12.0 + golang.org/x/net v0.13.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.10.0 google.golang.org/grpc v1.57.0 diff --git a/go.sum b/go.sum index e88175a6caf9..e5b2eea99de9 100644 --- a/go.sum +++ b/go.sum @@ -198,8 +198,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= +golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From ce89b5d7de17f228d303c293e0790c8bdf8a3ab6 Mon Sep 17 00:00:00 2001 From: Loren Eteval <139033850+LorenEteval@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:30:37 +0800 Subject: [PATCH 184/226] Add Furious to README/GUI Clients (#2405) --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3e67915bad37..761b2ee706f5 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ - Windows - [v2rayN](https://github.com/2dust/v2rayN) - [NekoRay](https://github.com/Matsuridayo/nekoray) + - [Furious](https://github.com/LorenEteval/Furious) - [HiddifyN](https://github.com/hiddify/HiddifyN) - [Invisible Man - Xray](https://github.com/InvisibleManVPN/InvisibleMan-XRayClient) - Android @@ -76,10 +77,12 @@ - macOS arm64 & x64 - [V2rayU](https://github.com/yanue/V2rayU) - [V2RayXS](https://github.com/tzmax/V2RayXS) + - [Furious](https://github.com/LorenEteval/Furious) - [FoXray](https://apps.apple.com/app/foxray/id6448898396) - Linux - [v2rayA](https://github.com/v2rayA/v2rayA) - [NekoRay](https://github.com/Matsuridayo/nekoray) + - [Furious](https://github.com/LorenEteval/Furious) ## Others that support VLESS, XTLS, REALITY, XUDP, PLUX... @@ -90,6 +93,7 @@ - [xtlsapi](https://github.com/hiddify/xtlsapi) - [AndroidLibXrayLite](https://github.com/2dust/AndroidLibXrayLite) - [XrayKit](https://github.com/arror/XrayKit) + - [Xray-core-python](https://github.com/LorenEteval/Xray-core-python) - [XrayR](https://github.com/XrayR-project/XrayR) - [XrayR-release](https://github.com/XrayR-project/XrayR-release) - [XrayR-V2Board](https://github.com/missuo/XrayR-V2Board) From 017b56adf53d4813d01252157140dd9df5688477 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=86=AC=E8=8A=B1ice?= <67498111+flowerinsnowdh@users.noreply.github.com> Date: Sun, 6 Aug 2023 14:47:31 +0800 Subject: [PATCH 185/226] Recognize .jsonc files automatically (#2398) Closes https://github.com/XTLS/Xray-core/issues/2399 --- core/config.go | 2 +- main/run.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/config.go b/core/config.go index 5892226b0e4c..c845e8472f18 100644 --- a/core/config.go +++ b/core/config.go @@ -57,7 +57,7 @@ func GetFormatByExtension(ext string) string { return "yaml" case "toml": return "toml" - case "json": + case "json", "jsonc": return "json" default: return "" diff --git a/main/run.go b/main/run.go index 979677003dc7..1f8a4b888e78 100644 --- a/main/run.go +++ b/main/run.go @@ -113,13 +113,13 @@ func dirExists(file string) bool { func getRegepxByFormat() string { switch strings.ToLower(*format) { case "json": - return `^.+\.json$` + return `^.+\.(json|jsonc)$` case "toml": return `^.+\.toml$` case "yaml", "yml": return `^.+\.(yaml|yml)$` default: - return `^.+\.(json|toml|yaml|yml)$` + return `^.+\.(json|jsonc|toml|yaml|yml)$` } } From cd547a3f43c5fd03462e4d359e761e9fb345a0ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 00:58:41 +0000 Subject: [PATCH 186/226] Bump golang.org/x/crypto from 0.11.0 to 0.12.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 0595f906819d..da3d05baac83 100644 --- a/go.mod +++ b/go.mod @@ -20,10 +20,10 @@ require ( github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 - golang.org/x/crypto v0.11.0 + golang.org/x/crypto v0.12.0 golang.org/x/net v0.13.0 golang.org/x/sync v0.3.0 - golang.org/x/sys v0.10.0 + golang.org/x/sys v0.11.0 google.golang.org/grpc v1.57.0 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c @@ -49,7 +49,7 @@ require ( go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect golang.org/x/mod v0.11.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.10.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect diff --git a/go.sum b/go.sum index e5b2eea99de9..9503325e05e7 100644 --- a/go.sum +++ b/go.sum @@ -176,8 +176,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= @@ -223,14 +223,14 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From d4806c8e54a4c1cb1f13aa1aaff5a6c8d60e64b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 00:59:06 +0000 Subject: [PATCH 187/226] Bump github.com/quic-go/quic-go from 0.37.1 to 0.37.3 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.1 to 0.37.3. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.37.1...v0.37.3) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index da3d05baac83..97583fed2043 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.37.1 + github.com/quic-go/quic-go v0.37.3 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 @@ -44,7 +44,7 @@ require ( github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-20 v0.3.0 // indirect + github.com/quic-go/qtls-go1-20 v0.3.1 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect diff --git a/go.sum b/go.sum index 9503325e05e7..18686edbe2b7 100644 --- a/go.sum +++ b/go.sum @@ -112,10 +112,10 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-20 v0.3.0 h1:NrCXmDl8BddZwO67vlvEpBTwT89bJfKYygxv4HQvuDk= -github.com/quic-go/qtls-go1-20 v0.3.0/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.37.1 h1:M+mcsFq9KoxVjCetIwH65TvusW1UdRBc6zmxI6pkeD0= -github.com/quic-go/quic-go v0.37.1/go.mod h1:XtCUOCALTTWbPyd0IxFfHf6h0sEMubRFvEYHl3QxKw8= +github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg= +github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/quic-go v0.37.3 h1:pkHH3xaMNUNAh6OtgEV/0K6Fz+YIJXhPzgd/ShiRDm4= +github.com/quic-go/quic-go v0.37.3/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From d11826ee542bc06728c3436831a9e423666a4475 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Aug 2023 00:44:07 +0000 Subject: [PATCH 188/226] Bump golang.org/x/net from 0.13.0 to 0.14.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 97583fed2043..65bb74a5c7d8 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 golang.org/x/crypto v0.12.0 - golang.org/x/net v0.13.0 + golang.org/x/net v0.14.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.11.0 google.golang.org/grpc v1.57.0 diff --git a/go.sum b/go.sum index 18686edbe2b7..93324e7a73e9 100644 --- a/go.sum +++ b/go.sum @@ -198,8 +198,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From e584b71b6082585d322de84304e2e0ab50deed20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Aug 2023 00:29:10 +0000 Subject: [PATCH 189/226] Bump github.com/quic-go/quic-go from 0.37.3 to 0.37.4 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.3 to 0.37.4. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.37.3...v0.37.4) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 65bb74a5c7d8..1fdb91b7fb84 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.37.3 + github.com/quic-go/quic-go v0.37.4 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 93324e7a73e9..7900b808b698 100644 --- a/go.sum +++ b/go.sum @@ -114,8 +114,8 @@ github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7q github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg= github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.37.3 h1:pkHH3xaMNUNAh6OtgEV/0K6Fz+YIJXhPzgd/ShiRDm4= -github.com/quic-go/quic-go v0.37.3/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= +github.com/quic-go/quic-go v0.37.4 h1:ke8B73yMCWGq9MfrCCAw0Uzdm7GaViC3i39dsIdDlH4= +github.com/quic-go/quic-go v0.37.4/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From f67167bb3bbfcb0f45393f37005a51024e58864b Mon Sep 17 00:00:00 2001 From: hax0r31337 Date: Thu, 10 Aug 2023 04:43:34 +0000 Subject: [PATCH 190/226] refactor(deps): replace github.com/golang/protobuf with google.golang.org/protobuf --- app/observatory/observer.go | 2 +- app/reverse/bridge.go | 2 +- app/reverse/portal.go | 2 +- app/router/condition_geoip_test.go | 2 +- app/router/condition_test.go | 2 +- common/serial/typed_message.go | 18 +++++++++--------- core/config.go | 2 +- core/functions_test.go | 2 +- core/xray_test.go | 2 +- features/extension/observatory.go | 2 +- go.mod | 2 +- infra/conf/blackhole.go | 2 +- infra/conf/buildable.go | 2 +- infra/conf/dns_proxy.go | 2 +- infra/conf/dns_test.go | 2 +- infra/conf/dokodemo.go | 2 +- infra/conf/freedom.go | 2 +- infra/conf/general_test.go | 2 +- infra/conf/grpc.go | 2 +- infra/conf/http.go | 2 +- infra/conf/loopback.go | 2 +- infra/conf/observatory.go | 2 +- infra/conf/reverse.go | 2 +- infra/conf/router.go | 21 +++++++++++++++++++-- infra/conf/router_test.go | 2 +- infra/conf/shadowsocks.go | 2 +- infra/conf/socks.go | 2 +- infra/conf/transport_authenticators.go | 2 +- infra/conf/transport_internet.go | 2 +- infra/conf/transport_test.go | 2 +- infra/conf/trojan.go | 2 +- infra/conf/vless.go | 2 +- infra/conf/vmess.go | 2 +- infra/conf/wireguard.go | 2 +- infra/conf/xray_test.go | 2 +- proxy/vless/encoding/addons.go | 2 +- testing/scenarios/common.go | 2 +- 37 files changed, 63 insertions(+), 46 deletions(-) diff --git a/app/observatory/observer.go b/app/observatory/observer.go index 576818c457a2..9d961f66b9f8 100644 --- a/app/observatory/observer.go +++ b/app/observatory/observer.go @@ -9,7 +9,6 @@ import ( "sync" "time" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common" v2net "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" @@ -19,6 +18,7 @@ import ( "github.com/xtls/xray-core/features/extension" "github.com/xtls/xray-core/features/outbound" "github.com/xtls/xray-core/transport/internet/tagged" + "google.golang.org/protobuf/proto" ) type Observer struct { diff --git a/app/reverse/bridge.go b/app/reverse/bridge.go index 4b86c3a2919d..be0fdcd9778c 100644 --- a/app/reverse/bridge.go +++ b/app/reverse/bridge.go @@ -4,7 +4,6 @@ import ( "context" "time" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/mux" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" @@ -12,6 +11,7 @@ import ( "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/pipe" + "google.golang.org/protobuf/proto" ) // Bridge is a component in reverse proxy, that relays connections from Portal to local address. diff --git a/app/reverse/portal.go b/app/reverse/portal.go index b0860a6ee2e4..fb0b693002aa 100644 --- a/app/reverse/portal.go +++ b/app/reverse/portal.go @@ -5,7 +5,6 @@ import ( "sync" "time" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/mux" @@ -15,6 +14,7 @@ import ( "github.com/xtls/xray-core/features/outbound" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/pipe" + "google.golang.org/protobuf/proto" ) type Portal struct { diff --git a/app/router/condition_geoip_test.go b/app/router/condition_geoip_test.go index b5a5ef90966f..1a73002180da 100644 --- a/app/router/condition_geoip_test.go +++ b/app/router/condition_geoip_test.go @@ -5,12 +5,12 @@ import ( "path/filepath" "testing" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/platform/filesystem" + "google.golang.org/protobuf/proto" ) func init() { diff --git a/app/router/condition_test.go b/app/router/condition_test.go index fd8984179c17..b5d59297a25b 100644 --- a/app/router/condition_test.go +++ b/app/router/condition_test.go @@ -6,7 +6,6 @@ import ( "strconv" "testing" - "github.com/golang/protobuf/proto" . "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/errors" @@ -18,6 +17,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/features/routing" routing_session "github.com/xtls/xray-core/features/routing/session" + "google.golang.org/protobuf/proto" ) func init() { diff --git a/common/serial/typed_message.go b/common/serial/typed_message.go index e59d1d0da31f..baecc92ecd46 100644 --- a/common/serial/typed_message.go +++ b/common/serial/typed_message.go @@ -1,10 +1,9 @@ package serial import ( - "errors" - "reflect" - - "github.com/golang/protobuf/proto" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" ) // ToTypedMessage converts a proto Message into TypedMessage. @@ -21,16 +20,17 @@ func ToTypedMessage(message proto.Message) *TypedMessage { // GetMessageType returns the name of this proto Message. func GetMessageType(message proto.Message) string { - return proto.MessageName(message) + return string(message.ProtoReflect().Descriptor().FullName()) } // GetInstance creates a new instance of the message with messageType. func GetInstance(messageType string) (interface{}, error) { - mType := proto.MessageType(messageType) - if mType == nil || mType.Elem() == nil { - return nil, errors.New("Serial: Unknown type: " + messageType) + messageTypeDescriptor := protoreflect.FullName(messageType) + mType, err := protoregistry.GlobalTypes.FindMessageByName(messageTypeDescriptor) + if err != nil { + return nil, err } - return reflect.New(mType.Elem()).Interface(), nil + return mType.New().Interface(), nil } // GetInstance converts current TypedMessage into a proto Message. diff --git a/core/config.go b/core/config.go index c845e8472f18..f4077449006f 100644 --- a/core/config.go +++ b/core/config.go @@ -4,11 +4,11 @@ import ( "io" "strings" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/cmdarg" "github.com/xtls/xray-core/main/confloader" + "google.golang.org/protobuf/proto" ) // ConfigFormat is a configurable format of Xray config file. diff --git a/core/functions_test.go b/core/functions_test.go index 2355cc03e5e2..5658de1c145b 100644 --- a/core/functions_test.go +++ b/core/functions_test.go @@ -7,7 +7,6 @@ import ( "testing" "time" - "github.com/golang/protobuf/proto" "github.com/google/go-cmp/cmp" "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/proxyman" @@ -18,6 +17,7 @@ import ( "github.com/xtls/xray-core/proxy/freedom" "github.com/xtls/xray-core/testing/servers/tcp" "github.com/xtls/xray-core/testing/servers/udp" + "google.golang.org/protobuf/proto" ) func xor(b []byte) []byte { diff --git a/core/xray_test.go b/core/xray_test.go index 59de0f46d56d..a4a8ec9f0b32 100644 --- a/core/xray_test.go +++ b/core/xray_test.go @@ -3,7 +3,6 @@ package core_test import ( "testing" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/common" @@ -19,6 +18,7 @@ import ( "github.com/xtls/xray-core/proxy/vmess" "github.com/xtls/xray-core/proxy/vmess/outbound" "github.com/xtls/xray-core/testing/servers/tcp" + "google.golang.org/protobuf/proto" ) func TestXrayDependency(t *testing.T) { diff --git a/features/extension/observatory.go b/features/extension/observatory.go index eb51a61bdb95..8e8710306956 100644 --- a/features/extension/observatory.go +++ b/features/extension/observatory.go @@ -3,8 +3,8 @@ package extension import ( "context" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/features" + "google.golang.org/protobuf/proto" ) type Observatory interface { diff --git a/go.mod b/go.mod index 1fdb91b7fb84..e76ded6a04d8 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,6 @@ go 1.20 require ( github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.6.0 - github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 github.com/miekg/dns v1.1.55 @@ -38,6 +37,7 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/gaukas/godicttls v0.0.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect github.com/klauspost/compress v1.16.6 // indirect diff --git a/infra/conf/blackhole.go b/infra/conf/blackhole.go index c1551de1b4c3..5044a8c02205 100644 --- a/infra/conf/blackhole.go +++ b/infra/conf/blackhole.go @@ -3,9 +3,9 @@ package conf import ( "encoding/json" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/blackhole" + "google.golang.org/protobuf/proto" ) type NoneResponse struct{} diff --git a/infra/conf/buildable.go b/infra/conf/buildable.go index 1d01cd66a5bc..967e9740d792 100644 --- a/infra/conf/buildable.go +++ b/infra/conf/buildable.go @@ -1,6 +1,6 @@ package conf -import "github.com/golang/protobuf/proto" +import "google.golang.org/protobuf/proto" type Buildable interface { Build() (proto.Message, error) diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go index 564084e0f856..13a445972b6e 100644 --- a/infra/conf/dns_proxy.go +++ b/infra/conf/dns_proxy.go @@ -1,9 +1,9 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/proxy/dns" + "google.golang.org/protobuf/proto" ) type DNSOutboundConfig struct { diff --git a/infra/conf/dns_test.go b/infra/conf/dns_test.go index c97c5bea74d7..1c370cd9a370 100644 --- a/infra/conf/dns_test.go +++ b/infra/conf/dns_test.go @@ -6,7 +6,6 @@ import ( "path/filepath" "testing" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/dns" "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common" @@ -14,6 +13,7 @@ import ( "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/platform/filesystem" . "github.com/xtls/xray-core/infra/conf" + "google.golang.org/protobuf/proto" ) func init() { diff --git a/infra/conf/dokodemo.go b/infra/conf/dokodemo.go index 03a21d71192f..2a4b74ea4433 100644 --- a/infra/conf/dokodemo.go +++ b/infra/conf/dokodemo.go @@ -1,8 +1,8 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/proxy/dokodemo" + "google.golang.org/protobuf/proto" ) type DokodemoConfig struct { diff --git a/infra/conf/freedom.go b/infra/conf/freedom.go index 60c5b7f1726d..21f0616aacbb 100644 --- a/infra/conf/freedom.go +++ b/infra/conf/freedom.go @@ -5,10 +5,10 @@ import ( "strconv" "strings" - "github.com/golang/protobuf/proto" v2net "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/proxy/freedom" + "google.golang.org/protobuf/proto" ) type FreedomConfig struct { diff --git a/infra/conf/general_test.go b/infra/conf/general_test.go index 1de1109c9510..4d23b3b5e508 100644 --- a/infra/conf/general_test.go +++ b/infra/conf/general_test.go @@ -4,9 +4,9 @@ import ( "encoding/json" "testing" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common" . "github.com/xtls/xray-core/infra/conf" + "google.golang.org/protobuf/proto" ) func loadJSON(creator func() Buildable) func(string) (proto.Message, error) { diff --git a/infra/conf/grpc.go b/infra/conf/grpc.go index 9085ab4d2049..184475129829 100644 --- a/infra/conf/grpc.go +++ b/infra/conf/grpc.go @@ -1,8 +1,8 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/transport/internet/grpc" + "google.golang.org/protobuf/proto" ) type GRPCConfig struct { diff --git a/infra/conf/http.go b/infra/conf/http.go index ddeaa69e2237..b391dbf2586b 100644 --- a/infra/conf/http.go +++ b/infra/conf/http.go @@ -3,10 +3,10 @@ package conf import ( "encoding/json" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/http" + "google.golang.org/protobuf/proto" ) type HTTPAccount struct { diff --git a/infra/conf/loopback.go b/infra/conf/loopback.go index b6d83178a014..87d349cee8a7 100644 --- a/infra/conf/loopback.go +++ b/infra/conf/loopback.go @@ -1,8 +1,8 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/proxy/loopback" + "google.golang.org/protobuf/proto" ) type LoopbackConfig struct { diff --git a/infra/conf/observatory.go b/infra/conf/observatory.go index 25a4d52cbe6d..f51787a4cfaf 100644 --- a/infra/conf/observatory.go +++ b/infra/conf/observatory.go @@ -1,9 +1,9 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/observatory" "github.com/xtls/xray-core/infra/conf/cfgcommon/duration" + "google.golang.org/protobuf/proto" ) type ObservatoryConfig struct { diff --git a/infra/conf/reverse.go b/infra/conf/reverse.go index 1b42a63a097e..f44c99921e64 100644 --- a/infra/conf/reverse.go +++ b/infra/conf/reverse.go @@ -1,8 +1,8 @@ package conf import ( - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/reverse" + "google.golang.org/protobuf/proto" ) type BridgeConfig struct { diff --git a/infra/conf/router.go b/infra/conf/router.go index 135454bc4ac8..a9f57cd6395b 100644 --- a/infra/conf/router.go +++ b/infra/conf/router.go @@ -6,10 +6,10 @@ import ( "strconv" "strings" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform/filesystem" + "google.golang.org/protobuf/proto" ) type RouterRulesConfig struct { @@ -245,6 +245,23 @@ func loadSite(file, code string) ([]*router.Domain, error) { return SiteCache[index].Domain, nil } +func DecodeVarint(buf []byte) (x uint64, n int) { + for shift := uint(0); shift < 64; shift += 7 { + if n >= len(buf) { + return 0, 0 + } + b := uint64(buf[n]) + n++ + x |= (b & 0x7F) << shift + if (b & 0x80) == 0 { + return x, n + } + } + + // The number is too large to represent in a 64-bit value. + return 0, 0 +} + func find(data, code []byte) []byte { codeL := len(code) if codeL == 0 { @@ -255,7 +272,7 @@ func find(data, code []byte) []byte { if dataL < 2 { return nil } - x, y := proto.DecodeVarint(data[1:]) + x, y := DecodeVarint(data[1:]) if x == 0 && y == 0 { return nil } diff --git a/infra/conf/router_test.go b/infra/conf/router_test.go index 98e31b3a7423..63dc8e8d385f 100644 --- a/infra/conf/router_test.go +++ b/infra/conf/router_test.go @@ -7,13 +7,13 @@ import ( "testing" _ "unsafe" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/router" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/platform/filesystem" . "github.com/xtls/xray-core/infra/conf" + "google.golang.org/protobuf/proto" ) func init() { diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go index 240d4aaa3e96..3dcbb2f3c11e 100644 --- a/infra/conf/shadowsocks.go +++ b/infra/conf/shadowsocks.go @@ -3,13 +3,13 @@ package conf import ( "strings" - "github.com/golang/protobuf/proto" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" C "github.com/sagernet/sing/common" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/shadowsocks" "github.com/xtls/xray-core/proxy/shadowsocks_2022" + "google.golang.org/protobuf/proto" ) func cipherFromString(c string) shadowsocks.CipherType { diff --git a/infra/conf/socks.go b/infra/conf/socks.go index 490c24bde652..61f6fae25595 100644 --- a/infra/conf/socks.go +++ b/infra/conf/socks.go @@ -4,10 +4,10 @@ import ( "encoding/json" "strings" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/socks" + "google.golang.org/protobuf/proto" ) type SocksAccount struct { diff --git a/infra/conf/transport_authenticators.go b/infra/conf/transport_authenticators.go index 46be85886868..db9f4a726e45 100644 --- a/infra/conf/transport_authenticators.go +++ b/infra/conf/transport_authenticators.go @@ -3,7 +3,6 @@ package conf import ( "sort" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/transport/internet/headers/dns" "github.com/xtls/xray-core/transport/internet/headers/http" "github.com/xtls/xray-core/transport/internet/headers/noop" @@ -12,6 +11,7 @@ import ( "github.com/xtls/xray-core/transport/internet/headers/utp" "github.com/xtls/xray-core/transport/internet/headers/wechat" "github.com/xtls/xray-core/transport/internet/headers/wireguard" + "google.golang.org/protobuf/proto" ) type NoOpAuthenticator struct{} diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 958edfad159e..55cc8c2ed47a 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -11,7 +11,6 @@ import ( "strings" "syscall" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform/filesystem" "github.com/xtls/xray-core/common/protocol" @@ -26,6 +25,7 @@ import ( "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" + "google.golang.org/protobuf/proto" ) var ( diff --git a/infra/conf/transport_test.go b/infra/conf/transport_test.go index 3afe9729e79d..989c259c70ef 100644 --- a/infra/conf/transport_test.go +++ b/infra/conf/transport_test.go @@ -4,7 +4,6 @@ import ( "encoding/json" "testing" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" . "github.com/xtls/xray-core/infra/conf" @@ -18,6 +17,7 @@ import ( "github.com/xtls/xray-core/transport/internet/quic" "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/websocket" + "google.golang.org/protobuf/proto" ) func TestSocketConfig(t *testing.T) { diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index e9d78f8ae0ff..2cd1e520b956 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -6,11 +6,11 @@ import ( "strconv" "syscall" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/proxy/trojan" + "google.golang.org/protobuf/proto" ) // TrojanServerTarget is configuration of a single trojan server diff --git a/infra/conf/vless.go b/infra/conf/vless.go index d829cdee4bb8..2e5c5d64cf3b 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -6,7 +6,6 @@ import ( "strconv" "syscall" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" @@ -14,6 +13,7 @@ import ( "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/inbound" "github.com/xtls/xray-core/proxy/vless/outbound" + "google.golang.org/protobuf/proto" ) type VLessInboundFallback struct { diff --git a/infra/conf/vmess.go b/infra/conf/vmess.go index 93d0e75be512..ba3193563636 100644 --- a/infra/conf/vmess.go +++ b/infra/conf/vmess.go @@ -4,13 +4,13 @@ import ( "encoding/json" "strings" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/common/uuid" "github.com/xtls/xray-core/proxy/vmess" "github.com/xtls/xray-core/proxy/vmess/inbound" "github.com/xtls/xray-core/proxy/vmess/outbound" + "google.golang.org/protobuf/proto" ) type VMessAccount struct { diff --git a/infra/conf/wireguard.go b/infra/conf/wireguard.go index 6b102b14d17e..0c79297bd47d 100644 --- a/infra/conf/wireguard.go +++ b/infra/conf/wireguard.go @@ -4,8 +4,8 @@ import ( "encoding/base64" "encoding/hex" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/proxy/wireguard" + "google.golang.org/protobuf/proto" ) type WireGuardPeerConfig struct { diff --git a/infra/conf/xray_test.go b/infra/conf/xray_test.go index a48984573da5..c7e20ed481e0 100644 --- a/infra/conf/xray_test.go +++ b/infra/conf/xray_test.go @@ -5,7 +5,6 @@ import ( "reflect" "testing" - "github.com/golang/protobuf/proto" "github.com/google/go-cmp/cmp" "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/log" @@ -27,6 +26,7 @@ import ( "github.com/xtls/xray-core/transport/internet/http" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" + "google.golang.org/protobuf/proto" ) func TestXrayConfig(t *testing.T) { diff --git a/proxy/vless/encoding/addons.go b/proxy/vless/encoding/addons.go index d62e400f697c..fc8ddc2a2785 100644 --- a/proxy/vless/encoding/addons.go +++ b/proxy/vless/encoding/addons.go @@ -3,10 +3,10 @@ package encoding import ( "io" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/proxy/vless" + "google.golang.org/protobuf/proto" ) func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error { diff --git a/testing/scenarios/common.go b/testing/scenarios/common.go index f011a64f8ab9..8d629c59bab5 100644 --- a/testing/scenarios/common.go +++ b/testing/scenarios/common.go @@ -14,7 +14,6 @@ import ( "testing" "time" - "github.com/golang/protobuf/proto" "github.com/xtls/xray-core/app/dispatcher" "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/common" @@ -25,6 +24,7 @@ import ( "github.com/xtls/xray-core/common/serial" "github.com/xtls/xray-core/common/units" core "github.com/xtls/xray-core/core" + "google.golang.org/protobuf/proto" ) func xor(b []byte) []byte { From a343d689444e3ace08252b17ae1cf7f939a283ef Mon Sep 17 00:00:00 2001 From: cty123 Date: Sat, 19 Aug 2023 22:10:59 +0200 Subject: [PATCH 191/226] fix(proxy): removed the udp payload length check when encryption is disabled --- proxy/shadowsocks/protocol.go | 62 +++++++++++--------- proxy/shadowsocks/protocol_test.go | 91 ++++++++++++++++++++++-------- proxy/shadowsocks/validator.go | 5 ++ 3 files changed, 106 insertions(+), 52 deletions(-) diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go index 3176d118c5bb..3a0c7e2222a2 100644 --- a/proxy/shadowsocks/protocol.go +++ b/proxy/shadowsocks/protocol.go @@ -4,6 +4,7 @@ import ( "crypto/hmac" "crypto/rand" "crypto/sha256" + "errors" "hash/crc32" "io" @@ -236,37 +237,37 @@ func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buff } func DecodeUDPPacket(validator *Validator, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) { - bs := payload.Bytes() - if len(bs) <= 32 { - return nil, nil, newError("len(bs) <= 32") - } + rawPayload := payload.Bytes() + user, _, d, _, err := validator.Get(rawPayload, protocol.RequestCommandUDP) - user, _, d, _, err := validator.Get(bs, protocol.RequestCommandUDP) - switch err { - case ErrIVNotUnique: + if errors.Is(err, ErrIVNotUnique) { return nil, nil, newError("failed iv check").Base(err) - case ErrNotFound: + } + + if errors.Is(err, ErrNotFound) { return nil, nil, newError("failed to match an user").Base(err) - default: - account := user.Account.(*MemoryAccount) - if account.Cipher.IsAEAD() { - payload.Clear() - payload.Write(d) - } else { - if account.Cipher.IVSize() > 0 { - iv := make([]byte, account.Cipher.IVSize()) - copy(iv, payload.BytesTo(account.Cipher.IVSize())) - } - if err = account.Cipher.DecodePacket(account.Key, payload); err != nil { - return nil, nil, newError("failed to decrypt UDP payload").Base(err) - } - } } - request := &protocol.RequestHeader{ - Version: Version, - User: user, - Command: protocol.RequestCommandUDP, + if err != nil { + return nil, nil, newError("unexpected error").Base(err) + } + + account, ok := user.Account.(*MemoryAccount) + if !ok { + return nil, nil, newError("expected MemoryAccount returned from validator") + } + + if account.Cipher.IsAEAD() { + payload.Clear() + payload.Write(d) + } else { + if account.Cipher.IVSize() > 0 { + iv := make([]byte, account.Cipher.IVSize()) + copy(iv, payload.BytesTo(account.Cipher.IVSize())) + } + if err = account.Cipher.DecodePacket(account.Key, payload); err != nil { + return nil, nil, newError("failed to decrypt UDP payload").Base(err) + } } payload.SetByte(0, payload.Byte(0)&0x0F) @@ -276,8 +277,13 @@ func DecodeUDPPacket(validator *Validator, payload *buf.Buffer) (*protocol.Reque return nil, nil, newError("failed to parse address").Base(err) } - request.Address = addr - request.Port = port + request := &protocol.RequestHeader{ + Version: Version, + User: user, + Command: protocol.RequestCommandUDP, + Address: addr, + Port: port, + } return request, payload, nil } diff --git a/proxy/shadowsocks/protocol_test.go b/proxy/shadowsocks/protocol_test.go index e1b6495ef107..4083905d97fa 100644 --- a/proxy/shadowsocks/protocol_test.go +++ b/proxy/shadowsocks/protocol_test.go @@ -23,37 +23,80 @@ func equalRequestHeader(x, y *protocol.RequestHeader) bool { })) } -func TestUDPEncoding(t *testing.T) { - request := &protocol.RequestHeader{ - Version: Version, - Command: protocol.RequestCommandUDP, - Address: net.LocalHostIP, - Port: 1234, - User: &protocol.MemoryUser{ - Email: "love@example.com", - Account: toAccount(&Account{ - Password: "password", - CipherType: CipherType_AES_128_GCM, - }), +func TestUDPEncodingDecoding(t *testing.T) { + testRequests := []protocol.RequestHeader{ + { + Version: Version, + Command: protocol.RequestCommandUDP, + Address: net.LocalHostIP, + Port: 1234, + User: &protocol.MemoryUser{ + Email: "love@example.com", + Account: toAccount(&Account{ + Password: "password", + CipherType: CipherType_AES_128_GCM, + }), + }, + }, + { + Version: Version, + Command: protocol.RequestCommandUDP, + Address: net.LocalHostIP, + Port: 1234, + User: &protocol.MemoryUser{ + Email: "love@example.com", + Account: toAccount(&Account{ + Password: "123", + CipherType: CipherType_NONE, + }), + }, }, } - data := buf.New() - common.Must2(data.WriteString("test string")) - encodedData, err := EncodeUDPPacket(request, data.Bytes()) - common.Must(err) + for _, request := range testRequests { + data := buf.New() + common.Must2(data.WriteString("test string")) + encodedData, err := EncodeUDPPacket(&request, data.Bytes()) + common.Must(err) - validator := new(Validator) - validator.Add(request.User) - decodedRequest, decodedData, err := DecodeUDPPacket(validator, encodedData) - common.Must(err) + validator := new(Validator) + validator.Add(request.User) + decodedRequest, decodedData, err := DecodeUDPPacket(validator, encodedData) + common.Must(err) - if r := cmp.Diff(decodedData.Bytes(), data.Bytes()); r != "" { - t.Error("data: ", r) + if r := cmp.Diff(decodedData.Bytes(), data.Bytes()); r != "" { + t.Error("data: ", r) + } + + if equalRequestHeader(decodedRequest, &request) == false { + t.Error("different request") + } } +} - if equalRequestHeader(decodedRequest, request) == false { - t.Error("different request") +func TestUDPDecodingWithPayloadTooShort(t *testing.T) { + testAccounts := []protocol.Account{ + toAccount(&Account{ + Password: "password", + CipherType: CipherType_AES_128_GCM, + }), + toAccount(&Account{ + Password: "password", + CipherType: CipherType_NONE, + }), + } + + for _, account := range testAccounts { + data := buf.New() + data.WriteString("short payload") + validator := new(Validator) + validator.Add(&protocol.MemoryUser{ + Account: account, + }) + _, _, err := DecodeUDPPacket(validator, data) + if err == nil { + t.Fatal("expected error") + } } } diff --git a/proxy/shadowsocks/validator.go b/proxy/shadowsocks/validator.go index 2aa62e068d37..8888a1c084b4 100644 --- a/proxy/shadowsocks/validator.go +++ b/proxy/shadowsocks/validator.go @@ -80,6 +80,11 @@ func (v *Validator) Get(bs []byte, command protocol.RequestCommand) (u *protocol for _, user := range v.users { if account := user.Account.(*MemoryAccount); account.Cipher.IsAEAD() { + // AEAD payload decoding requires the payload to be over 32 bytes + if len(bs) < 32 { + continue + } + aeadCipher := account.Cipher.(*AEADCipher) ivLen = aeadCipher.IVSize() iv := bs[:ivLen] From 75c99e283a397e43ccca9c7ead7d8596b1b6f633 Mon Sep 17 00:00:00 2001 From: iamybj <94730407+benjaminyin01@users.noreply.github.com> Date: Sat, 19 Aug 2023 22:19:46 +0800 Subject: [PATCH 192/226] Update README.md A better docker image of xray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 761b2ee706f5..f4723d882eda 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ - Linux Script - [XTLS/Xray-install](https://github.com/XTLS/Xray-install) - Docker + - [iamybj/docker-xray](https://hub.docker.com/r/iamybj/docker-xray) - [teddysun/xray](https://hub.docker.com/r/teddysun/xray) - Web Panel - [X-UI](https://github.com/FranzKafkaYu/x-ui), [X-UI-English](https://github.com/NidukaAkalanka/x-ui-english), [3X-UI](https://github.com/MHSanaei/3x-ui), [X-UI](https://github.com/alireza0/x-ui), [X-UI](https://github.com/diditra/x-ui) From 599cfd09b08acb1f000a2e83b4563317872a5158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Aug 2023 01:01:53 +0000 Subject: [PATCH 193/226] Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.5 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.4 to 0.37.5. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e76ded6a04d8..973250b7df2e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.37.4 + github.com/quic-go/quic-go v0.37.5 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 7900b808b698..4198fcf5ebab 100644 --- a/go.sum +++ b/go.sum @@ -114,8 +114,8 @@ github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7q github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg= github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.37.4 h1:ke8B73yMCWGq9MfrCCAw0Uzdm7GaViC3i39dsIdDlH4= -github.com/quic-go/quic-go v0.37.4/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= +github.com/quic-go/quic-go v0.37.5 h1:pzkYe8AgaxHi+7KJrYBMF+u2rLO5a9kwyCp2dAsljzk= +github.com/quic-go/quic-go v0.37.5/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From efe8f3f4d6cce5ed529c2b1aa0a39b7a08e031a3 Mon Sep 17 00:00:00 2001 From: cty123 Date: Sun, 20 Aug 2023 13:18:39 +0200 Subject: [PATCH 194/226] fix(config): fix grpc cofnig parsing when service name only has one '/' char --- transport/internet/grpc/config.go | 7 ++++++- transport/internet/grpc/config_test.go | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/transport/internet/grpc/config.go b/transport/internet/grpc/config.go index 39eadf31da50..aab1178e06e8 100644 --- a/transport/internet/grpc/config.go +++ b/transport/internet/grpc/config.go @@ -21,8 +21,13 @@ func (c *Config) getServiceName() string { if !strings.HasPrefix(c.ServiceName, "/") { return url.PathEscape(c.ServiceName) } + // Otherwise new custom paths - rawServiceName := c.ServiceName[1:strings.LastIndex(c.ServiceName, "/")] // trim from first to last '/' + lastIndex := strings.LastIndex(c.ServiceName, "/") + if lastIndex < 1 { + lastIndex = 1 + } + rawServiceName := c.ServiceName[1:lastIndex] // trim from first to last '/' serviceNameParts := strings.Split(rawServiceName, "/") for i := range serviceNameParts { serviceNameParts[i] = url.PathEscape(serviceNameParts[i]) diff --git a/transport/internet/grpc/config_test.go b/transport/internet/grpc/config_test.go index fbc549b44578..b159ffdff48c 100644 --- a/transport/internet/grpc/config_test.go +++ b/transport/internet/grpc/config_test.go @@ -1,8 +1,9 @@ package grpc import ( - "github.com/stretchr/testify/assert" "testing" + + "github.com/stretchr/testify/assert" ) func TestConfig_GetServiceName(t *testing.T) { @@ -31,6 +32,11 @@ func TestConfig_GetServiceName(t *testing.T) { ServiceName: "/hello /world!/a|b", Expected: "hello%20/world%21", }, + { + TestName: "path with only one '/'", + ServiceName: "/foo", + Expected: "", + }, } for _, test := range tests { t.Run(test.TestName, func(t *testing.T) { From 783ac10842aa424733ee5b9b057e6820c0f593d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 00:40:57 +0000 Subject: [PATCH 195/226] Bump github.com/quic-go/quic-go from 0.37.5 to 0.37.6 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.5 to 0.37.6. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 973250b7df2e..4b4e8c113259 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.37.5 + github.com/quic-go/quic-go v0.37.6 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 diff --git a/go.sum b/go.sum index 4198fcf5ebab..49facab34223 100644 --- a/go.sum +++ b/go.sum @@ -114,8 +114,8 @@ github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7q github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg= github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.37.5 h1:pzkYe8AgaxHi+7KJrYBMF+u2rLO5a9kwyCp2dAsljzk= -github.com/quic-go/quic-go v0.37.5/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= +github.com/quic-go/quic-go v0.37.6 h1:2IIUmQzT5YNxAiaPGjs++Z4hGOtIR0q79uS5qE9ccfY= +github.com/quic-go/quic-go v0.37.6/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From acadf5c0e99ecc94770c991ab1848f7e250e305c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Aug 2023 00:03:57 +0000 Subject: [PATCH 196/226] Bump github.com/quic-go/quic-go from 0.37.6 to 0.38.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.6 to 0.38.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.37.6...v0.38.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 4b4e8c113259..2625a6ab54cf 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.37.6 + github.com/quic-go/quic-go v0.38.0 github.com/refraction-networking/utls v1.3.3 github.com/sagernet/sing v0.2.7 github.com/sagernet/sing-shadowsocks v0.2.2 @@ -44,7 +44,7 @@ require ( github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-20 v0.3.1 // indirect + github.com/quic-go/qtls-go1-20 v0.3.2 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect diff --git a/go.sum b/go.sum index 49facab34223..a98d33c695c9 100644 --- a/go.sum +++ b/go.sum @@ -112,10 +112,10 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg= -github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.37.6 h1:2IIUmQzT5YNxAiaPGjs++Z4hGOtIR0q79uS5qE9ccfY= -github.com/quic-go/quic-go v0.37.6/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU= +github.com/quic-go/qtls-go1-20 v0.3.2 h1:rRgN3WfnKbyik4dBV8A6girlJVxGand/d+jVKbQq5GI= +github.com/quic-go/qtls-go1-20 v0.3.2/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/quic-go v0.38.0 h1:T45lASr5q/TrVwt+jrVccmqHhPL2XuSyoCLVCpfOSLc= +github.com/quic-go/quic-go v0.38.0/go.mod h1:MPCuRq7KBK2hNcfKj/1iD1BGuN3eAYMeNxp3T42LRUg= github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From c1db1f4dcec6a8df220d9069618965e0b7d288cd Mon Sep 17 00:00:00 2001 From: computerscot <125355930+computerscot@users.noreply.github.com> Date: Mon, 21 Aug 2023 11:27:13 -0700 Subject: [PATCH 197/226] Add "Xray REALITY with 'steal oneself'" example to README Step-by-step instructions for 'steal oneself' --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f4723d882eda..ecf67e7df83c 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ - [XTLS Vision](https://github.com/chika0801/Xray-install) - [REALITY (English)](https://cscot.pages.dev/2023/03/02/Xray-REALITY-tutorial/) - [XTLS-Iran-Reality (English)](https://github.com/SasukeFreestyle/XTLS-Iran-Reality) + - [Xray REALITY with 'steal oneself' (English)](https://computerscot.github.io/vless-xtls-utls-reality-steal-oneself.html) ## GUI Clients From cd1d00086087774320ac3961daf16df63445c716 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 20 Aug 2023 23:12:13 -0400 Subject: [PATCH 198/226] Docker build use 1.20 go --- .github/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile index ad1e8c3dc214..a66784163569 100644 --- a/.github/docker/Dockerfile +++ b/.github/docker/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM --platform=$BUILDPLATFORM golang:alpine AS build +FROM --platform=$BUILDPLATFORM golang:1.20-alpine AS build WORKDIR /src COPY . . ARG TARGETOS TARGETARCH From fce86aad332decf332a266b70ad9b39837c93739 Mon Sep 17 00:00:00 2001 From: mengskysama Date: Wed, 23 Aug 2023 01:21:27 +0800 Subject: [PATCH 199/226] fix(common): strmatcher match domain safety --- common/strmatcher/ac_automaton_matcher.go | 6 +++++- common/strmatcher/strmatcher_test.go | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/common/strmatcher/ac_automaton_matcher.go b/common/strmatcher/ac_automaton_matcher.go index ab7c09bdd310..24be9dac9193 100644 --- a/common/strmatcher/ac_automaton_matcher.go +++ b/common/strmatcher/ac_automaton_matcher.go @@ -225,7 +225,11 @@ func (ac *ACAutomaton) Match(s string) bool { // 2. the match string is through a fail edge. NOT FULL MATCH // 2.1 Through a fail edge, but there exists a valid node. SUBSTR for i := len(s) - 1; i >= 0; i-- { - idx := char2Index[s[i]] + chr := int(s[i]) + if chr >= len(char2Index) { + return false + } + idx := char2Index[chr] fullMatch = fullMatch && ac.trie[node][idx].edgeType node = ac.trie[node][idx].nextNode switch ac.exists[node].matchType { diff --git a/common/strmatcher/strmatcher_test.go b/common/strmatcher/strmatcher_test.go index 2e48c1b7f9ed..408ae6285617 100644 --- a/common/strmatcher/strmatcher_test.go +++ b/common/strmatcher/strmatcher_test.go @@ -217,6 +217,10 @@ func TestACAutomaton(t *testing.T) { pattern: "vvgoogle.com", res: true, }, + { + pattern: "½", + res: false, + }, } for _, test := range cases2Output { if m := ac.Match(test.pattern); m != test.res { @@ -224,7 +228,6 @@ func TestACAutomaton(t *testing.T) { } } } - { cases3Input := []struct { pattern string From 229851f62144939d46f24f32cb1bf733d390d50a Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 24 Aug 2023 11:13:12 -0400 Subject: [PATCH 200/226] Revert "Docker build use 1.20 go" This reverts commit cd1d00086087774320ac3961daf16df63445c716. --- .github/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile index a66784163569..ad1e8c3dc214 100644 --- a/.github/docker/Dockerfile +++ b/.github/docker/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM --platform=$BUILDPLATFORM golang:1.20-alpine AS build +FROM --platform=$BUILDPLATFORM golang:alpine AS build WORKDIR /src COPY . . ARG TARGETOS TARGETARCH From d616f6160df2e63787673ec9abfe37becc2e1278 Mon Sep 17 00:00:00 2001 From: douglarek Date: Wed, 23 Aug 2023 22:30:46 +0800 Subject: [PATCH 201/226] Fix go 1.21 build, see https://github.com/XTLS/Xray-core/issues/2466 --- go.mod | 4 ++-- go.sum | 8 ++++---- proxy/wireguard/tun.go | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 2625a6ab54cf..29567642510a 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/sys v0.11.0 google.golang.org/grpc v1.57.0 google.golang.org/protobuf v1.31.0 - gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c + gvisor.dev/gvisor v0.0.0-20230822212503-5bf4e5f98744 h12.io/socks v1.0.3 lukechampine.com/blake3 v1.2.1 ) @@ -47,7 +47,7 @@ require ( github.com/quic-go/qtls-go1-20 v0.3.2 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect + golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/text v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index a98d33c695c9..e0eb4c798ae4 100644 --- a/go.sum +++ b/go.sum @@ -179,8 +179,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY= +golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -284,8 +284,8 @@ gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= -gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h1:m5lcgWnL3OElQNVyp3qcncItJ2c0sQlSGjYK2+nJTA4= -gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c/go.mod h1:TIvkJD0sxe8pIob3p6T8IzxXunlp6yfgktvTNp+DGNM= +gvisor.dev/gvisor v0.0.0-20230822212503-5bf4e5f98744 h1:tE44CyJgxEGzoPtHs9GI7ddKdgEGCREQBP54AmaVM+I= +gvisor.dev/gvisor v0.0.0-20230822212503-5bf4e5f98744/go.mod h1:lYEMhXbxgudVhALYsMQrBaUAjM3NMinh8mKL1CJv7rc= h12.io/socks v1.0.3 h1:Ka3qaQewws4j4/eDQnOdpr4wXsC//dXtWvftlIcCQUo= h12.io/socks v1.0.3/go.mod h1:AIhxy1jOId/XCz9BO+EIgNL2rQiPTBNnOfnVnQ+3Eck= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/proxy/wireguard/tun.go b/proxy/wireguard/tun.go index 4d1cb7f6894f..ed6e434fbbd8 100644 --- a/proxy/wireguard/tun.go +++ b/proxy/wireguard/tun.go @@ -14,7 +14,7 @@ import ( "github.com/sagernet/wireguard-go/tun" "github.com/xtls/xray-core/features/dns" - "gvisor.dev/gvisor/pkg/bufferv2" + "gvisor.dev/gvisor/pkg/buffer" "gvisor.dev/gvisor/pkg/tcpip" "gvisor.dev/gvisor/pkg/tcpip/adapters/gonet" "gvisor.dev/gvisor/pkg/tcpip/header" @@ -30,7 +30,7 @@ type netTun struct { ep *channel.Endpoint stack *stack.Stack events chan tun.Event - incomingPacket chan *bufferv2.View + incomingPacket chan *buffer.View mtu int dnsClient dns.Client hasV4, hasV6 bool @@ -48,7 +48,7 @@ func CreateNetTUN(localAddresses []netip.Addr, dnsClient dns.Client, mtu int) (t ep: channel.New(1024, uint32(mtu), ""), stack: stack.New(opts), events: make(chan tun.Event, 10), - incomingPacket: make(chan *bufferv2.View), + incomingPacket: make(chan *buffer.View), dnsClient: dnsClient, mtu: mtu, } @@ -66,7 +66,7 @@ func CreateNetTUN(localAddresses []netip.Addr, dnsClient dns.Client, mtu int) (t } protoAddr := tcpip.ProtocolAddress{ Protocol: protoNumber, - AddressWithPrefix: tcpip.Address(ip.AsSlice()).WithPrefix(), + AddressWithPrefix: tcpip.AddrFromSlice(ip.AsSlice()).WithPrefix(), } tcpipErr := dev.stack.AddProtocolAddress(1, protoAddr, stack.AddressProperties{}) if tcpipErr != nil { @@ -116,7 +116,7 @@ func (tun *netTun) Write(buf []byte, offset int) (int, error) { return 0, nil } - pkb := stack.NewPacketBuffer(stack.PacketBufferOptions{Payload: bufferv2.MakeWithData(packet)}) + pkb := stack.NewPacketBuffer(stack.PacketBufferOptions{Payload: buffer.MakeWithData(packet)}) switch packet[0] >> 4 { case 4: tun.ep.InjectInbound(header.IPv4ProtocolNumber, pkb) @@ -172,7 +172,7 @@ func convertToFullAddr(endpoint netip.AddrPort) (tcpip.FullAddress, tcpip.Networ } return tcpip.FullAddress{ NIC: 1, - Addr: tcpip.Address(endpoint.Addr().AsSlice()), + Addr: tcpip.AddrFromSlice(endpoint.Addr().AsSlice()), Port: endpoint.Port(), }, protoNumber } From 1a69baed170a05675185782d11d1e40085fdbfc7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 26 Aug 2023 06:26:27 +0000 Subject: [PATCH 202/226] Update workflows to use Go 1.21 --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03c188110167..8978bef55c86 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,7 +169,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true - name: Get project dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 55891af01774..d4143b69964f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: '1.21' check-latest: true - name: Checkout codebase uses: actions/checkout@v3 From e02474ae1590789a05a84e66d0765ee34f062231 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 26 Aug 2023 07:05:21 +0000 Subject: [PATCH 203/226] Upgrade dependencies --- go.mod | 26 +++++++++++++------------- go.sum | 53 ++++++++++++++++++++++++++++------------------------- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/go.mod b/go.mod index 29567642510a..89ea54a1fda0 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/xtls/xray-core -go 1.20 +go 1.21 require ( github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 @@ -10,10 +10,10 @@ require ( github.com/miekg/dns v1.1.55 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 - github.com/quic-go/quic-go v0.38.0 - github.com/refraction-networking/utls v1.3.3 - github.com/sagernet/sing v0.2.7 - github.com/sagernet/sing-shadowsocks v0.2.2 + github.com/quic-go/quic-go v0.38.1 + github.com/refraction-networking/utls v1.4.3 + github.com/sagernet/sing v0.2.9 + github.com/sagernet/sing-shadowsocks v0.2.4 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.4 @@ -35,24 +35,24 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect github.com/francoispqt/gojay v1.2.13 // indirect - github.com/gaukas/godicttls v0.0.3 // indirect + github.com/gaukas/godicttls v0.0.4 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect - github.com/klauspost/compress v1.16.6 // indirect + github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f // indirect + github.com/klauspost/compress v1.16.7 // indirect github.com/klauspost/cpuid/v2 v2.2.5 // indirect - github.com/onsi/ginkgo/v2 v2.11.0 // indirect + github.com/onsi/ginkgo/v2 v2.12.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-20 v0.3.2 // indirect + github.com/quic-go/qtls-go1-20 v0.3.3 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect - golang.org/x/mod v0.11.0 // indirect + golang.org/x/mod v0.12.0 // indirect golang.org/x/text v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.10.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + golang.org/x/tools v0.12.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index e0eb4c798ae4..4f11d8da2f8d 100644 --- a/go.sum +++ b/go.sum @@ -27,14 +27,15 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/gaukas/godicttls v0.0.3 h1:YNDIf0d9adcxOijiLrEzpfZGAkNwLRzPaG6OjU7EITk= -github.com/gaukas/godicttls v0.0.3/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= +github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk= +github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -60,8 +61,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= -github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= +github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ= +github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -75,8 +76,8 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= -github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= @@ -95,9 +96,10 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= -github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= -github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI= +github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -112,19 +114,19 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-20 v0.3.2 h1:rRgN3WfnKbyik4dBV8A6girlJVxGand/d+jVKbQq5GI= -github.com/quic-go/qtls-go1-20 v0.3.2/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.38.0 h1:T45lASr5q/TrVwt+jrVccmqHhPL2XuSyoCLVCpfOSLc= -github.com/quic-go/quic-go v0.38.0/go.mod h1:MPCuRq7KBK2hNcfKj/1iD1BGuN3eAYMeNxp3T42LRUg= -github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= -github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= +github.com/quic-go/qtls-go1-20 v0.3.3 h1:17/glZSLI9P9fDAeyCHBFSWSqJcwx1byhLwP5eUIDCM= +github.com/quic-go/qtls-go1-20 v0.3.3/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/quic-go v0.38.1 h1:M36YWA5dEhEeT+slOu/SwMEucbYd0YFidxG3KlGPZaE= +github.com/quic-go/quic-go v0.38.1/go.mod h1:ijnZM7JsFIkp4cRyjxJNIzdSfCLmUMg9wdyhGmg+SN4= +github.com/refraction-networking/utls v1.4.3 h1:BdWS3BSzCwWCFfMIXP3mjLAyQkdmog7diaD/OqFbAzM= +github.com/refraction-networking/utls v1.4.3/go.mod h1:4u9V/awOSBrRw6+federGmVJQfPtemEqLBXkML1b0bo= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.2.7 h1:cOy0FfPS8q7m0aJ51wS7LRQAGc9wF+fWhHtBDj99wy8= -github.com/sagernet/sing v0.2.7/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= -github.com/sagernet/sing-shadowsocks v0.2.2 h1:ezSdVhrmIcwDXmCZF3bOJVMuVtTQWpda+1Op+Ie2TA4= -github.com/sagernet/sing-shadowsocks v0.2.2/go.mod h1:JIBWG6a7orB2HxBxYElViQFLUQxFVG7DuqIj8gD7uCQ= +github.com/sagernet/sing v0.2.9 h1:3wsTz+JG5Wzy65eZnh6AuCrD2QqcRF6Iq6f7ttmJsAo= +github.com/sagernet/sing v0.2.9/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w= +github.com/sagernet/sing-shadowsocks v0.2.4 h1:s/CqXlvFAZhlIoHWUwPw5CoNnQ9Ibki9pckjuugtVfY= +github.com/sagernet/sing-shadowsocks v0.2.4/go.mod h1:80fNKP0wnqlu85GZXV1H1vDPC/2t+dQbFggOw4XuFUM= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= @@ -185,8 +187,8 @@ golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -242,8 +244,8 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= -golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= +golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -260,8 +262,8 @@ google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -274,6 +276,7 @@ google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 2d5475f42896347af4beea5f529dfe2cf41b2200 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 26 Aug 2023 07:45:24 +0000 Subject: [PATCH 204/226] Update transport/internet/reality/reality.go Fixes https://github.com/XTLS/Xray-core/issues/2491 --- transport/internet/reality/reality.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index e55f941731c8..b430ccccb3f2 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -5,6 +5,7 @@ import ( "context" "crypto/aes" "crypto/cipher" + "crypto/ecdh" "crypto/ed25519" "crypto/hmac" "crypto/rand" @@ -134,7 +135,8 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati if config.Show { fmt.Printf("REALITY localAddr: %v\thello.SessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) } - uConn.AuthKey = uConn.HandshakeState.State13.EcdheParams.SharedKey(config.PublicKey) + publicKey, _ := ecdh.X25519().NewPublicKey(config.PublicKey) + uConn.AuthKey, _ = uConn.HandshakeState.State13.EcdheKey.ECDH(publicKey) if uConn.AuthKey == nil { return nil, errors.New("REALITY: SharedKey == nil") } From 10d6b065784efd3f33a02d6d5ad2a1fa162ff346 Mon Sep 17 00:00:00 2001 From: A1lo Date: Sat, 26 Aug 2023 16:23:54 +0800 Subject: [PATCH 205/226] fix(transport): correctly release UDS locker file (#2305) * fix(transport): correctly release UDS locker file * use callback function to do some jobs after create listener --- transport/internet/grpc/hub.go | 5 -- transport/internet/http/hub.go | 8 ---- transport/internet/system_listener.go | 69 +++++++++++++++++++-------- transport/internet/tcp/hub.go | 8 ---- transport/internet/websocket/hub.go | 8 ---- 5 files changed, 49 insertions(+), 49 deletions(-) diff --git a/transport/internet/grpc/hub.go b/transport/internet/grpc/hub.go index d3dd6da5912d..e55f6f77c2e6 100644 --- a/transport/internet/grpc/hub.go +++ b/transport/internet/grpc/hub.go @@ -23,7 +23,6 @@ type Listener struct { handler internet.ConnHandler local net.Addr config *Config - locker *internet.FileLocker // for unix domain socket s *grpc.Server } @@ -110,10 +109,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, settings *i newError("failed to listen on ", address).Base(err).AtError().WriteToLog(session.ExportIDToError(ctx)) return } - locker := ctx.Value(address.Domain()) - if locker != nil { - listener.locker = locker.(*internet.FileLocker) - } } else { // tcp streamListener, err = internet.ListenSystem(ctx, &net.TCPAddr{ IP: address.IP(), diff --git a/transport/internet/http/hub.go b/transport/internet/http/hub.go index 551f897e3e5a..f0260460d714 100644 --- a/transport/internet/http/hub.go +++ b/transport/internet/http/hub.go @@ -27,7 +27,6 @@ type Listener struct { handler internet.ConnHandler local net.Addr config *Config - locker *internet.FileLocker // for unix domain socket } func (l *Listener) Addr() net.Addr { @@ -35,9 +34,6 @@ func (l *Listener) Addr() net.Addr { } func (l *Listener) Close() error { - if l.locker != nil { - l.locker.Release() - } return l.server.Close() } @@ -180,10 +176,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti newError("failed to listen on ", address).Base(err).AtError().WriteToLog(session.ExportIDToError(ctx)) return } - locker := ctx.Value(address.Domain()) - if locker != nil { - listener.locker = locker.(*internet.FileLocker) - } } else { // tcp streamListener, err = internet.ListenSystem(ctx, &net.TCPAddr{ IP: address.IP(), diff --git a/transport/internet/system_listener.go b/transport/internet/system_listener.go index 60979062017a..1d6358978925 100644 --- a/transport/internet/system_listener.go +++ b/transport/internet/system_listener.go @@ -21,6 +21,19 @@ type DefaultListener struct { controllers []control.Func } +type combinedListener struct { + net.Listener + locker *FileLocker // for unix domain socket +} + +func (cl *combinedListener) Close() error { + if cl.locker != nil { + cl.locker.Release() + cl.locker = nil + } + return cl.Listener.Close() +} + func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []control.Func) func(network, address string, c syscall.RawConn) error { return func(network, address string, c syscall.RawConn) error { return c.Control(func(fd uintptr) { @@ -44,6 +57,10 @@ func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []co func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *SocketConfig) (l net.Listener, err error) { var lc net.ListenConfig var network, address string + // callback is called after the Listen function returns + callback := func(l net.Listener, err error) (net.Listener, error) { + return l, err + } switch addr := addr.(type) { case *net.TCPAddr: @@ -58,23 +75,6 @@ func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *S network = addr.Network() address = addr.Name - if s := strings.Split(address, ","); len(s) == 2 { - address = s[0] - perm, perr := strconv.ParseUint(s[1], 8, 32) - if perr != nil { - return nil, newError("failed to parse permission: " + s[1]).Base(perr) - } - - defer func(file string, permission os.FileMode) { - if err == nil { - cerr := os.Chmod(address, permission) - if cerr != nil { - err = newError("failed to set permission for " + file).Base(cerr) - } - } - }(address, os.FileMode(perm)) - } - if (runtime.GOOS == "linux" || runtime.GOOS == "android") && address[0] == '@' { // linux abstract unix domain socket is lockfree if len(address) > 1 && address[1] == '@' { @@ -84,19 +84,48 @@ func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *S address = string(fullAddr) } } else { + // split permission from address + var filePerm *os.FileMode + if s := strings.Split(address, ","); len(s) == 2 { + address = s[0] + perm, perr := strconv.ParseUint(s[1], 8, 32) + if perr != nil { + return nil, newError("failed to parse permission: " + s[1]).Base(perr) + } + + mode := os.FileMode(perm) + filePerm = &mode + } // normal unix domain socket needs lock locker := &FileLocker{ path: address + ".lock", } - err := locker.Acquire() - if err != nil { + if err := locker.Acquire(); err != nil { return nil, err } - ctx = context.WithValue(ctx, address, locker) + + // set callback to combine listener and set permission + callback = func(l net.Listener, err error) (net.Listener, error) { + if err != nil { + locker.Release() + return l, err + } + l = &combinedListener{Listener: l, locker: locker} + if filePerm == nil { + return l, nil + } + err = os.Chmod(address, *filePerm) + if err != nil { + l.Close() + return nil, newError("failed to set permission for " + address).Base(err) + } + return l, nil + } } } l, err = lc.Listen(ctx, network, address) + l, err = callback(l, err) if sockopt != nil && sockopt.AcceptProxyProtocol { policyFunc := func(upstream net.Addr) (proxyproto.Policy, error) { return proxyproto.REQUIRE, nil } l = &proxyproto.Listener{Listener: l, Policy: policyFunc} diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index 392228c60cf7..d4b4f8b5ef04 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -24,7 +24,6 @@ type Listener struct { authConfig internet.ConnectionAuthenticator config *Config addConn internet.ConnHandler - locker *internet.FileLocker // for unix domain socket } // ListenTCP creates a new Listener based on configurations. @@ -51,10 +50,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe return nil, newError("failed to listen Unix Domain Socket on ", address).Base(err) } newError("listening Unix Domain Socket on ", address).WriteToLog(session.ExportIDToError(ctx)) - locker := ctx.Value(address.Domain()) - if locker != nil { - l.locker = locker.(*internet.FileLocker) - } } else { listener, err = internet.ListenSystem(ctx, &net.TCPAddr{ IP: address.IP(), @@ -133,9 +128,6 @@ func (v *Listener) Addr() net.Addr { // Close implements internet.Listener.Close. func (v *Listener) Close() error { - if v.locker != nil { - v.locker.Release() - } return v.listener.Close() } diff --git a/transport/internet/websocket/hub.go b/transport/internet/websocket/hub.go index c0cf34467e12..7951b1f4c252 100644 --- a/transport/internet/websocket/hub.go +++ b/transport/internet/websocket/hub.go @@ -75,7 +75,6 @@ type Listener struct { listener net.Listener config *Config addConn internet.ConnHandler - locker *internet.FileLocker // for unix domain socket } func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (internet.Listener, error) { @@ -101,10 +100,6 @@ func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSet return nil, newError("failed to listen unix domain socket(for WS) on ", address).Base(err) } newError("listening unix domain socket(for WS) on ", address).WriteToLog(session.ExportIDToError(ctx)) - locker := ctx.Value(address.Domain()) - if locker != nil { - l.locker = locker.(*internet.FileLocker) - } } else { // tcp listener, err = internet.ListenSystem(ctx, &net.TCPAddr{ IP: address.IP(), @@ -153,9 +148,6 @@ func (ln *Listener) Addr() net.Addr { // Close implements net.Listener.Close(). func (ln *Listener) Close() error { - if ln.locker != nil { - ln.locker.Release() - } return ln.listener.Close() } From b24a4028f148a7171f161a7e4b4d693aaaaea3da Mon Sep 17 00:00:00 2001 From: cty Date: Sat, 26 Aug 2023 17:11:37 +0200 Subject: [PATCH 206/226] fix(app/router): fixed a bug in geoip matching with refactoring (#2489) * Refactor the IP address matching with netipx library * Add a regression test for previous bug Fixes https://github.com/XTLS/Xray-core/issues/1933 --------- Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> --- app/router/condition_geoip.go | 172 ++++++++--------------------- app/router/condition_geoip_test.go | 36 +++++- app/router/config.go | 39 ------- go.mod | 1 + go.sum | 2 + 5 files changed, 80 insertions(+), 170 deletions(-) diff --git a/app/router/condition_geoip.go b/app/router/condition_geoip.go index eb47be833c29..09c81fa85e9e 100644 --- a/app/router/condition_geoip.go +++ b/app/router/condition_geoip.go @@ -1,81 +1,49 @@ package router import ( - "encoding/binary" - "sort" + "net/netip" + "strconv" "github.com/xtls/xray-core/common/net" + "go4.org/netipx" ) -type ipv6 struct { - a uint64 - b uint64 -} - type GeoIPMatcher struct { countryCode string reverseMatch bool - ip4 []uint32 - prefix4 []uint8 - ip6 []ipv6 - prefix6 []uint8 -} - -func normalize4(ip uint32, prefix uint8) uint32 { - return (ip >> (32 - prefix)) << (32 - prefix) -} - -func normalize6(ip ipv6, prefix uint8) ipv6 { - if prefix <= 64 { - ip.a = (ip.a >> (64 - prefix)) << (64 - prefix) - ip.b = 0 - } else { - ip.b = (ip.b >> (128 - prefix)) << (128 - prefix) - } - return ip + ip4 *netipx.IPSet + ip6 *netipx.IPSet } func (m *GeoIPMatcher) Init(cidrs []*CIDR) error { - ip4Count := 0 - ip6Count := 0 + var builder4, builder6 netipx.IPSetBuilder for _, cidr := range cidrs { - ip := cidr.Ip + ip := net.IP(cidr.GetIp()) + ipPrefixString := ip.String() + "/" + strconv.Itoa(int(cidr.GetPrefix())) + ipPrefix, err := netip.ParsePrefix(ipPrefixString) + if err != nil { + return err + } + switch len(ip) { - case 4: - ip4Count++ - case 16: - ip6Count++ - default: - return newError("unexpect ip length: ", len(ip)) + case net.IPv4len: + builder4.AddPrefix(ipPrefix) + case net.IPv6len: + builder6.AddPrefix(ipPrefix) } } - cidrList := CIDRList(cidrs) - sort.Sort(&cidrList) - - m.ip4 = make([]uint32, 0, ip4Count) - m.prefix4 = make([]uint8, 0, ip4Count) - m.ip6 = make([]ipv6, 0, ip6Count) - m.prefix6 = make([]uint8, 0, ip6Count) - - for _, cidr := range cidrList { - ip := cidr.Ip - prefix := uint8(cidr.Prefix) - switch len(ip) { - case 4: - m.ip4 = append(m.ip4, normalize4(binary.BigEndian.Uint32(ip), prefix)) - m.prefix4 = append(m.prefix4, prefix) - case 16: - ip6 := ipv6{ - a: binary.BigEndian.Uint64(ip[0:8]), - b: binary.BigEndian.Uint64(ip[8:16]), - } - ip6 = normalize6(ip6, prefix) + if ip4, err := builder4.IPSet(); err != nil { + return err + } else { + m.ip4 = ip4 + } - m.ip6 = append(m.ip6, ip6) - m.prefix6 = append(m.prefix6, prefix) - } + if ip6, err := builder6.IPSet(); err != nil { + return err + } else { + m.ip6 = ip6 } return nil @@ -85,91 +53,37 @@ func (m *GeoIPMatcher) SetReverseMatch(isReverseMatch bool) { m.reverseMatch = isReverseMatch } -func (m *GeoIPMatcher) match4(ip uint32) bool { - if len(m.ip4) == 0 { - return false - } - - if ip < m.ip4[0] { +func (m *GeoIPMatcher) match4(ip net.IP) bool { + nip, ok := netipx.FromStdIP(ip) + if !ok { return false } - size := uint32(len(m.ip4)) - l := uint32(0) - r := size - for l < r { - x := ((l + r) >> 1) - if ip < m.ip4[x] { - r = x - continue - } - - nip := normalize4(ip, m.prefix4[x]) - if nip == m.ip4[x] { - return true - } - - l = x + 1 - } - - return l > 0 && normalize4(ip, m.prefix4[l-1]) == m.ip4[l-1] + return m.ip4.Contains(nip) } -func less6(a ipv6, b ipv6) bool { - return a.a < b.a || (a.a == b.a && a.b < b.b) -} - -func (m *GeoIPMatcher) match6(ip ipv6) bool { - if len(m.ip6) == 0 { - return false - } - - if less6(ip, m.ip6[0]) { +func (m *GeoIPMatcher) match6(ip net.IP) bool { + nip, ok := netipx.FromStdIP(ip) + if !ok { return false } - size := uint32(len(m.ip6)) - l := uint32(0) - r := size - for l < r { - x := (l + r) / 2 - if less6(ip, m.ip6[x]) { - r = x - continue - } - - if normalize6(ip, m.prefix6[x]) == m.ip6[x] { - return true - } - - l = x + 1 - } - - return l > 0 && normalize6(ip, m.prefix6[l-1]) == m.ip6[l-1] + return m.ip6.Contains(nip) } // Match returns true if the given ip is included by the GeoIP. func (m *GeoIPMatcher) Match(ip net.IP) bool { + isMatched := false switch len(ip) { - case 4: - if m.reverseMatch { - return !m.match4(binary.BigEndian.Uint32(ip)) - } - return m.match4(binary.BigEndian.Uint32(ip)) - case 16: - if m.reverseMatch { - return !m.match6(ipv6{ - a: binary.BigEndian.Uint64(ip[0:8]), - b: binary.BigEndian.Uint64(ip[8:16]), - }) - } - return m.match6(ipv6{ - a: binary.BigEndian.Uint64(ip[0:8]), - b: binary.BigEndian.Uint64(ip[8:16]), - }) - default: - return false + case net.IPv4len: + isMatched = m.match4(ip) + case net.IPv6len: + isMatched = m.match6(ip) + } + if m.reverseMatch { + return !isMatched } + return isMatched } // GeoIPMatcherContainer is a container for GeoIPMatchers. It keeps unique copies of GeoIPMatcher by country code. diff --git a/app/router/condition_geoip_test.go b/app/router/condition_geoip_test.go index 1a73002180da..63bd222ec901 100644 --- a/app/router/condition_geoip_test.go +++ b/app/router/condition_geoip_test.go @@ -53,7 +53,7 @@ func TestGeoIPMatcherContainer(t *testing.T) { } func TestGeoIPMatcher(t *testing.T) { - cidrList := router.CIDRList{ + cidrList := []*router.CIDR{ {Ip: []byte{0, 0, 0, 0}, Prefix: 8}, {Ip: []byte{10, 0, 0, 0}, Prefix: 8}, {Ip: []byte{100, 64, 0, 0}, Prefix: 10}, @@ -124,8 +124,40 @@ func TestGeoIPMatcher(t *testing.T) { } } +func TestGeoIPMatcherRegression(t *testing.T) { + cidrList := []*router.CIDR{ + {Ip: []byte{98, 108, 20, 0}, Prefix: 22}, + {Ip: []byte{98, 108, 20, 0}, Prefix: 23}, + } + + matcher := &router.GeoIPMatcher{} + common.Must(matcher.Init(cidrList)) + + testCases := []struct { + Input string + Output bool + }{ + { + Input: "98.108.22.11", + Output: true, + }, + { + Input: "98.108.25.0", + Output: false, + }, + } + + for _, testCase := range testCases { + ip := net.ParseAddress(testCase.Input).IP() + actual := matcher.Match(ip) + if actual != testCase.Output { + t.Error("expect input", testCase.Input, "to be", testCase.Output, ", but actually", actual) + } + } +} + func TestGeoIPReverseMatcher(t *testing.T) { - cidrList := router.CIDRList{ + cidrList := []*router.CIDR{ {Ip: []byte{8, 8, 8, 8}, Prefix: 32}, {Ip: []byte{91, 108, 4, 0}, Prefix: 16}, } diff --git a/app/router/config.go b/app/router/config.go index 80b88781165d..f50f02a1dd9d 100644 --- a/app/router/config.go +++ b/app/router/config.go @@ -9,45 +9,6 @@ import ( "github.com/xtls/xray-core/features/routing" ) -// CIDRList is an alias of []*CIDR to provide sort.Interface. -type CIDRList []*CIDR - -// Len implements sort.Interface. -func (l *CIDRList) Len() int { - return len(*l) -} - -// Less implements sort.Interface. -func (l *CIDRList) Less(i int, j int) bool { - ci := (*l)[i] - cj := (*l)[j] - - if len(ci.Ip) < len(cj.Ip) { - return true - } - - if len(ci.Ip) > len(cj.Ip) { - return false - } - - for k := 0; k < len(ci.Ip); k++ { - if ci.Ip[k] < cj.Ip[k] { - return true - } - - if ci.Ip[k] > cj.Ip[k] { - return false - } - } - - return ci.Prefix < cj.Prefix -} - -// Swap implements sort.Interface. -func (l *CIDRList) Swap(i int, j int) { - (*l)[i], (*l)[j] = (*l)[j], (*l)[i] -} - type Rule struct { Tag string Balancer *Balancer diff --git a/go.mod b/go.mod index 89ea54a1fda0..579e77da6ac3 100644 --- a/go.mod +++ b/go.mod @@ -47,6 +47,7 @@ require ( github.com/quic-go/qtls-go1-20 v0.3.3 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect + go4.org/netipx v0.0.0-20230824141953-6213f710f925 // indirect golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/text v0.12.0 // indirect diff --git a/go.sum b/go.sum index 4f11d8da2f8d..da6346cf0cb4 100644 --- a/go.sum +++ b/go.sum @@ -173,6 +173,8 @@ go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= +go4.org/netipx v0.0.0-20230824141953-6213f710f925 h1:eeQDDVKFkx0g4Hyy8pHgmZaK0EqB4SD6rvKbUdN3ziQ= +go4.org/netipx v0.0.0-20230824141953-6213f710f925/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= From d92002ad127f64bc1e740cb350eafd693ffadd6d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 27 Aug 2023 05:55:58 +0000 Subject: [PATCH 207/226] Dialer: Set TimeoutOnly for `gctx` and `hctx` https://github.com/XTLS/Xray-core/issues/2232#issuecomment-1694570914 Thank @cty123 for testing Fixes https://github.com/XTLS/Xray-core/issues/2232 BTW: Use `uConn.HandshakeContext(ctx)` in REALITY --- transport/internet/grpc/dial.go | 12 +++++++----- transport/internet/http/dialer.go | 12 ++++++------ transport/internet/reality/reality.go | 2 +- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 8fd544b5ee7b..16af63cd8fd9 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -98,16 +98,13 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in MinConnectTimeout: 5 * time.Second, }), grpc.WithContextDialer(func(gctx context.Context, s string) (gonet.Conn, error) { - gctx = session.ContextWithID(gctx, session.IDFromContext(ctx)) - gctx = session.ContextWithOutbound(gctx, session.OutboundFromContext(ctx)) - - rawHost, rawPort, err := net.SplitHostPort(s) select { case <-gctx.Done(): return nil, gctx.Err() default: } + rawHost, rawPort, err := net.SplitHostPort(s) if err != nil { return nil, err } @@ -119,9 +116,14 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } address := net.ParseAddress(rawHost) + + gctx = session.ContextWithID(gctx, session.IDFromContext(ctx)) + gctx = session.ContextWithOutbound(gctx, session.OutboundFromContext(ctx)) + gctx = session.ContextWithTimeoutOnly(gctx, true) + c, err := internet.DialSystem(gctx, net.TCPDestination(address, port), sockopt) if err == nil && realityConfig != nil { - return reality.UClient(c, realityConfig, ctx, dest) + return reality.UClient(c, realityConfig, gctx, dest) } return c, err }), diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index f2e55de83640..1ea3a738c70a 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -53,7 +53,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } transport := &http2.Transport{ - DialTLS: func(network string, addr string, tlsConfig *gotls.Config) (net.Conn, error) { + DialTLSContext: func(hctx context.Context, string, addr string, tlsConfig *gotls.Config) (net.Conn, error) { rawHost, rawPort, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -67,18 +67,18 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } address := net.ParseAddress(rawHost) - dctx := context.Background() - dctx = session.ContextWithID(dctx, session.IDFromContext(ctx)) - dctx = session.ContextWithOutbound(dctx, session.OutboundFromContext(ctx)) + hctx = session.ContextWithID(hctx, session.IDFromContext(ctx)) + hctx = session.ContextWithOutbound(hctx, session.OutboundFromContext(ctx)) + hctx = session.ContextWithTimeoutOnly(hctx, true) - pconn, err := internet.DialSystem(dctx, net.TCPDestination(address, port), sockopt) + pconn, err := internet.DialSystem(hctx, net.TCPDestination(address, port), sockopt) if err != nil { newError("failed to dial to " + addr).Base(err).AtError().WriteToLog() return nil, err } if realityConfigs != nil { - return reality.UClient(pconn, realityConfigs, ctx, dest) + return reality.UClient(pconn, realityConfigs, hctx, dest) } var cn tls.Interface diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index b430ccccb3f2..30d4e2ae5187 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -156,7 +156,7 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati aead.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw) copy(hello.Raw[39:], hello.SessionId) } - if err := uConn.Handshake(); err != nil { + if err := uConn.HandshakeContext(ctx); err != nil { return nil, err } if config.Show { From e013dce1df4bf341b2cb9c9fdef56c4ba3cbd44a Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 28 Aug 2023 17:37:57 +0000 Subject: [PATCH 208/226] Upgrade github.com/xtls/reality to 20230828171259 https://github.com/XTLS/REALITY/commit/e426190d57f6443930a8f9cf3acfbb1a40b1576e --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 579e77da6ac3..711b8e4778b0 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,8 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.4 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 + github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6 + go4.org/netipx v0.0.0-20230824141953-6213f710f925 golang.org/x/crypto v0.12.0 golang.org/x/net v0.14.0 golang.org/x/sync v0.3.0 @@ -47,7 +48,6 @@ require ( github.com/quic-go/qtls-go1-20 v0.3.3 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.11.0 // indirect - go4.org/netipx v0.0.0-20230824141953-6213f710f925 // indirect golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/text v0.12.0 // indirect diff --git a/go.sum b/go.sum index da6346cf0cb4..71abf7478027 100644 --- a/go.sum +++ b/go.sum @@ -166,8 +166,8 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983 h1:AMyzgjkh54WocjQSlCnT1LhDc/BKiUqtNOv40AkpURs= -github.com/xtls/reality v0.0.0-20230613075828-e07c3b04b983/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6 h1:T+YCYGfFdzyaKTDCdZn/hEiKvsw6yUfd+e4hze0rCUw= +github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= From b8bd243df5f6ff4929681c82ed945b27f1597d25 Mon Sep 17 00:00:00 2001 From: dyhkwong <50692134+dyhkwong@users.noreply.github.com> Date: Tue, 29 Aug 2023 15:12:36 +0800 Subject: [PATCH 209/226] Fix buffer.UDP destination override (#2356) --- app/dispatcher/default.go | 107 ++++++++----------------------- app/proxyman/outbound/handler.go | 7 +- common/buf/override.go | 38 +++++++++++ common/session/session.go | 5 +- transport/pipe/impl.go | 5 -- transport/pipe/pipe.go | 7 -- 6 files changed, 75 insertions(+), 94 deletions(-) create mode 100644 common/buf/override.go diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go index 35307ceffc00..5a71ad410442 100644 --- a/app/dispatcher/default.go +++ b/app/dispatcher/default.go @@ -4,7 +4,6 @@ package dispatcher import ( "context" - "fmt" "strings" "sync" "time" @@ -135,77 +134,10 @@ func (*DefaultDispatcher) Start() error { // Close implements common.Closable. func (*DefaultDispatcher) Close() error { return nil } -func (d *DefaultDispatcher) getLink(ctx context.Context, network net.Network, sniffing session.SniffingRequest) (*transport.Link, *transport.Link) { - downOpt := pipe.OptionsFromContext(ctx) - upOpt := downOpt - - if network == net.Network_UDP { - var ip2domain *sync.Map // net.IP.String() => domain, this map is used by server side when client turn on fakedns - // Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs. - // When target replies, server will restore the domain and send back to client. - // Note: this map is not global but per connection context - upOpt = append(upOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer { - for i, buffer := range mb { - if buffer.UDP == nil { - continue - } - addr := buffer.UDP.Address - if addr.Family().IsIP() { - if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(addr) && sniffing.Enabled { - domain := fkr0.GetDomainFromFakeDNS(addr) - if len(domain) > 0 { - buffer.UDP.Address = net.DomainAddress(domain) - newError("[fakedns client] override with domain: ", domain, " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx)) - } else { - newError("[fakedns client] failed to find domain! :", addr.String(), " for xUDP buffer at ", i).AtWarning().WriteToLog(session.ExportIDToError(ctx)) - } - } - } else { - if ip2domain == nil { - ip2domain = new(sync.Map) - newError("[fakedns client] create a new map").WriteToLog(session.ExportIDToError(ctx)) - } - domain := addr.Domain() - ips, err := d.dns.LookupIP(domain, dns.IPOption{true, true, false}) - if err == nil { - for _, ip := range ips { - ip2domain.Store(ip.String(), domain) - } - newError("[fakedns client] candidate ip: "+fmt.Sprintf("%v", ips), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx)) - } else { - newError("[fakedns client] failed to look up IP for ", domain, " for xUDP buffer at ", i).Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - } - } - return mb - })) - downOpt = append(downOpt, pipe.OnTransmission(func(mb buf.MultiBuffer) buf.MultiBuffer { - for i, buffer := range mb { - if buffer.UDP == nil { - continue - } - addr := buffer.UDP.Address - if addr.Family().IsIP() { - if ip2domain == nil { - continue - } - if domain, found := ip2domain.Load(addr.IP().String()); found { - buffer.UDP.Address = net.DomainAddress(domain.(string)) - newError("[fakedns client] restore domain: ", domain.(string), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx)) - } - } else { - if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok { - fakeIp := fkr0.GetFakeIPForDomain(addr.Domain()) - buffer.UDP.Address = fakeIp[0] - newError("[fakedns client] restore FakeIP: ", buffer.UDP, fmt.Sprintf("%v", fakeIp), " for xUDP buffer at ", i).WriteToLog(session.ExportIDToError(ctx)) - } - } - } - return mb - })) - } - uplinkReader, uplinkWriter := pipe.New(upOpt...) - downlinkReader, downlinkWriter := pipe.New(downOpt...) +func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *transport.Link) { + opt := pipe.OptionsFromContext(ctx) + uplinkReader, uplinkWriter := pipe.New(opt...) + downlinkReader, downlinkWriter := pipe.New(opt...) inboundLink := &transport.Link{ Reader: downlinkReader, @@ -263,7 +195,7 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu protocolString = resComp.ProtocolForDomainResult() } for _, p := range request.OverrideDestinationForProtocol { - if strings.HasPrefix(protocolString, p) { + if strings.HasPrefix(protocolString, p) || strings.HasPrefix(protocolString, p) { return true } if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" && @@ -287,7 +219,8 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin panic("Dispatcher: Invalid destination.") } ob := &session.Outbound{ - Target: destination, + OriginalTarget: destination, + Target: destination, } ctx = session.ContextWithOutbound(ctx, ob) content := session.ContentFromContext(ctx) @@ -295,9 +228,8 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin content = new(session.Content) ctx = session.ContextWithContent(ctx, content) } - sniffingRequest := content.SniffingRequest - inbound, outbound := d.getLink(ctx, destination.Network, sniffingRequest) + inbound, outbound := d.getLink(ctx) if !sniffingRequest.Enabled { go d.routedDispatch(ctx, outbound, destination) } else { @@ -314,7 +246,15 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin domain := result.Domain() newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx)) destination.Address = net.ParseAddress(domain) - if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" { + protocol := result.Protocol() + if resComp, ok := result.(SnifferResultComposite); ok { + protocol = resComp.ProtocolForDomainResult() + } + isFakeIP := false + if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) { + isFakeIP = true + } + if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP { ob.RouteTarget = destination } else { ob.Target = destination @@ -332,7 +272,8 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De return newError("Dispatcher: Invalid destination.") } ob := &session.Outbound{ - Target: destination, + OriginalTarget: destination, + Target: destination, } ctx = session.ContextWithOutbound(ctx, ob) content := session.ContentFromContext(ctx) @@ -356,7 +297,15 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De domain := result.Domain() newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx)) destination.Address = net.ParseAddress(domain) - if sniffingRequest.RouteOnly && result.Protocol() != "fakedns" { + protocol := result.Protocol() + if resComp, ok := result.(SnifferResultComposite); ok { + protocol = resComp.ProtocolForDomainResult() + } + isFakeIP := false + if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) { + isFakeIP = true + } + if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP { ob.RouteTarget = destination } else { ob.Target = destination diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index b477dd6bfdac..adf6537ac75f 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -8,6 +8,7 @@ import ( "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/mux" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/net/cnc" @@ -166,6 +167,11 @@ func (h *Handler) Tag() string { // Dispatch implements proxy.Outbound.Dispatch. func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) { + outbound := session.OutboundFromContext(ctx) + if outbound.Target.Network == net.Network_UDP && outbound.OriginalTarget.Address != nil && outbound.OriginalTarget.Address != outbound.Target.Address { + link.Reader = &buf.EndpointOverrideReader{Reader: link.Reader, Dest: outbound.Target.Address, OriginalDest: outbound.OriginalTarget.Address} + link.Writer = &buf.EndpointOverrideWriter{Writer: link.Writer, Dest: outbound.Target.Address, OriginalDest: outbound.OriginalTarget.Address} + } if h.mux != nil { test := func(err error) { if err != nil { @@ -175,7 +181,6 @@ func (h *Handler) Dispatch(ctx context.Context, link *transport.Link) { common.Interrupt(link.Writer) } } - outbound := session.OutboundFromContext(ctx) if outbound.Target.Network == net.Network_UDP && outbound.Target.Port == 443 { switch h.udp443 { case "reject": diff --git a/common/buf/override.go b/common/buf/override.go new file mode 100644 index 000000000000..7b2f1554534f --- /dev/null +++ b/common/buf/override.go @@ -0,0 +1,38 @@ +package buf + +import ( + "github.com/xtls/xray-core/common/net" +) + +type EndpointOverrideReader struct { + Reader + Dest net.Address + OriginalDest net.Address +} + +func (r *EndpointOverrideReader) ReadMultiBuffer() (MultiBuffer, error) { + mb, err := r.Reader.ReadMultiBuffer() + if err == nil { + for _, b := range mb { + if b.UDP != nil && b.UDP.Address == r.OriginalDest { + b.UDP.Address = r.Dest + } + } + } + return mb, err +} + +type EndpointOverrideWriter struct { + Writer + Dest net.Address + OriginalDest net.Address +} + +func (w *EndpointOverrideWriter) WriteMultiBuffer(mb MultiBuffer) error { + for _, b := range mb { + if b.UDP != nil && b.UDP.Address == w.Dest { + b.UDP.Address = w.OriginalDest + } + } + return w.Writer.WriteMultiBuffer(mb) +} diff --git a/common/session/session.go b/common/session/session.go index 83c48fde70f2..b9609e861066 100644 --- a/common/session/session.go +++ b/common/session/session.go @@ -55,8 +55,9 @@ type Inbound struct { // Outbound is the metadata of an outbound connection. type Outbound struct { // Target address of the outbound connection. - Target net.Destination - RouteTarget net.Destination + OriginalTarget net.Destination + Target net.Destination + RouteTarget net.Destination // Gateway address Gateway net.Address } diff --git a/transport/pipe/impl.go b/transport/pipe/impl.go index a60bc4855f23..dbdb050ef368 100644 --- a/transport/pipe/impl.go +++ b/transport/pipe/impl.go @@ -24,7 +24,6 @@ const ( type pipeOption struct { limit int32 // maximum buffer size in bytes discardOverflow bool - onTransmission func(buffer buf.MultiBuffer) buf.MultiBuffer } func (o *pipeOption) isFull(curSize int32) bool { @@ -141,10 +140,6 @@ func (p *pipe) WriteMultiBuffer(mb buf.MultiBuffer) error { return nil } - if p.option.onTransmission != nil { - mb = p.option.onTransmission(mb) - } - for { err := p.writeMultiBufferInternal(mb) if err == nil { diff --git a/transport/pipe/pipe.go b/transport/pipe/pipe.go index 735cc091baec..f4b78303607b 100644 --- a/transport/pipe/pipe.go +++ b/transport/pipe/pipe.go @@ -3,7 +3,6 @@ package pipe import ( "context" - "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/common/signal/done" "github.com/xtls/xray-core/features/policy" @@ -26,12 +25,6 @@ func WithSizeLimit(limit int32) Option { } } -func OnTransmission(hook func(mb buf.MultiBuffer) buf.MultiBuffer) Option { - return func(option *pipeOption) { - option.onTransmission = hook - } -} - // DiscardOverflow returns an Option for Pipe to discard writes if full. func DiscardOverflow() Option { return func(opt *pipeOption) { From f7c20b85dcbd6c2e8acf2589dfaef8a448daf337 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Tue, 29 Aug 2023 07:20:10 +0000 Subject: [PATCH 210/226] v1.8.4 --- core/core.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/core.go b/core/core.go index 4d704306e156..e1128775c9ed 100644 --- a/core/core.go +++ b/core/core.go @@ -21,7 +21,7 @@ import ( var ( Version_x byte = 1 Version_y byte = 8 - Version_z byte = 3 + Version_z byte = 4 ) var ( From 7264750e28be632773117d76e445af7d47398475 Mon Sep 17 00:00:00 2001 From: dyhkwong <50692134+dyhkwong@users.noreply.github.com> Date: Thu, 31 Aug 2023 19:21:35 +0800 Subject: [PATCH 211/226] fix typo in default.go --- app/dispatcher/default.