yuhan6665
2e30093ffd
Enforce specific none flow for xtls vision
...
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
2022-12-04 23:15:36 -05:00
nanoda0523
e18b52a5df
Implement WireGuard protocol as outbound (client) ( #1344 )
...
* implement WireGuard protocol for Outbound
* upload license
* fix build for openbsd & dragonfly os
* updated wireguard-go
* fix up
* switch to another wireguard fork
* fix
* switch to upstream
* open connection through internet.Dialer (#1 )
* use internet.Dialer
* maybe better code
* fix
* real fix
Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
* fix bugs & add ability to recover during connection reset on UDP over TCP parent protocols
* improve performance
improve performance
* dns lookup endpoint && remove unused code
* interface address fallback
* better code && add config test case
Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
2022-11-21 20:05:54 -05:00
yuhan6665
5e695327b1
Add XTLS RPRX's Vision ( #1235 )
...
* Add XTLS RPRX's Vision
* Add helpful warning when security is wrong
* Add XTLS padding (draft)
* Fix number of packet to filter
* Xtls padding version 1.0 and unpadding logic
2022-10-29 00:51:59 -04:00
xqzr
8cf23f1947
add tcpcongestion
( #1234 )
...
* add `tcpcongestion`
* Update sockopt_linux.go
* Update config.pb.go
* Update transport_internet.go
* Update config.pb.go
* Update transport_internet.go
* Update config.proto
2022-10-10 13:13:50 -04:00
yuhan6665
debd2e3ba8
Remove compatibility code
...
The minimum support go version is already 1.18
2022-09-16 20:39:07 -04:00
Mocking
4140bcd11a
Enhancement of "redirect" function, adding support for MacOS
...
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "Redirect"
}
}
}
]
还原#1189 提交
2022-08-22 10:33:58 -04:00
S-Mocking
59602db02d
Add "tproxy" option ( #1189 )
...
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "pf"
}
}
}
]
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "pf"
}
}
}
]
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "pf"
}
}
}
]
Co-authored-by: Mocking <fanhaiwang0817@gmail.com>
2022-08-20 09:02:18 -04:00
yuhan6665
b67314796f
Add shadowsocks 2022 relay config
2022-08-09 10:37:21 -04:00
yuhan6665
340234166b
Add TCPKeepAliveIdle in Sockopt option ( #1166 )
...
* Add TCP keep alive idle setting
* Add TCP keep alive idle setting: auto generated
* Add TCP keep alive support in Linux
* Add TCP keep alive support in MacOS, FreeBSD
* Add TCP keep alive support in Windows
* fix bug introduced in adding tcp keep alive adjustment
* embed macOS const to avoid platform inconsistency
* embed macOS const to avoid platform inconsistency(again)
* add TCP Keep Alive support in config
* use sys/unix instead of syscall
Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647
* use sys/unix instead of syscall
Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647
* Separate TcpKeepAliveIdle and TcpKeepAliveInterval check logic
* Disable tcp keepAlive when TcpKeepAliveIdle < 0 and TcpKeepAliveInterval <= 0
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
Co-authored-by: ValdikSS <iam@valdikss.org.ru>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
2022-07-31 09:55:40 -04:00
yuhan6665
9480bc0379
Fix ss2022 user stat for single user
2022-07-02 11:27:26 -04:00
世界
c3505632fd
Add udp over tcp support for shadowsocks-2022
2022-06-01 11:49:02 +08:00
世界
f1d753f069
Fix build in legacy golang version
2022-05-31 15:55:38 +08:00
世界
79f3057687
Migrate shadowsocks-2022 to protocol library
2022-05-26 07:35:17 +08:00
世界
cf7e675c45
Add shadowsocks 2022 multi-user inbound
2022-05-24 07:37:14 +08:00
世界
b6391cbbe1
Fix shadowsocks config
2022-05-24 07:01:47 +08:00
世界
3b77e26fa7
Merge shadowsocks 2022 config
2022-05-23 22:18:33 +08:00
世界
087f0d1240
Add shadowsocks-2022 inbound/outbound ( #1061 )
2022-05-22 23:55:48 -04:00
yuhan6665
3f64f3206c
Quic sniffer ( #1074 )
...
