From 143229b148cad77ea176a691d239a77d2dbf855e Mon Sep 17 00:00:00 2001 From: Senis John Date: Sat, 3 Dec 2022 21:04:14 +0800 Subject: [PATCH 01/91] update: Implement the proxy.UserManager of ss2022 --- go.mod | 1 + go.sum | 2 +- proxy/shadowsocks_2022/config.go | 29 ++++++++++ proxy/shadowsocks_2022/inbound.go | 1 + proxy/shadowsocks_2022/inbound_multi.go | 71 +++++++++++++++++++++++++ 5 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 proxy/shadowsocks_2022/config.go diff --git a/go.mod b/go.mod index 5529e2f71111..7aecdb6b7423 100644 --- a/go.mod +++ b/go.mod @@ -54,6 +54,7 @@ require ( golang.org/x/time v0.2.0 // indirect golang.org/x/tools v0.3.0 // indirect google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 95b8580221b5..599a465de1bd 100644 --- a/go.sum +++ b/go.sum @@ -330,7 +330,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/proxy/shadowsocks_2022/config.go b/proxy/shadowsocks_2022/config.go new file mode 100644 index 000000000000..8a66406c18af --- /dev/null +++ b/proxy/shadowsocks_2022/config.go @@ -0,0 +1,29 @@ +package shadowsocks_2022 + +import ( + "github.com/xtls/xray-core/common/protocol" +) + +// MemoryAccount is an account type converted from Account. +type MemoryAccount struct { + Key string + Email string + Level int32 +} + +// AsAccount implements protocol.AsAccount. +func (u *User) AsAccount() (protocol.Account, error) { + return &MemoryAccount{ + Key: u.GetKey(), + Email: u.GetEmail(), + Level: u.GetLevel(), + }, nil +} + +// Equals implements protocol.Account.Equals(). +func (a *MemoryAccount) Equals(another protocol.Account) bool { + if account, ok := another.(*MemoryAccount); ok { + return a.Key == account.Key + } + return false +} diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 55bdda9ffc8d..52b0a798e050 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -11,6 +11,7 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 8b130e607f2f..b9a258f670c9 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -4,6 +4,8 @@ import ( "context" "encoding/base64" "strconv" + "strings" + "sync" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" C "github.com/sagernet/sing/common" @@ -13,6 +15,7 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" + "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" @@ -31,6 +34,7 @@ func init() { } type MultiUserInbound struct { + sync.Mutex networks []net.Network users []*User service *shadowaead_2022.MultiService[int] @@ -78,6 +82,73 @@ func NewMultiServer(ctx context.Context, config *MultiUserServerConfig) (*MultiU return inbound, nil } +// AddUser implements proxy.UserManager.AddUser(). +func (i *MultiUserInbound) AddUser(ctx context.Context, u *protocol.MemoryUser) error { + i.Lock() + defer i.Unlock() + + account := u.Account.(*MemoryAccount) + if account.Email != "" { + for idx := range i.users { + if i.users[idx].Email == account.Email { + return newError("User ", account.Email, " already exists.") + } + } + } + i.users = append(i.users, &User{ + Key: account.Key, + Email: strings.ToLower(account.Email), + Level: account.Level, + }) + + // sync to multi service + // Considering implements shadowsocks2022 in xray-core may have better performance. + i.service.UpdateUsersWithPasswords( + C.MapIndexed(i.users, func(index int, it *User) int { return index }), + C.Map(i.users, func(it *User) string { return it.Key }), + ) + + return nil +} + +// RemoveUser implements proxy.UserManager.RemoveUser(). +func (i *MultiUserInbound) RemoveUser(ctx context.Context, email string) error { + if email == "" { + return newError("Email must not be empty.") + } + + i.Lock() + defer i.Unlock() + + email = strings.ToLower(email) + idx := -1 + for ii, u := range i.users { + if strings.EqualFold(u.Email, email) { + idx = ii + break + } + } + + if idx == -1 { + return newError("User ", email, " not found.") + } + + ulen := len(i.users) + + i.users[idx] = i.users[ulen-1] + i.users[ulen-1] = nil + i.users = i.users[:ulen-1] + + // sync to multi service + // Considering implements shadowsocks2022 in xray-core may have better performance. + i.service.UpdateUsersWithPasswords( + C.MapIndexed(i.users, func(index int, it *User) int { return index }), + C.Map(i.users, func(it *User) string { return it.Key }), + ) + + return nil +} + func (i *MultiUserInbound) Network() []net.Network { return i.networks } From 1d7c40d7287545cdad368d43f563811a6ac088bc Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 4 Dec 2022 18:24:46 -0500 Subject: [PATCH 02/91] Enable Xtls Vision (Direct not Splice) for any inbound connection Before this change, Vision client need a pure inbound like socks or http. After this change, it will support any inbound. This is useful in traffic forwarder use case inside China. --- proxy/vless/encoding/encoding.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 1817fa276e36..bbe3b1e7f7cb 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -260,8 +260,8 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater for { if shouldSwitchToDirectCopy { shouldSwitchToDirectCopy = false - if runtime.GOOS == "linux" || runtime.GOOS == "android" { - if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil { + if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil && (runtime.GOOS == "linux" || runtime.GOOS == "android") { + if _, ok := inbound.User.Account.(*vless.MemoryAccount); inbound.User.Account == nil || ok { iConn := inbound.Conn statConn, ok := iConn.(*stat.CounterConnection) if ok { @@ -281,11 +281,7 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater statConn.WriteCounter.Add(w) } return err - } else { - panic("XTLS Splice: not TCP inbound") } - } else { - // panic("XTLS Splice: nil inbound or nil inbound.Conn") } } reader = buf.NewReadVReader(conn, rawConn, nil) From 2e30093ffd962aef7b1a9c4a4383ae23380cf685 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 4 Dec 2022 18:24:46 -0500 Subject: [PATCH 03/91] Enforce specific none flow for xtls vision In the past, when user open xtls vision on the server side, plain vless+tls can connect. Pure tls is known to have certain tls in tls characters. Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port. --- infra/conf/vless.go | 11 ++++++++++- proxy/vless/inbound/inbound.go | 20 +++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 1f69c7e47a66..79c321443ee6 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -4,6 +4,7 @@ import ( "encoding/json" "runtime" "strconv" + "strings" "syscall" "github.com/golang/protobuf/proto" @@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } account.Id = u.String() - switch account.Flow { + accountFlow := account.Flow + flows := strings.Split(account.Flow, ",") + for _, f := range flows { + t := strings.TrimSpace(f) + if t != "none" { + accountFlow = t + } + } + switch accountFlow { case "", vless.XRO, vless.XRD, vless.XRV: case vless.XRS: return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index daa6cde9b318..c092ebef381a 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var netConn net.Conn var rawConn syscall.RawConn - + allowNoneFlow := false + accountFlow := account.Flow + flows := strings.Split(account.Flow, ",") + for _, f := range flows { + t := strings.TrimSpace(f) + if t == "none" { + allowNoneFlow = true + } else { + accountFlow = t + } + } switch requestAddons.Flow { case vless.XRO, vless.XRD, vless.XRV: - if account.Flow == requestAddons.Flow { + if accountFlow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } - case "": + case "", "none": + if accountFlow == vless.XRV && !allowNoneFlow { + return newError(account.ID.String() + " is not able to use " + vless.XRV + + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() } From b13c3f053a32e190d3282e91dd024f7c58e03736 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Dec 2022 00:53:17 +0000 Subject: [PATCH 04/91] Bump golang.org/x/sys from 0.2.0 to 0.3.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7aecdb6b7423..50dded1a475d 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/crypto v0.3.0 golang.org/x/net v0.2.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.2.0 + golang.org/x/sys v0.3.0 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index 599a465de1bd..9742f73c7aba 100644 --- a/go.sum +++ b/go.sum @@ -98,6 +98,7 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02 github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI= github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -263,8 +264,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -331,6 +332,7 @@ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 585872623386f4d04a331752bcf8d0d07f59a55d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Dec 2022 00:09:01 +0000 Subject: [PATCH 05/91] Bump golang.org/x/net from 0.2.0 to 0.3.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 50dded1a475d..46347fdebaee 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 golang.org/x/crypto v0.3.0 - golang.org/x/net v0.2.0 + golang.org/x/net v0.3.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.3.0 google.golang.org/grpc v1.51.0 @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.2.0 // indirect golang.org/x/tools v0.3.0 // indirect google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect diff --git a/go.sum b/go.sum index 9742f73c7aba..0975497ebbec 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk= +golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -272,8 +272,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE= From 4a3f3ef775710fedd227f2f0f04b809e6a46d427 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 00:11:18 +0000 Subject: [PATCH 06/91] Bump golang.org/x/net from 0.3.0 to 0.4.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 46347fdebaee..c3c3c48bbed0 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 golang.org/x/crypto v0.3.0 - golang.org/x/net v0.3.0 + golang.org/x/net v0.4.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.3.0 google.golang.org/grpc v1.51.0 diff --git a/go.sum b/go.sum index 0975497ebbec..8613960f9471 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk= -golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From a8fa5bf5165e3e73ebb23d2543f464b41c460680 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 03:52:05 +0000 Subject: [PATCH 07/91] Bump golang.org/x/crypto from 0.3.0 to 0.4.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c3c3c48bbed0..5d1dce96f6c2 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 - golang.org/x/crypto v0.3.0 + golang.org/x/crypto v0.4.0 golang.org/x/net v0.4.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.3.0 diff --git a/go.sum b/go.sum index 8613960f9471..761bd6a0c46f 100644 --- a/go.sum +++ b/go.sum @@ -210,8 +210,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9 h1:yZNXmy+j/JpX19vZkVktWqAo7Gny4PBWYYK3zskGpx4= golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= From b8e82292422034493744f5fe696e7f847c2dcaad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Dec 2022 00:09:41 +0000 Subject: [PATCH 08/91] Bump github.com/lucas-clemente/quic-go from 0.31.0 to 0.31.1 Bumps [github.com/lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) from 0.31.0 to 0.31.1. - [Release notes](https://github.com/lucas-clemente/quic-go/releases) - [Changelog](https://github.com/lucas-clemente/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/lucas-clemente/quic-go/compare/v0.31.0...v0.31.1) --- updated-dependencies: - dependency-name: github.com/lucas-clemente/quic-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5d1dce96f6c2..9dd5852da054 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/lucas-clemente/quic-go v0.31.0 + github.com/lucas-clemente/quic-go v0.31.1 github.com/marten-seemann/qtls-go1-18 v0.1.3 github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 diff --git a/go.sum b/go.sum index 761bd6a0c46f..5fb06ce8cbde 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lucas-clemente/quic-go v0.31.0 h1:MfNp3fk0wjWRajw6quMFA3ap1AVtlU+2mtwmbVogB2M= -github.com/lucas-clemente/quic-go v0.31.0/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= +github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbrWuja2YR4= +github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= From 3e4e0503133edbd12f10ebd9ea5931c5df5cacfe Mon Sep 17 00:00:00 2001 From: renahita6 Date: Fri, 9 Dec 2022 03:51:38 +0000 Subject: [PATCH 09/91] Fixed a bug that mux.Session could not be properly closed when receiving an End status. --- common/mux/client.go | 1 + common/mux/server.go | 1 + 2 files changed, 2 insertions(+) diff --git a/common/mux/client.go b/common/mux/client.go index ccf05cb2dea9..2019738ff114 100644 --- a/common/mux/client.go +++ b/common/mux/client.go @@ -355,6 +355,7 @@ func (m *ClientWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.Buffered common.Interrupt(s.input) common.Interrupt(s.output) } + common.Interrupt(s.input) s.Close() } if meta.Option.Has(OptionData) { diff --git a/common/mux/server.go b/common/mux/server.go index 3a913098af93..df461be799e5 100644 --- a/common/mux/server.go +++ b/common/mux/server.go @@ -202,6 +202,7 @@ func (w *ServerWorker) handleStatusEnd(meta *FrameMetadata, reader *buf.Buffered common.Interrupt(s.input) common.Interrupt(s.output) } + common.Interrupt(s.input) s.Close() } if meta.Option.Has(OptionData) { From bc4de6a026ce606e6026630380215ca228f242ba Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 10 Dec 2022 23:11:35 -0500 Subject: [PATCH 10/91] Fix VLESS client doesn't handle traffic if not send data first Certain ssh, mySQL and reverse proxy need server data first in a connection --- proxy/vless/encoding/encoding.go | 2 +- proxy/vless/outbound/outbound.go | 31 +++++++++++++++++++------------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index bbe3b1e7f7cb..e1987d981aba 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -442,7 +442,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *numberOfPacketToFilter = 0 return } - newError("XtlsFilterTls inclusive server hello ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsFilterTls inconclusive server hello ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } if *numberOfPacketToFilter <= 0 { newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 7cfbbfd014aa..6dde2736d2a5 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -5,6 +5,7 @@ package outbound import ( "context" "syscall" + "time" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -217,20 +218,26 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte serverWriter = xudp.NewPacketWriter(serverWriter, target) } userUUID := account.ID.Bytes() - multiBuffer, err1 := clientReader.ReadMultiBuffer() - if err1 != nil { - return err1 // ... - } - if requestAddons.Flow == vless.XRV { - encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - if isTLS { - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) + timeoutReader, ok := clientReader.(buf.TimeoutReader) + if ok { + multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond*500) + if err1 == nil { + if requestAddons.Flow == vless.XRV { + encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) + if isTLS { + for i, b := range multiBuffer { + multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) + } + } + } + if err := serverWriter.WriteMultiBuffer(multiBuffer); err != nil { + return err // ... } + } else if err1 != buf.ErrReadTimeout { + return err1 } - } - if err := serverWriter.WriteMultiBuffer(multiBuffer); err != nil { - return err // ... + } else { + newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx)) } // Flush; bufferWriter.WriteMultiBufer now is bufferWriter.writer.WriteMultiBuffer if err := bufferWriter.SetBuffered(false); err != nil { From f3104b868477e0f767ce8ae84b35bb9ef023d8e3 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 11 Dec 2022 09:57:03 -0500 Subject: [PATCH 11/91] Update v1.6.6 and denpendencies --- core/core.go | 2 +- go.mod | 18 +++++++++--------- go.sum | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/core/core.go b/core/core.go index 0d63ecce22f2..a999ce7f07f0 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.6.5" + version = "1.6.6" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 9dd5852da054..7175b9e4afa5 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 - go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 + go.starlark.net v0.0.0-20221205180719-3fd0dac74452 golang.org/x/crypto v0.4.0 golang.org/x/net v0.4.0 golang.org/x/sync v0.1.0 @@ -39,21 +39,21 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 // indirect - github.com/klauspost/compress v1.15.12 // indirect - github.com/klauspost/cpuid/v2 v2.2.1 // indirect + github.com/google/pprof v0.0.0-20221203041831-ce31453925ec // indirect + github.com/klauspost/compress v1.15.13 // indirect + github.com/klauspost/cpuid/v2 v2.2.2 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect - github.com/onsi/ginkgo/v2 v2.5.1 // indirect + github.com/onsi/ginkgo/v2 v2.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9 // indirect + golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.5.0 // indirect - golang.org/x/time v0.2.0 // indirect - golang.org/x/tools v0.3.0 // indirect - google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.4.0 // indirect + google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 5fb06ce8cbde..9b472ace1339 100644 --- a/go.sum +++ b/go.sum @@ -79,6 +79,8 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= +github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -94,9 +96,13 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM= github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= +github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI= github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= +github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -124,6 +130,8 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/onsi/ginkgo/v2 v2.5.1 h1:auzK7OI497k6x4OvWq+TKAcpcSAlod0doAH72oIN0Jw= github.com/onsi/ginkgo/v2 v2.5.1/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= +github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= @@ -202,6 +210,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc= go.starlark.net v0.0.0-20221028183056-acb66ad56dd2/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= +go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= +go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -215,6 +225,8 @@ golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9 h1:yZNXmy+j/JpX19vZkVktWqAo7Gny4PBWYYK3zskGpx4= golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= +golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -278,6 +290,8 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE= golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -290,6 +304,8 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -310,6 +326,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c= google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= +google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From f35ded79ad3312eaa9054074e9f5448bae555664 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 12 Dec 2022 21:20:01 -0500 Subject: [PATCH 12/91] Vision only reject TCP command for VLESS-TCP-TLS UDP and MUX command currently has no flow value. Also the character is the same with or without XTLS --- proxy/vless/inbound/inbound.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index c092ebef381a..8aa337c30904 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -492,7 +492,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "", "none": - if accountFlow == vless.XRV && !allowNoneFlow { + if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { return newError(account.ID.String() + " is not able to use " + vless.XRV + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } From a55cf1d0bff20374d3fcd3754c43b05218446e63 Mon Sep 17 00:00:00 2001 From: pocketW <104479902+pocketW@users.noreply.github.com> Date: Thu, 15 Dec 2022 22:21:52 +1100 Subject: [PATCH 13/91] fix: email inconsistent --- proxy/shadowsocks_2022/inbound_multi.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index b9a258f670c9..91342c764678 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -97,7 +97,7 @@ func (i *MultiUserInbound) AddUser(ctx context.Context, u *protocol.MemoryUser) } i.users = append(i.users, &User{ Key: account.Key, - Email: strings.ToLower(account.Email), + Email: account.Email, Level: account.Level, }) @@ -120,7 +120,6 @@ func (i *MultiUserInbound) RemoveUser(ctx context.Context, email string) error { i.Lock() defer i.Unlock() - email = strings.ToLower(email) idx := -1 for ii, u := range i.users { if strings.EqualFold(u.Email, email) { From 48a75fc34048581c555014fdb3607e1f7c98c89b Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 18 Dec 2022 20:01:56 -0500 Subject: [PATCH 14/91] Add retry for release steps to download geofiles --- .github/workflows/release.yml | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d57804ba56f0..71fb20009da1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -161,21 +161,26 @@ jobs: mv xray xray.exe - name: Prepare to release - run: | - cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md - cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') - for i in "${LIST[@]}" - do - INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) - LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases" | jq -r ".[0].tag_name" || echo "latest")" - FILE_NAME="${INFO[2]}.dat" - echo -e "Downloading ${FILE_NAME}..." - curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } - done + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 60 + max_attempts: 60 + command: | + cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md + cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE + LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') + for i in "${LIST[@]}" + do + INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) + LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases/latest" | jq -r ".tag_name" || echo "latest")" + FILE_NAME="${INFO[2]}.dat" + echo -e "Downloading https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat..." + curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } + done - name: Create ZIP archive shell: bash From d7ac6946d2a40e434ae5cb4f16ea0e4a6f711386 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 01:04:50 +0000 Subject: [PATCH 15/91] Bump github.com/sagernet/sing from 0.1.0 to 0.1.1 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.0 to 0.1.1. