mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-04 14:13:03 +00:00
Fix Trojan XTLS
This commit is contained in:
parent
decb012f9d
commit
2e942e0303
@ -52,6 +52,17 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) {
|
|||||||
Password: rec.Password,
|
Password: rec.Password,
|
||||||
Flow: rec.Flow,
|
Flow: rec.Flow,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch account.Flow {
|
||||||
|
case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443":
|
||||||
|
case "xtls-rprx-splice", "xtls-rprx-splice-udp443":
|
||||||
|
if runtime.GOOS != "linux" && runtime.GOOS != "android" {
|
||||||
|
return nil, newError(`Trojan servers: "` + account.Flow + `" only support linux in this version`)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`)
|
||||||
|
}
|
||||||
|
|
||||||
trojan := &protocol.ServerEndpoint{
|
trojan := &protocol.ServerEndpoint{
|
||||||
Address: rec.Address.Build(),
|
Address: rec.Address.Build(),
|
||||||
Port: uint32(rec.Port),
|
Port: uint32(rec.Port),
|
||||||
@ -107,6 +118,14 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) {
|
|||||||
Flow: rawUser.Flow,
|
Flow: rawUser.Flow,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch account.Flow {
|
||||||
|
case "", "xtls-rprx-origin", "xtls-rprx-direct":
|
||||||
|
case "xtls-rprx-splice":
|
||||||
|
return nil, newError(`Trojan clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
|
||||||
|
default:
|
||||||
|
return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`)
|
||||||
|
}
|
||||||
|
|
||||||
user.Email = rawUser.Email
|
user.Email = rawUser.Email
|
||||||
user.Level = uint32(rawUser.Level)
|
user.Level = uint32(rawUser.Level)
|
||||||
user.Account = serial.ToTypedMessage(account)
|
user.Account = serial.ToTypedMessage(account)
|
||||||
|
@ -79,62 +79,63 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
|
|||||||
|
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
|
|
||||||
user := server.PickUser()
|
|
||||||
account, ok := user.Account.(*MemoryAccount)
|
|
||||||
if !ok {
|
|
||||||
return newError("user account is not valid")
|
|
||||||
}
|
|
||||||
|
|
||||||
iConn := conn
|
iConn := conn
|
||||||
statConn, ok := iConn.(*internet.StatCouterConnection)
|
statConn, ok := iConn.(*internet.StatCouterConnection)
|
||||||
if ok {
|
if ok {
|
||||||
iConn = statConn.Connection
|
iConn = statConn.Connection
|
||||||
}
|
}
|
||||||
|
|
||||||
|
user := server.PickUser()
|
||||||
|
account, ok := user.Account.(*MemoryAccount)
|
||||||
|
if !ok {
|
||||||
|
return newError("user account is not valid")
|
||||||
|
}
|
||||||
|
|
||||||
|
connWriter := &ConnWriter{
|
||||||
|
Flow: account.Flow,
|
||||||
|
}
|
||||||
|
|
||||||
var rawConn syscall.RawConn
|
var rawConn syscall.RawConn
|
||||||
var sctx context.Context
|
var sctx context.Context
|
||||||
|
|
||||||
connWriter := &ConnWriter{}
|
|
||||||
allowUDP443 := false
|
allowUDP443 := false
|
||||||
switch account.Flow {
|
switch connWriter.Flow {
|
||||||
case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443":
|
case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443":
|
||||||
allowUDP443 = true
|
allowUDP443 = true
|
||||||
account.Flow = account.Flow[:16]
|
connWriter.Flow = connWriter.Flow[:16]
|
||||||
fallthrough
|
fallthrough
|
||||||
case XRO, XRD, XRS:
|
case XRO, XRD, XRS:
|
||||||
if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
|
if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
|
||||||
return newError(account.Flow + " doesn't support Mux").AtWarning()
|
return newError(connWriter.Flow + " doesn't support Mux").AtWarning()
|
||||||
}
|
}
|
||||||
if destination.Network == net.Network_UDP {
|
if destination.Network == net.Network_UDP {
|
||||||
if !allowUDP443 && destination.Port == 443 {
|
if !allowUDP443 && destination.Port == 443 {
|
||||||
return newError(account.Flow + " stopped UDP/443").AtInfo()
|
return newError(connWriter.Flow + " stopped UDP/443").AtInfo()
|
||||||
}
|
}
|
||||||
|
connWriter.Flow = ""
|
||||||
} else { // enable XTLS only if making TCP request
|
} else { // enable XTLS only if making TCP request
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
||||||
xtlsConn.RPRX = true
|
xtlsConn.RPRX = true
|
||||||
xtlsConn.SHOW = trojanXTLSShow
|
xtlsConn.SHOW = xtls_show
|
||||||
xtlsConn.MARK = "XTLS"
|
xtlsConn.MARK = "XTLS"
|
||||||
if account.Flow == XRS {