* Add quic sniffer
* Fix quic sniffer
* Add uTP sniffer
* rename buf pool membership status to unmanaged
* rename buf type adaptor into FromBytes
Co-authored-by: 世界 <i@sekai.icu>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2022-05-22 23:48:10 -04:00
世界
f046feb9ca
Reformat code
2022-05-18 15:29:01 +08:00
yichya QC
2f86c7c795
fix: read port from environment variable
2022-04-26 10:27:42 -04:00
yuhan6665
b413066012
Fakedns fix xUDP destination override ( #1011 )
...
* Fix UDP destination override
* Fix code style
* Fix fakedns object init
Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)
* Amend logic for handing fakedns client
A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.
Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2022-04-23 19:24:46 -04:00
yichya
35eb165f63
feat: metrics including pprof, expvars
2022-03-29 00:01:14 -04:00
hmol233
63da3a5481
grpc: add initial_windows_size option
2021-12-19 21:14:14 -05:00
xqzr
c8e2a99e68
fix unsupported cipher method: xChaCha20-IETF-Poly1305
2021-12-16 18:57:06 -05:00
yuhan6665
e93da4bd02
Fix some tests and format code ( #830 )
...
* Increase some tls test timeout
* Fix TestUserValidator
* Change all tests to VMessAEAD
Old VMess MD5 tests will be rejected and fail in 2022
* Chore: auto format code
2021-12-14 19:28:47 -05:00
lucifer9
d6ae4e9ba2
Make it easier to configure multiple listening ports
2021-11-17 23:13:15 -05:00
Zhu Sheng Li
28b17b529d
Add concurrency option for outbound observation
...
Add `enableConcurrency` option, false by default.
If it's set as `true`, start probing outbounds concurrently in every
circle of observation. Wait `probeInterval` between observation circles.
2021-10-26 13:09:03 +08:00
yuhan6665
abb8ba8b0e
Observatory related fixes ( #788 )
...
* fix:observatory not supported by multi-json
* Fix: observatory starts with empty config & fails to close (#957 )
* Update strategy_leastping.go (#1019 )
* add custom probe URL support for observatory
* add custom probe interval for observer
* apply coding style
* Fix: observatory log & JSON config(#1211 )
Co-authored-by: ihotte <ihotte@yeah.net>
* Change default probe url from api.v2fly.org to www.google.com
* Cherry-pick missing code from branch 'dev-advloadblancer-2'
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
Co-authored-by: fanyiguan <52657276+fanyiguang@users.noreply.github.com>
Co-authored-by: ihotte <3087168217@qq.com>
Co-authored-by: ihotte <ihotte@yeah.net>
2021-10-26 13:00:31 +08:00
Shelikhoo
ff35118af5
VMess AEAD based packet length
...
(cherry picked from commit 08221600082a79376bdc262f2ffec1a3129ae98d)
2021-10-22 18:34:57 +08:00
世界
707efd6d12
Add loopback outound
2021-10-22 17:58:37 +08:00
世界
5c366db847
Add observatory / latestPing balancing strategy
...
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
世界
77d0419aca
Add socks4/4a support
2021-10-22 13:27:31 +08:00
maskedeken
238bd5d050
Add xchacha20-ietf-poly1305 for Shadowsocks
2021-10-22 13:24:29 +08:00
Loyalsoldier
3fe61ed4a2
Feat: add reverse match for GeoIP
...
(cherry picked from commit 3a50affa0a7316a9ad249f1b2b2996cb88948551)
2021-10-22 13:06:57 +08:00
yuhan6665
acb81ebe3d
Verify peer cert function for better man in the middle prevention ( #746 )
...
* verify peer cert function for better man in the middle prevention
* publish cert chain hash generation algorithm
* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb
* apply coding style
* added test case for pinned certificates
* refactored cert pin
* pinned cert test
* added json loading of the PinnedPeerCertificateChainSha256
* removed tool to prepare for v5
* Add server cert pinning for Xtls
Change command "xray tls certChainHash" to xray style
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
yuhan6665
45dc97e2b6
Use shadowsocket's bloomring for shadowsocket's replay protection ( #764 )
...
* use shadowsocket's bloomring for shadowsocket's replay protection
* added shadowsockets iv check for tcp socket
* Rename to shadowsockets iv check
* shadowsocks iv check config file
* iv check should proceed after decryption
* use shadowsocket's bloomring for shadowsocket's replay protection
* Chore: format code (#842 )
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
yuhan6665
3bf3d96472
Fix: JSON tag case ( #1212 ) ( #778 )
...
JSON unmarshal is case insensitive in Golang
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
世界
a3023e43ef
Add routeOnly sniffing option
2021-10-22 11:57:23 +08:00
yuhan6665
6b6974c804
Fakedns improvements ( #731 )
...