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.0...v0.1.1) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 22 ++-------------------- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 7175b9e4afa5..008d0c9c2c17 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.0 + github.com/sagernet/sing v0.1.1 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 9b472ace1339..c1d896f67334 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,6 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= -github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= @@ -94,13 +92,9 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM= -github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.1 h1:U33DW0aiEj633gHYw3LoDNfkDiYnE5Q8M/TKJn2f2jI= -github.com/klauspost/cpuid/v2 v2.2.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -128,8 +122,6 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.5.1 h1:auzK7OI497k6x4OvWq+TKAcpcSAlod0doAH72oIN0Jw= -github.com/onsi/ginkgo/v2 v2.5.1/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= @@ -156,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.0 h1:FGmaP2BVPYO2IyC/3R1DaQa/zr+kOKHRgWqrmOF+Gu8= -github.com/sagernet/sing v0.1.0/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4= +github.com/sagernet/sing v0.1.1 h1:wtCGreL9UNtoLcDvSLoZQWf1dtqmLWogbcwRAD9nz4E= +github.com/sagernet/sing v0.1.1/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= @@ -208,8 +200,6 @@ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc= -go.starlark.net v0.0.0-20221028183056-acb66ad56dd2/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= @@ -223,8 +213,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9 h1:yZNXmy+j/JpX19vZkVktWqAo7Gny4PBWYYK3zskGpx4= -golang.org/x/exp v0.0.0-20221126150942-6ab00d035af9/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -288,8 +276,6 @@ golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE= -golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -302,8 +288,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM= -golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -324,8 +308,6 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c= -google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= From c9b6fc01046f59d25ba4274020f09da8e8d94c36 Mon Sep 17 00:00:00 2001 From: PMExtra Date: Thu, 15 Dec 2022 19:15:43 +0800 Subject: [PATCH 16/91] Add custom header support for HTTP proxy --- infra/conf/http.go | 8 +++ proxy/http/client.go | 51 ++++++++++++++- proxy/http/config.pb.go | 135 ++++++++++++++++++++++++++++++++-------- proxy/http/config.proto | 6 ++ 4 files changed, 172 insertions(+), 28 deletions(-) diff --git a/infra/conf/http.go b/infra/conf/http.go index c917197c4d18..ddeaa69e2237 100644 --- a/infra/conf/http.go +++ b/infra/conf/http.go @@ -53,6 +53,7 @@ type HTTPRemoteConfig struct { type HTTPClientConfig struct { Servers []*HTTPRemoteConfig `json:"servers"` + Headers map[string]string `json:"headers"` } func (v *HTTPClientConfig) Build() (proto.Message, error) { @@ -77,5 +78,12 @@ func (v *HTTPClientConfig) Build() (proto.Message, error) { } config.Server[idx] = server } + config.Header = make([]*http.Header, 0, 32) + for key, value := range v.Headers { + config.Header = append(config.Header, &http.Header{ + Key: key, + Value: value, + }) + } return config, nil } diff --git a/proxy/http/client.go b/proxy/http/client.go index ae80e354dbec..71a10e699739 100644 --- a/proxy/http/client.go +++ b/proxy/http/client.go @@ -2,12 +2,14 @@ package http import ( "bufio" + "bytes" "context" "encoding/base64" "io" "net/http" "net/url" "sync" + "text/template" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -30,6 +32,7 @@ import ( type Client struct { serverPicker protocol.ServerPicker policyManager policy.Manager + header []*Header } type h2Conn struct { @@ -60,6 +63,7 @@ func NewClient(ctx context.Context, config *ClientConfig) (*Client, error) { return &Client{ serverPicker: protocol.NewRoundRobinServerPicker(serverList), policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager), + header: config.Header, }, nil } @@ -88,12 +92,17 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter buf.ReleaseMulti(mbuf) defer bytespool.Free(firstPayload) + header, err := fillRequestHeader(ctx, c.header) + if err != nil { + return newError("failed to fill out header").Base(err) + } + if err := retry.ExponentialBackoff(5, 100).On(func() error { server := c.serverPicker.PickServer() dest := server.Destination() user = server.PickUser() - netConn, err := setUpHTTPTunnel(ctx, dest, targetAddr, user, dialer, firstPayload) + netConn, err := setUpHTTPTunnel(ctx, dest, targetAddr, user, dialer, header, firstPayload) if netConn != nil { if _, ok := netConn.(*http2Conn); !ok { if _, err := netConn.Write(firstPayload); err != nil { @@ -139,8 +148,42 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter return nil } +// fillRequestHeader will fill out the template of the headers +func fillRequestHeader(ctx context.Context, header []*Header) ([]*Header, error) { + if len(header) == 0 { + return header, nil + } + + inbound := session.InboundFromContext(ctx) + outbound := session.OutboundFromContext(ctx) + + data := struct { + Source net.Destination + Target net.Destination + }{ + Source: inbound.Source, + Target: outbound.Target, + } + + filled := make([]*Header, len(header)) + for i, h := range header { + tmpl, err := template.New(h.Key).Parse(h.Value) + if err != nil { + return nil, err + } + var buf bytes.Buffer + + if err = tmpl.Execute(&buf, data); err != nil { + return nil, err + } + filled[i] = &Header{Key: h.Key, Value: buf.String()} + } + + return filled, nil +} + // setUpHTTPTunnel will create a socket tunnel via HTTP CONNECT method -func setUpHTTPTunnel(ctx context.Context, dest net.Destination, target string, user *protocol.MemoryUser, dialer internet.Dialer, firstPayload []byte) (net.Conn, error) { +func setUpHTTPTunnel(ctx context.Context, dest net.Destination, target string, user *protocol.MemoryUser, dialer internet.Dialer, header []*Header, firstPayload []byte) (net.Conn, error) { req := &http.Request{ Method: http.MethodConnect, URL: &url.URL{Host: target}, @@ -154,6 +197,10 @@ func setUpHTTPTunnel(ctx context.Context, dest net.Destination, target string, u req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth))) } + for _, h := range header { + req.Header.Set(h.Key, h.Value) + } + connectHTTP1 := func(rawConn net.Conn) (net.Conn, error) { req.Header.Set("Proxy-Connection", "Keep-Alive") diff --git a/proxy/http/config.pb.go b/proxy/http/config.pb.go index de1b916a8aa5..e2613cda6fad 100644 --- a/proxy/http/config.pb.go +++ b/proxy/http/config.pb.go @@ -150,6 +150,61 @@ func (x *ServerConfig) GetUserLevel() uint32 { return 0 } +type Header struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *Header) Reset() { + *x = Header{} + if protoimpl.UnsafeEnabled { + mi := &file_proxy_http_config_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Header) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Header) ProtoMessage() {} + +func (x *Header) ProtoReflect() protoreflect.Message { + mi := &file_proxy_http_config_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Header.ProtoReflect.Descriptor instead. +func (*Header) Descriptor() ([]byte, []int) { + return file_proxy_http_config_proto_rawDescGZIP(), []int{2} +} + +func (x *Header) GetKey() string { + if x != nil { + return x.Key + } + return "" +} + +func (x *Header) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + // ClientConfig is the protobuf config for HTTP proxy client. type ClientConfig struct { state protoimpl.MessageState @@ -158,12 +213,13 @@ type ClientConfig struct { // Sever is a list of HTTP server addresses. Server []*protocol.ServerEndpoint `protobuf:"bytes,1,rep,name=server,proto3" json:"server,omitempty"` + Header []*Header `protobuf:"bytes,2,rep,name=header,proto3" json:"header,omitempty"` } func (x *ClientConfig) Reset() { *x = ClientConfig{} if protoimpl.UnsafeEnabled { - mi := &file_proxy_http_config_proto_msgTypes[2] + mi := &file_proxy_http_config_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -176,7 +232,7 @@ func (x *ClientConfig) String() string { func (*ClientConfig) ProtoMessage() {} func (x *ClientConfig) ProtoReflect() protoreflect.Message { - mi := &file_proxy_http_config_proto_msgTypes[2] + mi := &file_proxy_http_config_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -189,7 +245,7 @@ func (x *ClientConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use ClientConfig.ProtoReflect.Descriptor instead. func (*ClientConfig) Descriptor() ([]byte, []int) { - return file_proxy_http_config_proto_rawDescGZIP(), []int{2} + return file_proxy_http_config_proto_rawDescGZIP(), []int{3} } func (x *ClientConfig) GetServer() []*protocol.ServerEndpoint { @@ -199,6 +255,13 @@ func (x *ClientConfig) GetServer() []*protocol.ServerEndpoint { return nil } +func (x *ClientConfig) GetHeader() []*Header { + if x != nil { + return x.Header + } + return nil +} + var File_proxy_http_config_proto protoreflect.FileDescriptor var file_proxy_http_config_proto_rawDesc = []byte{ @@ -227,17 +290,23 @@ var file_proxy_http_config_proto_rawDesc = []byte{ 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0x4c, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x3c, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, - 0x4f, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x50, 0x01, 0x5a, 0x24, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, - 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x68, 0x74, 0x74, 0x70, 0xaa, 0x02, - 0x0f, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x48, 0x74, 0x74, 0x70, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x01, 0x22, 0x30, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x22, 0x7d, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x12, 0x2f, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x17, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x68, + 0x74, 0x74, 0x70, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x42, 0x4f, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, + 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x50, 0x01, 0x5a, 0x24, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x68, 0x74, 0x74, + 0x70, 0xaa, 0x02, 0x0f, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x48, + 0x74, 0x74, 0x70, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -252,22 +321,24 @@ func file_proxy_http_config_proto_rawDescGZIP() []byte { return file_proxy_http_config_proto_rawDescData } -var file_proxy_http_config_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_proxy_http_config_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_proxy_http_config_proto_goTypes = []interface{}{ (*Account)(nil), // 0: xray.proxy.http.Account (*ServerConfig)(nil), // 1: xray.proxy.http.ServerConfig - (*ClientConfig)(nil), // 2: xray.proxy.http.ClientConfig - nil, // 3: xray.proxy.http.ServerConfig.AccountsEntry - (*protocol.ServerEndpoint)(nil), // 4: xray.common.protocol.ServerEndpoint + (*Header)(nil), // 2: xray.proxy.http.Header + (*ClientConfig)(nil), // 3: xray.proxy.http.ClientConfig + nil, // 4: xray.proxy.http.ServerConfig.AccountsEntry + (*protocol.ServerEndpoint)(nil), // 5: xray.common.protocol.ServerEndpoint } var file_proxy_http_config_proto_depIdxs = []int32{ - 3, // 0: xray.proxy.http.ServerConfig.accounts:type_name -> xray.proxy.http.ServerConfig.AccountsEntry - 4, // 1: xray.proxy.http.ClientConfig.server:type_name -> xray.common.protocol.ServerEndpoint - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 4, // 0: xray.proxy.http.ServerConfig.accounts:type_name -> xray.proxy.http.ServerConfig.AccountsEntry + 5, // 1: xray.proxy.http.ClientConfig.server:type_name -> xray.common.protocol.ServerEndpoint + 2, // 2: xray.proxy.http.ClientConfig.header:type_name -> xray.proxy.http.Header + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name } func init() { file_proxy_http_config_proto_init() } @@ -301,6 +372,18 @@ func file_proxy_http_config_proto_init() { } } file_proxy_http_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Header); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proxy_http_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ClientConfig); i { case 0: return &v.state @@ -319,7 +402,7 @@ func file_proxy_http_config_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proxy_http_config_proto_rawDesc, NumEnums: 0, - NumMessages: 4, + NumMessages: 5, NumExtensions: 0, NumServices: 0, }, diff --git a/proxy/http/config.proto b/proxy/http/config.proto index bcb11ebfee5c..743c85510540 100644 --- a/proxy/http/config.proto +++ b/proxy/http/config.proto @@ -21,8 +21,14 @@ message ServerConfig { uint32 user_level = 4; } +message Header { + string key = 1; + string value = 2; +} + // ClientConfig is the protobuf config for HTTP proxy client. message ClientConfig { // Sever is a list of HTTP server addresses. repeated xray.common.protocol.ServerEndpoint server = 1; + repeated Header header = 2; } From c4fbdf1b786f130ab955ac333604f51d448ea0b2 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 25 Dec 2022 19:37:35 -0500 Subject: [PATCH 17/91] Run core/format.go --- app/dns/dnscommon.go | 2 +- core/context.go | 7 ++-- infra/conf/shadowsocks.go | 10 +++--- infra/conf/transport_internet.go | 4 +-- proxy/shadowsocks_2022/inbound.go | 1 - proxy/shadowsocks_2022/inbound_multi.go | 1 - proxy/vless/encoding/encoding.go | 47 ++++++++++++++----------- proxy/vless/inbound/inbound.go | 12 +++---- proxy/vless/outbound/outbound.go | 8 ++--- proxy/vmess/validator.go | 4 ++- transport/internet/kcp/kcp.go | 5 +-- transport/internet/quic/dialer.go | 4 +-- transport/internet/quic/hub.go | 4 +-- transport/internet/sockopt_darwin.go | 5 +-- transport/internet/sockopt_linux.go | 20 +++++------ transport/internet/tls/grpc.go | 5 +-- transport/internet/websocket/ws.go | 3 +- transport/internet/xtls/xtls.go | 1 - 18 files changed, 76 insertions(+), 67 deletions(-) diff --git a/app/dns/dnscommon.go b/app/dns/dnscommon.go index fa3ac406789a..df1b17afc8c4 100644 --- a/app/dns/dnscommon.go +++ b/app/dns/dnscommon.go @@ -7,8 +7,8 @@ import ( "time" "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/core" diff --git a/core/context.go b/core/context.go index d28ac7e328af..50427964a59a 100644 --- a/core/context.go +++ b/core/context.go @@ -26,7 +26,8 @@ func MustFromContext(ctx context.Context) *Instance { return x } -/* toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. +/* + toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. It is unsupported to use this function to create a context that is suitable to invoke Xray's internal component in third party code, you shouldn't use //go:linkname to alias of this function into your own package and @@ -34,7 +35,6 @@ use this function in your third party code. For third party code, usage enabled by creating a context to interact with Xray's internal component is unsupported, and may break at any time. - */ func toContext(ctx context.Context, v *Instance) context.Context { if FromContext(ctx) != v { @@ -43,7 +43,8 @@ func toContext(ctx context.Context, v *Instance) context.Context { return ctx } -/*ToBackgroundDetachedContext create a detached context from another context +/* +ToBackgroundDetachedContext create a detached context from another context Internal API */ func ToBackgroundDetachedContext(ctx context.Context) context.Context { diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go index d35aa3ab26e5..4b94c8e8b329 100644 --- a/infra/conf/shadowsocks.go +++ b/infra/conf/shadowsocks.go @@ -107,7 +107,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Email = v.Email return config, nil } - + if v.Cipher == "" { return nil, newError("shadowsocks 2022 (multi-user): missing server method") } @@ -120,7 +120,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Method = v.Cipher config.Key = v.Password config.Network = v.NetworkList.Build() - + for _, user := range v.Users { if user.Cipher != "" { return nil, newError("shadowsocks 2022 (multi-user): users must have empty method") @@ -145,10 +145,10 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { return nil, newError("shadowsocks 2022 (relay): all users must have relay address") } config.Destinations = append(config.Destinations, &shadowsocks_2022.RelayDestination{ - Key: user.Password, - Email: user.Email, + Key: user.Password, + Email: user.Email, Address: user.Address.Build(), - Port: uint32(user.Port), + Port: uint32(user.Port), }) } return config, nil diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index efbe40756c59..62afaaafb08f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -533,7 +533,7 @@ type SocketConfig struct { DialerProxy string `json:"dialerProxy"` TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` - TCPCongestion string `json:"tcpCongestion"` + TCPCongestion string `json:"tcpCongestion"` } // Build implements Buildable. @@ -582,7 +582,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { DialerProxy: c.DialerProxy, TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, - TcpCongestion: c.TCPCongestion, + TcpCongestion: c.TCPCongestion, }, nil } diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 52b0a798e050..55bdda9ffc8d 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -11,7 +11,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 91342c764678..662a171c3fe7 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -15,7 +15,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index e1987d981aba..9a1ec42565ae 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -31,10 +31,12 @@ const ( Version = byte(0) ) -var tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} -var tlsClientHandShakeStart = []byte{0x16, 0x03} -var tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} -var tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +var ( + tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} + tlsClientHandShakeStart = []byte{0x16, 0x03} + tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} + tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +) var addrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4), @@ -247,9 +249,10 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c } // XtlsRead filter and read xtls protocol -func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, - counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, - isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32) error { +func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, + counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, + isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterUUID := true @@ -326,9 +329,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } // XtlsWrite filter and write xtls protocol -func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, - ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32) error { +func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, + ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterTlsApplicationData := true @@ -354,7 +358,7 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate buffer[i] = XtlsPadding(b, command, userUUID, ctx) break } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 0 { - //maybe tls 1.1 or 1.0 + // maybe tls 1.1 or 1.0 filterTlsApplicationData = false buffer[i] = XtlsPadding(b, 0x01, userUUID, ctx) break @@ -399,8 +403,9 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate } // XtlsFilterTls filter and recognize tls 1.3 and other info -func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32, ctx context.Context) { +func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, ctx context.Context, +) { for _, b := range buffer { *numberOfPacketToFilter-- if b.Len() >= 6 { @@ -411,8 +416,8 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *isTLS = true if b.Len() >= 79 && *remainingServerHello >= 79 { sessionIdLen := int32(b.Byte(43)) - cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3) - *cipher = uint16(cipherSuite[0]) << 8 | uint16(cipherSuite[1]) + cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3) + *cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1]) } else { newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } @@ -431,7 +436,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt v, ok := Tls13CipherSuiteDic[*cipher] if !ok { v = "Old cipher: " + strconv.FormatUint(uint64(*cipher), 16) - } else if (v != "TLS_AES_128_CCM_8_SHA256") { + } else if v != "TLS_AES_128_CCM_8_SHA256" { *enableXtls = true } newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) @@ -582,9 +587,9 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, } var Tls13CipherSuiteDic = map[uint16]string{ - 0x1301 : "TLS_AES_128_GCM_SHA256", - 0x1302 : "TLS_AES_256_GCM_SHA384", - 0x1303 : "TLS_CHACHA20_POLY1305_SHA256", - 0x1304 : "TLS_AES_128_CCM_SHA256", - 0x1305 : "TLS_AES_128_CCM_8_SHA256", + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8aa337c30904..347f67103748 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -493,8 +493,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } case "", "none": if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { - return newError(account.ID.String() + " is not able to use " + vless.XRV + - ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + return newError(account.ID.String() + " is not able to use " + vless.XRV + + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() @@ -542,11 +542,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.ReadCounter } - //TODO enable splice + // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) } @@ -600,7 +600,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 6dde2736d2a5..d7ed63fae521 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -220,7 +220,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte userUUID := account.ID.Bytes() timeoutReader, ok := clientReader.(buf.TimeoutReader) if ok { - multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond*500) + multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond * 500) if err1 == nil { if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) @@ -250,7 +250,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer @@ -287,8 +287,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { if requestAddons.Flow != vless.XRS { ctx = session.ContextWithInbound(ctx, nil) diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go index 30c44af7b279..c638a23b1cc5 100644 --- a/proxy/vmess/validator.go +++ b/proxy/vmess/validator.go @@ -252,7 +252,9 @@ func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error { return ErrNotFound } -/* ShouldShowLegacyWarn will return whether a Legacy Warning should be shown +/* + ShouldShowLegacyWarn will return whether a Legacy Warning should be shown + Not guaranteed to only return true once for every inbound, but it is okay. */ func (v *TimedUserValidator) ShouldShowLegacyWarn() bool { diff --git a/transport/internet/kcp/kcp.go b/transport/internet/kcp/kcp.go index 242dce949ed5..1a486faaa269 100644 --- a/transport/internet/kcp/kcp.go +++ b/transport/internet/kcp/kcp.go @@ -1,8 +1,9 @@ // Package kcp - A Fast and Reliable ARQ Protocol // // Acknowledgement: -// skywind3000@github for inventing the KCP protocol -// xtaci@github for translating to Golang +// +// skywind3000@github for inventing the KCP protocol +// xtaci@github for translating to Golang package kcp //go:generate go run github.com/xtls/xray-core/common/errors/errorgen diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 9e12513ef3c3..0e4c6a6b759f 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -140,8 +140,8 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add } quicConfig := &quic.Config{ - ConnectionIDLength: 12, - KeepAlivePeriod: 0, + ConnectionIDLength: 12, + KeepAlivePeriod: 0, HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 5d7e2b95395d..27a7e7e0d69a 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -106,8 +106,8 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti quicConfig := &quic.Config{ ConnectionIDLength: 12, KeepAlivePeriod: 0, - HandshakeIdleTimeout: time.Second * 8, - MaxIdleTimeout: time.Second * 300, + HandshakeIdleTimeout: time.Second * 8, + MaxIdleTimeout: time.Second * 300, MaxIncomingStreams: 32, MaxIncomingUniStreams: -1, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/sockopt_darwin.go b/transport/internet/sockopt_darwin.go index 87a524cb4374..5a50efa73ca9 100644 --- a/transport/internet/sockopt_darwin.go +++ b/transport/internet/sockopt_darwin.go @@ -1,11 +1,12 @@ package internet import ( - "github.com/xtls/xray-core/common/net" - "golang.org/x/sys/unix" "os" "syscall" "unsafe" + + "github.com/xtls/xray-core/common/net" + "golang.org/x/sys/unix" ) const ( diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index a5a832984ad5..c805e2e3ddce 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -78,11 +78,11 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { @@ -128,11 +128,11 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { diff --git a/transport/internet/tls/grpc.go b/transport/internet/tls/grpc.go index ede921b7c58d..a698196b9209 100644 --- a/transport/internet/tls/grpc.go +++ b/transport/internet/tls/grpc.go @@ -3,11 +3,12 @@ package tls import ( "context" gotls "crypto/tls" - utls "github.com/refraction-networking/utls" - "google.golang.org/grpc/credentials" "net" "net/url" "strconv" + + utls "github.com/refraction-networking/utls" + "google.golang.org/grpc/credentials" ) // grpcUtlsInfo contains the auth information for a TLS authenticated connection. diff --git a/transport/internet/websocket/ws.go b/transport/internet/websocket/ws.go index 553871006341..85c5ffb014ed 100644 --- a/transport/internet/websocket/ws.go +++ b/transport/internet/websocket/ws.go @@ -1,4 +1,5 @@ -/*Package websocket implements WebSocket transport +/* +Package websocket implements WebSocket transport WebSocket transport implements an HTTP(S) compliable, surveillance proof transport method with plausible deniability. */ diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go index 10e678de842e..452780d2a4d2 100644 --- a/transport/internet/xtls/xtls.go +++ b/transport/internet/xtls/xtls.go @@ -2,7 +2,6 @@ package xtls import ( xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" ) From 3db7d44fc20ee6a3e08c55eb234554e04e936696 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 25 Dec 2022 19:44:05 -0500 Subject: [PATCH 18/91] Update v1.7.0 and denpendencies --- core/core.go | 2 +- go.mod | 10 +++++----- go.sum | 11 +++++++++++ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/core/core.go b/core/core.go index a999ce7f07f0..31c1f845d7d9 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.6.6" + version = "1.7.0" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 008d0c9c2c17..fa3808c42dbb 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 github.com/lucas-clemente/quic-go v0.31.1 - github.com/marten-seemann/qtls-go1-18 v0.1.3 + github.com/marten-seemann/qtls-go1-18 v0.1.4 github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 @@ -39,16 +39,16 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20221203041831-ce31453925ec // indirect + github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect github.com/klauspost/compress v1.15.13 // indirect github.com/klauspost/cpuid/v2 v2.2.2 // indirect github.com/kr/pretty v0.3.1 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect - github.com/onsi/ginkgo/v2 v2.6.0 // indirect + github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect + github.com/onsi/ginkgo/v2 v2.6.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 // indirect + golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index c1d896f67334..3379b20a2aa0 100644 --- a/go.sum +++ b/go.sum @@ -79,6 +79,8 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= +github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -112,8 +114,12 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= +github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= +github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= +github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= +github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= @@ -124,7 +130,10 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= +github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= +github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= +github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -215,6 +224,8 @@ golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= +golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= From 3b2ff95a9ba5bf9715df3d1af9bd229b730121b5 Mon Sep 17 00:00:00 2001 From: thank243 Date: Fri, 30 Dec 2022 11:34:49 +0800 Subject: [PATCH 19/91] update: release.yml (#1464) * update: release.yml * update: release.yml --- .github/workflows/release.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71fb20009da1..07856a60d042 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,18 +169,16 @@ jobs: command: | cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') - for i in "${LIST[@]}" - do - INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) - LASTEST_TAG="$(curl -sL "https://api.github.com/repos/v2fly/${INFO[0]}/releases/latest" | jq -r ".tag_name" || echo "latest")" - FILE_NAME="${INFO[2]}.dat" - echo -e "Downloading https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat..." - curl -L "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://github.com/v2fly/${INFO[0]}/releases/download/${LASTEST_TAG}/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } - done + + wget -O ./build_assets/geoip.dat "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/geoip.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geoip.dat does not match cloud one."; exit 1; } + + wget -O ./build_assets/geosite.dat "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/geosite.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geosite.dat does not match cloud one."; exit 1; } - name: Create ZIP archive shell: bash From 11ec77bc768a07a727d5f5836aa9fe4c8e20421c Mon Sep 17 00:00:00 2001 From: Senis John Date: Fri, 30 Dec 2022 12:27:01 +0800 Subject: [PATCH 20/91] update: release.yml Replace old download URL --- .github/workflows/release.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07856a60d042..56a58f3396e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,16 +169,17 @@ jobs: command: | cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - - wget -O ./build_assets/geoip.dat "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat" - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/geoip/release/geoip.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/geoip.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geoip.dat does not match cloud one."; exit 1; } - - wget -O ./build_assets/geosite.dat "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat" - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/domain-list-community/release/dlc.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/geosite.dat" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of geosite.dat does not match cloud one."; exit 1; } + LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') + for i in "${LIST[@]}" + do + INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) + FILE_NAME="${INFO[2]}.dat" + echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." + curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" + [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } + done - name: Create ZIP archive shell: bash From eaf401eda93ea97f95136e480f465dba8b652275 Mon Sep 17 00:00:00 2001 From: Nanyu <42733664+cross-hello@users.noreply.github.com> Date: Tue, 3 Jan 2023 23:52:11 +0800 Subject: [PATCH 21/91] add file soft link path resolve support (#1482) * add file soft link path resolve * add configuration file soft link path resolve support --- common/platform/filesystem/file.go | 8 ++++++-- infra/conf/serial/builder.go | 7 ++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/common/platform/filesystem/file.go b/common/platform/filesystem/file.go index e10bfc11156e..e8ee46b07467 100644 --- a/common/platform/filesystem/file.go +++ b/common/platform/filesystem/file.go @@ -3,7 +3,7 @@ package filesystem import ( "io" "os" - + "path/filepath" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/platform" ) @@ -11,7 +11,11 @@ import ( type FileReaderFunc func(path string) (io.ReadCloser, error) var NewFileReader FileReaderFunc = func(path string) (io.ReadCloser, error) { - return os.Open(path) + resolved_path,err:=filepath.EvalSymlinks(path) + if err!= nil{ + return nil,err + } + return os.Open(resolved_path) } func ReadFile(path string) ([]byte, error) { diff --git a/infra/conf/serial/builder.go b/infra/conf/serial/builder.go index 443dbdb07528..fc9a0c3cb8d8 100644 --- a/infra/conf/serial/builder.go +++ b/infra/conf/serial/builder.go @@ -2,6 +2,7 @@ package serial import ( "io" + "path/filepath" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/infra/conf" @@ -10,7 +11,11 @@ import ( func BuildConfig(files []string, formats []string) (*core.Config, error) { cf := &conf.Config{} - for i, file := range files { + for i, file_ := range files { + file, err := filepath.EvalSymlinks(file_) + if err != nil { + return nil, err + } newError("Reading config: ", file).AtInfo().WriteToLog() r, err := confloader.LoadConfig(file) if err != nil { From c0ceebe709b98c6f13b1be87c22edee23a68e6be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Jan 2023 00:11:07 +0000 Subject: [PATCH 22/91] Bump github.com/sagernet/sing from 0.1.1 to 0.1.2 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.1 to 0.1.2. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.1...v0.1.2) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 15 ++------------- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index fa3808c42dbb..3a7e531843ea 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.1 + github.com/sagernet/sing v0.1.2 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 3379b20a2aa0..a12f0e1f6788 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,6 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20221203041831-ce31453925ec h1:fR20TYVVwhK4O7r7y+McjRYyaTH6/vjwJOajE+XhlzM= -github.com/google/pprof v0.0.0-20221203041831-ce31453925ec/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= @@ -112,12 +110,8 @@ github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbr github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= -github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= -github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -128,11 +122,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= -github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg= github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= @@ -157,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.1 h1:wtCGreL9UNtoLcDvSLoZQWf1dtqmLWogbcwRAD9nz4E= -github.com/sagernet/sing v0.1.1/go.mod h1:zvgDYKI+vCAW9RyfyrKTgleI+DOa8lzHMPC7VZo3OL4= +github.com/sagernet/sing v0.1.2 h1:rp5AqY23P0klk2IaLEI0/WJsD8FTVlv9TaI2QSL6TDA= +github.com/sagernet/sing v0.1.2/go.mod h1:bvmen56QnVbMrWy+nr5nsbz7U5MUPuY0L0S/XfhCsTs= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= @@ -222,8 +213,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20221211140036-ad323defaf05 h1:T8EldfGCcveFMewH5xAYxxoX3PSQMrsechlUGVFlQBU= -golang.org/x/exp v0.0.0-20221211140036-ad323defaf05/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= From 6f61021f7a7337b2997c442495cb8654d145cf8f Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 6 Jan 2023 05:37:16 +0000 Subject: [PATCH 23/91] XTLS Vision processes struct TLS Conn's input and rawInput Fixes https://github.com/XTLS/Xray-core/issues/1444 --- proxy/vless/encoding/encoding.go | 12 ++++++++++++ proxy/vless/inbound/inbound.go | 15 ++++++++++++++- proxy/vless/outbound/outbound.go | 17 ++++++++++++++++- 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 9a1ec42565ae..dea27044ac2c 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -250,6 +250,7 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c // XtlsRead filter and read xtls protocol func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, + input *bytes.Reader, rawInput *bytes.Buffer, counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { @@ -301,6 +302,17 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } else if currentCommand == 2 { filterUUID = false shouldSwitchToDirectCopy = true + // XTLS Vision processes struct TLS Conn's input and rawInput + if inputBuffer, err := buf.ReadFrom(input); err == nil { + if !inputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, inputBuffer) + } + } + if rawInputBuffer, err := buf.ReadFrom(rawInput); err == nil { + if !rawInputBuffer.IsEmpty() { + buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) + } + } } else if currentCommand != 0 { newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 347f67103748..aa63a95b9862 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -3,12 +3,15 @@ package inbound //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "bytes" "context" "io" + "reflect" "strconv" "strings" "syscall" "time" + "unsafe" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -441,6 +444,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var netConn net.Conn var rawConn syscall.RawConn + var input *bytes.Reader + var rawInput *bytes.Buffer allowNoneFlow := false accountFlow := account.Flow flows := strings.Split(account.Flow, ",") @@ -462,11 +467,15 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() case protocol.RequestCommandTCP: if requestAddons.Flow == vless.XRV { + var t reflect.Type + var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else if _, ok := iConn.(*xtls.Conn); ok { @@ -474,6 +483,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true xtlsConn.SHOW = xtls_show @@ -545,7 +558,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index d7ed63fae521..c84d5b4c6b27 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -3,9 +3,12 @@ package outbound //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "bytes" "context" + "reflect" "syscall" "time" + "unsafe" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -130,6 +133,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var netConn net.Conn var rawConn syscall.RawConn + var input *bytes.Reader + var rawInput *bytes.Buffer allowUDP443 := false switch requestAddons.Flow { case vless.XRO + "-udp443", vless.XRD + "-udp443", vless.XRS + "-udp443", vless.XRV + "-udp443": @@ -147,21 +152,31 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte requestAddons.Flow = "" case protocol.RequestCommandTCP: if requestAddons.Flow == vless.XRV { + var t reflect.Type + var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if utlsConn, ok := iConn.(*tls.UConn); ok { netConn = utlsConn.Conn.NetConn() if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } + t = reflect.TypeOf(utlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(utlsConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { xtlsConn.RPRX = true xtlsConn.SHOW = xtls_show @@ -287,7 +302,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { if requestAddons.Flow != vless.XRS { From 6a85682716952bdceabdea61ab10c0e1b120108f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jan 2023 00:12:37 +0000 Subject: [PATCH 24/91] Bump golang.org/x/crypto from 0.4.0 to 0.5.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 3a7e531843ea..30dd98b76748 100644 --- a/go.mod +++ b/go.mod @@ -22,10 +22,10 @@ require ( github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 go.starlark.net v0.0.0-20221205180719-3fd0dac74452 - golang.org/x/crypto v0.4.0 - golang.org/x/net v0.4.0 + golang.org/x/crypto v0.5.0 + golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.3.0 + golang.org/x/sys v0.4.0 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c @@ -50,7 +50,7 @@ require ( go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect golang.org/x/mod v0.7.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.4.0 // indirect google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect diff --git a/go.sum b/go.sum index a12f0e1f6788..5af27fb9c9b7 100644 --- a/go.sum +++ b/go.sum @@ -210,8 +210,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -235,8 +235,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -264,16 +264,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From 9bc1564b0a4475a4ed5db4a0c52e14f1cf80daab Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 6 Jan 2023 21:10:47 -0500 Subject: [PATCH 25/91] Update v1.7.1 and dependencies --- core/core.go | 2 +- go.mod | 12 ++++++------ go.sum | 12 ++++++++++++ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/core/core.go b/core/core.go index 31c1f845d7d9..11d197159dcc 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.0" + version = "1.7.1" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 30dd98b76748..6b6ea871e26e 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 - go.starlark.net v0.0.0-20221205180719-3fd0dac74452 + go.starlark.net v0.0.0-20230105143730-d7da88764354 golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 @@ -40,20 +40,20 @@ require ( github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect - github.com/klauspost/compress v1.15.13 // indirect - github.com/klauspost/cpuid/v2 v2.2.2 // indirect + github.com/klauspost/compress v1.15.14 // indirect + github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect github.com/onsi/ginkgo/v2 v2.6.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 // indirect + golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.4.0 // indirect - google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect + golang.org/x/tools v0.5.0 // indirect + google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 5af27fb9c9b7..a2d1a48d3126 100644 --- a/go.sum +++ b/go.sum @@ -94,9 +94,13 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= +github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= +github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -202,6 +206,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= +go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= +go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -215,6 +221,8 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= +golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -290,6 +298,8 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= +golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -310,6 +320,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= +google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 8c0d3c02570a73cd55f4f61025701bad7cb63c08 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 11:01:53 +0000 Subject: [PATCH 26/91] XTLS Vision supports acceptProxyProtocol (test needed) Fixes https://github.com/XTLS/Xray-core/issues/1339 --- proxy/vless/inbound/inbound.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index aa63a95b9862..b623fe6e8f5e 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -13,6 +13,7 @@ import ( "time" "unsafe" + "github.com/pires/go-proxyproto" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" @@ -471,6 +472,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader + } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } From ff5ce767dffd976a2fd529e87d3e41c6273e4da5 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 15:11:23 +0000 Subject: [PATCH 27/91] Revert "add file soft link path resolve support (#1482)" (#1495) This reverts commit eaf401eda93ea97f95136e480f465dba8b652275. --- common/platform/filesystem/file.go | 8 ++------ infra/conf/serial/builder.go | 7 +------ 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/common/platform/filesystem/file.go b/common/platform/filesystem/file.go index e8ee46b07467..e10bfc11156e 100644 --- a/common/platform/filesystem/file.go +++ b/common/platform/filesystem/file.go @@ -3,7 +3,7 @@ package filesystem import ( "io" "os" - "path/filepath" + "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/platform" ) @@ -11,11 +11,7 @@ import ( type FileReaderFunc func(path string) (io.ReadCloser, error) var NewFileReader FileReaderFunc = func(path string) (io.ReadCloser, error) { - resolved_path,err:=filepath.EvalSymlinks(path) - if err!