|
if connWriter.Flow == XRS {
|
||||||
sctx = ctx
|
sctx = ctx
|
||||||
account.Flow = XRD
|
connWriter.Flow = XRD
|
||||||
}
|
}
|
||||||
if account.Flow == XRD {
|
if connWriter.Flow == XRD {
|
||||||
xtlsConn.DirectMode = true
|
xtlsConn.DirectMode = true
|
||||||
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
||||||
rawConn, _ = sc.SyscallConn()
|
rawConn, _ = sc.SyscallConn()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
connWriter.Flow = account.Flow
|
|
||||||
} else {
|
} else {
|
||||||
return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
return newError(`failed to use ` + connWriter.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
case "":
|
default:
|
||||||
if _, ok := iConn.(*xtls.Conn); ok {
|
if _, ok := iConn.(*xtls.Conn); ok {
|
||||||
panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`)
|
panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`)
|
||||||
}
|
}
|
||||||
default:
|
|
||||||
return newError("unsupported flow " + account.Flow).AtWarning()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sessionPolicy := c.policyManager.ForLevel(user.Level)
|
sessionPolicy := c.policyManager.ForLevel(user.Level)
|
||||||
@ -211,6 +212,6 @@ func init() {
|
|||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
||||||
if xtlsShow == "true" {
|
if xtlsShow == "true" {
|
||||||
trojanXTLSShow = true
|
xtls_show = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@ var (
|
|||||||
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
|
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
|
||||||
)
|
)
|
||||||
|
|
||||||
trojanXTLSShow = false
|
xtls_show = false
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -90,10 +90,10 @@ func (c *ConnWriter) writeHeader() error {
|
|||||||
command := commandTCP
|
command := commandTCP
|
||||||
if c.Target.Network == net.Network_UDP {
|
if c.Target.Network == net.Network_UDP {
|
||||||
command = commandUDP
|
command = commandUDP
|
||||||
} else if c.Flow == XRO {
|
|
||||||
command = commandXRO
|
|
||||||
} else if c.Flow == XRD {
|
} else if c.Flow == XRD {
|
||||||
command = commandXRD
|
command = commandXRD
|
||||||
|
} else if c.Flow == XRO {
|
||||||
|
command = commandXRO
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := buffer.Write(c.Account.Key); err != nil {
|
if _, err := buffer.Write(c.Account.Key); err != nil {
|
||||||
@ -211,10 +211,10 @@ func (c *ConnReader) ParseHeader() error {
|
|||||||
network := net.Network_TCP
|
network := net.Network_TCP
|
||||||
if command[0] == commandUDP {
|
if command[0] == commandUDP {
|
||||||
network = net.Network_UDP
|
network = net.Network_UDP
|
||||||
} else if command[0] == commandXRO {
|
|
||||||
c.Flow = XRO
|
|
||||||
} else if command[0] == commandXRD {
|
} else if command[0] == commandXRD {
|
||||||
c.Flow = XRD
|
c.Flow = XRD
|
||||||
|
} else if command[0] == commandXRO {
|
||||||
|
c.Flow = XRO
|
||||||
}
|
}
|
||||||
|
|
||||||
addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)
|
addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)
|
||||||
|
@ -38,7 +38,7 @@ func init() {
|
|||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
||||||
if xtlsShow == "true" {
|
if xtlsShow == "true" {
|
||||||
trojanXTLSShow = true
|
xtls_show = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -219,7 +219,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
|
|||||||
}
|
}
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
||||||
xtlsConn.RPRX = true
|
xtlsConn.RPRX = true
|
||||||
xtlsConn.SHOW = trojanXTLSShow
|
xtlsConn.SHOW = xtls_show
|
||||||
|
xtlsConn.MARK = "XTLS"
|
||||||
if clientReader.Flow == XRD {
|
if clientReader.Flow == XRD {
|
||||||
xtlsConn.DirectMode = true
|
xtlsConn.DirectMode = true
|
||||||
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
||||||
@ -230,11 +231,9 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
|
|||||||
return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return newError("unable to use ", clientReader.Flow).AtWarning()
|
return newError(account.Password + " is not able to use " + clientReader.Flow).AtWarning()
|
||||||
}
|
}
|
||||||
case "":
|
case "":
|
||||||
default:
|
|
||||||
return newError("unsupported flow " + account.Flow).AtWarning()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
||||||
|
Loading…
Reference in New Issue
Block a user