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go index 5a71ad410442..aaa9b4103e5a 100644 --- a/app/dispatcher/default.go +++ b/app/dispatcher/default.go @@ -195,7 +195,7 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu protocolString = resComp.ProtocolForDomainResult() } for _, p := range request.OverrideDestinationForProtocol { - if strings.HasPrefix(protocolString, p) || strings.HasPrefix(protocolString, p) { + if strings.HasPrefix(protocolString, p) || strings.HasPrefix(p, protocolString) { return true } if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" && From 853a866622e6e8f63d3db4b29d7da1dbf5bb3207 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 00:43:27 +0000 Subject: [PATCH 212/226] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6c51d0b538a5..b7a3292b5306 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,7 +11,7 @@ jobs: permissions: packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Docker metadata id: meta uses: docker/metadata-action@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8978bef55c86..30b96142df2c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -158,7 +158,7 @@ jobs: CGO_ENABLED: 0 steps: - name: Checkout codebase - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Show workflow information run: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d4143b69964f..0ab32cd4757d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: go-version: '1.21' check-latest: true - name: Checkout codebase - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Restore Cache uses: actions/cache/restore@v3 with: From c00e56c0dadf4ec69e0b76a858658cae9709430b Mon Sep 17 00:00:00 2001 From: yylt <34183906+yylt@users.noreply.github.com> Date: Fri, 8 Sep 2023 01:32:27 +0800 Subject: [PATCH 213/226] Add `tcpMptcp` to `sockopt` (#2520) --- infra/conf/transport_internet.go | 2 + transport/internet/config.pb.go | 58 ++++++++++++++++----------- transport/internet/config.proto | 2 + transport/internet/system_dialer.go | 3 ++ transport/internet/system_listener.go | 9 ++++- 5 files changed, 48 insertions(+), 26 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 55cc8c2ed47a..9e10feed232e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -622,6 +622,7 @@ type SocketConfig struct { TCPUserTimeout int32 `json:"tcpUserTimeout"` V6only bool `json:"v6only"` Interface string `json:"interface"` + TcpMptcp bool `json:"tcpMptcp"` } // Build implements Buildable. @@ -677,6 +678,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpUserTimeout: c.TCPUserTimeout, V6Only: c.V6only, Interface: c.Interface, + TcpMptcp: c.TcpMptcp, }, nil } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index a186199f5dc8..33519b63337e 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v4.23.1 +// protoc-gen-go v1.31.0 +// protoc v4.24.1 // source: transport/internet/config.proto package internet @@ -431,6 +431,7 @@ type SocketConfig struct { TcpUserTimeout int32 `protobuf:"varint,16,opt,name=tcp_user_timeout,json=tcpUserTimeout,proto3" json:"tcp_user_timeout,omitempty"` TcpMaxSeg int32 `protobuf:"varint,17,opt,name=tcp_max_seg,json=tcpMaxSeg,proto3" json:"tcp_max_seg,omitempty"` TcpNoDelay bool `protobuf:"varint,18,opt,name=tcp_no_delay,json=tcpNoDelay,proto3" json:"tcp_no_delay,omitempty"` + TcpMptcp bool `protobuf:"varint,19,opt,name=tcp_mptcp,json=tcpMptcp,proto3" json:"tcp_mptcp,omitempty"` } func (x *SocketConfig) Reset() { @@ -591,6 +592,13 @@ func (x *SocketConfig) GetTcpNoDelay() bool { return false } +func (x *SocketConfig) GetTcpMptcp() bool { + if x != nil { + return x.TcpMptcp + } + return false +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -643,7 +651,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xb4, 0x06, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xd1, 0x06, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -691,27 +699,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x78, 0x5f, 0x73, 0x65, 0x67, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x63, 0x70, 0x4d, 0x61, 0x78, 0x53, 0x65, 0x67, 0x12, 0x20, 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, 0x6e, 0x6f, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x74, 0x63, - 0x70, 0x4e, 0x6f, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, - 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, - 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, - 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, - 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, - 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, - 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, - 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, - 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, - 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, - 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, - 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, - 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, - 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x4e, 0x6f, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, + 0x6d, 0x70, 0x74, 0x63, 0x70, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, + 0x4d, 0x70, 0x74, 0x63, 0x70, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, + 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, + 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, + 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, + 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, + 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, + 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, + 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, + 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, + 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, + 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, + 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, + 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, + 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 7fdc8ca20b78..550d00ec8c00 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -110,4 +110,6 @@ message SocketConfig { int32 tcp_max_seg = 17; bool tcp_no_delay = 18; + + bool tcp_mptcp = 19; } diff --git a/transport/internet/system_dialer.go b/transport/internet/system_dialer.go index 5a68144d0050..5304595fc8cf 100644 --- a/transport/internet/system_dialer.go +++ b/transport/internet/system_dialer.go @@ -81,6 +81,9 @@ func (d *DefaultSystemDialer) Dial(ctx context.Context, src net.Address, dest ne } if sockopt != nil || len(d.controllers) > 0 { + if sockopt != nil && sockopt.TcpMptcp { + dialer.SetMultipathTCP(true) + } dialer.Control = func(network, address string, c syscall.RawConn) error { for _, ctl := range d.controllers { if err := ctl(network, address, c); err != nil { diff --git a/transport/internet/system_listener.go b/transport/internet/system_listener.go index 1d6358978925..6593f4bce705 100644 --- a/transport/internet/system_listener.go +++ b/transport/internet/system_listener.go @@ -67,8 +67,13 @@ func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *S network = addr.Network() address = addr.String() lc.Control = getControlFunc(ctx, sockopt, dl.controllers) - if sockopt != nil && (sockopt.TcpKeepAliveInterval != 0 || sockopt.TcpKeepAliveIdle != 0) { - lc.KeepAlive = time.Duration(-1) + if sockopt != nil { + if sockopt.TcpKeepAliveInterval != 0 || sockopt.TcpKeepAliveIdle != 0 { + lc.KeepAlive = time.Duration(-1) + } + if sockopt.TcpMptcp { + lc.SetMultipathTCP(true) + } } case *net.UnixAddr: lc.Control = nil From ae2fa30e01fceb2d4565ca1320d00e2515399f05 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 18 Jun 2023 09:12:11 -0400 Subject: [PATCH 214/226] Add Vless tests --- testing/scenarios/vless_test.go | 518 ++++++++++++++++++++++++++++++++ 1 file changed, 518 insertions(+) create mode 100644 testing/scenarios/vless_test.go diff --git a/testing/scenarios/vless_test.go b/testing/scenarios/vless_test.go new file mode 100644 index 000000000000..84d826436451 --- /dev/null +++ b/testing/scenarios/vless_test.go @@ -0,0 +1,518 @@ +package scenarios + +import ( + // "encoding/base64" + // "encoding/hex" + "testing" + "time" + + "github.com/xtls/xray-core/app/log" + "github.com/xtls/xray-core/app/proxyman" + "github.com/xtls/xray-core/common" + clog "github.com/xtls/xray-core/common/log" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/protocol" + "github.com/xtls/xray-core/common/protocol/tls/cert" + "github.com/xtls/xray-core/common/serial" + "github.com/xtls/xray-core/common/uuid" + core "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/proxy/dokodemo" + "github.com/xtls/xray-core/proxy/freedom" + "github.com/xtls/xray-core/proxy/vless" + "github.com/xtls/xray-core/proxy/vless/inbound" + "github.com/xtls/xray-core/proxy/vless/outbound" + "github.com/xtls/xray-core/testing/servers/tcp" + "github.com/xtls/xray-core/transport/internet" + // "github.com/xtls/xray-core/transport/internet/reality" + transtcp "github.com/xtls/xray-core/transport/internet/tcp" + "github.com/xtls/xray-core/transport/internet/tls" + "golang.org/x/sync/errgroup" +) + +func TestVless(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + Clients: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Vnext: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + var errg errgroup.Group + for i := 0; i < 10; i++ { + errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*30)) + } + if err := errg.Wait(); err != nil { + t.Error(err) + } +} + +func TestVlessTls(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + Protocol: internet.TransportProtocol_TCP, + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + Clients: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Vnext: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + Protocol: internet.TransportProtocol_TCP, + TransportSettings: []*internet.TransportConfig{ + { + Protocol: internet.TransportProtocol_TCP, + Settings: serial.ToTypedMessage(&transtcp.Config{}), + }, + }, + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + AllowInsecure: true, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + var errg errgroup.Group + for i := 0; i < 10; i++ { + errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*30)) + } + if err := errg.Wait(); err != nil { + t.Error(err) + } +} + +func TestVlessXtlsVision(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + Protocol: internet.TransportProtocol_TCP, + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + Clients: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + Flow: vless.XRV, + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + App: []*serial.TypedMessage{ + serial.ToTypedMessage(&log.Config{ + ErrorLogLevel: clog.Severity_Debug, + ErrorLogType: log.LogType_Console, + }), + }, + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Vnext: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vless.Account{ + Id: userID.String(), + Flow: vless.XRV, + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + Protocol: internet.TransportProtocol_TCP, + TransportSettings: []*internet.TransportConfig{ + { + Protocol: internet.TransportProtocol_TCP, + Settings: serial.ToTypedMessage(&transtcp.Config{}), + }, + }, + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + AllowInsecure: true, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + var errg errgroup.Group + for i := 0; i < 10; i++ { + errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*30)) + } + if err := errg.Wait(); err != nil { + t.Error(err) + } +} + +// func TestVlessXtlsVisionReality(t *testing.T) { +// tcpServer := tcp.Server{ +// MsgProcessor: xor, +// } +// dest, err := tcpServer.Start() +// common.Must(err) +// defer tcpServer.Close() + +// userID := protocol.NewID(uuid.New()) +// serverPort := tcp.PickPort() +// privateKey, _ := base64.RawURLEncoding.DecodeString("aGSYystUbf59_9_6LKRxD27rmSW_-2_nyd9YG_Gwbks") +// publicKey, _ := base64.RawURLEncoding.DecodeString("E59WjnvZcQMu7tR7_BgyhycuEdBS-CtKxfImRCdAvFM") +// shortIds := make([][]byte, 1) +// shortIds[0] = make([]byte, 8) +// hex.Decode(shortIds[0], []byte("0123456789abcdef")) +// serverConfig := &core.Config{ +// App: []*serial.TypedMessage{ +// serial.ToTypedMessage(&log.Config{ +// ErrorLogLevel: clog.Severity_Debug, +// ErrorLogType: log.LogType_Console, +// }), +// }, +// Inbound: []*core.InboundHandlerConfig{ +// { +// ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ +// PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, +// Listen: net.NewIPOrDomain(net.LocalHostIP), +// StreamSettings: &internet.StreamConfig{ +// Protocol: internet.TransportProtocol_TCP, +// SecurityType: serial.GetMessageType(&reality.Config{}), +// SecuritySettings: []*serial.TypedMessage{ +// serial.ToTypedMessage(&reality.Config{ +// Show: true, +// Dest: "www.google.com:443", // use google for now, may fail in some region +// ServerNames: []string{"www.google.com"}, +// PrivateKey: privateKey, +// ShortIds: shortIds, +// }), +// }, +// }, +// }), +// ProxySettings: serial.ToTypedMessage(&inbound.Config{ +// Clients: []*protocol.User{ +// { +// Account: serial.ToTypedMessage(&vless.Account{ +// Id: userID.String(), +// Flow: vless.XRV, +// }), +// }, +// }, +// }), +// }, +// }, +// Outbound: []*core.OutboundHandlerConfig{ +// { +// ProxySettings: serial.ToTypedMessage(&freedom.Config{}), +// }, +// }, +// } + +// clientPort := tcp.PickPort() +// clientConfig := &core.Config{ +// App: []*serial.TypedMessage{ +// serial.ToTypedMessage(&log.Config{ +// ErrorLogLevel: clog.Severity_Debug, +// ErrorLogType: log.LogType_Console, +// }), +// }, +// Inbound: []*core.InboundHandlerConfig{ +// { +// ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ +// PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, +// Listen: net.NewIPOrDomain(net.LocalHostIP), +// }), +// ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ +// Address: net.NewIPOrDomain(dest.Address), +// Port: uint32(dest.Port), +// NetworkList: &net.NetworkList{ +// Network: []net.Network{net.Network_TCP}, +// }, +// }), +// }, +// }, +// Outbound: []*core.OutboundHandlerConfig{ +// { +// ProxySettings: serial.ToTypedMessage(&outbound.Config{ +// Vnext: []*protocol.ServerEndpoint{ +// { +// Address: net.NewIPOrDomain(net.LocalHostIP), +// Port: uint32(serverPort), +// User: []*protocol.User{ +// { +// Account: serial.ToTypedMessage(&vless.Account{ +// Id: userID.String(), +// Flow: vless.XRV, +// }), +// }, +// }, +// }, +// }, +// }), +// SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ +// StreamSettings: &internet.StreamConfig{ +// Protocol: internet.TransportProtocol_TCP, +// TransportSettings: []*internet.TransportConfig{ +// { +// Protocol: internet.TransportProtocol_TCP, +// Settings: serial.ToTypedMessage(&transtcp.Config{}), +// }, +// }, +// SecurityType: serial.GetMessageType(&reality.Config{}), +// SecuritySettings: []*serial.TypedMessage{ +// serial.ToTypedMessage(&reality.Config{ +// Show: true, +// Fingerprint: "chrome", +// ServerName: "www.google.com", +// PublicKey: publicKey, +// ShortId: shortIds[0], +// SpiderX: "/", +// }), +// }, +// }, +// }), +// }, +// }, +// } + +// servers, err := InitializeServerConfigs(serverConfig, clientConfig) +// common.Must(err) +// defer CloseAllServers(servers) + +// var errg errgroup.Group +// for i := 0; i < 1; i++ { +// errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*30)) +// } +// if err := errg.Wait(); err != nil { +// t.Error(err) +// } +// } From efd32b0fb2a4f1b2d2e98b21916cfd9aa0e0b497 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Wed, 3 May 2023 22:21:45 -0400 Subject: [PATCH 215/226] Enable splice for freedom outbound (downlink only) - Add outbound name - Add outbound conn in ctx - Refactor splice: it can be turn on from all inbounds and outbounds - Refactor splice: Add splice copy to vless inbound - Fix http error test - Add freedom splice toggle via env var - Populate outbound obj in context - Use CanSpliceCopy to mark a connection - Turn off splice by default --- app/dispatcher/default.go | 20 +++--- app/proxyman/inbound/worker.go | 6 +- app/proxyman/outbound/handler.go | 7 +- common/buf/copy.go | 12 ++++ common/session/session.go | 14 ++++ proxy/blackhole/blackhole.go | 6 ++ proxy/dns/dns.go | 1 + proxy/dokodemo/dokodemo.go | 9 ++- proxy/errors.generated.go | 9 +++ proxy/freedom/freedom.go | 27 ++++++-- proxy/http/client.go | 5 ++ proxy/http/server.go | 9 ++- proxy/loopback/loopback.go | 1 + proxy/proxy.go | 86 +++++++++++++++++++++++++ proxy/shadowsocks/client.go | 5 ++ proxy/shadowsocks/server.go | 10 ++- proxy/shadowsocks_2022/inbound.go | 1 + proxy/shadowsocks_2022/inbound_multi.go | 1 + proxy/shadowsocks_2022/inbound_relay.go | 1 + proxy/shadowsocks_2022/outbound.go | 2 + proxy/socks/client.go | 5 ++ proxy/socks/server.go | 10 +-- proxy/trojan/client.go | 5 ++ proxy/trojan/server.go | 4 +- proxy/vless/encoding/encoding.go | 68 ++++++------------- proxy/vless/inbound/inbound.go | 35 ++-------- proxy/vless/outbound/outbound.go | 47 ++++++-------- proxy/vmess/inbound/inbound.go | 4 +- proxy/vmess/outbound/outbound.go | 16 +++-- proxy/wireguard/wireguard.go | 14 ++-- testing/scenarios/http_test.go | 6 +- testing/scenarios/vmess_test.go | 4 +- 32 files changed, 282 insertions(+), 168 deletions(-) create mode 100644 proxy/errors.generated.go diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go index aaa9b4103e5a..bfc43608fc21 100644 --- a/app/dispatcher/default.go +++ b/app/dispatcher/default.go @@ -218,11 +218,13 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin if !destination.IsValid() { panic("Dispatcher: Invalid destination.") } - ob := &session.Outbound{ - OriginalTarget: destination, - Target: destination, + ob := session.OutboundFromContext(ctx) + if ob == nil { + ob = &session.Outbound{} + ctx = session.ContextWithOutbound(ctx, ob) } - ctx = session.ContextWithOutbound(ctx, ob) + ob.OriginalTarget = destination + ob.Target = destination content := session.ContentFromContext(ctx) if content == nil { content = new(session.Content) @@ -271,11 +273,13 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De if !destination.IsValid() { return newError("Dispatcher: Invalid destination.") } - ob := &session.Outbound{ - OriginalTarget: destination, - Target: destination, + ob := session.OutboundFromContext(ctx) + if ob == nil { + ob = &session.Outbound{} + ctx = session.ContextWithOutbound(ctx, ob) } - ctx = session.ContextWithOutbound(ctx, ob) + ob.OriginalTarget = destination + ob.Target = destination content := session.ContentFromContext(ctx) if content == nil { content = new(session.Content) diff --git a/app/proxyman/inbound/worker.go b/app/proxyman/inbound/worker.go index 8ed4090a0484..1fe866552908 100644 --- a/app/proxyman/inbound/worker.go +++ b/app/proxyman/inbound/worker.go @@ -60,6 +60,7 @@ func (w *tcpWorker) callback(conn stat.Connection) { sid := session.NewID() ctx = session.ContextWithID(ctx, sid) + var outbound = &session.Outbound{} if w.recvOrigDest { var dest net.Destination switch getTProxyType(w.stream) { @@ -74,11 +75,10 @@ func (w *tcpWorker) callback(conn stat.Connection) { dest = net.DestinationFromAddr(conn.LocalAddr()) } if dest.IsValid() { - ctx = session.ContextWithOutbound(ctx, &session.Outbound{ - Target: dest, - }) + outbound.Target = dest } } + ctx = session.ContextWithOutbound(ctx, outbound) if w.uplinkCounter != nil || w.downlinkCounter != nil { conn = &stat.CounterConnection{ diff --git a/app/proxyman/outbound/handler.go b/app/proxyman/outbound/handler.go index adf6537ac75f..d290b016d33c 100644 --- a/app/proxyman/outbound/handler.go +++ b/app/proxyman/outbound/handler.go @@ -274,7 +274,12 @@ func (h *Handler) Dial(ctx context.Context, dest net.Destination) (stat.Connecti } conn, err := internet.Dial(ctx, dest, h.streamSettings) - return h.getStatCouterConnection(conn), err + conn = h.getStatCouterConnection(conn) + outbound := session.OutboundFromContext(ctx) + if outbound != nil { + outbound.Conn = conn + } + return conn, err } func (h *Handler) getStatCouterConnection(conn stat.Connection) stat.Connection { diff --git a/common/buf/copy.go b/common/buf/copy.go index 601771bee2cc..3096dc57c13e 100644 --- a/common/buf/copy.go +++ b/common/buf/copy.go @@ -6,6 +6,7 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/signal" + "github.com/xtls/xray-core/features/stats" ) type dataHandler func(MultiBuffer) @@ -40,6 +41,17 @@ func CountSize(sc *SizeCounter) CopyOption { } } +// AddToStatCounter a CopyOption add to stat counter +func AddToStatCounter(sc stats.Counter) CopyOption { + return func(handler *copyHandler) { + handler.onData = append(handler.onData, func(b MultiBuffer) { + if sc != nil { + sc.Add(int64(b.Len())) + } + }) + } +} + type readError struct { error } diff --git a/common/session/session.go b/common/session/session.go index b9609e861066..4af610157866 100644 --- a/common/session/session.go +++ b/common/session/session.go @@ -50,6 +50,16 @@ type Inbound struct { Conn net.Conn // Timer of the inbound buf copier. May be nil. Timer *signal.ActivityTimer + // CanSpliceCopy is a property for this connection, set by both inbound and outbound + // 1 = can, 2 = after processing protocol info should be able to, 3 = cannot + CanSpliceCopy int +} + +func(i *Inbound) SetCanSpliceCopy(canSpliceCopy int) int { + if canSpliceCopy > i.CanSpliceCopy { + i.CanSpliceCopy = canSpliceCopy + } + return i.CanSpliceCopy } // Outbound is the metadata of an outbound connection. @@ -60,6 +70,10 @@ type Outbound struct { RouteTarget net.Destination // Gateway address Gateway net.Address + // Name of the outbound proxy that handles the connection. + Name string + // Conn is actually internet.Connection. May be nil. It is currently nil for outbound with proxySettings + Conn net.Conn } // SniffingRequest controls the behavior of content sniffing. diff --git a/proxy/blackhole/blackhole.go b/proxy/blackhole/blackhole.go index b17c60c4ea12..4b8194172e70 100644 --- a/proxy/blackhole/blackhole.go +++ b/proxy/blackhole/blackhole.go @@ -8,6 +8,7 @@ import ( "time" "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" ) @@ -30,6 +31,11 @@ func New(ctx context.Context, config *Config) (*Handler, error) { // Process implements OutboundHandler.Dispatch(). func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error { + outbound := session.OutboundFromContext(ctx) + if outbound != nil { + outbound.Name = "blackhole" + } + nBytes := h.response.WriteTo(link.Writer) if nBytes > 0 { // Sleep a little here to make sure the response is sent to client. diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index d8a3244d8d24..415fe991fb8f 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -96,6 +96,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet. if outbound == nil || !outbound.Target.IsValid() { return newError("invalid outbound") } + outbound.Name = "dns" srcNetwork := outbound.Target.Network diff --git a/proxy/dokodemo/dokodemo.go b/proxy/dokodemo/dokodemo.go index 42d8256f45aa..4a4735e8d7da 100644 --- a/proxy/dokodemo/dokodemo.go +++ b/proxy/dokodemo/dokodemo.go @@ -102,11 +102,10 @@ func (d *DokodemoDoor) Process(ctx context.Context, network net.Network, conn st } inbound := session.InboundFromContext(ctx) - if inbound != nil { - inbound.Name = "dokodemo-door" - inbound.User = &protocol.MemoryUser{ - Level: d.config.UserLevel, - } + inbound.Name = "dokodemo-door" + inbound.SetCanSpliceCopy(1) + inbound.User = &protocol.MemoryUser{ + Level: d.config.UserLevel, } ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ diff --git a/proxy/errors.generated.go b/proxy/errors.generated.go new file mode 100644 index 000000000000..1a64389659d1 --- /dev/null +++ b/proxy/errors.generated.go @@ -0,0 +1,9 @@ +package proxy + +import "github.com/xtls/xray-core/common/errors" + +type errPathObjHolder struct{} + +func newError(values ...interface{}) *errors.Error { + return errors.New(values...).WithPathObj(errPathObjHolder{}) +} diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go index c6907b4c62c8..808f837faf7b 100644 --- a/proxy/freedom/freedom.go +++ b/proxy/freedom/freedom.go @@ -13,6 +13,7 @@ import ( "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/dice" "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" @@ -21,11 +22,14 @@ import ( "github.com/xtls/xray-core/features/dns" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/stats" + "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" ) +var useSplice bool + func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { h := new(Handler) @@ -36,6 +40,12 @@ func init() { } return h, nil })) + const defaultFlagValue = "NOT_DEFINED_AT_ALL" + value := platform.NewEnvFlag("xray.buf.splice").GetValue(func() string { return defaultFlagValue }) + switch value { + case "auto", "enable": + useSplice = true + } } // Handler handles Freedom connections. @@ -107,6 +117,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified.") } + outbound.Name = "freedom" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(1) + } destination := outbound.Target UDPOverride := net.UDPDestination(nil, 0) if h.config.DestinationOverride != nil { @@ -195,17 +210,17 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte responseDone := func() error { defer timer.SetTimeout(plcy.Timeouts.UplinkOnly) - - var reader buf.Reader if destination.Network == net.Network_TCP { - reader = buf.NewReader(conn) - } else { - reader = NewPacketReader(conn, UDPOverride) + var writeConn net.Conn + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil && useSplice { + writeConn = inbound.Conn + } + return proxy.CopyRawConnIfExist(ctx, conn, writeConn, link.Writer, timer) } + reader := NewPacketReader(conn, UDPOverride) if err := buf.Copy(reader, output, buf.UpdateActivity(timer)); err != nil { return newError("failed to process response").Base(err) } - return nil } diff --git a/proxy/http/client.go b/proxy/http/client.go index f597a5021897..302e521dc91b 100644 --- a/proxy/http/client.go +++ b/proxy/http/client.go @@ -73,6 +73,11 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified.") } + outbound.Name = "http" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(2) + } target := outbound.Target targetAddr := target.NetAddr() diff --git a/proxy/http/server.go b/proxy/http/server.go index 6b00fe2b2963..511d9b08c3ae 100644 --- a/proxy/http/server.go +++ b/proxy/http/server.go @@ -84,11 +84,10 @@ type readerOnly struct { func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) - if inbound != nil { - inbound.Name = "http" - inbound.User = &protocol.MemoryUser{ - Level: s.config.UserLevel, - } + inbound.Name = "http" + inbound.SetCanSpliceCopy(2) + inbound.User = &protocol.MemoryUser{ + Level: s.config.UserLevel, } reader := bufio.NewReaderSize(readerOnly{conn}, buf.Size) diff --git a/proxy/loopback/loopback.go b/proxy/loopback/loopback.go index 946847f34df1..30c39bd96409 100644 --- a/proxy/loopback/loopback.go +++ b/proxy/loopback/loopback.go @@ -26,6 +26,7 @@ func (l *Loopback) Process(ctx context.Context, link *transport.Link, _ internet if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified.") } + outbound.Name = "loopback" destination := outbound.Target newError("opening connection to ", destination).WriteToLog(session.ExportIDToError(ctx)) diff --git a/proxy/proxy.go b/proxy/proxy.go index fb52605ca5fa..12b9631bc0bd 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -7,13 +7,24 @@ package proxy import ( "context" + gotls "crypto/tls" + "io" + "runtime" + "github.com/pires/go-proxyproto" + "github.com/xtls/xray-core/common/buf" + "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" + "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/features/routing" + "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" + "github.com/xtls/xray-core/transport/internet/tls" ) // An Inbound processes inbound connections. @@ -47,3 +58,78 @@ type GetInbound interface { type GetOutbound interface { GetOutbound() Outbound } + +// UnwrapRawConn support unwrap stats, tls, utls, reality and proxyproto conn and get raw tcp conn from it +func UnwrapRawConn(conn net.Conn) (net.Conn, stats.Counter, stats.Counter) { + var readCounter, writerCounter stats.Counter + if conn != nil { + statConn, ok := conn.(*stat.CounterConnection) + if ok { + conn = statConn.Connection + readCounter = statConn.ReadCounter + writerCounter = statConn.WriteCounter + } + if xc, ok := conn.(*gotls.Conn); ok { + conn = xc.NetConn() + } else if utlsConn, ok := conn.(*tls.UConn); ok { + conn = utlsConn.NetConn() + } else if realityConn, ok := conn.(*reality.Conn); ok { + conn = realityConn.NetConn() + } else if realityUConn, ok := conn.(*reality.UConn); ok { + conn = realityUConn.NetConn() + } + if pc, ok := conn.(*proxyproto.Conn); ok { + conn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader + } + } + return conn, readCounter, writerCounter +} + +// CopyRawConnIfExist use the most efficient copy method. +// - If caller don't want to turn on splice, do not pass in both reader conn and writer conn +// - writer are from *transport.Link +func CopyRawConnIfExist(ctx context.Context, readerConn net.Conn, writerConn net.Conn, writer buf.Writer, timer signal.ActivityUpdater) error { + readerConn, readCounter, _ := UnwrapRawConn(readerConn) + writerConn, _, writeCounter := UnwrapRawConn(writerConn) + reader := buf.NewReader(readerConn) + if inbound := session.InboundFromContext(ctx); inbound != nil { + if tc, ok := writerConn.(*net.TCPConn); ok && readerConn != nil && writerConn != nil && (runtime.GOOS == "linux" || runtime.GOOS == "android") { + for inbound.CanSpliceCopy != 3 { + if inbound.CanSpliceCopy == 1 { + newError("CopyRawConn splice").WriteToLog(session.ExportIDToError(ctx)) + runtime.Gosched() // necessary + w, err := tc.ReadFrom(readerConn) + if readCounter != nil { + readCounter.Add(w) + } + if writeCounter != nil { + writeCounter.Add(w) + } + if err != nil && errors.Cause(err) != io.EOF { + return err + } + return nil + } + buffer, err := reader.ReadMultiBuffer() + if !buffer.IsEmpty() { + if readCounter != nil { + readCounter.Add(int64(buffer.Len())) + } + timer.Update() + if werr := writer.WriteMultiBuffer(buffer); werr != nil { + return werr + } + } + if err != nil { + return err + } + } + } + } + newError("CopyRawConn readv").WriteToLog(session.ExportIDToError(ctx)) + if err := buf.Copy(reader, writer, buf.UpdateActivity(timer), buf.AddToStatCounter(readCounter)); err != nil { + return newError("failed to process response").Base(err) + } + return nil +} diff --git a/proxy/shadowsocks/client.go b/proxy/shadowsocks/client.go index e22b11c7ab53..57d8f81c7c6c 100644 --- a/proxy/shadowsocks/client.go +++ b/proxy/shadowsocks/client.go @@ -53,6 +53,11 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified") } + outbound.Name = "shadowsocks" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(3) + } destination := outbound.Target network := destination.Network diff --git a/proxy/shadowsocks/server.go b/proxy/shadowsocks/server.go index 1d89db5e0a20..2975ba70aec0 100644 --- a/proxy/shadowsocks/server.go +++ b/proxy/shadowsocks/server.go @@ -71,6 +71,10 @@ func (s *Server) Network() []net.Network { } func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { + inbound := session.InboundFromContext(ctx) + inbound.Name = "shadowsocks" + inbound.SetCanSpliceCopy(3) + switch network { case net.Network_TCP: return s.handleConnection(ctx, conn, dispatcher) @@ -110,13 +114,7 @@ func (s *Server) handleUDPPayload(ctx context.Context, conn stat.Connection, dis }) inbound := session.InboundFromContext(ctx) - if inbound == nil { - panic("no inbound metadata") - } - inbound.Name = "shadowsocks" - var dest *net.Destination - reader := buf.NewPacketReader(conn) for { mpayload, err := reader.ReadMultiBuffer() diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index bb298c09485e..246fc7f16ea2 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -66,6 +66,7 @@ func (i *Inbound) Network() []net.Network { func (i *Inbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) inbound.Name = "shadowsocks-2022" + inbound.SetCanSpliceCopy(3) var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index c992747691e4..c3832a91d14b 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -155,6 +155,7 @@ func (i *MultiUserInbound) Network() []net.Network { func (i *MultiUserInbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) inbound.Name = "shadowsocks-2022-multi" + inbound.SetCanSpliceCopy(3) var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/inbound_relay.go b/proxy/shadowsocks_2022/inbound_relay.go index c3f8e6759631..e2cb7d508134 100644 --- a/proxy/shadowsocks_2022/inbound_relay.go +++ b/proxy/shadowsocks_2022/inbound_relay.go @@ -87,6 +87,7 @@ func (i *RelayInbound) Network() []net.Network { func (i *RelayInbound) Process(ctx context.Context, network net.Network, connection stat.Connection, dispatcher routing.Dispatcher) error { inbound := session.InboundFromContext(ctx) inbound.Name = "shadowsocks-2022-relay" + inbound.SetCanSpliceCopy(3) var metadata M.Metadata if inbound.Source.IsValid() { diff --git a/proxy/shadowsocks_2022/outbound.go b/proxy/shadowsocks_2022/outbound.go index 151ea0e2867f..a06daac70133 100644 --- a/proxy/shadowsocks_2022/outbound.go +++ b/proxy/shadowsocks_2022/outbound.go @@ -66,12 +66,14 @@ func (o *Outbound) Process(ctx context.Context, link *transport.Link, dialer int inbound := session.InboundFromContext(ctx) if inbound != nil { inboundConn = inbound.Conn + inbound.SetCanSpliceCopy(3) } outbound := session.OutboundFromContext(ctx) if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified") } + outbound.Name = "shadowsocks-2022" destination := outbound.Target network := destination.Network diff --git a/proxy/socks/client.go b/proxy/socks/client.go index 1993aa0b8902..82591be4321f 100644 --- a/proxy/socks/client.go +++ b/proxy/socks/client.go @@ -61,6 +61,11 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified.") } + outbound.Name = "socks" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(2) + } // Destination of the inner request. destination := outbound.Target diff --git a/proxy/socks/server.go b/proxy/socks/server.go index 184ecd08000b..6964fdf2b078 100644 --- a/proxy/socks/server.go +++ b/proxy/socks/server.go @@ -63,11 +63,11 @@ func (s *Server) Network() []net.Network { // Process implements proxy.Inbound. func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { - if inbound := session.InboundFromContext(ctx); inbound != nil { - inbound.Name = "socks" - inbound.User = &protocol.MemoryUser{ - Level: s.config.UserLevel, - } + inbound := session.InboundFromContext(ctx) + inbound.Name = "socks" + inbound.SetCanSpliceCopy(2) + inbound.User = &protocol.MemoryUser{ + Level: s.config.UserLevel, } switch network { diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 0c6f16d3aba5..d6b95fc0b154 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -54,6 +54,11 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter if outbound == nil || !outbound.Target.IsValid() { return newError("target not specified") } + outbound.Name = "trojan" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(3) + } destination := outbound.Target network := destination.Network diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 41245ba4bd2e..5c3fcd9113f5 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -214,10 +214,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con } inbound := session.InboundFromContext(ctx) - if inbound == nil { - panic("no inbound metadata") - } inbound.Name = "trojan" + inbound.SetCanSpliceCopy(3) inbound.User = user sessionPolicy = s.policyManager.ForLevel(user.Level) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index cf9624929880..48bda4973d94 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -8,9 +8,7 @@ import ( "crypto/rand" "io" "math/big" - "runtime" "strconv" - "syscall" "time" "github.com/xtls/xray-core/common/buf" @@ -20,10 +18,8 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/features/stats" + "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/proxy/vless" - "github.com/xtls/xray-core/transport/internet/reality" - "github.com/xtls/xray-core/transport/internet/stat" - "github.com/xtls/xray-core/transport/internet/tls" ) const ( @@ -206,13 +202,11 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A } // XtlsRead filter and read xtls protocol -func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, - input *bytes.Reader, rawInput *bytes.Buffer, - counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, +func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer, + ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { err := func() error { - var ct stats.Counter withinPaddingBuffers := true shouldSwitchToDirectCopy := false var remainingContent int32 = -1 @@ -220,40 +214,14 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater currentCommand := 0 for { if shouldSwitchToDirectCopy { - shouldSwitchToDirectCopy = false - if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil && (runtime.GOOS == "linux" || runtime.GOOS == "android") { - if _, ok := inbound.User.Account.(*vless.MemoryAccount); inbound.User.Account == nil || ok { - iConn := inbound.Conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - if tlsConn, ok := iConn.(*tls.Conn); ok { - iConn = tlsConn.NetConn() - } else if realityConn, ok := iConn.(*reality.Conn); ok { - iConn = realityConn.NetConn() - } - if tc, ok := iConn.(*net.TCPConn); ok { - newError("XtlsRead splice").WriteToLog(session.ExportIDToError(ctx)) - runtime.Gosched() // necessary - w, err := tc.ReadFrom(conn) - if counter != nil { - counter.Add(w) - } - if statConn != nil && statConn.WriteCounter != nil { - statConn.WriteCounter.Add(w) - } - return err - } + var writerConn net.Conn + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil { + writerConn = inbound.Conn + if inbound.CanSpliceCopy == 2 { + inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter } } - if rawConn != nil { - reader = buf.NewReadVReader(conn, rawConn, nil) - } else { - reader = buf.NewReader(conn) - } - ct = counter - newError("XtlsRead readV").WriteToLog(session.ExportIDToError(ctx)) + return proxy.CopyRawConnIfExist(ctx, conn, writerConn, writer, timer) } buffer, err := reader.ReadMultiBuffer() if !buffer.IsEmpty() { @@ -292,9 +260,6 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater if *numberOfPacketToFilter > 0 { XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx) } - if ct != nil { - ct.Add(int64(buffer.Len())) - } timer.Update() if werr := writer.WriteMultiBuffer(buffer); werr != nil { return werr @@ -312,7 +277,7 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } // XtlsWrite filter and write xtls protocol -func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, +func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, ctx context.Context, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { @@ -349,18 +314,21 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate } if shouldSwitchToDirectCopy { encryptBuffer, directBuffer := buf.SplitMulti(buffer, xtlsSpecIndex+1) - length := encryptBuffer.Len() if !encryptBuffer.IsEmpty() { timer.Update() if werr := writer.WriteMultiBuffer(encryptBuffer); werr != nil { return werr } } - buffer = directBuffer - writer = buf.NewWriter(conn) - ct = counter - newError("XtlsWrite writeV ", xtlsSpecIndex, " ", length, " ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) time.Sleep(5 * time.Millisecond) // for some device, the first xtls direct packet fails without this delay + + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.CanSpliceCopy == 2 { + inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter + } + buffer = directBuffer + rawConn, _, writerCounter := proxy.UnwrapRawConn(conn) + writer = buf.NewWriter(rawConn) + ct = writerCounter } } if !buffer.IsEmpty() { diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8653e1e31b5d..388aeecbd06d 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -10,11 +10,9 @@ import ( "reflect" "strconv" "strings" - "syscall" "time" "unsafe" - "github.com/pires/go-proxyproto" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" @@ -30,7 +28,6 @@ import ( feature_inbound "github.com/xtls/xray-core/features/inbound" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport/internet/reality" @@ -182,8 +179,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s sid := session.ExportIDToError(ctx) iConn := connection - statConn, ok := iConn.(*stat.CounterConnection) - if ok { + if statConn, ok := iConn.(*stat.CounterConnection); ok { iConn = statConn.Connection } @@ -447,14 +443,12 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s // Flow: requestAddons.Flow, } - var netConn net.Conn - var rawConn syscall.RawConn var input *bytes.Reader var rawInput *bytes.Buffer - switch requestAddons.Flow { case vless.XRV: if account.Flow == requestAddons.Flow { + inbound.SetCanSpliceCopy(2) switch request.Command { case protocol.RequestCommandUDP: return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() @@ -467,23 +461,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } - netConn = tlsConn.NetConn() t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if realityConn, ok := iConn.(*reality.Conn); ok { - netConn = realityConn.NetConn() t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } - if pc, ok := netConn.(*proxyproto.Conn); ok { - netConn = pc.Raw() - // 8192 > 4096, there is no need to process pc's bufReader - } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) @@ -493,6 +478,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "": + inbound.SetCanSpliceCopy(3) if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } @@ -540,13 +526,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var err error if requestAddons.Flow == vless.XRV { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - // TODO enable splice - ctx = session.ContextWithInbound(ctx, nil) - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + ctx1 := session.ContextWithInbound(ctx, nil) // TODO enable splice + err = encoding.XtlsRead(clientReader, serverWriter, timer, connection, input, rawInput, ctx1, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer @@ -592,11 +573,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var err error if requestAddons.Flow == vless.XRV { - var counter stats.Counter - if statConn != nil { - counter = statConn.WriteCounter - } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, connection, ctx, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 12962a4710c9..bc2e662569ec 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -7,7 +7,6 @@ import ( "context" gotls "crypto/tls" "reflect" - "syscall" "time" "unsafe" @@ -23,7 +22,6 @@ import ( "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport" @@ -71,9 +69,15 @@ func New(ctx context.Context, config *Config) (*Handler, error) { // Process implements proxy.Outbound.Process(). func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error { + outbound := session.OutboundFromContext(ctx) + if outbound == nil || !outbound.Target.IsValid() { + return newError("target not specified").AtError() + } + outbound.Name = "vless" + inbound := session.InboundFromContext(ctx) + var rec *protocol.ServerSpec var conn stat.Connection - if err := retry.ExponentialBackoff(5, 200).On(func() error { rec = h.serverPicker.PickServer() var err error @@ -88,16 +92,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte defer conn.Close() iConn := conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { + if statConn, ok := iConn.(*stat.CounterConnection); ok { iConn = statConn.Connection } - - outbound := session.OutboundFromContext(ctx) - if outbound == nil || !outbound.Target.IsValid() { - return newError("target not specified").AtError() - } - target := outbound.Target newError("tunneling request to ", target, " via ", rec.Destination().NetAddr()).AtInfo().WriteToLog(session.ExportIDToError(ctx)) @@ -123,8 +120,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte Flow: account.Flow, } - var netConn net.Conn - var rawConn syscall.RawConn var input *bytes.Reader var rawInput *bytes.Buffer allowUDP443 := false @@ -134,6 +129,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte requestAddons.Flow = requestAddons.Flow[:16] fallthrough case vless.XRV: + if inbound != nil { + inbound.SetCanSpliceCopy(2) + } switch request.Command { case protocol.RequestCommandUDP: if !allowUDP443 && request.Port == 443 { @@ -146,28 +144,26 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var t reflect.Type var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { - netConn = tlsConn.NetConn() t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if utlsConn, ok := iConn.(*tls.UConn); ok { - netConn = utlsConn.NetConn() t = reflect.TypeOf(utlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(utlsConn.Conn)) } else if realityConn, ok := iConn.