= nil{ - return nil,err - } - return os.Open(resolved_path) + return os.Open(path) } func ReadFile(path string) ([]byte, error) { diff --git a/infra/conf/serial/builder.go b/infra/conf/serial/builder.go index fc9a0c3cb8d8..443dbdb07528 100644 --- a/infra/conf/serial/builder.go +++ b/infra/conf/serial/builder.go @@ -2,7 +2,6 @@ package serial import ( "io" - "path/filepath" "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/infra/conf" @@ -11,11 +10,7 @@ import ( func BuildConfig(files []string, formats []string) (*core.Config, error) { cf := &conf.Config{} - for i, file_ := range files { - file, err := filepath.EvalSymlinks(file_) - if err != nil { - return nil, err - } + for i, file := range files { newError("Reading config: ", file).AtInfo().WriteToLog() r, err := confloader.LoadConfig(file) if err != nil { From 1bf3a632ca2cdcc498d96d00191a009b1d8c5c22 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 7 Jan 2023 17:51:40 +0000 Subject: [PATCH 28/91] v1.7.2 --- core/core.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/core.go b/core/core.go index 11d197159dcc..f8c9320efd69 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.1" + version = "1.7.2" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." From ed960cc885e0116249c212d218f3bfd30eb8d3d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 01:01:27 +0000 Subject: [PATCH 29/91] Bump github.com/sagernet/sing from 0.1.2 to 0.1.3 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.2 to 0.1.3. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.2...v0.1.3) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 16 ++-------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 6b6ea871e26e..c756411f6753 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.2 + github.com/sagernet/sing v0.1.3 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index a2d1a48d3126..f05ffb04be3f 100644 --- a/go.sum +++ b/go.sum @@ -92,13 +92,9 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0= -github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.2 h1:xPMwiykqNK9VK0NYC3+jTMYv9I6Vl3YdjZgPZKG3zO0= -github.com/klauspost/cpuid/v2 v2.2.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -152,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.2 h1:rp5AqY23P0klk2IaLEI0/WJsD8FTVlv9TaI2QSL6TDA= -github.com/sagernet/sing v0.1.2/go.mod h1:bvmen56QnVbMrWy+nr5nsbz7U5MUPuY0L0S/XfhCsTs= +github.com/sagernet/sing v0.1.3 h1:G1vs7GIS7fMUvnHUvKVvOvuUrfoKRf0y+qoDhnv3Ezw= +github.com/sagernet/sing v0.1.3/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= @@ -204,8 +200,6 @@ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZ github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA= -go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= @@ -219,8 +213,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15 h1:5oN1Pz/eDhCpbMbLstvIPa0b/BEQo6g6nwV3pLjfM6w= -golang.org/x/exp v0.0.0-20221217163422-3c43f8badb15/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -296,8 +288,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= -golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -318,8 +308,6 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70= -google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= From 7b8ff0111416a269d0a3a64018ef56bc91610cb7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 9 Jan 2023 08:51:51 +0000 Subject: [PATCH 30/91] Make sure that 0 <= b.start <= b.end Fixes https://github.com/XTLS/Xray-core/issues/1501 --- common/buf/buffer.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/common/buf/buffer.go b/common/buf/buffer.go index 370d4a3196f8..82795b98c766 100644 --- a/common/buf/buffer.go +++ b/common/buf/buffer.go @@ -160,6 +160,19 @@ func (b *Buffer) BytesTo(to int32) []byte { return b.v[b.start : b.start+to] } +// Check makes sure that 0 <= b.start <= b.end. +func (b *Buffer) Check() { + if b.start < 0 { + b.start = 0 + } + if b.end < 0 { + b.end = 0 + } + if b.start > b.end { + b.start = b.end + } +} + // Resize cuts the buffer at the given position. func (b *Buffer) Resize(from, to int32) { if from < 0 { @@ -173,6 +186,7 @@ func (b *Buffer) Resize(from, to int32) { } b.end = b.start + to b.start += from + b.Check() } // Advance cuts the buffer at the given position. @@ -181,6 +195,7 @@ func (b *Buffer) Advance(from int32) { from += b.Len() } b.start += from + b.Check() } // Len returns the length of the buffer content. From 717518cb5f55ef0f091cdad84614a4facaeb3dd8 Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Mon, 9 Jan 2023 19:14:03 +0800 Subject: [PATCH 31/91] Refine the logic of security type AUTO (#1509) --- common/protocol/headers.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/common/protocol/headers.go b/common/protocol/headers.go index 1dcc467e5bb1..8806ee803f71 100644 --- a/common/protocol/headers.go +++ b/common/protocol/headers.go @@ -3,6 +3,8 @@ package protocol import ( "runtime" + "golang.org/x/sys/cpu" + "github.com/xtls/xray-core/common/bitmask" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/uuid" @@ -79,9 +81,21 @@ type CommandSwitchAccount struct { ValidMin byte } +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) + func (sc *SecurityConfig) GetSecurityType() SecurityType { if sc == nil || sc.Type == SecurityType_AUTO { - if runtime.GOARCH == "amd64" || runtime.GOARCH == "s390x" || runtime.GOARCH == "arm64" { + if hasAESGCMHardwareSupport { return SecurityType_AES128_GCM } return SecurityType_CHACHA20_POLY1305 From 32ce7cd7308414a72d2e6cd0e5a46d4b6de79eca Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 8 Jan 2023 21:57:24 -0500 Subject: [PATCH 32/91] Add new uTLS fingerprints - correct safari - new format is the variable name in https://github.com/refraction-networking/utls/blob/master/u_common.go#L163 - notable ones "HelloChrome_106_Shuffle", "Hello360_Auto", "HelloQQ_Auto" --- transport/internet/tls/tls.go | 42 ++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index f1291e81c6e7..392df808703b 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -114,8 +114,48 @@ func copyConfig(c *tls.Config) *utls.Config { var Fingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, - "safari": &utls.HelloIOS_Auto, + "safari": &utls.HelloSafari_Auto, "randomized": &utls.HelloRandomized, + // This is a bit lame, but it seems there is no good way to reflect variables from Golang package + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_auto": &utls.HelloFirefox_Auto, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellofirefox_99": &utls.HelloFirefox_99, + "hellofirefox_102": &utls.HelloFirefox_102, + "hellofirefox_105": &utls.HelloFirefox_105, + "hellochrome_auto": &utls.HelloChrome_Auto, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "hellochrome_83": &utls.HelloChrome_83, + "hellochrome_87": &utls.HelloChrome_87, + "hellochrome_96": &utls.HelloChrome_96, + "hellochrome_100": &utls.HelloChrome_100, + "hellochrome_102": &utls.HelloChrome_102, + "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, + "helloios_auto": &utls.HelloIOS_Auto, + "helloios_11_1": &utls.HelloIOS_11_1, + "helloios_12_1": &utls.HelloIOS_12_1, + "helloios_13": &utls.HelloIOS_13, + "helloios_14": &utls.HelloIOS_14, + "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, + "helloedge_auto": &utls.HelloEdge_Auto, + "helloedge_85": &utls.HelloEdge_85, + "helloedge_106": &utls.HelloEdge_106, + "hellosafari_auto": &utls.HelloSafari_Auto, + "hellosafari_16_0": &utls.HelloSafari_16_0, + "hello360_auto": &utls.Hello360_Auto, + "hello360_7_5": &utls.Hello360_7_5, + "hello360_11_0": &utls.Hello360_11_0, + "helloqq_auto": &utls.HelloQQ_Auto, + "helloqq_11_1": &utls.HelloQQ_11_1, } type Interface interface { From 620eb63c1b837d8c00324aa62152bb79d8971820 Mon Sep 17 00:00:00 2001 From: aeeq <398425861@163.com> Date: Mon, 9 Jan 2023 22:26:23 +0800 Subject: [PATCH 33/91] Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494) * Update sockopt_linux.go add Interface Name * Update config.pb.go add Interface Name * Update transport_internet.go add Interface Name * Update config.pb.go * update config.proto add interface * Update config.pb.go --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 56 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 6 ++++ 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 62afaaafb08f..610e252e163c 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -534,6 +534,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + Interface string `json:"interface"` } // Build implements Buildable. @@ -583,6 +584,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + Interface: c.Interface, }, nil } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 1cd5cfa34944..716bdaaa0b67 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.9 // source: transport/internet/config.proto package internet @@ -425,6 +425,7 @@ type SocketConfig struct { TcpKeepAliveInterval int32 `protobuf:"varint,10,opt,name=tcp_keep_alive_interval,json=tcpKeepAliveInterval,proto3" json:"tcp_keep_alive_interval,omitempty"` TcpKeepAliveIdle int32 `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"` TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` + Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` } func (x *SocketConfig) Reset() { @@ -543,6 +544,13 @@ func (x *SocketConfig) GetTcpCongestion() string { return "" } +func (x *SocketConfig) GetInterface() string { + if x != nil { + return x.Interface + } + return "" +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -595,7 +603,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xe8, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0x86, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -630,27 +638,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76, 0x65, 0x49, 0x64, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, - 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x0a, - 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, - 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, - 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, - 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, - 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, - 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, - 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, - 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, - 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, - 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, - 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, - 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, + 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, + 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, + 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, + 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, + 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, + 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, + 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, + 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, + 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, + 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 8b81302f662a..bcd905a6324a 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -98,4 +98,6 @@ message SocketConfig { int32 tcp_keep_alive_idle = 11; string tcp_congestion = 12; + + string interface = 13; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index c805e2e3ddce..a5b7a49f7601 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -46,6 +46,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set SO_MARK").Base(err) } } + + if config.Interface != "" { + if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { + return newError("failed to set Interface").Base(err) + } + } if isTCPSocket(network) { tfo := config.ParseTFOValue() From 0d5c62e44d1aabdb864f3244f8a6b7ecd69204d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Jan 2023 00:13:54 +0000 Subject: [PATCH 34/91] Bump google.golang.org/grpc from 1.51.0 to 1.52.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c756411f6753..96bf50d90be4 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 - google.golang.org/grpc v1.51.0 + google.golang.org/grpc v1.52.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index f05ffb04be3f..2847d92e872d 100644 --- a/go.sum +++ b/go.sum @@ -316,8 +316,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From f536359367380ac63af54913e411775f2731ae77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Jan 2023 00:24:21 +0000 Subject: [PATCH 35/91] Bump github.com/sagernet/sing from 0.1.3 to 0.1.5 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.3 to 0.1.5. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.3...v0.1.5) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 96bf50d90be4..7a70a46accae 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.3 + github.com/sagernet/sing v0.1.5 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 2847d92e872d..3d95c26f661f 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.3 h1:G1vs7GIS7fMUvnHUvKVvOvuUrfoKRf0y+qoDhnv3Ezw= -github.com/sagernet/sing v0.1.3/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.5 h1:1ZHE4cqqds8559RPqzmHiXkOYWyXkNDiULFr00+LxG8= +github.com/sagernet/sing v0.1.5/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 7added2693c4c314bfb9fa5de8f929d17f5e66c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Jan 2023 00:08:41 +0000 Subject: [PATCH 36/91] Bump github.com/sagernet/sing from 0.1.5 to 0.1.6 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.5 to 0.1.6. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7a70a46accae..65b22a64aa4d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.2.0 - github.com/sagernet/sing v0.1.5 + github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.0 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index 3d95c26f661f..47b5da5cc791 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.5 h1:1ZHE4cqqds8559RPqzmHiXkOYWyXkNDiULFr00+LxG8= -github.com/sagernet/sing v0.1.5/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= +github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 77d2f9edd7c3badb4738abdae5bda16c29ea287a Mon Sep 17 00:00:00 2001 From: MP <112455607+asiaqa@users.noreply.github.com> Date: Tue, 17 Jan 2023 11:18:58 +0800 Subject: [PATCH 37/91] Revise the Code per XTLS#1515 (#1536) * Use buf.FromBytes(make([]byte, 0, buf.Size)) to create `first` Fixes https://github.com/XTLS/Xray-core/issues/1515 * Update server.go * Update inbound.go Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- proxy/trojan/server.go | 5 ++--- proxy/vless/inbound/inbound.go | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 618fbe10ca82..6309bbc6596e 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -155,9 +155,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con return newError("unable to set read deadline").Base(err).AtWarning() } - first := buf.New() - defer first.Release() - + first := buf.FromBytes(make([]byte, buf.Size)) + first.Clear() firstLen, err := first.ReadFrom(conn) if err != nil { return newError("failed to read first request").Base(err) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index b623fe6e8f5e..86b09e04f685 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -188,9 +188,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError("unable to set read deadline").Base(err).AtWarning() } - first := buf.New() - defer first.Release() - + first := buf.FromBytes(make([]byte, buf.Size)) + first.Clear() firstLen, _ := first.ReadFrom(connection) newError("firstLen = ", firstLen).AtInfo().WriteToLog(sid) From 3fb67f065ab1a4558d16833746e953ea35081d54 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 20 Jan 2023 23:36:08 -0500 Subject: [PATCH 38/91] Add fingerprint xray_random (#1540) * Add fingerprint xray_random xray_random means to pick a random uTLS fingerprint at the core startup This way, the fingerprint is stable for a user for some days. While there is no identifiable signature for the whole xray community * Fingerprint "random" refine Exclude old fingerprint from RNG --- transport/internet/grpc/dial.go | 2 +- transport/internet/http/dialer.go | 2 +- transport/internet/tcp/dialer.go | 2 +- transport/internet/tls/tls.go | 66 ++++++++++++++++++++------ transport/internet/websocket/dialer.go | 2 +- 5 files changed, 56 insertions(+), 18 deletions(-) diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 9836d93a9bf4..04f81e340a3e 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -122,7 +122,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in if tlsConfig != nil { var transportCredential credentials.TransportCredentials - if fingerprint, exists := tls.Fingerprints[tlsConfig.Fingerprint]; exists { + if fingerprint, exists := tls.GetFingerprint(ctx, tlsConfig.Fingerprint); exists { transportCredential = tls.NewGrpcUtls(tlsConfig.GetTLSConfig(), fingerprint) } else { // Fallback to normal gRPC TLS transportCredential = credentials.NewTLS(tlsConfig.GetTLSConfig()) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 5c4cbdfd95e9..6fef71c54c17 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -75,7 +75,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } var cn tls.Interface - if fingerprint, ok := tls.Fingerprints[tlsConfigs.Fingerprint]; ok { + if fingerprint, ok := tls.GetFingerprint(ctx, tlsConfigs.Fingerprint); ok { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) } else { cn = tls.Client(pconn, tlsConfig).(*tls.Conn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index 296c7d8df2e5..b08fd4b2f88d 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -22,7 +22,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { tlsConfig := config.GetTLSConfig(tls.WithDestination(dest)) - if fingerprint, ok := tls.Fingerprints[config.Fingerprint]; ok { + if fingerprint, ok := tls.GetFingerprint(ctx, config.Fingerprint); ok { conn = tls.UClient(conn, tlsConfig, fingerprint) if err := conn.(*tls.UConn).Handshake(); err != nil { return nil, err diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 392df808703b..9baf4054f333 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -1,17 +1,23 @@ package tls import ( + "context" + "crypto/rand" "crypto/tls" + "math/big" utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/common/session" ) //go:generate go run github.com/xtls/xray-core/common/errors/errorgen var _ buf.Writer = (*Conn)(nil) +var XrayRandom *utls.ClientHelloID + type Conn struct { *tls.Conn } @@ -111,29 +117,63 @@ func copyConfig(c *tls.Config) *utls.Config { } } +func GetFingerprint(ctx context.Context, config string) (*utls.ClientHelloID, bool) { + if XrayRandom == nil { + // lazy init + for k, v := range FingerprintsForRNG { + Fingerprints[k] = v + } + big, err := rand.Int(rand.Reader, big.NewInt(int64(len(FingerprintsForRNG)))) + if err != nil { + newError("failed to generate xray random fingerprint").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + var i = int(big.Int64()) + count := 0 + for k, v := range FingerprintsForRNG { + if count == i { + newError("xray random fingerprint: ", k).WriteToLog(session.ExportIDToError(ctx)) + XrayRandom = v + break + } + count++ + } + } + if config == "random" { + return XrayRandom, true + } + fingerprint, ok := Fingerprints[config] + return fingerprint, ok +} + var Fingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "randomized": &utls.HelloRandomized, // This is a bit lame, but it seems there is no good way to reflect variables from Golang package - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + // We don't RNG for go, randomized, or fingerprints that is more than 4 years old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_11_1": &utls.HelloIOS_11_1, + "hello360_7_5": &utls.Hello360_7_5, +} + +var FingerprintsForRNG = map[string]*utls.ClientHelloID{ "hellofirefox_auto": &utls.HelloFirefox_Auto, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellochrome_auto": &utls.HelloChrome_Auto, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, @@ -141,7 +181,6 @@ var Fingerprints = map[string]*utls.ClientHelloID{ "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "helloios_auto": &utls.HelloIOS_Auto, - "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, @@ -152,7 +191,6 @@ var Fingerprints = map[string]*utls.ClientHelloID{ "hellosafari_auto": &utls.HelloSafari_Auto, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_auto": &utls.Hello360_Auto, - "hello360_7_5": &utls.Hello360_7_5, "hello360_11_0": &utls.Hello360_11_0, "helloqq_auto": &utls.HelloQQ_Auto, "helloqq_11_1": &utls.HelloQQ_11_1, diff --git a/transport/internet/websocket/dialer.go b/transport/internet/websocket/dialer.go index a8f712647adc..a0ac6811f99a 100644 --- a/transport/internet/websocket/dialer.go +++ b/transport/internet/websocket/dialer.go @@ -86,7 +86,7 @@ func dialWebSocket(ctx context.Context, dest net.Destination, streamSettings *in protocol = "wss" tlsConfig := config.GetTLSConfig(tls.WithDestination(dest), tls.WithNextProto("http/1.1")) dialer.TLSClientConfig = tlsConfig - if fingerprint, exists := tls.Fingerprints[config.Fingerprint]; exists { + if fingerprint, exists := tls.GetFingerprint(ctx, config.Fingerprint); exists { dialer.NetDialTLSContext = func(_ context.Context, _, addr string) (gonet.Conn, error) { // Like the NetDial in the dialer pconn, err := internet.DialSystem(ctx, dest, streamSettings.SocketSettings) From fb212905bdeaeac1ba4440453d22fa75bbd0ccd1 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 26 Jan 2023 22:43:58 -0500 Subject: [PATCH 39/91] XTLS Vision checks outer TLS version (#1554) --- proxy/vless/inbound/inbound.go | 4 ++++ proxy/vless/outbound/outbound.go | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 86b09e04f685..76051288d4f2 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -5,6 +5,7 @@ package inbound import ( "bytes" "context" + gotls "crypto/tls" "io" "reflect" "strconv" @@ -470,6 +471,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var t reflect.Type var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + } netConn = tlsConn.NetConn() if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index c84d5b4c6b27..a4c70a2b365c 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -5,11 +5,13 @@ package outbound import ( "bytes" "context" + gotls "crypto/tls" "reflect" "syscall" "time" "unsafe" + utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" @@ -261,6 +263,15 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var err error if rawConn != nil && requestAddons.Flow == vless.XRV { + if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + } + } else if utlsConn, ok := iConn.