diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go index 66711fd1..34f87b90 100644 --- a/proxy/vmess/encoding/server.go +++ b/proxy/vmess/encoding/server.go @@ -118,6 +118,11 @@ func NewServerSession(validator *vmess.TimedUserValidator, sessionHistory *Sessi } } +// SetAEADForced sets isAEADForced for a ServerSession. +func (s *ServerSession) SetAEADForced(isAEADForced bool) { + s.isAEADForced = isAEADForced +} + func parseSecurityType(b byte) protocol.SecurityType { if _, f := protocol.SecurityType_name[int32(b)]; f { st := protocol.SecurityType(b) diff --git a/proxy/vmess/inbound/inbound.go b/proxy/vmess/inbound/inbound.go index 5c01ac57..dc05f528 100644 --- a/proxy/vmess/inbound/inbound.go +++ b/proxy/vmess/inbound/inbound.go @@ -14,6 +14,7 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" @@ -28,6 +29,10 @@ import ( "github.com/xtls/xray-core/transport/internet" ) +var ( + aeadForced = false +) + type userByEmail struct { sync.Mutex cache map[string]*protocol.MemoryUser @@ -231,6 +236,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i reader := &buf.BufferedReader{Reader: buf.NewReader(connection)} svrSession := encoding.NewServerSession(h.clients, h.sessionHistory) + svrSession.SetAEADForced(aeadForced) request, err := svrSession.DecodeRequestHeader(reader, isDrain) if err != nil { if errors.Cause(err) != io.EOF { @@ -361,4 +367,9 @@ func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config)) })) + + const defaultFlagValue = "NOT_DEFINED_AT_ALL" + + isAeadForced := platform.NewEnvFlag("xray.vmess.aead.forced").GetValue(func() string { return defaultFlagValue }) + aeadForced = (isAeadForced == "true") }