QUIC sniffer: Full support for handling multiple initial packets (#4642)

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> Co-authored-by: Vigilans <vigilans@foxmail.com> Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> Co-authored-by: dyhkwong <50692134+dyhkwong@users.noreply.github.com>
2025-04-30 17:38:41 +00:00 · 2025-04-28 18:03:03 +08:00 · 2025-04-28 18:03:03 +08:00 · 58c48664e2
commit 58c48664e2
parent a608c5a1db
7 changed files with 371 additions and 95 deletions
--- a/common/protocol/tls/sniff.go
+++ b/common/protocol/tls/sniff.go
@ -3,9 +3,9 @@ package tls
 import (
 	"encoding/binary"
 	"errors"
-	"strings"

 	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/protocol"
 )

 type SniffHeader struct {
@ -59,9 +59,6 @@ func ReadClientHello(data []byte, h *SniffHeader) error {
 	}
 	data = data[1+compressionMethodsLen:]

-	if len(data) == 0 {
-		return errNotClientHello
-	}
 	if len(data) < 2 {
 		return errNotClientHello
 	}
@ -104,13 +101,21 @@ func ReadClientHello(data []byte, h *SniffHeader) error {
 					return errNotClientHello
 				}
 				if nameType == 0 {
-					serverName := string(d[:nameLen])
+					// QUIC separated across packets
+					// May cause the serverName to be incomplete
+					b := byte(0)
+					for _, b = range d[:nameLen] {
+						if b <= ' ' {
+							return protocol.ErrProtoNeedMoreData
+						}
+					}
 					// An SNI value may not include a
 					// trailing dot. See
 					// https://tools.ietf.org/html/rfc6066#section-3.
-					if strings.HasSuffix(serverName, ".") {
+					if b == '.' {
 						return errNotClientHello
 					}
+					serverName := string(d[:nameLen])
 					h.domain = serverName
 					return nil
 				}