(*tls.UConn); ok { + if utlsConn.ConnectionState().Version != utls.VersionTLS13 { + return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() + } + } var counter stats.Counter if statConn != nil { counter = statConn.WriteCounter From f571aa72df21dc5b90fd7aa59a4e93728b5ec0d1 Mon Sep 17 00:00:00 2001 From: mra9776 Date: Fri, 27 Jan 2023 07:49:49 +0330 Subject: [PATCH 40/91] uTLS PinnedPeerCertificateChainSha256 (#1556) * Add tests for utls PinnedPeerCertificateChain * Fix utls not checking PinnedPeerCertificate Co-authored-by: ahmadi --- testing/scenarios/tls_test.go | 313 ++++++++++++++++++++++++++++++++++ transport/internet/tls/tls.go | 7 +- 2 files changed, 317 insertions(+), 3 deletions(-) diff --git a/testing/scenarios/tls_test.go b/testing/scenarios/tls_test.go index cac1d49933af..0b752ecf8c63 100644 --- a/testing/scenarios/tls_test.go +++ b/testing/scenarios/tls_test.go @@ -928,3 +928,316 @@ func TestSimpleTLSConnectionPinned(t *testing.T) { t.Fatal(err) } } + +func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + certHash[1] += 1 + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { + t.Fatal(err) + } +} + +func TestUTLSConnectionPinned(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Fingerprint: "random", + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { + t.Fatal(err) + } +} + +func TestUTLSConnectionPinnedWrongCert(t *testing.T) { + tcpServer := tcp.Server{ + MsgProcessor: xor, + } + dest, err := tcpServer.Start() + common.Must(err) + defer tcpServer.Close() + certificateDer := cert.MustGenerate(nil) + certificate := tls.ParseCertificate(certificateDer) + certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) + certHash[1] += 1 + userID := protocol.NewID(uuid.New()) + serverPort := tcp.PickPort() + serverConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Certificate: []*tls.Certificate{certificate}, + }), + }, + }, + }), + ProxySettings: serial.ToTypedMessage(&inbound.Config{ + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&freedom.Config{}), + }, + }, + } + + clientPort := tcp.PickPort() + clientConfig := &core.Config{ + Inbound: []*core.InboundHandlerConfig{ + { + ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ + PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, + Listen: net.NewIPOrDomain(net.LocalHostIP), + }), + ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ + Address: net.NewIPOrDomain(dest.Address), + Port: uint32(dest.Port), + NetworkList: &net.NetworkList{ + Network: []net.Network{net.Network_TCP}, + }, + }), + }, + }, + Outbound: []*core.OutboundHandlerConfig{ + { + ProxySettings: serial.ToTypedMessage(&outbound.Config{ + Receiver: []*protocol.ServerEndpoint{ + { + Address: net.NewIPOrDomain(net.LocalHostIP), + Port: uint32(serverPort), + User: []*protocol.User{ + { + Account: serial.ToTypedMessage(&vmess.Account{ + Id: userID.String(), + }), + }, + }, + }, + }, + }), + SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ + StreamSettings: &internet.StreamConfig{ + SecurityType: serial.GetMessageType(&tls.Config{}), + SecuritySettings: []*serial.TypedMessage{ + serial.ToTypedMessage(&tls.Config{ + Fingerprint: "random", + AllowInsecure: true, + PinnedPeerCertificateChainSha256: [][]byte{certHash}, + }), + }, + }, + }), + }, + }, + } + + servers, err := InitializeServerConfigs(serverConfig, clientConfig) + common.Must(err) + defer CloseAllServers(servers) + + if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { + t.Fatal(err) + } +} diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 9baf4054f333..728480f85cc0 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -111,9 +111,10 @@ func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) ne func copyConfig(c *tls.Config) *utls.Config { return &utls.Config{ - RootCAs: c.RootCAs, - ServerName: c.ServerName, - InsecureSkipVerify: c.InsecureSkipVerify, + RootCAs: c.RootCAs, + ServerName: c.ServerName, + InsecureSkipVerify: c.InsecureSkipVerify, + VerifyPeerCertificate: c.VerifyPeerCertificate, } } From 915690b9efe9c8735834e61c7ec5c5d7f23ab32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Jan 2023 00:09:42 +0000 Subject: [PATCH 41/91] Bump google.golang.org/grpc from 1.52.0 to 1.52.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.52.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.52.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 65b22a64aa4d..ad08bd91991f 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 - google.golang.org/grpc v1.52.0 + google.golang.org/grpc v1.52.3 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 47b5da5cc791..926411041f92 100644 --- a/go.sum +++ b/go.sum @@ -316,8 +316,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 15bb23e4ecbd0e929336600694b35f880db88cf4 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 28 Jan 2023 00:39:36 -0500 Subject: [PATCH 42/91] XTLS Vision rejects Mux except for XUDP (#1567) * Xtls vision reject vless-tcp-tls+Mux * Address review comment --- proxy/vless/inbound/inbound.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 76051288d4f2..d4ea246d3da7 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -154,6 +154,19 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) { return handler, nil } +func isMuxAndNotXUDP(request *protocol.RequestHeader, first *buf.Buffer) bool { + if request.Command != protocol.RequestCommandMux { + return false + } + if first.Len() < 7 { + return true + } + firstBytes := first.Bytes() + return !(firstBytes[2] == 0 && // ID high + firstBytes[3] == 0 && // ID low + firstBytes[6] == 2) // Network type: UDP +} + // Close implements common.Closable.Close(). func (h *Handler) Close() error { return errors.Combine(common.Close(h.validator)) @@ -513,7 +526,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "", "none": - if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { + if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { return newError(account.ID.String() + " is not able to use " + vless.XRV + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } From b70912799bdb84caae4cd7ea44108875d91adaf7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 30 Jan 2023 04:35:30 +0000 Subject: [PATCH 43/91] Generate *.pb.go files with protoc v3.21.12 https://github.com/protocolbuffers/protobuf/releases/tag/v21.12 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 go run ./infra/vprotogen --- app/commander/config.pb.go | 2 +- app/dispatcher/config.pb.go | 2 +- app/dns/config.pb.go | 2 +- app/dns/fakedns/fakedns.pb.go | 2 +- app/log/command/config.pb.go | 2 +- app/log/command/config_grpc.pb.go | 2 +- app/log/config.pb.go | 2 +- app/metrics/config.pb.go | 2 +- app/observatory/command/command.pb.go | 2 +- app/observatory/command/command_grpc.pb.go | 2 +- app/observatory/config.pb.go | 2 +- app/policy/config.pb.go | 2 +- app/proxyman/command/command.pb.go | 2 +- app/proxyman/command/command_grpc.pb.go | 2 +- app/proxyman/config.pb.go | 2 +- app/reverse/config.pb.go | 2 +- app/router/command/command.pb.go | 2 +- app/router/command/command_grpc.pb.go | 2 +- app/router/config.pb.go | 2 +- app/stats/command/command.pb.go | 2 +- app/stats/command/command_grpc.pb.go | 2 +- app/stats/config.pb.go | 2 +- common/log/log.pb.go | 2 +- common/net/address.pb.go | 2 +- common/net/destination.pb.go | 2 +- common/net/network.pb.go | 2 +- common/net/port.pb.go | 2 +- common/protocol/headers.pb.go | 2 +- common/protocol/server_spec.pb.go | 2 +- common/protocol/user.pb.go | 2 +- common/serial/typed_message.pb.go | 2 +- core/config.pb.go | 2 +- proxy/blackhole/config.pb.go | 2 +- proxy/dns/config.pb.go | 2 +- proxy/dokodemo/config.pb.go | 2 +- proxy/freedom/config.pb.go | 2 +- proxy/http/config.pb.go | 2 +- proxy/loopback/config.pb.go | 2 +- proxy/mtproto/config.pb.go | 2 +- proxy/shadowsocks/config.pb.go | 2 +- proxy/shadowsocks_2022/config.pb.go | 2 +- proxy/socks/config.pb.go | 2 +- proxy/trojan/config.pb.go | 2 +- proxy/vless/account.pb.go | 2 +- proxy/vless/encoding/addons.pb.go | 2 +- proxy/vless/inbound/config.pb.go | 2 +- proxy/vless/outbound/config.pb.go | 2 +- proxy/vmess/account.pb.go | 2 +- proxy/vmess/inbound/config.pb.go | 2 +- proxy/vmess/outbound/config.pb.go | 2 +- proxy/wireguard/config.pb.go | 2 +- transport/global/config.pb.go | 2 +- transport/internet/config.pb.go | 2 +- transport/internet/domainsocket/config.pb.go | 2 +- transport/internet/grpc/config.pb.go | 2 +- transport/internet/grpc/encoding/stream.pb.go | 2 +- transport/internet/grpc/encoding/stream_grpc.pb.go | 2 +- transport/internet/headers/http/config.pb.go | 2 +- transport/internet/headers/noop/config.pb.go | 2 +- transport/internet/headers/srtp/config.pb.go | 2 +- transport/internet/headers/tls/config.pb.go | 2 +- transport/internet/headers/utp/config.pb.go | 2 +- transport/internet/headers/wechat/config.pb.go | 2 +- transport/internet/headers/wireguard/config.pb.go | 2 +- transport/internet/http/config.pb.go | 2 +- transport/internet/kcp/config.pb.go | 2 +- transport/internet/quic/config.pb.go | 2 +- transport/internet/tcp/config.pb.go | 2 +- transport/internet/tls/config.pb.go | 2 +- transport/internet/udp/config.pb.go | 2 +- transport/internet/websocket/config.pb.go | 2 +- transport/internet/xtls/config.pb.go | 2 +- 72 files changed, 72 insertions(+), 72 deletions(-) diff --git a/app/commander/config.pb.go b/app/commander/config.pb.go index 7777de4188c2..1ebbe094fb7d 100644 --- a/app/commander/config.pb.go +++ b/app/commander/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/commander/config.proto package commander diff --git a/app/dispatcher/config.pb.go b/app/dispatcher/config.pb.go index a4777b9db339..04e8d7a373eb 100644 --- a/app/dispatcher/config.pb.go +++ b/app/dispatcher/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dispatcher/config.proto package dispatcher diff --git a/app/dns/config.pb.go b/app/dns/config.pb.go index 3d7f537e1753..7474c04a43f4 100644 --- a/app/dns/config.pb.go +++ b/app/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dns/config.proto package dns diff --git a/app/dns/fakedns/fakedns.pb.go b/app/dns/fakedns/fakedns.pb.go index 13f7bb35160b..8cf02aee889b 100644 --- a/app/dns/fakedns/fakedns.pb.go +++ b/app/dns/fakedns/fakedns.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/dns/fakedns/fakedns.proto package fakedns diff --git a/app/log/command/config.pb.go b/app/log/command/config.pb.go index b8b5635014c7..ceda9127625a 100644 --- a/app/log/command/config.pb.go +++ b/app/log/command/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/log/command/config.proto package command diff --git a/app/log/command/config_grpc.pb.go b/app/log/command/config_grpc.pb.go index 7908855b1804..653c395c5480 100644 --- a/app/log/command/config_grpc.pb.go +++ b/app/log/command/config_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/log/command/config.proto package command diff --git a/app/log/config.pb.go b/app/log/config.pb.go index 95b5468efb4d..a70d2923d6ba 100644 --- a/app/log/config.pb.go +++ b/app/log/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/log/config.proto package log diff --git a/app/metrics/config.pb.go b/app/metrics/config.pb.go index 614f2d85fe6d..24c5629efe60 100644 --- a/app/metrics/config.pb.go +++ b/app/metrics/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/metrics/config.proto package metrics diff --git a/app/observatory/command/command.pb.go b/app/observatory/command/command.pb.go index 743ca7c23ec9..c5ffdce54690 100644 --- a/app/observatory/command/command.pb.go +++ b/app/observatory/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/observatory/command/command.proto package command diff --git a/app/observatory/command/command_grpc.pb.go b/app/observatory/command/command_grpc.pb.go index 0cbd99210c17..2a3da93ecae8 100644 --- a/app/observatory/command/command_grpc.pb.go +++ b/app/observatory/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/observatory/command/command.proto package command diff --git a/app/observatory/config.pb.go b/app/observatory/config.pb.go index 2c9a5bc8e84d..a6d36eada1a9 100644 --- a/app/observatory/config.pb.go +++ b/app/observatory/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/observatory/config.proto package observatory diff --git a/app/policy/config.pb.go b/app/policy/config.pb.go index 45b3082cd130..66da6d116a7c 100644 --- a/app/policy/config.pb.go +++ b/app/policy/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/policy/config.proto package policy diff --git a/app/proxyman/command/command.pb.go b/app/proxyman/command/command.pb.go index 4408c93e4b7c..5730955c53fd 100644 --- a/app/proxyman/command/command.pb.go +++ b/app/proxyman/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/proxyman/command/command.proto package command diff --git a/app/proxyman/command/command_grpc.pb.go b/app/proxyman/command/command_grpc.pb.go index 2b3344f7b563..979b101f35a9 100644 --- a/app/proxyman/command/command_grpc.pb.go +++ b/app/proxyman/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/proxyman/command/command.proto package command diff --git a/app/proxyman/config.pb.go b/app/proxyman/config.pb.go index d7ff274ce430..2dfe29310489 100644 --- a/app/proxyman/config.pb.go +++ b/app/proxyman/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/proxyman/config.proto package proxyman diff --git a/app/reverse/config.pb.go b/app/reverse/config.pb.go index aebf9f9c9915..c54782809716 100644 --- a/app/reverse/config.pb.go +++ b/app/reverse/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/reverse/config.proto package reverse diff --git a/app/router/command/command.pb.go b/app/router/command/command.pb.go index 598ea2d05034..41c52388ee92 100644 --- a/app/router/command/command.pb.go +++ b/app/router/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/router/command/command.proto package command diff --git a/app/router/command/command_grpc.pb.go b/app/router/command/command_grpc.pb.go index 3b830dfbf535..50c6de29e811 100644 --- a/app/router/command/command_grpc.pb.go +++ b/app/router/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/router/command/command.proto package command diff --git a/app/router/config.pb.go b/app/router/config.pb.go index f425fe260205..0089a1a8f83c 100644 --- a/app/router/config.pb.go +++ b/app/router/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/router/config.proto package router diff --git a/app/stats/command/command.pb.go b/app/stats/command/command.pb.go index ac995f702504..005722b66ffd 100644 --- a/app/stats/command/command.pb.go +++ b/app/stats/command/command.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/stats/command/command.proto package command diff --git a/app/stats/command/command_grpc.pb.go b/app/stats/command/command_grpc.pb.go index b38fadce268a..38e9d3fbfc5f 100644 --- a/app/stats/command/command_grpc.pb.go +++ b/app/stats/command/command_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: app/stats/command/command.proto package command diff --git a/app/stats/config.pb.go b/app/stats/config.pb.go index b8146ff4b5ef..99c573b5c2d2 100644 --- a/app/stats/config.pb.go +++ b/app/stats/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: app/stats/config.proto package stats diff --git a/common/log/log.pb.go b/common/log/log.pb.go index 43f9e4250395..321ae16bd944 100644 --- a/common/log/log.pb.go +++ b/common/log/log.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/log/log.proto package log diff --git a/common/net/address.pb.go b/common/net/address.pb.go index fb996502f3d9..5757a0184dc6 100644 --- a/common/net/address.pb.go +++ b/common/net/address.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/address.proto package net diff --git a/common/net/destination.pb.go b/common/net/destination.pb.go index f0c77b991356..2d557b84617b 100644 --- a/common/net/destination.pb.go +++ b/common/net/destination.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/destination.proto package net diff --git a/common/net/network.pb.go b/common/net/network.pb.go index 9ca8415063fd..699557f74113 100644 --- a/common/net/network.pb.go +++ b/common/net/network.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/network.proto package net diff --git a/common/net/port.pb.go b/common/net/port.pb.go index 395b3e6b7ec2..cae70bc9e525 100644 --- a/common/net/port.pb.go +++ b/common/net/port.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/net/port.proto package net diff --git a/common/protocol/headers.pb.go b/common/protocol/headers.pb.go index 3a3f64c4620c..4096d56f9c3c 100644 --- a/common/protocol/headers.pb.go +++ b/common/protocol/headers.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/headers.proto package protocol diff --git a/common/protocol/server_spec.pb.go b/common/protocol/server_spec.pb.go index e06b8a65966c..ea12a4bb2827 100644 --- a/common/protocol/server_spec.pb.go +++ b/common/protocol/server_spec.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/server_spec.proto package protocol diff --git a/common/protocol/user.pb.go b/common/protocol/user.pb.go index d1cdf5be57b9..bc3b2bf88142 100644 --- a/common/protocol/user.pb.go +++ b/common/protocol/user.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/protocol/user.proto package protocol diff --git a/common/serial/typed_message.pb.go b/common/serial/typed_message.pb.go index bb21f7019945..7bdbbf3a34f8 100644 --- a/common/serial/typed_message.pb.go +++ b/common/serial/typed_message.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: common/serial/typed_message.proto package serial diff --git a/core/config.pb.go b/core/config.pb.go index c6f8c6c70cbd..2364674d4d4f 100644 --- a/core/config.pb.go +++ b/core/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: core/config.proto package core diff --git a/proxy/blackhole/config.pb.go b/proxy/blackhole/config.pb.go index 029876259b7b..54d2279e211a 100644 --- a/proxy/blackhole/config.pb.go +++ b/proxy/blackhole/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/blackhole/config.proto package blackhole diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go index 6fcc0027a6a5..653fe141755a 100644 --- a/proxy/dns/config.pb.go +++ b/proxy/dns/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/dns/config.proto package dns diff --git a/proxy/dokodemo/config.pb.go b/proxy/dokodemo/config.pb.go index e71b87a99cbe..82eb0704a4af 100644 --- a/proxy/dokodemo/config.pb.go +++ b/proxy/dokodemo/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/dokodemo/config.proto package dokodemo diff --git a/proxy/freedom/config.pb.go b/proxy/freedom/config.pb.go index e25bc943feb8..5c95bce7eb8e 100644 --- a/proxy/freedom/config.pb.go +++ b/proxy/freedom/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/freedom/config.proto package freedom diff --git a/proxy/http/config.pb.go b/proxy/http/config.pb.go index e2613cda6fad..813a56c8d370 100644 --- a/proxy/http/config.pb.go +++ b/proxy/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/http/config.proto package http diff --git a/proxy/loopback/config.pb.go b/proxy/loopback/config.pb.go index 2fc1234cf3de..c13c14af0a55 100644 --- a/proxy/loopback/config.pb.go +++ b/proxy/loopback/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/loopback/config.proto package loopback diff --git a/proxy/mtproto/config.pb.go b/proxy/mtproto/config.pb.go index 9f30cc559a64..425c76726c61 100644 --- a/proxy/mtproto/config.pb.go +++ b/proxy/mtproto/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/mtproto/config.proto package mtproto diff --git a/proxy/shadowsocks/config.pb.go b/proxy/shadowsocks/config.pb.go index bd44bed7a997..5e89e40f8690 100644 --- a/proxy/shadowsocks/config.pb.go +++ b/proxy/shadowsocks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/shadowsocks/config.proto package shadowsocks diff --git a/proxy/shadowsocks_2022/config.pb.go b/proxy/shadowsocks_2022/config.pb.go index ff3fae7d7f65..50626f7a4b00 100644 --- a/proxy/shadowsocks_2022/config.pb.go +++ b/proxy/shadowsocks_2022/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/shadowsocks_2022/config.proto package shadowsocks_2022 diff --git a/proxy/socks/config.pb.go b/proxy/socks/config.pb.go index 8ca080837ff7..3cb7d172cc8a 100644 --- a/proxy/socks/config.pb.go +++ b/proxy/socks/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/socks/config.proto package socks diff --git a/proxy/trojan/config.pb.go b/proxy/trojan/config.pb.go index eaa71eff8f9a..17b485dae062 100644 --- a/proxy/trojan/config.pb.go +++ b/proxy/trojan/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/trojan/config.proto package trojan diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index 50ce9378110d..ea425c735197 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/account.proto package vless diff --git a/proxy/vless/encoding/addons.pb.go b/proxy/vless/encoding/addons.pb.go index 170cf13559e2..a5b97f814128 100644 --- a/proxy/vless/encoding/addons.pb.go +++ b/proxy/vless/encoding/addons.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/encoding/addons.proto package encoding diff --git a/proxy/vless/inbound/config.pb.go b/proxy/vless/inbound/config.pb.go index e69d7bf1fbad..4061e1209d89 100644 --- a/proxy/vless/inbound/config.pb.go +++ b/proxy/vless/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/inbound/config.proto package inbound diff --git a/proxy/vless/outbound/config.pb.go b/proxy/vless/outbound/config.pb.go index 14839ba74771..4d1b7938f88b 100644 --- a/proxy/vless/outbound/config.pb.go +++ b/proxy/vless/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vless/outbound/config.proto package outbound diff --git a/proxy/vmess/account.pb.go b/proxy/vmess/account.pb.go index bd3ad96e7861..0f2f6159cb00 100644 --- a/proxy/vmess/account.pb.go +++ b/proxy/vmess/account.