Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPUpgrade 0-RTT #3152

Merged
merged 2 commits into from
Mar 17, 2024
Merged

HTTPUpgrade 0-RTT #3152

merged 2 commits into from
Mar 17, 2024

Conversation

RPRX
Copy link
Member

@RPRX RPRX commented Mar 17, 2024

原理是 #3128 (comment) ,实现是 5c41292现在在 HTTPUpgrade path 后加上 ?ed=2560 才会启用 0-RTT,类似于 #375

由于实现原理不同,HTTPUpgrade 的 ?ed=2560 实际上没有最大 2560 字节的限制,也就是无限制,与 WebSocket 不同

现在起 WebSocket ed 建议填 2560 而不是 2048

Chrome 即将默认启用 X25519Kyber768 key encapsulation for TLS,它会使代理协议头加被代理的 TLS Client Hello 的长度非常接近 2048,未来可能超过 2048,所以为了确保 WebSocket 0-RTT 在未来继续生效,以后建议填 2560 而不是 2048

WebSocket 0-RTT 的实现原理是 Base64 编码后放入 header,编码会使数据膨胀 1/3,比如 2560 膨胀至 3413,再加上其它 headers,应该比较接近 4096,印象中有的 Web 软件默认最多接 4k,所以 2560 就好,不建议乱填更大的值

这个 PR 将 WebSocket hub.go MaxHeaderBytes 扩至了 8196,战未来(以前 #421 顺便将它扩至了 4096,正好能应对新情况)

@RPRX RPRX merged commit 18b823b into main Mar 17, 2024
34 checks passed
@RPRX RPRX deleted the hued branch March 17, 2024 20:43
@RPRX RPRX mentioned this pull request Mar 17, 2024
@Fangliding
Copy link
Member

Fangliding commented Mar 18, 2024

双端最新commit 好像直接不通
抓包看到了upgrade请求和Switching Protocols 但是没有下文了 连接会打开一段时间然后被远端关闭

服务端

[Info] [3293716110] app/proxyman/inbound: connection ends > proxy/vmess/inbound: invalid request from 1.1.1.1:55398 > proxy/vmess/encoding: failed to read request header > read tcp 10.0.130.3:80->1.1.1.1:55398: i/o timeout

客户端

2024/03/18 12:04:51 [Info] [726566212] transport/internet/httpupgrade: creating connection to tcp:1.1.1.1
2024/03/18 12:04:51 [Debug] transport/internet: dialing to tcp:1.1.1.1
2024/03/18 12:04:56 [Info] [726566212] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled

换回release版本正常

@Fangliding
Copy link
Member

对了我暂时还没加ed参数

@Fangliding
Copy link
Member

Fangliding commented Mar 18, 2024

加了?ed=2048之后确实看到了发送的额外信息 vmess会报错

2024/03/18 04:27:47 [Info] [663605645] app/proxyman/inbound: connection ends > proxy/vmess/inbound: invalid request from 1.1.1.1:44132 > common/drain: common/drain: unable to drain connection > EOF > proxy/vmess/encoding: invalid user > user do not exist

VLESS会报错

2024/03/18 04:30:11 [Info] [3226947788] proxy/vless/inbound: firstLen = 0
2024/03/18 04:30:11 [Info] [3226947788] app/proxyman/inbound: connection ends > proxy/vless/encoding: failed to read request version > EO

似乎还是没能正确传递内层信息?

@chika0801
Copy link
Contributor

chika0801 commented Mar 18, 2024

我刚刚编译了文件,VLESS,客户端加了ed=2560,电脑PC连接到VPS是正常的。

配置在这 https://github.com/chika0801/Xray-examples/tree/main/VLESS-WebSocket_or_HTTPUpgrade-TLS

我遇到的问题是v2rayNG用自己编译的(即Xray的最新提交),客户端连接不通服务端。我就没再研究了,等个其他人看遇到没有。

@Fangliding
Copy link
Member

Fangliding commented Mar 18, 2024

Nginx对整个请求的header(包括其他数据)大小限制为8kb caddy更是激进到整整1MB
不过对于这个实现还是提一嘴有没有必要弄成放进header保证兼容性 毕竟设计它的初衷就是穿越各种反向代理 隔壁fly因为socks hello和sock auth一起发导致兼容性的问题还辩论了一番

@RPRX
Copy link
Member Author

RPRX commented Mar 20, 2024

这里也要麻烦 @yuhan6665 测一下,我没试过用 connRF.Read([]byte{}) 来触发 first 有没有问题

@RPRX
Copy link
Member Author

RPRX commented Mar 20, 2024

@Fangliding 鉴于 #3128 (comment)#3152 (comment) ,重新测一下,不加 ed 时可能不通

@chika0801 应该不会只有电脑能通,试下套 CDN 能通吗,不加 ed 时能通吗

@chika0801
Copy link
Contributor

chika0801 commented Mar 21, 2024

@RPRX 关于 #3152 (comment) ,我用 657c5c8 编译了v2rayNG,NG客户端已经能正常连接服务端了。

在这之前确定试过N次都不能成功连接。

PS:openwrt上Xray1.8.9版本 HTTPUpgrade 也连接不成功服务端。由于我不会在openwrt使用Xray最新提交编译xray-core,测试不了,我猜想NG上通了openwrt上应该就解决了。

我下载xray文件,上传到路由器上替换,openwrt上现在能正常工作了。

试下套 CDN 能通吗,不加 ed 时能通吗

测试了CF的CDN,加和不加ed=2560,都是正常通的。

@RPRX
Copy link
Member Author

RPRX commented Mar 25, 2024

不过对于这个实现还是提一嘴有没有必要弄成放进header保证兼容性 毕竟设计它的初衷就是穿越各种反向代理

WebSocket header 那一套是伪 0-RTT,只对有握手的数据生效而且不是很优雅,如果这次的实现大家测了没问题那就没必要放 header,早在 #375 我就想这么干了但发现服务端可能会有限制,这次让我爽一把,不过有个小问题是目前还没实现首包粘包

arror added a commit to arror/Xray-core that referenced this pull request Apr 2, 2024
* main: (24 commits)
  Add "nosni" option to send empty SNI (XTLS#3214)
  API: add Source IP Block command (XTLS#3211)
  v1.8.10
  Fix TestXrayConfig in xray_test.go
  Add separate host config for websocket
  Update proto file for websocket and httpupgrade (breaking)
  API - Add | Remove Routing Rules  (XTLS#3189)
  Fix host in headers field does not work XTLS#3191
  fix: config `burstObservatory` override
  Bump github.com/sagernet/sing from 0.3.6 to 0.3.8
  Add support for HTTPupgrade custom headers
  improve balancer_info.go
  Fix(httpupgrade): `X-Forwarded-For` header not read. (XTLS#3172)
  Allow to send through random IPv6
  Update HTTPUpgrade spelling and proto
  Chore: Clean up legacy `field` usage
  Update README.md
  Bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0
  Fix HTTPUpgrade transport register
  HTTPUpgrade 0-RTT (XTLS#3152)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants