From 2e942e03036a7d06ff058130f6572a0a7cd3b892 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+rprx@users.noreply.github.com> Date: Mon, 14 Dec 2020 17:05:15 +0800 Subject: [PATCH] Fix Trojan XTLS --- infra/conf/trojan.go | 19 ++++++++++++++++++ proxy/trojan/client.go | 43 ++++++++++++++++++++-------------------- proxy/trojan/protocol.go | 10 +++++----- proxy/trojan/server.go | 9 ++++----- 4 files changed, 50 insertions(+), 31 deletions(-) diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index 0412be6c..1e5e8e89 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -52,6 +52,17 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) { Password: rec.Password, Flow: rec.Flow, } + + switch account.Flow { + case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443": + case "xtls-rprx-splice", "xtls-rprx-splice-udp443": + if runtime.GOOS != "linux" && runtime.GOOS != "android" { + return nil, newError(`Trojan servers: "` + account.Flow + `" only support linux in this version`) + } + default: + return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`) + } + trojan := &protocol.ServerEndpoint{ Address: rec.Address.Build(), Port: uint32(rec.Port), @@ -107,6 +118,14 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) { Flow: rawUser.Flow, } + switch account.Flow { + case "", "xtls-rprx-origin", "xtls-rprx-direct": + case "xtls-rprx-splice": + return nil, newError(`Trojan clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) + default: + return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`) + } + user.Email = rawUser.Email user.Level = uint32(rawUser.Level) user.Account = serial.ToTypedMessage(account) diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 4fbca91b..f3122fea 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -79,62 +79,63 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter defer conn.Close() - user := server.PickUser() - account, ok := user.Account.(*MemoryAccount) - if !ok { - return newError("user account is not valid") - } - iConn := conn statConn, ok := iConn.(*internet.StatCouterConnection) if ok { iConn = statConn.Connection } + user := server.PickUser() + account, ok := user.Account.(*MemoryAccount) + if !ok { + return newError("user account is not valid") + } + + connWriter := &ConnWriter{ + Flow: account.Flow, + } + var rawConn syscall.RawConn var sctx context.Context - connWriter := &ConnWriter{} allowUDP443 := false - switch account.Flow { + switch connWriter.Flow { case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443": allowUDP443 = true - account.Flow = account.Flow[:16] + connWriter.Flow = connWriter.Flow[:16] fallthrough case XRO, XRD, XRS: if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(account.Flow + " doesn't support Mux").AtWarning() + return newError(connWriter.Flow + " doesn't support Mux").AtWarning() } if destination.Network == net.Network_UDP { if !allowUDP443 && destination.Port == 443 { - return newError(account.Flow + " stopped UDP/443").AtInfo() + return newError(connWriter.Flow + " stopped UDP/443").AtInfo() } + connWriter.Flow = "" } else { // enable XTLS only if making TCP request if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true - xtlsConn.SHOW = trojanXTLSShow + xtlsConn.SHOW = xtls_show xtlsConn.MARK = "XTLS" - if account.Flow == XRS { + if connWriter.Flow == XRS { sctx = ctx - account.Flow = XRD + connWriter.Flow = XRD } - if account.Flow == XRD { + if connWriter.Flow == XRD { xtlsConn.DirectMode = true if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } } - connWriter.Flow = account.Flow } else { - return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning() + return newError(`failed to use ` + connWriter.Flow + `, maybe "security" is not "xtls"`).AtWarning() } } - case "": + default: if _, ok := iConn.(*xtls.Conn); ok { panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`) } - default: - return newError("unsupported flow " + account.Flow).AtWarning() } sessionPolicy := c.policyManager.ForLevel(user.Level) @@ -211,6 +212,6 @@ func init() { xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) if xtlsShow == "true" { - trojanXTLSShow = true + xtls_show = true } } diff --git a/proxy/trojan/protocol.go b/proxy/trojan/protocol.go index 739bc137..e6bd65d5 100644 --- a/proxy/trojan/protocol.go +++ b/proxy/trojan/protocol.go @@ -28,7 +28,7 @@ var ( protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain), ) - trojanXTLSShow = false + xtls_show = false ) const ( @@ -90,10 +90,10 @@ func (c *ConnWriter) writeHeader() error { command := commandTCP if c.Target.Network == net.Network_UDP { command = commandUDP - } else if c.Flow == XRO { - command = commandXRO } else if c.Flow == XRD { command = commandXRD + } else if c.Flow == XRO { + command = commandXRO } if _, err := buffer.Write(c.Account.Key); err != nil { @@ -211,10 +211,10 @@ func (c *ConnReader) ParseHeader() error { network := net.Network_TCP if command[0] == commandUDP { network = net.Network_UDP - } else if command[0] == commandXRO { - c.Flow = XRO } else if command[0] == commandXRD { c.Flow = XRD + } else if command[0] == commandXRO { + c.Flow = XRO } addr, port, err := addrParser.ReadAddressPort(nil, c.Reader) diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 1a1f608c..b43af83b 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -38,7 +38,7 @@ func init() { xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) if xtlsShow == "true" { - trojanXTLSShow = true + xtls_show = true } } @@ -219,7 +219,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet } if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true - xtlsConn.SHOW = trojanXTLSShow + xtlsConn.SHOW = xtls_show + xtlsConn.MARK = "XTLS" if clientReader.Flow == XRD { xtlsConn.DirectMode = true if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { @@ -230,11 +231,9 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning() } } else { - return newError("unable to use ", clientReader.Flow).AtWarning() + return newError(account.Password + " is not able to use " + clientReader.Flow).AtWarning() } case "": - default: - return newError("unsupported flow " + account.Flow).AtWarning() } ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{