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/account.proto package vmess diff --git a/proxy/vmess/inbound/config.pb.go b/proxy/vmess/inbound/config.pb.go index 0b381be0e21f..fc7bf36f00c6 100644 --- a/proxy/vmess/inbound/config.pb.go +++ b/proxy/vmess/inbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/inbound/config.proto package inbound diff --git a/proxy/vmess/outbound/config.pb.go b/proxy/vmess/outbound/config.pb.go index 6e2d00a792e1..700127a8ee0b 100644 --- a/proxy/vmess/outbound/config.pb.go +++ b/proxy/vmess/outbound/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: proxy/vmess/outbound/config.proto package outbound diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go index 149fa9589c35..e290af8a0e30 100644 --- a/proxy/wireguard/config.pb.go +++ b/proxy/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.9 +// protoc v3.21.12 // source: proxy/wireguard/config.proto package wireguard diff --git a/transport/global/config.pb.go b/transport/global/config.pb.go index 78e97b1e199a..eb0fcd0df130 100644 --- a/transport/global/config.pb.go +++ b/transport/global/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/global/config.proto package global diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 716bdaaa0b67..67bf9f5aebfe 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.9 +// protoc v3.21.12 // source: transport/internet/config.proto package internet diff --git a/transport/internet/domainsocket/config.pb.go b/transport/internet/domainsocket/config.pb.go index 40cebd5965a4..23628e02739f 100644 --- a/transport/internet/domainsocket/config.pb.go +++ b/transport/internet/domainsocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/domainsocket/config.proto package domainsocket diff --git a/transport/internet/grpc/config.pb.go b/transport/internet/grpc/config.pb.go index f45f090a2ed0..9a94984d4905 100644 --- a/transport/internet/grpc/config.pb.go +++ b/transport/internet/grpc/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/grpc/config.proto package grpc diff --git a/transport/internet/grpc/encoding/stream.pb.go b/transport/internet/grpc/encoding/stream.pb.go index 65ca0859aaf7..c605613d65dd 100644 --- a/transport/internet/grpc/encoding/stream.pb.go +++ b/transport/internet/grpc/encoding/stream.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/grpc/encoding/stream.proto package encoding diff --git a/transport/internet/grpc/encoding/stream_grpc.pb.go b/transport/internet/grpc/encoding/stream_grpc.pb.go index fa1d195090dc..ab75a5d84dda 100644 --- a/transport/internet/grpc/encoding/stream_grpc.pb.go +++ b/transport/internet/grpc/encoding/stream_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.18.0 +// - protoc v3.21.12 // source: transport/internet/grpc/encoding/stream.proto package encoding diff --git a/transport/internet/headers/http/config.pb.go b/transport/internet/headers/http/config.pb.go index 6ba64c5386e8..382ced8447f6 100644 --- a/transport/internet/headers/http/config.pb.go +++ b/transport/internet/headers/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/http/config.proto package http diff --git a/transport/internet/headers/noop/config.pb.go b/transport/internet/headers/noop/config.pb.go index 81f254a2e5da..534b3701b3c1 100644 --- a/transport/internet/headers/noop/config.pb.go +++ b/transport/internet/headers/noop/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/noop/config.proto package noop diff --git a/transport/internet/headers/srtp/config.pb.go b/transport/internet/headers/srtp/config.pb.go index b9992d37776b..5c0f9cfff712 100644 --- a/transport/internet/headers/srtp/config.pb.go +++ b/transport/internet/headers/srtp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/srtp/config.proto package srtp diff --git a/transport/internet/headers/tls/config.pb.go b/transport/internet/headers/tls/config.pb.go index e24daf8e916a..7867f69c253a 100644 --- a/transport/internet/headers/tls/config.pb.go +++ b/transport/internet/headers/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/tls/config.proto package tls diff --git a/transport/internet/headers/utp/config.pb.go b/transport/internet/headers/utp/config.pb.go index a0ce40125c1b..c7658b0b3f5d 100644 --- a/transport/internet/headers/utp/config.pb.go +++ b/transport/internet/headers/utp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/utp/config.proto package utp diff --git a/transport/internet/headers/wechat/config.pb.go b/transport/internet/headers/wechat/config.pb.go index 928678ff0f12..1b624b592178 100644 --- a/transport/internet/headers/wechat/config.pb.go +++ b/transport/internet/headers/wechat/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/wechat/config.proto package wechat diff --git a/transport/internet/headers/wireguard/config.pb.go b/transport/internet/headers/wireguard/config.pb.go index d10072a4f448..8d3be7a1df9e 100644 --- a/transport/internet/headers/wireguard/config.pb.go +++ b/transport/internet/headers/wireguard/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/headers/wireguard/config.proto package wireguard diff --git a/transport/internet/http/config.pb.go b/transport/internet/http/config.pb.go index cef7700253ba..f87a59e8c476 100644 --- a/transport/internet/http/config.pb.go +++ b/transport/internet/http/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/http/config.proto package http diff --git a/transport/internet/kcp/config.pb.go b/transport/internet/kcp/config.pb.go index 3af1ffa09686..0e10dac46895 100644 --- a/transport/internet/kcp/config.pb.go +++ b/transport/internet/kcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/kcp/config.proto package kcp diff --git a/transport/internet/quic/config.pb.go b/transport/internet/quic/config.pb.go index 15f1436eed9b..36aa03da31ad 100644 --- a/transport/internet/quic/config.pb.go +++ b/transport/internet/quic/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/quic/config.proto package quic diff --git a/transport/internet/tcp/config.pb.go b/transport/internet/tcp/config.pb.go index 1a73b054bee0..c2b949dea992 100644 --- a/transport/internet/tcp/config.pb.go +++ b/transport/internet/tcp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/tcp/config.proto package tcp diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go index 3718ead284e3..d038de6bf6bd 100644 --- a/transport/internet/tls/config.pb.go +++ b/transport/internet/tls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/tls/config.proto package tls diff --git a/transport/internet/udp/config.pb.go b/transport/internet/udp/config.pb.go index d58b8b69d851..c01b0e6076cf 100644 --- a/transport/internet/udp/config.pb.go +++ b/transport/internet/udp/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/udp/config.proto package udp diff --git a/transport/internet/websocket/config.pb.go b/transport/internet/websocket/config.pb.go index 6e60f5a811e7..9ba5c1c828c9 100644 --- a/transport/internet/websocket/config.pb.go +++ b/transport/internet/websocket/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/websocket/config.proto package websocket diff --git a/transport/internet/xtls/config.pb.go b/transport/internet/xtls/config.pb.go index c6a6df53c320..edb1f3ff79d8 100644 --- a/transport/internet/xtls/config.pb.go +++ b/transport/internet/xtls/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.18.0 +// protoc v3.21.12 // source: transport/internet/xtls/config.proto package xtls From 74416570d4913952e2b878296cf8e78e2701ff23 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Tue, 31 Jan 2023 18:02:12 +0000 Subject: [PATCH 44/91] Format VLESS inbound.go and outbound.go --- proxy/vless/inbound/inbound.go | 8 ++++---- proxy/vless/outbound/outbound.go | 15 ++++++--------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index d4ea246d3da7..5b0833ca08b5 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -485,16 +485,13 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } netConn = tlsConn.NetConn() if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() // 8192 > 4096, there is no need to process pc's bufReader } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { @@ -504,6 +501,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index a4c70a2b365c..82505911944a 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -158,16 +158,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var p uintptr if tlsConn, ok := iConn.(*tls.Conn); ok { netConn = tlsConn.NetConn() - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if utlsConn, ok := iConn.(*tls.UConn); ok { - netConn = utlsConn.Conn.NetConn() - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } + netConn = utlsConn.NetConn() t = reflect.TypeOf(utlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(utlsConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { @@ -175,6 +169,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } i, _ := t.FieldByName("input") r, _ := t.FieldByName("rawInput") input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) @@ -265,11 +262,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if rawConn != nil && requestAddons.Flow == vless.XRV { if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } } else if utlsConn, ok := iConn.(*tls.UConn); ok { if utlsConn.ConnectionState().Version != utls.VersionTLS13 { - return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning() } } var counter stats.Counter From dc72cf2c780f31138a2f1da3bae386e8d2e53a4c Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 1 Feb 2023 12:58:17 +0000 Subject: [PATCH 45/91] Refine fingerprints Fixes https://github.com/XTLS/Xray-core/issues/1577 --- infra/conf/transport_internet.go | 3 + transport/internet/grpc/dial.go | 2 +- transport/internet/http/dialer.go | 2 +- transport/internet/tcp/dialer.go | 2 +- transport/internet/tls/tls.go | 97 ++++++++++++++------------ transport/internet/websocket/dialer.go | 2 +- 6 files changed, 59 insertions(+), 49 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 610e252e163c..f0b067d89663 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -379,6 +379,9 @@ func (c *TLSConfig) Build() (proto.Message, error) { config.CipherSuites = c.CipherSuites config.PreferServerCipherSuites = c.PreferServerCipherSuites config.Fingerprint = strings.ToLower(c.Fingerprint) + if config.Fingerprint != "" && tls.GetFingerprint(config.Fingerprint) == nil { + return nil, newError(`unknown fingerprint: `, config.Fingerprint) + } config.RejectUnknownSni = c.RejectUnknownSNI if c.PinnedPeerCertificateChainSha256 != nil { diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index 04f81e340a3e..afc270bdc2de 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -122,7 +122,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in if tlsConfig != nil { var transportCredential credentials.TransportCredentials - if fingerprint, exists := tls.GetFingerprint(ctx, tlsConfig.Fingerprint); exists { + if fingerprint := tls.GetFingerprint(tlsConfig.Fingerprint); fingerprint != nil { transportCredential = tls.NewGrpcUtls(tlsConfig.GetTLSConfig(), fingerprint) } else { // Fallback to normal gRPC TLS transportCredential = credentials.NewTLS(tlsConfig.GetTLSConfig()) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 6fef71c54c17..a192bddd8c54 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -75,7 +75,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } var cn tls.Interface - if fingerprint, ok := tls.GetFingerprint(ctx, tlsConfigs.Fingerprint); ok { + if fingerprint := tls.GetFingerprint(tlsConfigs.Fingerprint); fingerprint != nil { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) } else { cn = tls.Client(pconn, tlsConfig).(*tls.Conn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index b08fd4b2f88d..5606cd8dfedc 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -22,7 +22,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { tlsConfig := config.GetTLSConfig(tls.WithDestination(dest)) - if fingerprint, ok := tls.GetFingerprint(ctx, config.Fingerprint); ok { + if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil { conn = tls.UClient(conn, tlsConfig, fingerprint) if err := conn.(*tls.UConn).Handshake(); err != nil { return nil, err diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 728480f85cc0..b3cde8017427 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -1,7 +1,6 @@ package tls import ( - "context" "crypto/rand" "crypto/tls" "math/big" @@ -9,15 +8,12 @@ import ( utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/session" ) //go:generate go run github.com/xtls/xray-core/common/errors/errorgen var _ buf.Writer = (*Conn)(nil) -var XrayRandom *utls.ClientHelloID - type Conn struct { *tls.Conn } @@ -118,58 +114,51 @@ func copyConfig(c *tls.Config) *utls.Config { } } -func GetFingerprint(ctx context.Context, config string) (*utls.ClientHelloID, bool) { - if XrayRandom == nil { - // lazy init - for k, v := range FingerprintsForRNG { - Fingerprints[k] = v - } - big, err := rand.Int(rand.Reader, big.NewInt(int64(len(FingerprintsForRNG)))) - if err != nil { - newError("failed to generate xray random fingerprint").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } - var i = int(big.Int64()) - count := 0 - for k, v := range FingerprintsForRNG { - if count == i { - newError("xray random fingerprint: ", k).WriteToLog(session.ExportIDToError(ctx)) - XrayRandom = v - break - } - count++ +func init() { + bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints)))) + stopAt := int(bigInt.Int64()) + i := 0 + for _, v := range ModernFingerprints { + if i == stopAt { + PresetFingerprints["random"] = v + break } + i++ + } +} + +func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { + if name == "" { + return + } + if fingerprint = PresetFingerprints[name]; fingerprint != nil { + return } - if config == "random" { - return XrayRandom, true + if fingerprint = ModernFingerprints[name]; fingerprint != nil { + return } - fingerprint, ok := Fingerprints[config] - return fingerprint, ok + if fingerprint = OtherFingerprints[name]; fingerprint != nil { + return + } + return } -var Fingerprints = map[string]*utls.ClientHelloID{ +var PresetFingerprints = map[string]*utls.ClientHelloID{ + // Recommended preset options in GUI clients "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, + "ios": &utls.HelloIOS_Auto, + "android": &utls.HelloAndroid_11_OkHttp, + "edge": &utls.HelloEdge_Auto, + "360": &utls.Hello360_Auto, + "qq": &utls.HelloQQ_Auto, + "random": nil, "randomized": &utls.HelloRandomized, - // This is a bit lame, but it seems there is no good way to reflect variables from Golang package - // We don't RNG for go, randomized, or fingerprints that is more than 4 years old - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, - "helloios_11_1": &utls.HelloIOS_11_1, - "hello360_7_5": &utls.Hello360_7_5, } -var FingerprintsForRNG = map[string]*utls.ClientHelloID{ +var ModernFingerprints = map[string]*utls.ClientHelloID{ + // One of these will be chosen as `random` at startup "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, @@ -197,6 +186,24 @@ var FingerprintsForRNG = map[string]*utls.ClientHelloID{ "helloqq_11_1": &utls.HelloQQ_11_1, } +var OtherFingerprints = map[string]*utls.ClientHelloID{ + // Golang, randomized, and fingerprints that are more than 4 years old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_11_1": &utls.HelloIOS_11_1, + "hello360_7_5": &utls.Hello360_7_5, +} + type Interface interface { net.Conn Handshake() error diff --git a/transport/internet/websocket/dialer.go b/transport/internet/websocket/dialer.go index a0ac6811f99a..5017cb5006be 100644 --- a/transport/internet/websocket/dialer.go +++ b/transport/internet/websocket/dialer.go @@ -86,7 +86,7 @@ func dialWebSocket(ctx context.Context, dest net.Destination, streamSettings *in protocol = "wss" tlsConfig := config.GetTLSConfig(tls.WithDestination(dest), tls.WithNextProto("http/1.1")) dialer.TLSClientConfig = tlsConfig - if fingerprint, exists := tls.GetFingerprint(ctx, config.Fingerprint); exists { + if fingerprint := tls.GetFingerprint(config.Fingerprint); fingerprint != nil { dialer.NetDialTLSContext = func(_ context.Context, _, addr string) (gonet.Conn, error) { // Like the NetDial in the dialer pconn, err := internet.DialSystem(ctx, dest, streamSettings.SocketSettings) From bf35e9dcd6391fac01f348d420d062d5640262f1 Mon Sep 17 00:00:00 2001 From: pocketW <104479902+pocketW@users.noreply.github.com> Date: Fri, 20 Jan 2023 22:42:49 +1100 Subject: [PATCH 46/91] fix: handle error raised by dispatcher --- transport/internet/udp/dispatcher.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/transport/internet/udp/dispatcher.go b/transport/internet/udp/dispatcher.go index dda26e6eefed..a8d9c6f50acb 100644 --- a/transport/internet/udp/dispatcher.go +++ b/transport/internet/udp/dispatcher.go @@ -51,12 +51,12 @@ func (v *Dispatcher) RemoveRay(dest net.Destination) { } } -func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *connEntry { +func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) (*connEntry, error) { v.Lock() defer v.Unlock() if entry, found := v.conns[dest]; found { - return entry + return entry, nil } newError("establishing new connection for ", dest).WriteToLog() @@ -67,7 +67,12 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *c v.RemoveRay(dest) } timer := signal.CancelAfterInactivity(ctx, removeRay, time.Minute) - link, _ := v.dispatcher.Dispatch(ctx, dest) + + link, err := v.dispatcher.Dispatch(ctx, dest) + if err != nil { + return nil, newError("failed to dispatch request to ", dest).Base(err) + } + entry := &connEntry{ link: link, timer: timer, @@ -75,14 +80,18 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) *c } v.conns[dest] = entry go handleInput(ctx, entry, dest, v.callback) - return entry + return entry, nil } func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination, payload *buf.Buffer) { // TODO: Add user to destString newError("dispatch request to: ", destination).AtDebug().WriteToLog(session.ExportIDToError(ctx)) - conn := v.getInboundRay(ctx, destination) + conn, err := v.getInboundRay(ctx, destination) + if err != nil { + newError("failed to get inbound").Base(err).WriteToLog(session.ExportIDToError(ctx)) + return + } outputStream := conn.link.Writer if outputStream != nil { if err := outputStream.WriteMultiBuffer(buf.MultiBuffer{payload}); err != nil { From f176ec54eefc254734c686721bc49661db350aa7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 05:50:21 +0000 Subject: [PATCH 47/91] v1.7.3 --- README.md | 2 +- app/dns/nameserver_quic.go | 2 +- common/protocol/quic/qtls_go118.go | 2 +- common/protocol/quic/sniff.go | 2 +- core/core.go | 2 +- go.mod | 29 +++++++------ go.sum | 66 ++++++++++++++---------------- transport/internet/quic/conn.go | 2 +- transport/internet/quic/dialer.go | 6 +-- transport/internet/quic/hub.go | 6 +-- 10 files changed, 56 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index cd57eed8109e..7579cb91645e 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ This repo relies on the following third-party projects: - In production: - [ghodss/yaml](https://github.com/ghodss/yaml) - [gorilla/websocket](https://github.com/gorilla/websocket) - - [lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) + - [quic-go/quic-go](https://github.com/quic-go/quic-go) - [pelletier/go-toml](https://github.com/pelletier/go-toml) - [pires/go-proxyproto](https://github.com/pires/go-proxyproto) - [refraction-networking/utls](https://github.com/refraction-networking/utls) diff --git a/app/dns/nameserver_quic.go b/app/dns/nameserver_quic.go index e1c005ead43e..a362ec849a32 100644 --- a/app/dns/nameserver_quic.go +++ b/app/dns/nameserver_quic.go @@ -7,7 +7,7 @@ import ( "sync/atomic" "time" - "github.com/lucas-clemente/quic-go" + "github.com/quic-go/quic-go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/common/protocol/quic/qtls_go118.go b/common/protocol/quic/qtls_go118.go index ce5169b550c3..e701adfa65ae 100644 --- a/common/protocol/quic/qtls_go118.go +++ b/common/protocol/quic/qtls_go118.go @@ -3,7 +3,7 @@ package quic import ( "crypto/cipher" - "github.com/marten-seemann/qtls-go1-18" + "github.com/quic-go/qtls-go1-20" ) type ( diff --git a/common/protocol/quic/sniff.go b/common/protocol/quic/sniff.go index 0065742cc844..71c144282d61 100644 --- a/common/protocol/quic/sniff.go +++ b/common/protocol/quic/sniff.go @@ -7,7 +7,7 @@ import ( "encoding/binary" "io" - "github.com/lucas-clemente/quic-go/quicvarint" + "github.com/quic-go/quic-go/quicvarint" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" diff --git a/core/core.go b/core/core.go index f8c9320efd69..2cc31ed16e4a 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.2" + version = "1.7.3" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index ad08bd91991f..49d8a74402e3 100644 --- a/go.mod +++ b/go.mod @@ -1,27 +1,27 @@ module github.com/xtls/xray-core -go 1.19 +go 1.20 require ( - github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 + github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.6.0 github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/lucas-clemente/quic-go v0.31.1 - github.com/marten-seemann/qtls-go1-18 v0.1.4 github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 + github.com/quic-go/qtls-go1-20 v0.1.0 + github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.0 github.com/sagernet/sing v0.1.6 - github.com/sagernet/sing-shadowsocks v0.1.0 + github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 - go.starlark.net v0.0.0-20230105143730-d7da88764354 + github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 + go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 @@ -39,22 +39,21 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 // indirect - github.com/klauspost/compress v1.15.14 // indirect + github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f // indirect + github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/kr/pretty v0.3.1 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect - github.com/onsi/ginkgo/v2 v2.6.1 // indirect + github.com/onsi/ginkgo/v2 v2.8.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/quic-go/qtls-go1-18 v0.2.