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: sixg0000d <sixg0000d@gmail.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-20 13:15:49 +08:00
yuhan6665
e286cdcaa8
Style: format code by gofumpt ( #761 )
2021-10-20 00:57:14 +08:00
世界
cd4631ce99
Merge dns ( #722 )
...
* DNS: add clientip for specific nameserver
* Refactoring: DNS App
* DNS: add DNS over QUIC support
* Feat: add disableCache option for DNS
* Feat: add queryStrategy option for DNS
* Feat: add disableFallback & skipFallback option for DNS
* Feat: DNS hosts support multiple addresses
* Feat: DNS transport over TCP
* DNS: fix typo & refine code
* DNS: refine code
* Add disableFallbackIfMatch dns option
* Feat: routing and freedom outbound ignore Fake DNS
Turn off fake DNS for request sent from Routing and Freedom outbound.
Fake DNS now only apply to DNS outbound.
This is important for Android, where VPN service take over all system DNS
traffic and pass it to core. "UseIp" option can be used in Freedom outbound
to avoid getting fake IP and fail connection.
* Fix test
* Fix dns return
* Fix local dns return empty
* Apply timeout to dns outbound
* Update app/dns/config.go
Co-authored-by: Loyalsoldier <10487845+loyalsoldier@users.noreply.github.com>
Co-authored-by: Ye Zhihao <vigilans@foxmail.com>
Co-authored-by: maskedeken <52683904+maskedeken@users.noreply.github.com>
Co-authored-by: V2Fly Team <51714622+vcptr@users.noreply.github.com>
Co-authored-by: CalmLong <37164399+calmlong@users.noreply.github.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: 朱聖黎 <digglife@gmail.com>
Co-authored-by: rurirei <72071920+rurirei@users.noreply.github.com>
Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Co-authored-by: Arthur Morgan <4637240+badO1a5A90@users.noreply.github.com>
2021-10-16 21:02:51 +08:00
yuhan6665
e6711d1b48
Add header and method support to http2 transport ( #755 )
...
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-12 15:58:12 +00:00
yuhan6665
4bb61701b5
Add tcpKeepAliveInterval in transport sockopt ( #754 )
...
Co-authored-by: Ahmad Karimi <ak12hastam@gmail.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-12 15:39:08 +00:00
KallyDev
4abf98c1be
Move from deprecated ioutil to os and io packages ( #744 )
2021-09-29 02:49:34 +08:00
hmol233
7033f7cf5f
Fix: protobuf file ( #724 )
2021-09-20 22:41:09 +08:00
Arthur Morgan
ffc2f7c4e2
Style: format code
2021-09-20 21:00:55 +08:00
yuhan6665
00bcd40c34
remove deprecate ciphers in shadowsocks ( #710 )
...
* remove deprecate ciphers in shadowsocks
Co-authored-by: Kslr <kslrwang@gmail.com>
2021-09-17 04:13:07 +08:00
yuhan6665
1adfc2720a
Allow bulk definition of domain matcher at parent level ( #713 )
...
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-09-17 04:07:35 +08:00
Arthur Morgan
d9d239750b
Merge pull request #633 from XTLS/feature/h2-health-check
...
Add health check for h2 & gRPC
2021-09-08 00:52:10 +08:00
hmol233
31c7141fef
gRPC: add keepalive option PermitWithoutStream
2021-07-05 21:25:21 +08:00
hmol233
d9d04a230f
Add h2 & gRPC health check
2021-07-03 16:01:59 +08:00
hmol233
53b99efe78
Add: reject unknown SNI
...
Co-Authored-By: 玖柒Max <60207794+jiuqi9997@users.noreply.github.com>
2021-05-09 23:47:21 +08:00
秋のかえで
7b7084f825
Refactor: A faster DomainMatcher implementation ( #348 )
...
Co-authored-by: DarthVader <61409963+darsvador@users.noreply.github.com>
2021-04-18 13:21:17 +08:00
risetechlab
b63049f404
Fix: TFO AsIs bug ( #452 )
2021-03-30 16:42:02 +00:00
RPRX
a9e11075d1
Add uTLS fingerprints support ( #451 )
2021-03-29 10:08:29 +00:00
Jim Han
3fe85449a9
Use 198.18.0.0/16 as default Fake IP Pool ( #377 )
2021-03-14 15:58:27 +00:00
RPRX
a0a32ee00d
Add gRPC Transport support ( #356 )
...
Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com>
2021-03-14 15:02:07 +00:00
RPRX
60b06877bf
Add WebSocket 0-RTT support ( #375 )
2021-03-14 07:10:10 +00:00
Raymond Luo
fcc9d97074
Do not cause error when json:"fallback"
is null
( #361 )
...
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-03-10 16:17:27 +00:00
yuhan6665
f50eff5ebb
Add Fake DNS support ( #309 )
...
Co-authored-by: Xiaokang Wang <xiaokangwang@outlook.com>
Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
Co-authored-by: kslr <kslrwang@gmail.com>
2021-03-07 04:39:50 +00:00
Jim Han
db32ce6fd9
Enhance DNS and Dialer ( #341 )
2021-03-06 16:29:17 +00:00
risetechlab
ad1807dd99
Enhance TCP Fast Open ( #310 )
2021-03-06 14:45:12 +00:00
秋のかえで
1dae2c5636
feat: vmess zero encryption ( #333 )
2021-03-05 08:41:18 +00:00
RPRX
8b9c0ae593
Enable (X)TLS hot reloading by default ( #281 )
...
Super BiuBiu
2021-02-20 02:15:57 +00:00
eMeab
81d993158f
Support hot reloading of certificate and key files ( #225 )
2021-02-12 15:33:19 +00:00
Monsoon
1b87264c53
Support loading config from different formats ( #228 )
2021-02-12 14:12:58 +00:00
Jim Han
4cd343f2d5
Fix tests ( #201 )
...
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-30 13:01:20 +00:00
Arthur Morgan
ba41513967
Changes from v2fly-core ( #173 )
2021-01-22 03:35:56 +00:00
秋のかえで
0b4858d016
Feature: Exclude some domains in sniffing destOverride ( #151 )
...
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-21 20:50:09 +00:00
RPRX
33755d6e90
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations)
...
https://t.me/projectXray/170851
2021-01-18 22:52:35 +00:00
RPRX
99863aa2ac
Add SNI shunt support for Trojan fallbacks
2021-01-18 07:41:00 +00:00
eMeab
d85162ea44
Add SNI shunt support for VLESS ( #141 )
2021-01-13 15:13:51 +00:00
RPRX
157918859f
Add pre-checking conversion for VLESS & VMess UUID
...
https://github.com/XTLS/Xray-core/issues/158
2021-01-12 11:31:02 +00:00
秋のかえで
38ec9208d8
Change TOML package to github.com/pelletier/go-toml ( #119 )
2021-01-01 11:37:38 +00:00
RPRX
7df135a5c4
Disable session resumption by default
...
https://github.com/v2fly/v2ray-core/issues/557#issuecomment-751962569
2021-01-01 11:33:09 +00:00
RPRX
a78db47571
Adjust OCSP Stapling
2020-12-25 15:10:12 +00:00
RPRX
ffd8fd1d8a
Adjust JSON & TOML & YAML
2020-12-25 18:53:17 +08:00
eMeab
3d7e86efba
Add OCSP Stapling for TLS & XTLS ( #92 )
2020-12-25 08:01:20 +00:00
Arthur Morgan
6f25191822
Changes from v2ray-core ( #93 )
2020-12-24 19:45:35 +00:00
Monsoon
85619b5a29
Add YAML Support ( #86 )
2020-12-24 19:30:26 +00:00
秋のかえで
f073456ac0
Add TOML Support ( #98 )
2020-12-24 19:11:32 +00:00
RPRX
38faac5ffc
Adjust config loader of TLS & XTLS
2020-12-16 15:59:04 +00:00
eMeab
88dfed931b
Add cipherSuites setting for TLS & XTLS ( #78 )
2020-12-16 12:53:55 +00:00
eMeab
dab978749c
Add minVersion setting for TLS & XTLS ( #77 )
2020-12-16 05:20:24 +00:00
RPRX
45f44c401a
Refactor: Optimize Memory Usage At Startup
...
https://github.com/XTLS/Xray-core/issues/68#issuecomment-745231528
2020-12-15 20:27:18 +08:00
RPRX
2e942e0303
Fix Trojan XTLS
2020-12-14 17:05:15 +08:00
RPRX
98da186471
Allow Splice on Android
2020-12-04 03:25:25 +00:00
RPRX
16544c18ab
v1.1.0
2020-12-04 09:36:16 +08:00
RPRX
c7f7c08ead
v1.0.0
2020-11-25 19:01:53 +08:00