mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-12-23 22:19:49 +00:00
XTLS protocol: Apply Vision's padding to XUDP Mux & Minor fixes
It's recommended to enable XUDP Mux when using XTLS Vision Thank @yuhan6665 for testing
This commit is contained in:
parent
b4c1a56026
commit
242f3b0e0b
@ -21,6 +21,7 @@ import (
|
||||
"github.com/xtls/xray-core/common/signal"
|
||||
"github.com/xtls/xray-core/features/stats"
|
||||
"github.com/xtls/xray-core/proxy/vless"
|
||||
"github.com/xtls/xray-core/transport/internet/reality"
|
||||
"github.com/xtls/xray-core/transport/internet/stat"
|
||||
"github.com/xtls/xray-core/transport/internet/tls"
|
||||
)
|
||||
@ -227,8 +228,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater
|
||||
if ok {
|
||||
iConn = statConn.Connection
|
||||
}
|
||||
if xc, ok := iConn.(*tls.Conn); ok {
|
||||
iConn = xc.NetConn()
|
||||
if tlsConn, ok := iConn.(*tls.Conn); ok {
|
||||
iConn = tlsConn.NetConn()
|
||||
} else if realityConn, ok := iConn.(*reality.Conn); ok {
|
||||
iConn = realityConn.NetConn()
|
||||
}
|
||||
if tc, ok := iConn.(*net.TCPConn); ok {
|
||||
newError("XtlsRead splice").WriteToLog(session.ExportIDToError(ctx))
|
||||
|
@ -456,10 +456,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
||||
case vless.XRV:
|
||||
if account.Flow == requestAddons.Flow {
|
||||
switch request.Command {
|
||||
case protocol.RequestCommandMux:
|
||||
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
||||
case protocol.RequestCommandUDP:
|
||||
return newError(requestAddons.Flow + " doesn't support UDP").AtWarning()
|
||||
case protocol.RequestCommandMux:
|
||||
fallthrough // we will break Mux connections that contain TCP requests
|
||||
case protocol.RequestCommandTCP:
|
||||
var t reflect.Type
|
||||
var p uintptr
|
||||
@ -474,10 +474,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
||||
netConn = realityConn.NetConn()
|
||||
t = reflect.TypeOf(realityConn.Conn).Elem()
|
||||
p = uintptr(unsafe.Pointer(realityConn.Conn))
|
||||
} else if _, ok := iConn.(*tls.UConn); ok {
|
||||
return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning()
|
||||
} else {
|
||||
return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning()
|
||||
return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning()
|
||||
}
|
||||
if pc, ok := netConn.(*proxyproto.Conn); ok {
|
||||
netConn = pc.Raw()
|
||||
@ -495,7 +493,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
||||
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
|
||||
}
|
||||
case "":
|
||||
if account.Flow == vless.XRV && request.Command == protocol.RequestCommandTCP {
|
||||
if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) {
|
||||
return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning()
|
||||
}
|
||||
default:
|
||||
|
@ -135,13 +135,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
||||
fallthrough
|
||||
case vless.XRV:
|
||||
switch request.Command {
|
||||
case protocol.RequestCommandMux:
|
||||
requestAddons.Flow = "" // let server break Mux connections that contain TCP requests
|
||||
case protocol.RequestCommandUDP:
|
||||
if !allowUDP443 && request.Port == 443 {
|
||||
return newError("XTLS rejected UDP/443 traffic").AtInfo()
|
||||
}
|
||||
requestAddons.Flow = ""
|
||||
case protocol.RequestCommandMux:
|
||||
fallthrough // let server break Mux connections that contain TCP requests
|
||||
case protocol.RequestCommandTCP:
|
||||
var t reflect.Type
|
||||
var p uintptr
|
||||
@ -158,7 +158,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
||||
t = reflect.TypeOf(realityConn.Conn).Elem()
|
||||
p = uintptr(unsafe.Pointer(realityConn.Conn))
|
||||
} else {
|
||||
return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning()
|
||||
return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning()
|
||||
}
|
||||
if sc, ok := netConn.(syscall.Conn); ok {
|
||||
rawConn, _ = sc.SyscallConn()
|
||||
|
Loading…
Reference in New Issue
Block a user