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 // indirect + golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 926411041f92..9488b1877d6f 100644 --- a/go.sum +++ b/go.sum @@ -20,7 +20,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -35,8 +34,8 @@ github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJn github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew= -github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= +github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= +github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= @@ -77,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811 h1:wORs2YN3R3ona/CXYuTvLM31QlgoNKHvlCNuArCDDCU= -github.com/google/pprof v0.0.0-20221219190121-3cb0bae90811/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f h1:gl1DCiSk+mrXXBGPm6CEeS2MkJuMVzAOrXg34oVj1QI= +github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -92,28 +91,19 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.14 h1:i7WCKDToww0wA+9qrUZ1xOjp218vfFo3nTU6UHp+gOc= -github.com/klauspost/compress v1.15.14/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= +github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbrWuja2YR4= -github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its= -github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE= -github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= @@ -122,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q= -github.com/onsi/ginkgo/v2 v2.6.1/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= +github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI= +github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU= +github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -132,7 +122,6 @@ github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoU github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8= github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -141,17 +130,23 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= +github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= +github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= +github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= +github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= +github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo= github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= -github.com/sagernet/sing-shadowsocks v0.1.0 h1:cDmmOkA11fzVdhyCZQEeI3ozQz+59rj8+rqPb91xux4= -github.com/sagernet/sing-shadowsocks v0.1.0/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= +github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= +github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= @@ -196,12 +191,12 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837 h1:AHhUwwFJGl27E46OpdJHplZkK09m7aETNBNzhT6t15M= -github.com/xtls/go v0.0.0-20220914232946-0441cf4cf837/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= +github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= +github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20230105143730-d7da88764354 h1:MqQRg4vlpVc7cQoQBgQGPyP3N4FAhKlMQ/y/Akv4/xM= -go.starlark.net v0.0.0-20230105143730-d7da88764354/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk= +go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= +go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -213,8 +208,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3 h1:fJwx88sMf5RXwDwziL0/Mn9Wqs+efMSo/RYcL+37W9c= -golang.org/x/exp v0.0.0-20230105202349-8879d0199aa3/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE= +golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -308,8 +303,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 h1:3wPBShTLWQnEkZ9VW/HZZ8zT/9LLtleBtq7l8SKtJIA= -google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 h1:p0kMzw6AG0JEzd7Z+kXqOiLhC6gjUQTbtS2zR0Q3DbI= +google.golang.org/genproto v0.0.0-20230131230820-1c016267d619/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -331,8 +326,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/transport/internet/quic/conn.go b/transport/internet/quic/conn.go index a349eb42d542..11bee7c543a9 100644 --- a/transport/internet/quic/conn.go +++ b/transport/internet/quic/conn.go @@ -7,7 +7,7 @@ import ( "syscall" "time" - "github.com/lucas-clemente/quic-go" + "github.com/quic-go/quic-go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 0e4c6a6b759f..0b9483ce8c75 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -6,9 +6,9 @@ import ( "sync" "time" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/logging" - "github.com/lucas-clemente/quic-go/qlog" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/logging" + "github.com/quic-go/quic-go/qlog" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/task" diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 27a7e7e0d69a..9b6481c52732 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -5,9 +5,9 @@ import ( "io" "time" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/logging" - "github.com/lucas-clemente/quic-go/qlog" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/logging" + "github.com/quic-go/quic-go/qlog" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol/tls/cert" From 53833c2323e1a3d1b1145480aac732da41e2e93d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 05:59:58 +0000 Subject: [PATCH 48/91] Update workflows to use Go 1.20 --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56a58f3396e9..4dd47aac41eb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19 + go-version: 1.20 check-latest: true - name: Get project dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6a04c3fc04ce..4aeb4e751fbd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19 + go-version: 1.20 check-latest: true - name: Checkout codebase uses: actions/checkout@v3 From b57d3fa8696653b99329cb435bffb8856d15a8db Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Feb 2023 06:26:07 +0000 Subject: [PATCH 49/91] 1.20 -> '1.20' --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4dd47aac41eb..8d529d33fb6e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.20 + go-version: '1.20' check-latest: true - name: Get project dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4aeb4e751fbd..ffdc64cbdbe5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.20 + go-version: '1.20' check-latest: true - name: Checkout codebase uses: actions/checkout@v3 From fa7300e9101c885eba03971b2eb0db5ed77b0063 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 3 Feb 2023 23:29:46 +0800 Subject: [PATCH 50/91] Add warning on using old version of XTLS And checks param `fingerprint` also --- infra/conf/transport_internet.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index f0b067d89663..c52a1658c21e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -458,6 +458,7 @@ type XTLSConfig struct { MaxVersion string `json:"maxVersion"` CipherSuites string `json:"cipherSuites"` PreferServerCipherSuites bool `json:"preferServerCipherSuites"` + Fingerprint string `json:"fingerprint"` RejectUnknownSNI bool `json:"rejectUnknownSni"` PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` } @@ -487,6 +488,9 @@ func (c *XTLSConfig) Build() (proto.Message, error) { config.MaxVersion = c.MaxVersion config.CipherSuites = c.CipherSuites config.PreferServerCipherSuites = c.PreferServerCipherSuites + if c.Fingerprint != "" { + return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`) + } config.RejectUnknownSni = c.RejectUnknownSNI if c.PinnedPeerCertificateChainSha256 != nil { @@ -500,6 +504,8 @@ func (c *XTLSConfig) Build() (proto.Message, error) { } } + newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog() + return config, nil } From 00c95761189162504ebc2c0df3266e9395c7e40d Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 4 Feb 2023 21:27:13 +0800 Subject: [PATCH 51/91] Use go:linkname in qtls_go118.go Once and for all, whatever --- common/protocol/quic/qtls_go118.go | 20 +++++++++++--------- go.mod | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/common/protocol/quic/qtls_go118.go b/common/protocol/quic/qtls_go118.go index e701adfa65ae..bfa5e245741b 100644 --- a/common/protocol/quic/qtls_go118.go +++ b/common/protocol/quic/qtls_go118.go @@ -1,16 +1,18 @@ package quic import ( + "crypto" "crypto/cipher" - - "github.com/quic-go/qtls-go1-20" -) - -type ( - // A CipherSuiteTLS13 is a cipher suite for TLS 1.3 - CipherSuiteTLS13 = qtls.CipherSuiteTLS13 + _ "crypto/tls" + _ "unsafe" ) -func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { - return qtls.AEADAESGCMTLS13(key, fixedNonce) +type CipherSuiteTLS13 struct { + ID uint16 + KeyLen int + AEAD func(key, fixedNonce []byte) cipher.AEAD + Hash crypto.Hash } + +//go:linkname AEADAESGCMTLS13 crypto/tls.aeadAESGCMTLS13 +func AEADAESGCMTLS13(key, nonceMask []byte) cipher.AEAD diff --git a/go.mod b/go.mod index 49d8a74402e3..021bd587a7d8 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,6 @@ require ( github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 - github.com/quic-go/qtls-go1-20 v0.1.0 github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.0 github.com/sagernet/sing v0.1.6 @@ -46,6 +45,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-18 v0.2.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.0 // indirect + github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect From c3faa8b7ac76f909e6ddc284b510f967ca121b31 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 6 Feb 2023 01:45:09 -0500 Subject: [PATCH 52/91] Insert padding with empty content to camouflage VLESS header (#1610) This only affects the Vision client for protocols expecting server to send data first. The change is compatible with existing version of Vision server. --- proxy/vless/encoding/encoding.go | 24 +++++++++++++++--------- proxy/vless/outbound/outbound.go | 7 +++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index dea27044ac2c..1e8aaa922c39 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -506,25 +506,31 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu // XtlsPadding add padding to eliminate length siganature during tls handshake func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer { - var length int32 = 0 - if b.Len() < 900 { + var contantLen int32 = 0 + var paddingLen int32 = 0 + if b != nil { + contantLen = b.Len() + } + if contantLen < 900 { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } - length = int32(l.Int64()) + 900 - b.Len() + paddingLen = int32(l.Int64()) + 900 - contantLen } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) *userUUID = nil } - newbuffer.Write([]byte{command, byte(b.Len() >> 8), byte(b.Len()), byte(length >> 8), byte(length)}) - newbuffer.Write(b.Bytes()) - newbuffer.Extend(length) - newError("XtlsPadding ", b.Len(), " ", length, " ", command).WriteToLog(session.ExportIDToError(ctx)) - b.Release() - b = nil + newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) + if (b != nil) { + newbuffer.Write(b.Bytes()) + b.Release() + b = nil + } + newbuffer.Extend(paddingLen) + newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer } diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 82505911944a..f001a6b33c9f 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -249,6 +249,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } } else if err1 != buf.ErrReadTimeout { return err1 + } else if requestAddons.Flow == vless.XRV { + mb := make(buf.MultiBuffer, 1) + mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1) + newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx)) + if err := serverWriter.WriteMultiBuffer(mb); err != nil { + return err + } } } else { newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx)) From f32921df307d80063fddcd5e6aa11d95f57f394e Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 14:51:15 +0800 Subject: [PATCH 53/91] Refine randomized But we should avoid using it unless we have to, see https://github.com/refraction-networking/utls/pull/157#issuecomment-1417156797 --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/tls/tls.go | 23 +++++++++++++++-------- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 021bd587a7d8..b292f17ef51e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 - github.com/refraction-networking/utls v1.2.0 + github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c diff --git a/go.sum b/go.sum index 9488b1877d6f..23d380e8734e 100644 --- a/go.sum +++ b/go.sum @@ -138,8 +138,8 @@ github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV5 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= -github.com/refraction-networking/utls v1.2.0 h1:U5f8wkij2NVinfLuJdFP3gCMwIHs+EzvhxmYdXgiapo= -github.com/refraction-networking/utls v1.2.0/go.mod h1:NPq+cVqzH7D1BeOkmOcb5O/8iVewAsiVt2x1/eO0hgQ= +github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 h1:vNEcNapWFwnYJTBcVkHJa8VrdL40PNDLDbSGVY+ZV7I= +github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index b3cde8017427..1a880b9850fc 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -12,6 +12,13 @@ import ( //go:generate go run github.com/xtls/xray-core/common/errors/errorgen +type Interface interface { + net.Conn + Handshake() error + VerifyHostname(host string) error + NegotiatedProtocol() (name string, mutual bool) +} + var _ buf.Writer = (*Conn)(nil) type Conn struct { @@ -125,6 +132,13 @@ func init() { } i++ } + weights := utls.DefaultWeights + weights.TLSVersMax_Set_VersionTLS13 = 1 + weights.FirstKeyShare_Set_CurveP256 = 0 + randomized := utls.HelloRandomized + randomized.Seed, _ = utls.NewPRNGSeed() + randomized.Weights = &weights + PresetFingerprints["randomized"] = &randomized } func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { @@ -154,7 +168,7 @@ var PresetFingerprints = map[string]*utls.ClientHelloID{ "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, - "randomized": &utls.HelloRandomized, + "randomized": nil, } var ModernFingerprints = map[string]*utls.ClientHelloID{ @@ -203,10 +217,3 @@ var OtherFingerprints = map[string]*utls.ClientHelloID{ "helloios_11_1": &utls.HelloIOS_11_1, "hello360_7_5": &utls.Hello360_7_5, } - -type Interface interface { - net.Conn - Handshake() error - VerifyHostname(host string) error - NegotiatedProtocol() (name string, mutual bool) -} From 9046eda5ce902300a4c41deddc60ea899f8da654 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 14:59:14 +0800 Subject: [PATCH 54/91] Add callClose to UDP Dispatcher Fixes https://github.com/XTLS/Xray-core/issues/1611 --- transport/internet/udp/dispatcher.go | 39 ++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/transport/internet/udp/dispatcher.go b/transport/internet/udp/dispatcher.go index a8d9c6f50acb..48b90b63bec6 100644 --- a/transport/internet/udp/dispatcher.go +++ b/transport/internet/udp/dispatcher.go @@ -31,6 +31,7 @@ type Dispatcher struct { conns map[net.Destination]*connEntry dispatcher routing.Dispatcher callback ResponseCallback + callClose func() error } func NewDispatcher(dispatcher routing.Dispatcher, callback ResponseCallback) *Dispatcher { @@ -79,7 +80,7 @@ func (v *Dispatcher) getInboundRay(ctx context.Context, dest net.Destination) (* cancel: removeRay, } v.conns[dest] = entry - go handleInput(ctx, entry, dest, v.callback) + go handleInput(ctx, entry, dest, v.callback, v.callClose) return entry, nil } @@ -102,8 +103,13 @@ func (v *Dispatcher) Dispatch(ctx context.Context, destination net.Destination, } } -func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback) { - defer conn.cancel() +func handleInput(ctx context.Context, conn *connEntry, dest net.Destination, callback ResponseCallback, callClose func() error) { + defer func() { + conn.cancel() + if callClose != nil { + callClose() + } + }() input := conn.link.Reader timer := conn.timer @@ -144,7 +150,12 @@ func DialDispatcher(ctx context.Context, dispatcher routing.Dispatcher) (net.Pac done: done.New(), } - d := NewDispatcher(dispatcher, c.callback) + d := &Dispatcher{ + conns: make(map[net.Destination]*connEntry), + dispatcher: dispatcher, + callback: c.callback, + callClose: c.Close, + } c.dispatcher = d return c, nil } @@ -162,16 +173,22 @@ func (c *dispatcherConn) callback(ctx context.Context, packet *udp.Packet) { } func (c *dispatcherConn) ReadFrom(p []byte) (int, net.Addr, error) { + var packet *udp.Packet +s: select { case <-c.done.Wait(): - return 0, nil, io.EOF - case packet := <-c.cache: - n := copy(p, packet.Payload.Bytes()) - return n, &net.UDPAddr{ - IP: packet.Source.Address.IP(), - Port: int(packet.Source.Port), - }, nil + select { + case packet = <-c.cache: + break s + default: + return 0, nil, io.EOF + } + case packet = <-c.cache: } + return copy(p, packet.Payload.Bytes()), &net.UDPAddr{ + IP: packet.Source.Address.IP(), + Port: int(packet.Source.Port), + }, nil } func (c *dispatcherConn) WriteTo(p []byte, addr net.Addr) (int, error) { From 229e2513b54ef39a13a04755c81fa2b7e149f644 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 07:57:05 +0000 Subject: [PATCH 55/91] Bump golang.org/x/sys from 0.4.0 to 0.5.0 (#1626) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b292f17ef51e..39dbe520ae4a 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.4.0 + golang.org/x/sys v0.5.0 google.golang.org/grpc v1.52.3 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c diff --git a/go.sum b/go.sum index 23d380e8734e..6190e8ae8310 100644 --- a/go.sum +++ b/go.sum @@ -259,8 +259,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 48ff0d92c910b1f5864c9b1cadaf1aca8fce56e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 07:58:18 +0000 Subject: [PATCH 56/91] Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#1625) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 39dbe520ae4a..4569ae1830db 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 - google.golang.org/grpc v1.52.3 + google.golang.org/grpc v1.53.0 google.golang.org/protobuf v1.28.1 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 diff --git a/go.sum b/go.sum index 6190e8ae8310..13223adfe5b4 100644 --- a/go.sum +++ b/go.sum @@ -311,8 +311,8 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= -google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= +google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 15999e5c2aa92abe063cea03803d06b29e37e25b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Feb 2023 17:20:24 +0800 Subject: [PATCH 57/91] v1.7.5 --- core/core.go | 2 +- go.mod | 6 +++--- go.sum | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/core/core.go b/core/core.go index 2cc31ed16e4a..a49250077845 100644 --- a/core/core.go +++ b/core/core.go @@ -18,7 +18,7 @@ import ( ) var ( - version = "1.7.3" + version = "1.7.5" build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." diff --git a/go.mod b/go.mod index 4569ae1830db..fab45706be29 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f // indirect + github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/onsi/ginkgo/v2 v2.8.0 // indirect @@ -48,12 +48,12 @@ require ( github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect + golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect golang.org/x/mod v0.7.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 // indirect + google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 13223adfe5b4..dfb76620debf 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f h1:gl1DCiSk+mrXXBGPm6CEeS2MkJuMVzAOrXg34oVj1QI= -github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U= +github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -208,8 +208,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE= -golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= +golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -303,8 +303,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230131230820-1c016267d619 h1:p0kMzw6AG0JEzd7Z+kXqOiLhC6gjUQTbtS2zR0Q3DbI= -google.golang.org/genproto v0.0.0-20230131230820-1c016267d619/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= From 4d2e2b24d3a23e90c66ff6f750caca75b0638d97 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 15 Feb 2023 16:07:12 +0000 Subject: [PATCH 58/91] THE NEXT FUTURE becomes THE REALITY NOW Thank @yuhan6665 for testing --- core/core.go | 10 +- go.mod | 19 +- go.sum | 40 +-- infra/conf/transport_internet.go | 211 +++++++++++- main/commands/all/commands.go | 1 + main/commands/all/x25519.go | 63 ++++ main/distro/all/all.go | 1 + proxy/trojan/server.go | 7 + proxy/vless/inbound/inbound.go | 15 +- proxy/vless/outbound/outbound.go | 9 +- transport/internet/domainsocket/dial.go | 3 + transport/internet/domainsocket/listener.go | 41 ++- transport/internet/http/dialer.go | 15 +- transport/internet/reality/config.go | 45 +++ transport/internet/reality/config.pb.go | 300 ++++++++++++++++++ transport/internet/reality/config.proto | 27 ++ .../internet/reality/errors.generated.go | 9 + transport/internet/reality/reality.go | 269 ++++++++++++++++ transport/internet/tcp/dialer.go | 5 + transport/internet/tcp/hub.go | 47 +-- 20 files changed, 1054 insertions(+), 83 deletions(-) create mode 100644 main/commands/all/x25519.go create mode 100644 transport/internet/reality/config.go create mode 100644 transport/internet/reality/config.pb.go create mode 100644 transport/internet/reality/config.proto create mode 100644 transport/internet/reality/errors.generated.go create mode 100644 transport/internet/reality/reality.go diff --git a/core/core.go b/core/core.go index a49250077845..8ab199364c8d 100644 --- a/core/core.go +++ b/core/core.go @@ -12,13 +12,19 @@ package core //go:generate go run github.com/xtls/xray-core/common/errors/errorgen import ( + "fmt" "runtime" "github.com/xtls/xray-core/common/serial" ) var ( - version = "1.7.5" + Version_x byte = 1 + Version_y byte = 7 + Version_z byte = 5 +) + +var ( build = "Custom" codename = "Xray, Penetrates Everything." intro = "A unified platform for anti-censorship." @@ -27,7 +33,7 @@ var ( // Version returns Xray's version as a string, in the form of "x.y.z" where x, y and z are numbers. // ".z" part may be omitted in regular releases. func Version() string { - return version + return fmt.Sprintf("%v.%v.