* DialSystem for Quic
DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service
* Fix client dialer log
Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport
Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443
* Quic new stream allocation mode
Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
|
| |
| | |
As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
| |
| | |
| | |
I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
Occasional error is observed when we execute long test
Print time and memory for better troubleshooting in the future
Co-authored-by: Jebbs <qjebbs@gmail.com>
* Increase some tls test timeout
* Fix TestUserValidator
* Change all tests to VMessAEAD
Old VMess MD5 tests will be rejected and fail in 2022
* Chore: auto format code
* Added test for no terminate signal
* unified drain support for vmess and shadowsockets
* drain: add generated file
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Core setup router object first, when InjectContext() is called, observatory object is still null,
so observatory need to be injected after InjectContext()
Add `enableConcurrency` option, false by default.
If it's set as `true`, start probing outbounds concurrently in every
circle of observation. Wait `probeInterval` between observation circles.
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
* verify peer cert function for better man in the middle prevention
* publish cert chain hash generation algorithm
* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb
* apply coding style
* added test case for pinned certificates
* refactored cert pin
* pinned cert test
* added json loading of the PinnedPeerCertificateChainSha256
* removed tool to prepare for v5
* Add server cert pinning for Xtls
Change command "xray tls certChainHash" to xray style
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>