Don't do raw/splice copy in case of MITM

2024-09-21 09:26:23 +00:00 · 2024-07-24 19:47:26 -04:00 · 2024-07-24 19:47:26 -04:00 · 4cb2a128db
commit 4cb2a128db
parent 8a4217fdf5
1 changed files with 23 additions and 2 deletions
--- a/proxy/freedom/freedom.go
+++ b/proxy/freedom/freedom.go
@ -28,6 +28,7 @@ import (
 	"github.com/xtls/xray-core/transport"
 	"github.com/xtls/xray-core/transport/internet"
 	"github.com/xtls/xray-core/transport/internet/stat"
 	"github.com/xtls/xray-core/transport/internet/tls"
 )
 var useSplice bool
@ -225,9 +226,16 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 				writeConn = inbound.Conn
 				inTimer = inbound.Timer
 			}
 			if !isTLSConn(conn) { // it would be tls conn in special use case of MITM, we need to let link handle traffic
 				return proxy.CopyRawConnIfExist(ctx, conn, writeConn, link.Writer, timer, inTimer)
 			}
-		reader := NewPacketReader(conn, UDPOverride)
+		}
 		var reader buf.Reader
 		if destination.Network == net.Network_TCP {
 			reader = buf.NewReader(conn)
 		} else {
 			reader = NewPacketReader(conn, UDPOverride)
 		}
 		if err := buf.Copy(reader, output, buf.UpdateActivity(timer)); err != nil {
 			return errors.New("failed to process response").Base(err)
 		}
@ -245,6 +253,19 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	return nil
 }
 func isTLSConn(conn stat.Connection) bool {
 	if conn != nil {
 		statConn, ok := conn.(*stat.CounterConnection)
 		if ok {
 			conn = statConn.Connection
 		}
 		if _, ok := conn.(*tls.Conn); ok {
 			return true
 		}
 	}
 	return false
 }
 func NewPacketReader(conn net.Conn, UDPOverride net.Destination) buf.Reader {
 	iConn := conn
 	statConn, ok := iConn.(*stat.CounterConnection)