(*reality.UConn); ok { - netConn = realityConn.NetConn() t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } + default: + if inbound != nil { + inbound.SetCanSpliceCopy(3) + } } var newCtx context.Context @@ -257,11 +253,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() } } - var counter stats.Counter - if statConn != nil { - counter = statConn.WriteCounter - } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, + ctx1 := session.ContextWithOutbound(ctx, nil) // TODO enable splice + err = encoding.XtlsWrite(clientReader, serverWriter, timer, conn, ctx1, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer @@ -293,11 +286,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } if requestAddons.Flow == vless.XRV { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + err = encoding.XtlsRead(serverReader, clientWriter, timer, conn, input, rawInput, ctx, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go index f48a26e15ad5..679ea5da688e 100644 --- a/proxy/vmess/inbound/inbound.go +++ b/proxy/vmess/inbound/inbound.go @@ -256,10 +256,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } inbound := session.InboundFromContext(ctx) - if inbound == nil { - panic("no inbound metadata") - } inbound.Name = "vmess" + inbound.SetCanSpliceCopy(3) inbound.User = request.User sessionPolicy = h.policyManager.ForLevel(request.User.Level) diff --git a/proxy/vmess/outbound/outbound.go b/proxy/vmess/outbound/outbound.go index fc77f07feb24..5e228d681eb8 100644 --- a/proxy/vmess/outbound/outbound.go +++ b/proxy/vmess/outbound/outbound.go @@ -60,9 +60,18 @@ func New(ctx context.Context, config *Config) (*Handler, error) { // Process implements proxy.Outbound.Process(). func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error { + outbound := session.OutboundFromContext(ctx) + if outbound == nil || !outbound.Target.IsValid() { + return newError("target not specified").AtError() + } + outbound.Name = "vmess" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(3) + } + var rec *protocol.ServerSpec var conn stat.Connection - err := retry.ExponentialBackoff(5, 200).On(func() error { rec = h.serverPicker.PickServer() rawConn, err := dialer.Dial(ctx, rec.Destination()) @@ -78,11 +87,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } defer conn.Close() - outbound := session.OutboundFromContext(ctx) - if outbound == nil || !outbound.Target.IsValid() { - return newError("target not specified").AtError() - } - target := outbound.Target newError("tunneling request to ", target, " via ", rec.Destination().NetAddr()).WriteToLog(session.ExportIDToError(ctx)) diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go index 53e7dcd56b2e..899dcac5415c 100644 --- a/proxy/wireguard/wireguard.go +++ b/proxy/wireguard/wireguard.go @@ -75,6 +75,16 @@ func New(ctx context.Context, conf *DeviceConfig) (*Handler, error) { // Process implements OutboundHandler.Dispatch(). func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer internet.Dialer) error { + outbound := session.OutboundFromContext(ctx) + if outbound == nil || !outbound.Target.IsValid() { + return newError("target not specified") + } + outbound.Name = "wireguard" + inbound := session.InboundFromContext(ctx) + if inbound != nil { + inbound.SetCanSpliceCopy(3) + } + if h.bind == nil || h.bind.dialer != dialer || h.net == nil { log.Record(&log.GeneralMessage{ Severity: log.Severity_Info, @@ -101,10 +111,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte h.bind = bind } - outbound := session.OutboundFromContext(ctx) - if outbound == nil || !outbound.Target.IsValid() { - return newError("target not specified") - } // Destination of the inner request. destination := outbound.Target command := protocol.RequestCommandTCP diff --git a/testing/scenarios/http_test.go b/testing/scenarios/http_test.go index d6a765bb0fb5..b9b112ffa8d3 100644 --- a/testing/scenarios/http_test.go +++ b/testing/scenarios/http_test.go @@ -7,6 +7,7 @@ import ( "io" "net/http" "net/url" + "strings" "testing" "time" @@ -128,9 +129,8 @@ func TestHttpError(t *testing.T) { } resp, err := client.Get("http://127.0.0.1:" + dest.Port.String()) - common.Must(err) - if resp.StatusCode != 503 { - t.Error("status: ", resp.StatusCode) + if resp != nil && resp.StatusCode != 503 || err != nil && !strings.Contains(err.Error(), "malformed HTTP status code") { + t.Error("should not receive http response", err) } } } diff --git a/testing/scenarios/vmess_test.go b/testing/scenarios/vmess_test.go index 9f2b0abc6261..2239b13ce1dd 100644 --- a/testing/scenarios/vmess_test.go +++ b/testing/scenarios/vmess_test.go @@ -1174,10 +1174,10 @@ func TestVMessGCMMuxUDP(t *testing.T) { servers, err := InitializeServerConfigs(serverConfig, clientConfig) common.Must(err) - for range "abcd" { + for range "ab" { var errg errgroup.Group for i := 0; i < 16; i++ { - errg.Go(testTCPConn(clientPort, 10240, time.Second*20)) + errg.Go(testTCPConn(clientPort, 1024, time.Second*10)) errg.Go(testUDPConn(clientUDPPort, 1024, time.Second*10)) } if err := errg.Wait(); err != nil { From d6d225c6981812f024f90adab8cefc26a5ac0937 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 2 Sep 2023 11:37:50 -0400 Subject: [PATCH 216/226] Refactor Vision reader writer - Vision now use traffic states to capture two-way info about a connection - XTLS is de-couple with Vision, it only read traffic states to switch to direct copy mode - fix a edge case error when Vision unpadding read 5 command bytes --- proxy/proxy.go | 386 +++++++++++++++++++++++++++++++ proxy/vless/encoding/addons.go | 19 +- proxy/vless/encoding/encoding.go | 356 +++------------------------- proxy/vless/inbound/inbound.go | 25 +- proxy/vless/outbound/outbound.go | 28 +-- 5 files changed, 440 insertions(+), 374 deletions(-) diff --git a/proxy/proxy.go b/proxy/proxy.go index 12b9631bc0bd..142acb776fea 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -6,10 +6,14 @@ package proxy import ( + "bytes" "context" + "crypto/rand" gotls "crypto/tls" "io" + "math/big" "runtime" + "strconv" "github.com/pires/go-proxyproto" "github.com/xtls/xray-core/common/buf" @@ -27,6 +31,30 @@ import ( "github.com/xtls/xray-core/transport/internet/tls" ) +var ( + Tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} + TlsClientHandShakeStart = []byte{0x16, 0x03} + TlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} + TlsApplicationDataStart = []byte{0x17, 0x03, 0x03} + + Tls13CipherSuiteDic = map[uint16]string{ + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", + } +) + +const ( + TlsHandshakeTypeClientHello byte = 0x01 + TlsHandshakeTypeServerHello byte = 0x02 + + CommandPaddingContinue byte = 0x00 + CommandPaddingEnd byte = 0x01 + CommandPaddingDirect byte = 0x02 +) + // An Inbound processes inbound connections. type Inbound interface { // Network returns a list of networks that this inbound supports. Connections with not-supported networks will not be passed into Process(). @@ -59,6 +87,364 @@ type GetOutbound interface { GetOutbound() Outbound } +// TrafficState is used to track uplink and downlink of one connection +// It is used by XTLS to determine if switch to raw copy mode, It is used by Vision to calculate padding +type TrafficState struct { + UserUUID []byte + NumberOfPacketToFilter int + EnableXtls bool + IsTLS12orAbove bool + IsTLS bool + Cipher uint16 + RemainingServerHello int32 + + // reader link state + WithinPaddingBuffers bool + ReaderSwitchToDirectCopy bool + RemainingCommand int32 + RemainingContent int32 + RemainingPadding int32 + CurrentCommand int + + // write link state + IsPadding bool + WriterSwitchToDirectCopy bool +} + +func NewTrafficState(userUUID []byte) *TrafficState { + return &TrafficState{ + UserUUID: userUUID, + NumberOfPacketToFilter: 8, + EnableXtls: false, + IsTLS12orAbove: false, + IsTLS: false, + Cipher: 0, + RemainingServerHello: -1, + WithinPaddingBuffers: true, + ReaderSwitchToDirectCopy: false, + RemainingCommand: -1, + RemainingContent: -1, + RemainingPadding: -1, + CurrentCommand: 0, + IsPadding: true, + WriterSwitchToDirectCopy: false, + } +} + +// VisionReader is used to read xtls vision protocol +// Note Vision probably only make sense as the inner most layer of reader, since it need assess traffic state from origin proxy traffic +type VisionReader struct { + buf.Reader + trafficState *TrafficState + ctx context.Context +} + +func NewVisionReader(reader buf.Reader, state *TrafficState, context context.Context) *VisionReader { + return &VisionReader{ + Reader: reader, + trafficState: state, + ctx: context, + } +} + +func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) { + buffer, err := w.Reader.ReadMultiBuffer() + if !buffer.IsEmpty() { + if w.trafficState.WithinPaddingBuffers || w.trafficState.NumberOfPacketToFilter > 0 { + mb2 := make(buf.MultiBuffer, 0, len(buffer)) + for _, b := range buffer { + newbuffer := XtlsUnpadding(b, w.trafficState, w.ctx) + if newbuffer.Len() > 0 { + mb2 = append(mb2, newbuffer) + } + } + buffer = mb2 + if w.trafficState.RemainingContent == 0 && w.trafficState.RemainingPadding == 0 { + if w.trafficState.CurrentCommand == 1 { + w.trafficState.WithinPaddingBuffers = false + } else if w.trafficState.CurrentCommand == 2 { + w.trafficState.WithinPaddingBuffers = false + w.trafficState.ReaderSwitchToDirectCopy = true + } else if w.trafficState.CurrentCommand == 0 { + w.trafficState.WithinPaddingBuffers = true + } else { + newError("XtlsRead unknown command ", w.trafficState.CurrentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(w.ctx)) + } + } else if w.trafficState.RemainingContent > 0 || w.trafficState.RemainingPadding > 0 { + w.trafficState.WithinPaddingBuffers = true + } else { + w.trafficState.WithinPaddingBuffers = false + } + } + if w.trafficState.NumberOfPacketToFilter > 0 { + XtlsFilterTls(buffer, w.trafficState, w.ctx) + } + } + return buffer, err +} + +// VisionWriter is used to write xtls vision protocol +// Note Vision probably only make sense as the inner most layer of writer, since it need assess traffic state from origin proxy traffic +type VisionWriter struct { + buf.Writer + trafficState *TrafficState + ctx context.Context + writeOnceUserUUID []byte +} + +func NewVisionWriter(writer buf.Writer, state *TrafficState, context context.Context) *VisionWriter { + w := make([]byte, len(state.UserUUID)) + copy(w, state.UserUUID) + return &VisionWriter{ + Writer: writer, + trafficState: state, + ctx: context, + writeOnceUserUUID: w, + } +} + +func (w *VisionWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { + if w.trafficState.NumberOfPacketToFilter > 0 { + XtlsFilterTls(mb, w.trafficState, w.ctx) + } + if w.trafficState.IsPadding { + if len(mb) == 1 && mb[0] == nil { + mb[0] = XtlsPadding(nil, CommandPaddingContinue, &w.writeOnceUserUUID, true, w.ctx) // we do a long padding to hide vless header + return w.Writer.WriteMultiBuffer(mb) + } + mb = ReshapeMultiBuffer(w.ctx, mb) + longPadding := w.trafficState.IsTLS + for i, b := range mb { + if w.trafficState.IsTLS && b.Len() >= 6 && bytes.Equal(TlsApplicationDataStart, b.BytesTo(3)) { + if w.trafficState.EnableXtls { + w.trafficState.WriterSwitchToDirectCopy = true + } + var command byte = CommandPaddingContinue + if i == len(mb) - 1 { + command = CommandPaddingEnd + if w.trafficState.EnableXtls { + command = CommandPaddingDirect + } + } + mb[i] = XtlsPadding(b, command, &w.writeOnceUserUUID, true, w.ctx) + w.trafficState.IsPadding = false // padding going to end + longPadding = false + continue + } else if !w.trafficState.IsTLS12orAbove && w.trafficState.NumberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early + w.trafficState.IsPadding = false + mb[i] = XtlsPadding(b, CommandPaddingEnd, &w.writeOnceUserUUID, longPadding, w.ctx) + break + } + var command byte = CommandPaddingContinue + if i == len(mb) - 1 && !w.trafficState.IsPadding { + command = CommandPaddingEnd + if w.trafficState.EnableXtls { + command = CommandPaddingDirect + } + } + mb[i] = XtlsPadding(b, command, &w.writeOnceUserUUID, longPadding, w.ctx) + } + } + return w.Writer.WriteMultiBuffer(mb) +} + +// ReshapeMultiBuffer prepare multi buffer for padding stucture (max 21 bytes) +func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBuffer { + needReshape := 0 + for _, b := range buffer { + if b.Len() >= buf.Size-21 { + needReshape += 1 + } + } + if needReshape == 0 { + return buffer + } + mb2 := make(buf.MultiBuffer, 0, len(buffer)+needReshape) + toPrint := "" + for i, buffer1 := range buffer { + if buffer1.Len() >= buf.Size-21 { + index := int32(bytes.LastIndex(buffer1.Bytes(), TlsApplicationDataStart)) + if index <= 0 || index > buf.Size-21 { + index = buf.Size / 2 + } + buffer2 := buf.New() + buffer2.Write(buffer1.BytesFrom(index)) + buffer1.Resize(0, index) + mb2 = append(mb2, buffer1, buffer2) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) + } else { + mb2 = append(mb2, buffer1) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) + } + buffer[i] = nil + } + buffer = buffer[:0] + newError("ReshapeMultiBuffer ", toPrint).WriteToLog(session.ExportIDToError(ctx)) + return mb2 +} + +// XtlsPadding add padding to eliminate length siganature during tls handshake +func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { + var contentLen int32 = 0 + var paddingLen int32 = 0 + if b != nil { + contentLen = b.Len() + } + if contentLen < 900 && longPadding { + l, err := rand.Int(rand.Reader, big.NewInt(500)) + if err != nil { + newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + paddingLen = int32(l.Int64()) + 900 - contentLen + } else { + l, err := rand.Int(rand.Reader, big.NewInt(256)) + if err != nil { + newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + paddingLen = int32(l.Int64()) + } + if paddingLen > buf.Size-21-contentLen { + paddingLen = buf.Size - 21 - contentLen + } + newbuffer := buf.New() + if userUUID != nil { + newbuffer.Write(*userUUID) + *userUUID = nil + } + newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) + if b != nil { + newbuffer.Write(b.Bytes()) + b.Release() + b = nil + } + newbuffer.Extend(paddingLen) + newError("XtlsPadding ", contentLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) + return newbuffer +} + +// XtlsUnpadding remove padding and parse command +func XtlsUnpadding(b *buf.Buffer, s *TrafficState, ctx context.Context) *buf.Buffer { + if s.RemainingCommand == -1 && s.RemainingContent == -1 && s.RemainingPadding == -1 { // inital state + if b.Len() >= 21 && bytes.Equal(s.UserUUID, b.BytesTo(16)) { + b.Advance(16) + s.RemainingCommand = 5 + } else { + return b + } + } + newbuffer := buf.New() + for b.Len() > 0 { + if s.RemainingCommand > 0 { + data, err := b.ReadByte() + if err != nil { + return newbuffer + } + switch s.RemainingCommand { + case 5: + s.CurrentCommand = int(data) + case 4: + s.RemainingContent = int32(data)<<8 + case 3: + s.RemainingContent = s.RemainingContent | int32(data) + case 2: + s.RemainingPadding = int32(data)<<8 + case 1: + s.RemainingPadding = s.RemainingPadding | int32(data) + newError("Xtls Unpadding new block, content ", s.RemainingContent, " padding ", s.RemainingPadding, " command ", s.CurrentCommand).WriteToLog(session.ExportIDToError(ctx)) + } + s.RemainingCommand-- + } else if s.RemainingContent > 0 { + len := s.RemainingContent + if b.Len() < len { + len = b.Len() + } + data, err := b.ReadBytes(len) + if err != nil { + return newbuffer + } + newbuffer.Write(data) + s.RemainingContent -= len + } else { // remainingPadding > 0 + len := s.RemainingPadding + if b.Len() < len { + len = b.Len() + } + b.Advance(len) + s.RemainingPadding -= len + } + if s.RemainingCommand <= 0 && s.RemainingContent <= 0 && s.RemainingPadding <= 0 { // this block done + if s.CurrentCommand == 0 { + s.RemainingCommand = 5 + } else { + s.RemainingCommand = -1 // set to initial state + s.RemainingContent = -1 + s.RemainingPadding = -1 + if b.Len() > 0 { // shouldn't happen + newbuffer.Write(b.Bytes()) + } + break + } + } + } + b.Release() + b = nil + return newbuffer +} + +// XtlsFilterTls filter and recognize tls 1.3 and other info +func XtlsFilterTls(buffer buf.MultiBuffer, trafficState *TrafficState, ctx context.Context) { + for _, b := range buffer { + if b == nil { + continue + } + trafficState.NumberOfPacketToFilter-- + if b.Len() >= 6 { + startsBytes := b.BytesTo(6) + if bytes.Equal(TlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == TlsHandshakeTypeServerHello { + trafficState.RemainingServerHello = (int32(startsBytes[3])<<8 | int32(startsBytes[4])) + 5 + trafficState.IsTLS12orAbove = true + trafficState.IsTLS = true + if b.Len() >= 79 && trafficState.RemainingServerHello >= 79 { + sessionIdLen := int32(b.Byte(43)) + cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3) + trafficState.Cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1]) + } else { + newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", trafficState.RemainingServerHello).WriteToLog(session.ExportIDToError(ctx)) + } + } else if bytes.Equal(TlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == TlsHandshakeTypeClientHello { + trafficState.IsTLS = true + newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + } + } + if trafficState.RemainingServerHello > 0 { + end := trafficState.RemainingServerHello + if end > b.Len() { + end = b.Len() + } + trafficState.RemainingServerHello -= b.Len() + if bytes.Contains(b.BytesTo(end), Tls13SupportedVersions) { + v, ok := Tls13CipherSuiteDic[trafficState.Cipher] + if !ok { + v = "Old cipher: " + strconv.FormatUint(uint64(trafficState.Cipher), 16) + } else if v != "TLS_AES_128_CCM_8_SHA256" { + trafficState.EnableXtls = true + } + newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) + trafficState.NumberOfPacketToFilter = 0 + return + } else if trafficState.RemainingServerHello <= 0 { + newError("XtlsFilterTls found tls 1.2! ", b.Len()).WriteToLog(session.ExportIDToError(ctx)) + trafficState.NumberOfPacketToFilter = 0 + return + } + newError("XtlsFilterTls inconclusive server hello ", b.Len(), " ", trafficState.RemainingServerHello).WriteToLog(session.ExportIDToError(ctx)) + } + if trafficState.NumberOfPacketToFilter <= 0 { + newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + } + } +} + // UnwrapRawConn support unwrap stats, tls, utls, reality and proxyproto conn and get raw tcp conn from it func UnwrapRawConn(conn net.Conn) (net.Conn, stats.Counter, stats.Counter) { var readCounter, writerCounter stats.Counter diff --git a/proxy/vless/encoding/addons.go b/proxy/vless/encoding/addons.go index fc8ddc2a2785..e3e5071b66a9 100644 --- a/proxy/vless/encoding/addons.go +++ b/proxy/vless/encoding/addons.go @@ -1,10 +1,12 @@ package encoding import ( + "context" "io" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/protocol" + "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/proxy/vless" "google.golang.org/protobuf/proto" ) @@ -58,14 +60,19 @@ func DecodeHeaderAddons(buffer *buf.Buffer, reader io.Reader) (*Addons, error) { } // EncodeBodyAddons returns a Writer that auto-encrypt content written by caller. -func EncodeBodyAddons(writer io.Writer, request *protocol.RequestHeader, addons *Addons) buf.Writer { - switch addons.Flow { - default: - if request.Command == protocol.RequestCommandUDP { - return NewMultiLengthPacketWriter(writer.(buf.Writer)) +func EncodeBodyAddons(writer io.Writer, request *protocol.RequestHeader, requestAddons *Addons, state *proxy.TrafficState, context context.Context) buf.Writer { + if request.Command == protocol.RequestCommandUDP { + w := writer.(buf.Writer) + if requestAddons.Flow == vless.XRV { + w = proxy.NewVisionWriter(w, state, context) } + return NewMultiLengthPacketWriter(w) + } + w := buf.NewWriter(writer) + if requestAddons.Flow == vless.XRV { + w = proxy.NewVisionWriter(w, state, context) } - return buf.NewWriter(writer) + return w } // DecodeBodyAddons returns a Reader from which caller can fetch decrypted body. diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 48bda4973d94..b7fb66f55a58 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -5,11 +5,7 @@ package encoding import ( "bytes" "context" - "crypto/rand" "io" - "math/big" - "strconv" - "time" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" @@ -26,30 +22,6 @@ const ( Version = byte(0) ) -var ( - tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} - tlsClientHandShakeStart = []byte{0x16, 0x03} - tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} - tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} - - Tls13CipherSuiteDic = map[uint16]string{ - 0x1301: "TLS_AES_128_GCM_SHA256", - 0x1302: "TLS_AES_256_GCM_SHA384", - 0x1303: "TLS_CHACHA20_POLY1305_SHA256", - 0x1304: "TLS_AES_128_CCM_SHA256", - 0x1305: "TLS_AES_128_CCM_8_SHA256", - } -) - -const ( - tlsHandshakeTypeClientHello byte = 0x01 - tlsHandshakeTypeServerHello byte = 0x02 - - CommandPaddingContinue byte = 0x00 - CommandPaddingEnd byte = 0x01 - CommandPaddingDirect byte = 0x02 -) - var addrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4), protocol.AddressFamilyByte(byte(protocol.AddressTypeDomain), net.AddressFamilyDomain), @@ -202,18 +174,11 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A } // XtlsRead filter and read xtls protocol -func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer, - ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, - isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, -) error { +func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer, trafficState *proxy.TrafficState, ctx context.Context) error { err := func() error { - withinPaddingBuffers := true - shouldSwitchToDirectCopy := false - var remainingContent int32 = -1 - var remainingPadding int32 = -1 - currentCommand := 0 + visionReader := proxy.NewVisionReader(reader, trafficState, ctx) for { - if shouldSwitchToDirectCopy { + if trafficState.ReaderSwitchToDirectCopy { var writerConn net.Conn if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil { writerConn = inbound.Conn @@ -223,44 +188,22 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } return proxy.CopyRawConnIfExist(ctx, conn, writerConn, writer, timer) } - buffer, err := reader.ReadMultiBuffer() + buffer, err := visionReader.ReadMultiBuffer() if !buffer.IsEmpty() { - if withinPaddingBuffers || *numberOfPacketToFilter > 0 { - buffer = XtlsUnpadding(ctx, buffer, userUUID, &remainingContent, &remainingPadding, ¤tCommand) - if remainingContent == 0 && remainingPadding == 0 { - if currentCommand == 1 { - withinPaddingBuffers = false - remainingContent = -1 - remainingPadding = -1 // set to initial state to parse the next padding - } else if currentCommand == 2 { - withinPaddingBuffers = false - shouldSwitchToDirectCopy = true - // XTLS Vision processes struct TLS Conn's input and rawInput - if inputBuffer, err := buf.ReadFrom(input); err == nil { - if !inputBuffer.IsEmpty() { - buffer, _ = buf.MergeMulti(buffer, inputBuffer) - } - } - if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil { - if !rawInputBuffer.IsEmpty() { - buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) - } - } - } else if currentCommand == 0 { - withinPaddingBuffers = true - } else { - newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) + timer.Update() + if trafficState.ReaderSwitchToDirectCopy { + // XTLS Vision processes struct TLS Conn's input and rawInput + if inputBuffer, err := buf.ReadFrom(input); err == nil { + if !inputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, inputBuffer) + } + } + if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil { + if !rawInputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) } - } else if remainingContent > 0 || remainingPadding > 0 { - withinPaddingBuffers = true - } else { - withinPaddingBuffers = false } } - if *numberOfPacketToFilter > 0 { - XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx) - } - timer.Update() if werr := writer.WriteMultiBuffer(buffer); werr != nil { return werr } @@ -277,68 +220,27 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } // XtlsWrite filter and write xtls protocol -func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, - ctx context.Context, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32, -) error { +func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, trafficState *proxy.TrafficState, ctx context.Context) error { err := func() error { var ct stats.Counter - isPadding := true - shouldSwitchToDirectCopy := false for { buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if *numberOfPacketToFilter > 0 { - XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx) + if trafficState.WriterSwitchToDirectCopy { + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.CanSpliceCopy == 2 { + inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter } - if isPadding { - buffer = ReshapeMultiBuffer(ctx, buffer) - var xtlsSpecIndex int - for i, b := range buffer { - if *isTLS && b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) { - var command byte = CommandPaddingEnd - if *enableXtls { - shouldSwitchToDirectCopy = true - xtlsSpecIndex = i - command = CommandPaddingDirect - } - isPadding = false - buffer[i] = XtlsPadding(b, command, nil, *isTLS, ctx) - break - } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early - isPadding = false - buffer[i] = XtlsPadding(b, CommandPaddingEnd, nil, *isTLS, ctx) - break - } - buffer[i] = XtlsPadding(b, CommandPaddingContinue, nil, *isTLS, ctx) - } - if shouldSwitchToDirectCopy { - encryptBuffer, directBuffer := buf.SplitMulti(buffer, xtlsSpecIndex+1) - if !encryptBuffer.IsEmpty() { - timer.Update() - if werr := writer.WriteMultiBuffer(encryptBuffer); werr != nil { - return werr - } - } - time.Sleep(5 * time.Millisecond) // for some device, the first xtls direct packet fails without this delay - - if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.CanSpliceCopy == 2 { - inbound.CanSpliceCopy = 1 // force the value to 1, don't use setter - } - buffer = directBuffer - rawConn, _, writerCounter := proxy.UnwrapRawConn(conn) - writer = buf.NewWriter(rawConn) - ct = writerCounter - } + rawConn, _, writerCounter := proxy.UnwrapRawConn(conn) + writer = buf.NewWriter(rawConn) + ct = writerCounter + trafficState.WriterSwitchToDirectCopy = false + } + if !buffer.IsEmpty() { + if ct != nil { + ct.Add(int64(buffer.Len())) } - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } + timer.Update() + if werr := writer.WriteMultiBuffer(buffer); werr != nil { + return werr } } if err != nil { @@ -351,201 +253,3 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate } return nil } - -// XtlsFilterTls filter and recognize tls 1.3 and other info -func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32, ctx context.Context, -) { - for _, b := range buffer { - *numberOfPacketToFilter-- - if b.Len() >= 6 { - startsBytes := b.BytesTo(6) - if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == tlsHandshakeTypeServerHello { - *remainingServerHello = (int32(startsBytes[3])<<8 | int32(startsBytes[4])) + 5 - *isTLS12orAbove = true - *isTLS = true - if b.Len() >= 79 && *remainingServerHello >= 79 { - sessionIdLen := int32(b.Byte(43)) - cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3) - *cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1]) - } else { - newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) - } - } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == tlsHandshakeTypeClientHello { - *isTLS = true - newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) - } - } - if *remainingServerHello > 0 { - end := *remainingServerHello - if end > b.Len() { - end = b.Len() - } - *remainingServerHello -= b.Len() - if bytes.Contains(b.BytesTo(end), tls13SupportedVersions) { - v, ok := Tls13CipherSuiteDic[*cipher] - if !ok { - v = "Old cipher: " + strconv.FormatUint(uint64(*cipher), 16) - } else if v != "TLS_AES_128_CCM_8_SHA256" { - *enableXtls = true - } - newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) - *numberOfPacketToFilter = 0 - return - } else if *remainingServerHello <= 0 { - newError("XtlsFilterTls found tls 1.2! ", b.Len()).WriteToLog(session.ExportIDToError(ctx)) - *numberOfPacketToFilter = 0 - return - } - newError("XtlsFilterTls inconclusive server hello ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) - } - if *numberOfPacketToFilter <= 0 { - newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) - } - } -} - -// ReshapeMultiBuffer prepare multi buffer for padding stucture (max 21 bytes) -func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBuffer { - needReshape := 0 - for _, b := range buffer { - if b.Len() >= buf.Size-21 { - needReshape += 1 - } - } - if needReshape == 0 { - return buffer - } - mb2 := make(buf.MultiBuffer, 0, len(buffer)+needReshape) - toPrint := "" - for i, buffer1 := range buffer { - if buffer1.Len() >= buf.Size-21 { - index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart)) - if index <= 0 || index > buf.Size-21 { - index = buf.Size / 2 - } - buffer2 := buf.New() - buffer2.Write(buffer1.BytesFrom(index)) - buffer1.Resize(0, index) - mb2 = append(mb2, buffer1, buffer2) - toPrint += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) - } else { - mb2 = append(mb2, buffer1) - toPrint += " " + strconv.Itoa(int(buffer1.Len())) - } - buffer[i] = nil - } - buffer = buffer[:0] - newError("ReshapeMultiBuffer ", toPrint).WriteToLog(session.ExportIDToError(ctx)) - return mb2 -} - -// XtlsPadding add padding to eliminate length siganature during tls handshake -func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { - var contentLen int32 = 0 - var paddingLen int32 = 0 - if b != nil { - contentLen = b.Len() - } - if contentLen < 900 && longPadding { - l, err := rand.Int(rand.Reader, big.NewInt(500)) - if err != nil { - newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - paddingLen = int32(l.Int64()) + 900 - contentLen - } else { - l, err := rand.Int(rand.Reader, big.NewInt(256)) - if err != nil { - newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - paddingLen = int32(l.Int64()) - } - if paddingLen > buf.Size-21-contentLen { - paddingLen = buf.Size - 21 - contentLen - } - newbuffer := buf.New() - if userUUID != nil { - newbuffer.Write(*userUUID) - *userUUID = nil - } - newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) - if b != nil { - newbuffer.Write(b.Bytes()) - b.Release() - b = nil - } - newbuffer.Extend(paddingLen) - newError("XtlsPadding ", contentLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) - return newbuffer -} - -// XtlsUnpadding remove padding and parse command -func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, remainingContent *int32, remainingPadding *int32, currentCommand *int) buf.MultiBuffer { - posindex := 0 - var posByte int32 = 0 - if *remainingContent == -1 && *remainingPadding == -1 { - for i, b := range buffer { - if b.Len() >= 21 && bytes.Equal(userUUID, b.BytesTo(16)) { - posindex = i - posByte = 16 - *remainingContent = 0 - *remainingPadding = 0 - *currentCommand = 0 - break - } - } - } - if *remainingContent == -1 && *remainingPadding == -1 { - return buffer - } - mb2 := make(buf.MultiBuffer, 0, len(buffer)) - for i := 0; i < posindex; i++ { - newbuffer := buf.New() - newbuffer.Write(buffer[i].Bytes()) - mb2 = append(mb2, newbuffer) - } - for i := posindex; i < len(buffer); i++ { - b := buffer[i] - for posByte < b.Len() { - if *remainingContent <= 0 && *remainingPadding <= 0 { - if *currentCommand == 1 { // possible buffer after padding, no need to worry about xtls (command 2) - len := b.Len() - posByte - newbuffer := buf.New() - newbuffer.Write(b.BytesRange(posByte, posByte+len)) - mb2 = append(mb2, newbuffer) - posByte += len - } else { - paddingInfo := b.BytesRange(posByte, posByte+5) - *currentCommand = int(paddingInfo[0]) - *remainingContent = int32(paddingInfo[1])<<8 | int32(paddingInfo[2]) - *remainingPadding = int32(paddingInfo[3])<<8 | int32(paddingInfo[4]) - newError("Xtls Unpadding new block", i, " ", posByte, " content ", *remainingContent, " padding ", *remainingPadding, " ", paddingInfo[0]).WriteToLog(session.ExportIDToError(ctx)) - posByte += 5 - } - } else if *remainingContent > 0 { - len := *remainingContent - if b.Len() < posByte+*remainingContent { - len = b.Len() - posByte - } - newbuffer := buf.New() - newbuffer.Write(b.BytesRange(posByte, posByte+len)) - mb2 = append(mb2, newbuffer) - *remainingContent -= len - posByte += len - } else { // remainingPadding > 0 - len := *remainingPadding - if b.Len() < posByte+*remainingPadding { - len = b.Len() - posByte - } - *remainingPadding -= len - posByte += len - } - if posByte == b.Len() { - posByte = 0 - break - } - } - } - buf.ReleaseMulti(buffer) - return mb2 -} diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 388aeecbd06d..4cd3fcb1b4b0 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -28,6 +28,7 @@ import ( feature_inbound "github.com/xtls/xray-core/features/inbound" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" + "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport/internet/reality" @@ -510,13 +511,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s serverReader := link.Reader // .(*pipe.Reader) serverWriter := link.Writer // .(*pipe.Writer) - enableXtls := false - isTLS12orAbove := false - isTLS := false - var cipher uint16 = 0 - var remainingServerHello int32 = -1 - numberOfPacketToFilter := 8 - + trafficState := proxy.NewTrafficState(account.ID.Bytes()) postRequest := func() error { defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly) @@ -527,8 +522,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if requestAddons.Flow == vless.XRV { ctx1 := session.ContextWithInbound(ctx, nil) // TODO enable splice - err = encoding.XtlsRead(clientReader, serverWriter, timer, connection, input, rawInput, ctx1, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(clientReader, serverWriter, timer, connection, input, rawInput, trafficState, ctx1) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) @@ -550,19 +544,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } // default: clientWriter := bufferWriter - clientWriter := encoding.EncodeBodyAddons(bufferWriter, request, responseAddons) - userUUID := account.ID.Bytes() + clientWriter := encoding.EncodeBodyAddons(bufferWriter, request, requestAddons, trafficState, ctx) multiBuffer, err1 := serverReader.ReadMultiBuffer() if err1 != nil { return err1 // ... } - if requestAddons.Flow == vless.XRV { - encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) - } - } if err := clientWriter.WriteMultiBuffer(multiBuffer); err != nil { return err // ... } @@ -573,8 +559,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var err error if requestAddons.Flow == vless.XRV { - err = encoding.XtlsWrite(serverReader, clientWriter, timer, connection, ctx, &numberOfPacketToFilter, - &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsWrite(serverReader, clientWriter, timer, connection, trafficState, ctx) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index bc2e662569ec..cd30617c613b 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -22,6 +22,7 @@ import ( "github.com/xtls/xray-core/common/xudp" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" + "github.com/xtls/xray-core/proxy" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport" @@ -183,13 +184,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte clientReader := link.Reader // .(*pipe.Reader) clientWriter := link.Writer // .(*pipe.Writer) - enableXtls := false - isTLS12orAbove := false - isTLS := false - var cipher uint16 = 0 - var remainingServerHello int32 = -1 - numberOfPacketToFilter := 8 - + trafficState := proxy.NewTrafficState(account.ID.Bytes()) if request.Command == protocol.RequestCommandUDP && h.cone && request.Port != 53 && request.Port != 443 { request.Command = protocol.RequestCommandMux request.Address = net.DomainAddress("v1.mux.cool") @@ -205,22 +200,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } // default: serverWriter := bufferWriter - serverWriter := encoding.EncodeBodyAddons(bufferWriter, request, requestAddons) + serverWriter := encoding.EncodeBodyAddons(bufferWriter, request, requestAddons, trafficState, ctx) if request.Command == protocol.RequestCommandMux && request.Port == 666 { serverWriter = xudp.NewPacketWriter(serverWriter, target, xudp.GetGlobalID(ctx)) } - userUUID := account.ID.Bytes() timeoutReader, ok := clientReader.(buf.TimeoutReader) if ok { multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond * 500) if err1 == nil { - if requestAddons.Flow == vless.XRV { - encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) - } - } if err := serverWriter.WriteMultiBuffer(multiBuffer); err != nil { return err // ... } @@ -228,10 +215,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return err1 } else if requestAddons.Flow == vless.XRV { mb := make(buf.MultiBuffer, 1) - mb[0] = encoding.XtlsPadding(nil, encoding.CommandPaddingContinue, &userUUID, true, ctx) // we do a long padding to hide vless header newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx)) if err := serverWriter.WriteMultiBuffer(mb); err != nil { - return err + return err // ... } } } else { @@ -254,8 +240,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } } ctx1 := session.ContextWithOutbound(ctx, nil) // TODO enable splice - err = encoding.XtlsWrite(clientReader, serverWriter, timer, conn, ctx1, &numberOfPacketToFilter, - &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsWrite(clientReader, serverWriter, timer, conn, trafficState, ctx1) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) @@ -286,8 +271,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, conn, input, rawInput, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(serverReader, clientWriter, timer, conn, input, rawInput, trafficState, ctx) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) From 490591efcc04fa27719d4f995e37580a971f2352 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 00:16:02 +0000 Subject: [PATCH 217/226] Bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b7a3292b5306..39d0ef31d72f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: type=ref,event=pr type=semver,pattern={{version}} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} From 852a7d41620bf8a16c113eddb22e47ba89cf9a3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 00:16:05 +0000 Subject: [PATCH 218/226] Bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 39d0ef31d72f..a35d2b70aa01 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -33,7 +33,7 @@ jobs: name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build and push uses: docker/build-push-action@v4 with: From 850f617a6f940d026d34ffad92755c761caf34d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 00:16:09 +0000 Subject: [PATCH 219/226] Bump docker/build-push-action from 4 to 5 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a35d2b70aa01..0ced18da0b82 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,7 +35,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 From e66797e79a95871a1937bd366ce17821e9945b5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 00:16:13 +0000 Subject: [PATCH 220/226] Bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 0ced18da0b82..d3c157caa1dc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -31,7 +31,7 @@ jobs: - # Add support for more platforms with QEMU (optional) # https://github.com/docker/setup-qemu-action name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push From 92bec537f1d7b7dd414e00d947694adc7b0fef4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 00:16:17 +0000 Subject: [PATCH 221/226] Bump docker/metadata-action from 4 to 5 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d3c157caa1dc..b839d9863a33 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v4 - name: Docker metadata id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository_owner }}/xray-core flavor: latest=true From 585d5ba7c8b64f6da60837546a70bbcfd2350c64 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 17 Sep 2023 12:55:54 -0400 Subject: [PATCH 222/226] Fix Vision reader --- proxy/proxy.go | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/proxy/proxy.go b/proxy/proxy.go index 142acb776fea..f07af8c37c6d 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -159,21 +159,15 @@ func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) { } } buffer = mb2 - if w.trafficState.RemainingContent == 0 && w.trafficState.RemainingPadding == 0 { - if w.trafficState.CurrentCommand == 1 { - w.trafficState.WithinPaddingBuffers = false - } else if w.trafficState.CurrentCommand == 2 { - w.trafficState.WithinPaddingBuffers = false - w.trafficState.ReaderSwitchToDirectCopy = true - } else if w.trafficState.CurrentCommand == 0 { - w.trafficState.WithinPaddingBuffers = true - } else { - newError("XtlsRead unknown command ", w.trafficState.CurrentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(w.ctx)) - } - } else if w.trafficState.RemainingContent > 0 || w.trafficState.RemainingPadding > 0 { + if w.trafficState.RemainingContent > 0 || w.trafficState.RemainingPadding > 0 || w.trafficState.CurrentCommand == 0 { w.trafficState.WithinPaddingBuffers = true - } else { + } else if w.trafficState.CurrentCommand == 1 { w.trafficState.WithinPaddingBuffers = false + } else if w.trafficState.CurrentCommand == 2 { + w.trafficState.WithinPaddingBuffers = false + w.trafficState.ReaderSwitchToDirectCopy = true + } else { + newError("XtlsRead unknown command ", w.trafficState.CurrentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(w.ctx)) } } if w.trafficState.NumberOfPacketToFilter > 0 { From 8b0b8793ed4d3be9a1baa2911f4b149d82aae574 Mon Sep 17 00:00:00 2001 From: 0xland <98829546+0xland@users.noreply.github.com> Date: Mon, 18 Sep 2023 03:35:42 +0100 Subject: [PATCH 223/226] Add Streisand to README/GUI Clients --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ecf67e7df83c..a91c4373afcc 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ - iOS & macOS arm64 - [Mango](https://github.com/arror/Mango) - [FoXray](https://apps.apple.com/app/foxray/id6448898396) + - [Streisand](https://apps.apple.com/app/streisand/id6450534064) - macOS arm64 & x64 - [V2rayU](https://github.com/yanue/V2rayU) - [V2RayXS](https://github.com/tzmax/V2RayXS) From 444db2acfffa82b85f94aada2a8092ace07349e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Sep 2023 00:57:24 +0000 Subject: [PATCH 224/226] Bump golang.org/x/crypto from 0.12.0 to 0.13.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/crypto/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 711b8e4778b0..beb23f1fba60 100644 --- a/go.mod +++ b/go.mod @@ -20,10 +20,10 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6 go4.org/netipx v0.0.0-20230824141953-6213f710f925 - golang.org/x/crypto v0.12.0 + golang.org/x/crypto v0.13.0 golang.org/x/net v0.14.0 golang.org/x/sync v0.3.0 - golang.org/x/sys v0.11.0 + golang.org/x/sys v0.12.0 google.golang.org/grpc v1.57.0 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20230822212503-5bf4e5f98744 @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.11.0 // indirect golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.12.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect diff --git a/go.sum b/go.sum index 71abf7478027..36d47ce3fdbe 100644 --- a/go.sum +++ b/go.sum @@ -180,8 +180,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY= golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= @@ -227,14 +227,14 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From 6ec82a6792dd89893b5b64eb4d1696bd8eb72cf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Sep 2023 15:04:04 +0000 Subject: [PATCH 225/226] Bump github.com/miekg/dns from 1.1.55 to 1.1.56 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.55 to 1.1.56. - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.55...v1.1.56) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index beb23f1fba60..137b090fc19d 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.55 + github.com/miekg/dns v1.1.56 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.38.1 @@ -21,7 +21,7 @@ require ( github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6 go4.org/netipx v0.0.0-20230824141953-6213f710f925 golang.org/x/crypto v0.13.0 - golang.org/x/net v0.14.0 + golang.org/x/net v0.15.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.12.0 google.golang.org/grpc v1.57.0 @@ -52,7 +52,7 @@ require ( golang.org/x/mod v0.12.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.12.0 // indirect + golang.org/x/tools v0.13.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 36d47ce3fdbe..bb87c79f83f8 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE= +github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -202,8 +202,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -246,8 +246,8 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 36321b8750846eaf1e64747cc0be88878edc0e76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Sep 2023 15:04:05 +0000 Subject: [PATCH 226/226] Bump google.golang.org/grpc from 1.57.0 to 1.58.1 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.58.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.58.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 137b090fc19d..e98a6f116a99 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/net v0.15.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.12.0 - google.golang.org/grpc v1.57.0 + google.golang.org/grpc v1.58.1 google.golang.org/protobuf v1.31.0 gvisor.dev/gvisor v0.0.0-20230822212503-5bf4e5f98744 h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index bb87c79f83f8..d4b097b9fc9e 100644 --- a/go.sum +++ b/go.sum @@ -270,8 +270,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= -google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58= +google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=