mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-27 01:13:01 +00:00
Enforce specific none flow for xtls vision
In the past, when user open xtls vision on the server side, plain vless+tls can connect. Pure tls is known to have certain tls in tls characters. Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
This commit is contained in:
parent
1d7c40d728
commit
2e30093ffd
@ -4,6 +4,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"runtime"
|
"runtime"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"github.com/golang/protobuf/proto"
|
"github.com/golang/protobuf/proto"
|
||||||
@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
|
|||||||
}
|
}
|
||||||
account.Id = u.String()
|
account.Id = u.String()
|
||||||
|
|
||||||
switch account.Flow {
|
accountFlow := account.Flow
|
||||||
|
flows := strings.Split(account.Flow, ",")
|
||||||
|
for _, f := range flows {
|
||||||
|
t := strings.TrimSpace(f)
|
||||||
|
if t != "none" {
|
||||||
|
accountFlow = t
|
||||||
|
}
|
||||||
|
}
|
||||||
|
switch accountFlow {
|
||||||
case "", vless.XRO, vless.XRD, vless.XRV:
|
case "", vless.XRO, vless.XRD, vless.XRV:
|
||||||
case vless.XRS:
|
case vless.XRS:
|
||||||
return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
|
return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
|
||||||
|
@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||||||
|
|
||||||
var netConn net.Conn
|
var netConn net.Conn
|
||||||
var rawConn syscall.RawConn
|
var rawConn syscall.RawConn
|
||||||
|
allowNoneFlow := false
|
||||||
|
accountFlow := account.Flow
|
||||||
|
flows := strings.Split(account.Flow, ",")
|
||||||
|
for _, f := range flows {
|
||||||
|
t := strings.TrimSpace(f)
|
||||||
|
if t == "none" {
|
||||||
|
allowNoneFlow = true
|
||||||
|
} else {
|
||||||
|
accountFlow = t
|
||||||
|
}
|
||||||
|
}
|
||||||
switch requestAddons.Flow {
|
switch requestAddons.Flow {
|
||||||
case vless.XRO, vless.XRD, vless.XRV:
|
case vless.XRO, vless.XRD, vless.XRV:
|
||||||
if account.Flow == requestAddons.Flow {
|
if accountFlow == requestAddons.Flow {
|
||||||
switch request.Command {
|
switch request.Command {
|
||||||
case protocol.RequestCommandMux:
|
case protocol.RequestCommandMux:
|
||||||
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
||||||
@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||||||
} else {
|
} else {
|
||||||
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
|
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
|
||||||
}
|
}
|
||||||
case "":
|
case "", "none":
|
||||||
|
if accountFlow == vless.XRV && !allowNoneFlow {
|
||||||
|
return newError(account.ID.String() + " is not able to use " + vless.XRV +
|
||||||
|
". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
return newError("unknown request flow " + requestAddons.Flow).AtWarning()
|
return newError("unknown request flow " + requestAddons.Flow).AtWarning()
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user