%v", Version_x, Version_y, Version_z) } // VersionStatement returns a list of strings representing the full version info. diff --git a/go.mod b/go.mod index fab45706be29..ecf8e3548452 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 - github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 + github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.6 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c @@ -20,9 +20,10 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 + github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 - golang.org/x/crypto v0.5.0 - golang.org/x/net v0.5.0 + golang.org/x/crypto v0.6.0 + golang.org/x/net v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 google.golang.org/grpc v1.53.0 @@ -41,19 +42,19 @@ require ( github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect github.com/klauspost/compress v1.15.15 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/onsi/ginkgo/v2 v2.8.0 // indirect + github.com/onsi/ginkgo/v2 v2.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-18 v0.2.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.0 // indirect github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect - golang.org/x/mod v0.7.0 // indirect - golang.org/x/text v0.6.0 // indirect + golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.5.0 // indirect - google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 // indirect + golang.org/x/tools v0.6.0 // indirect + google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index dfb76620debf..c2d2af911912 100644 --- a/go.sum +++ b/go.sum @@ -112,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI= -github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU= -github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= +github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU= +github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= +github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -138,8 +138,8 @@ github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV5 github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= -github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849 h1:vNEcNapWFwnYJTBcVkHJa8VrdL40PNDLDbSGVY+ZV7I= -github.com/refraction-networking/utls v1.2.2-0.20230207151345-a75a4b484849/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= +github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= +github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -193,6 +193,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= +github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 h1:H7I3fhMXA0GKSysu+KcSNMdX/o4MBElWR02/NIwhmpY= +github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= @@ -205,18 +207,18 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= -golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= +golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230206171751-46f607a40771 h1:xP7rWLUr1e1n2xkK5YB4LI0hPEy3LJC6Wk+D4pGlOJg= -golang.org/x/exp v0.0.0-20230206171751-46f607a40771/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -230,8 +232,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -267,8 +269,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= -golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -283,8 +285,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4= -golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -303,8 +305,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index c52a1658c21e..d71795283e41 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -2,13 +2,17 @@ package conf import ( "encoding/base64" + "encoding/hex" "encoding/json" "math" "net/url" + "runtime" "strconv" "strings" + "syscall" "github.com/golang/protobuf/proto" + "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform/filesystem" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/serial" @@ -18,6 +22,7 @@ import ( "github.com/xtls/xray-core/transport/internet/http" "github.com/xtls/xray-core/transport/internet/kcp" "github.com/xtls/xray-core/transport/internet/quic" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" @@ -509,6 +514,170 @@ func (c *XTLSConfig) Build() (proto.Message, error) { return config, nil } +type REALITYConfig struct { + Show bool `json:"show"` + Dest json.RawMessage `json:"dest"` + Type string `json:"type"` + Xver uint64 `json:"xver"` + ServerNames []string `json:"serverNames"` + PrivateKey string `json:"privateKey"` + MinClientVer string `json:"minClientVer"` + MaxClientVer string `json:"maxClientVer"` + MaxTimeDiff uint64 `json:"maxTimeDiff"` + ShortIds []string `json:"shortIds"` + + Fingerprint string `json:"fingerprint"` + ServerName string `json:"serverName"` + PublicKey string `json:"publicKey"` + ShortId string `json:"shortId"` + SpiderX string `json:"spiderX"` +} + +func (c *REALITYConfig) Build() (proto.Message, error) { + config := new(reality.Config) + config.Show = c.Show + var err error + if c.Dest != nil { + var i uint16 + var s string + if err = json.Unmarshal(c.Dest, &i); err == nil { + s = strconv.Itoa(int(i)) + } else { + _ = json.Unmarshal(c.Dest, &s) + } + if c.Type == "" && s != "" { + switch s[0] { + case '@', '/': + c.Type = "unix" + if s[0] == '@' && len(s) > 1 && s[1] == '@' && (runtime.GOOS == "linux" || runtime.GOOS == "android") { + fullAddr := make([]byte, len(syscall.RawSockaddrUnix{}.Path)) // may need padding to work with haproxy + copy(fullAddr, s[1:]) + s = string(fullAddr) + } + default: + if _, err = strconv.Atoi(s); err == nil { + s = "127.0.0.1:" + s + } + if _, _, err = net.SplitHostPort(s); err == nil { + c.Type = "tcp" + } + } + } + if c.Type == "" { + return nil, newError(`please fill in a valid value for "dest"`) + } + if c.Xver > 2 { + return nil, newError(`invalid PROXY protocol version, "xver" only accepts 0, 1, 2`) + } + if len(c.ServerNames) == 0 { + return nil, newError(`empty "serverNames"`) + } + if c.PrivateKey == "" { + return nil, newError(`empty "privateKey"`) + } + if config.PrivateKey, err = base64.RawURLEncoding.DecodeString(c.PrivateKey); err != nil || len(config.PrivateKey) != 32 { + return nil, newError(`invalid "privateKey": `, c.PrivateKey) + } + if c.MinClientVer != "" { + config.MinClientVer = make([]byte, 3) + var u uint64 + for i, s := range strings.Split(c.MinClientVer, ".") { + if i == 3 { + return nil, newError(`invalid "minClientVer": `, c.MinClientVer) + } + if u, err = strconv.ParseUint(s, 10, 8); err != nil { + return nil, newError(`"minClientVer[`, i, `]" should be lesser than 256`) + } else { + config.MinClientVer[i] = byte(u) + } + } + } + if c.MaxClientVer != "" { + config.MaxClientVer = make([]byte, 3) + var u uint64 + for i, s := range strings.Split(c.MaxClientVer, ".") { + if i == 3 { + return nil, newError(`invalid "maxClientVer": `, c.MaxClientVer) + } + if u, err = strconv.ParseUint(s, 10, 8); err != nil { + return nil, newError(`"maxClientVer[`, i, `]" should be lesser than 256`) + } else { + config.MaxClientVer[i] = byte(u) + } + } + } + if len(c.ShortIds) == 0 { + return nil, newError(`empty "shortIds"`) + } + config.ShortIds = make([][]byte, len(c.ShortIds)) + for i, s := range c.ShortIds { + config.ShortIds[i] = make([]byte, 8) + if _, err = hex.Decode(config.ShortIds[i], []byte(s)); err != nil { + return nil, newError(`invalid "shortIds[`, i, `]": `, s) + } + } + config.Dest = s + config.Type = c.Type + config.Xver = c.Xver + config.ServerNames = c.ServerNames + config.MaxTimeDiff = c.MaxTimeDiff + } else { + if c.Fingerprint == "" { + return nil, newError(`empty "fingerprint"`) + } + if config.Fingerprint = strings.ToLower(c.Fingerprint); tls.GetFingerprint(config.Fingerprint) == nil { + return nil, newError(`unknown "fingerprint": `, config.Fingerprint) + } + if config.Fingerprint == "hellogolang" { + return nil, newError(`invalid "fingerprint": `, config.Fingerprint) + } + if c.PublicKey == "" { + return nil, newError(`empty "publicKey"`) + } + if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { + return nil, newError(`invalid "publicKey": `, c.PublicKey) + } + if c.ShortId == "" { + return nil, newError(`empty "shortId"`) + } + config.ShortId = make([]byte, 8) + if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { + return nil, newError(`invalid "shortId": `, c.ShortId) + } + if c.SpiderX == "" { + return nil, newError(`empty "spiderX"`) + } + if c.SpiderX[0] != '/' { + return nil, newError(`invalid "spiderX": `, c.SpiderX) + } + config.SpiderY = make([]int64, 10) + u, _ := url.Parse(c.SpiderX) + q := u.Query() + parse := func(param string, index int) { + if q.Get(param) != "" { + s := strings.Split(q.Get(param), "-") + if len(s) == 1 { + config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) + config.SpiderY[index+1], _ = strconv.ParseInt(s[0], 10, 64) + } else { + config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) + config.SpiderY[index+1], _ = strconv.ParseInt(s[1], 10, 64) + } + } + q.Del(param) + } + parse("p", 0) // padding + parse("c", 2) // concurrency + parse("t", 4) // times + parse("i", 6) // interval + parse("r", 8) // return + u.RawQuery = q.Encode() + config.SpiderX = u.String() + config.ServerName = c.ServerName + } + return config, nil +} + type TransportProtocol string // Build implements Buildable. @@ -598,19 +767,20 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { } type StreamConfig struct { - Network *TransportProtocol `json:"network"` - Security string `json:"security"` - TLSSettings *TLSConfig `json:"tlsSettings"` - XTLSSettings *XTLSConfig `json:"xtlsSettings"` - TCPSettings *TCPConfig `json:"tcpSettings"` - KCPSettings *KCPConfig `json:"kcpSettings"` - WSSettings *WebSocketConfig `json:"wsSettings"` - HTTPSettings *HTTPConfig `json:"httpSettings"` - DSSettings *DomainSocketConfig `json:"dsSettings"` - QUICSettings *QUICConfig `json:"quicSettings"` - SocketSettings *SocketConfig `json:"sockopt"` - GRPCConfig *GRPCConfig `json:"grpcSettings"` - GUNConfig *GRPCConfig `json:"gunSettings"` + Network *TransportProtocol `json:"network"` + Security string `json:"security"` + TLSSettings *TLSConfig `json:"tlsSettings"` + XTLSSettings *XTLSConfig `json:"xtlsSettings"` + REALITYSettings *REALITYConfig `json:"realitySettings"` + TCPSettings *TCPConfig `json:"tcpSettings"` + KCPSettings *KCPConfig `json:"kcpSettings"` + WSSettings *WebSocketConfig `json:"wsSettings"` + HTTPSettings *HTTPConfig `json:"httpSettings"` + DSSettings *DomainSocketConfig `json:"dsSettings"` + QUICSettings *QUICConfig `json:"quicSettings"` + SocketSettings *SocketConfig `json:"sockopt"` + GRPCConfig *GRPCConfig `json:"grpcSettings"` + GUNConfig *GRPCConfig `json:"gunSettings"` } // Build implements Buildable. @@ -660,6 +830,21 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type } + if strings.EqualFold(c.Security, "reality") { + if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "domainsocket" { + return nil, newError("REALITY only supports TCP, H2 and DomainSocket for now.") + } + if c.REALITYSettings == nil { + return nil, newError(`REALITY: Empty "realitySettings".`) + } + ts, err := c.REALITYSettings.Build() + if err != nil { + return nil, newError("Failed to build REALITY config.").Base(err) + } + tm := serial.ToTypedMessage(ts) + config.SecuritySettings = append(config.SecuritySettings, tm) + config.SecurityType = tm.Type + } if c.TCPSettings != nil { ts, err := c.TCPSettings.Build() if err != nil { diff --git a/main/commands/all/commands.go b/main/commands/all/commands.go index da50a8456c05..9b8b49e0258a 100644 --- a/main/commands/all/commands.go +++ b/main/commands/all/commands.go @@ -15,5 +15,6 @@ func init() { // cmdConvert, tls.CmdTLS, cmdUUID, + cmdX25519, ) } diff --git a/main/commands/all/x25519.go b/main/commands/all/x25519.go new file mode 100644 index 000000000000..4ab1d09d5b23 --- /dev/null +++ b/main/commands/all/x25519.go @@ -0,0 +1,63 @@ +package all + +import ( + "crypto/rand" + "encoding/base64" + "fmt" + "io" + + "github.com/xtls/xray-core/main/commands/base" + "golang.org/x/crypto/curve25519" +) + +var cmdX25519 = &base.Command{ + UsageLine: `{{.Exec}} x25519 [-i "private key (base64.RawURLEncoding)"]`, + Short: `Generate key pair for x25519 key exchange`, + Long: ` +Generate key pair for x25519 key exchange. + +Random: {{.Exec}} x25519 + +From private key: {{.Exec}} x25519 -i "private key (base64.RawURLEncoding)" +`, +} + +func init() { + cmdX25519.Run = executeX25519 // break init loop +} + +var input_base64 = cmdX25519.Flag.String("i", "", "") + +func executeX25519(cmd *base.Command, args []string) { + var output string + var err error + var privateKey []byte + var publicKey []byte + if len(*input_base64) > 0 { + privateKey, err = base64.RawURLEncoding.DecodeString(*input_base64) + if err != nil { + output = err.Error() + goto out + } + if len(privateKey) != curve25519.ScalarSize { + output = "Invalid length of private key." + goto out + } + } + if privateKey == nil { + privateKey = make([]byte, curve25519.ScalarSize) + if _, err = io.ReadFull(rand.Reader, privateKey); err != nil { + output = err.Error() + goto out + } + } + if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil { + output = err.Error() + goto out + } + output = fmt.Sprintf("Private key: %v\nPublic key: %v", + base64.RawURLEncoding.EncodeToString(privateKey), + base64.RawURLEncoding.EncodeToString(publicKey)) +out: + fmt.Println(output) +} diff --git a/main/distro/all/all.go b/main/distro/all/all.go index f92542d5c54e..7fb7307128fc 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -56,6 +56,7 @@ import ( _ "github.com/xtls/xray-core/transport/internet/http" _ "github.com/xtls/xray-core/transport/internet/kcp" _ "github.com/xtls/xray-core/transport/internet/quic" + _ "github.com/xtls/xray-core/transport/internet/reality" _ "github.com/xtls/xray-core/transport/internet/tcp" _ "github.com/xtls/xray-core/transport/internet/tls" _ "github.com/xtls/xray-core/transport/internet/udp" diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 6309bbc6596e..30b52ad35a7b 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -24,6 +24,7 @@ import ( "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/features/stats" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" @@ -411,6 +412,12 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + cs := realityConn.ConnectionState() + name = cs.ServerName + alpn = cs.NegotiatedProtocol + newError("realName = " + name).AtInfo().WriteToLog(sid) + newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } name = strings.ToLower(name) alpn = strings.ToLower(alpn) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 5b0833ca08b5..a7863051fa09 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -26,7 +26,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/common/task" - core "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/dns" feature_inbound "github.com/xtls/xray-core/features/inbound" "github.com/xtls/xray-core/features/policy" @@ -34,6 +34,7 @@ import ( "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -246,6 +247,12 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + cs := realityConn.ConnectionState() + name = cs.ServerName + alpn = cs.NegotiatedProtocol + newError("realName = " + name).AtInfo().WriteToLog(sid) + newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } name = strings.ToLower(name) alpn = strings.ToLower(alpn) @@ -494,10 +501,14 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else if _, ok := iConn.(*tls.UConn); ok { return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() + return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index f001a6b33c9f..e532dfb68c79 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -22,13 +22,14 @@ import ( "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/common/task" "github.com/xtls/xray-core/common/xudp" - core "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/proxy/vless/encoding" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -164,8 +165,12 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte netConn = utlsConn.NetConn() t = reflect.TypeOf(utlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(utlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.UConn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls"`).AtWarning() + return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go index 556c48e36170..2a7727eec147 100644 --- a/transport/internet/domainsocket/dial.go +++ b/transport/internet/domainsocket/dial.go @@ -9,6 +9,7 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -30,6 +31,8 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil + } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + return reality.UClient(conn, config, ctx, dest) } return conn, nil diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go index a8185d6b8ee9..9c05c95f03be 100644 --- a/transport/internet/domainsocket/listener.go +++ b/transport/internet/domainsocket/listener.go @@ -10,9 +10,11 @@ import ( "strings" goxtls "github.com/xtls/go" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -20,13 +22,14 @@ import ( ) type Listener struct { - addr *net.UnixAddr - ln net.Listener - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - config *Config - addConn internet.ConnHandler - locker *fileLocker + addr *net.UnixAddr + ln net.Listener + tlsConfig *gotls.Config + xtlsConfig *goxtls.Config + realityConfig *goreality.Config + config *Config + addConn internet.ConnHandler + locker *fileLocker } func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) { @@ -64,6 +67,9 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { ln.xtlsConfig = config.GetXTLSConfig() } + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + ln.realityConfig = config.GetREALITYConfig() + } go ln.run() @@ -91,14 +97,19 @@ func (ln *Listener) run() { newError("failed to accepted raw connections").Base(err).AtWarning().WriteToLog() continue } - - if ln.tlsConfig != nil { - conn = tls.Server(conn, ln.tlsConfig) - } else if ln.xtlsConfig != nil { - conn = xtls.Server(conn, ln.xtlsConfig) - } - - ln.addConn(stat.Connection(conn)) + go func() { + if ln.tlsConfig != nil { + conn = tls.Server(conn, ln.tlsConfig) + } else if ln.xtlsConfig != nil { + conn = xtls.Server(conn, ln.xtlsConfig) + } else if ln.realityConfig != nil { + if conn, err = reality.Server(conn, ln.realityConfig); err != nil { + newError(err).AtInfo().WriteToLog() + return + } + } + ln.addConn(stat.Connection(conn)) + }() } } diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index a192bddd8c54..25ede63fb543 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -14,6 +14,7 @@ import ( "github.com/xtls/xray-core/common/net/cnc" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/pipe" @@ -40,8 +41,9 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in httpSettings := streamSettings.ProtocolSettings.(*Config) tlsConfigs := tls.ConfigFromStreamSettings(streamSettings) - if tlsConfigs == nil { - return nil, newError("TLS must be enabled for http transport.").AtWarning() + realityConfigs := reality.ConfigFromStreamSettings(streamSettings) + if tlsConfigs == nil && realityConfigs == nil { + return nil, newError("TLS or REALITY must be enabled for http transport.").AtWarning() } sockopt := streamSettings.SocketSettings @@ -74,6 +76,10 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } + if realityConfigs != nil { + return reality.UClient(pconn, realityConfigs, ctx, dest) + } + var cn tls.Interface if fingerprint := tls.GetFingerprint(tlsConfigs.Fingerprint); fingerprint != nil { cn = tls.UClient(pconn, tlsConfig, fingerprint).(*tls.UConn) @@ -99,7 +105,10 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in } return cn, nil }, - TLSClientConfig: tlsConfigs.GetTLSConfig(tls.WithDestination(dest)), + } + + if tlsConfigs != nil { + transport.TLSClientConfig = tlsConfigs.GetTLSConfig(tls.WithDestination(dest)) } if httpSettings.IdleTimeout > 0 || httpSettings.HealthCheckTimeout > 0 { diff --git a/transport/internet/reality/config.go b/transport/internet/reality/config.go new file mode 100644 index 000000000000..f7938db52800 --- /dev/null +++ b/transport/internet/reality/config.go @@ -0,0 +1,45 @@ +package reality + +import ( + "time" + + "github.com/xtls/reality" + "github.com/xtls/xray-core/transport/internet" +) + +func (c *Config) GetREALITYConfig() *reality.Config { + config := &reality.Config{ + Show: c.Show, + Type: c.Type, + Dest: c.Dest, + Xver: byte(c.Xver), + + PrivateKey: c.PrivateKey, + MinClientVer: c.MinClientVer, + MaxClientVer: c.MaxClientVer, + MaxTimeDiff: time.Duration(c.MaxTimeDiff) * time.Millisecond, + + NextProtos: nil, // should be nil + SessionTicketsDisabled: true, + } + config.ServerNames = make(map[string]bool) + for _, serverName := range c.ServerNames { + config.ServerNames[serverName] = true + } + config.ShortIds = make(map[[8]byte]bool) + for _, shortId := range c.ShortIds { + config.ShortIds[*(*[8]byte)(shortId)] = true + } + return config +} + +func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config { + if settings == nil { + return nil + } + config, ok := settings.SecuritySettings.(*Config) + if !ok { + return nil + } + return config +} diff --git a/transport/internet/reality/config.pb.go b/transport/internet/reality/config.pb.go new file mode 100644 index 000000000000..a140d9ab6a10 --- /dev/null +++ b/transport/internet/reality/config.pb.go @@ -0,0 +1,300 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.12 +// source: transport/internet/reality/config.proto + +package reality + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Config struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Show bool `protobuf:"varint,1,opt,name=show,proto3" json:"show,omitempty"` + Dest string `protobuf:"bytes,2,opt,name=dest,proto3" json:"dest,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + Xver uint64 `protobuf:"varint,4,opt,name=xver,proto3" json:"xver,omitempty"` + ServerNames []string `protobuf:"bytes,5,rep,name=server_names,json=serverNames,proto3" json:"server_names,omitempty"` + PrivateKey []byte `protobuf:"bytes,6,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + MinClientVer []byte `protobuf:"bytes,7,opt,name=min_client_ver,json=minClientVer,proto3" json:"min_client_ver,omitempty"` + MaxClientVer []byte `protobuf:"bytes,8,opt,name=max_client_ver,json=maxClientVer,proto3" json:"max_client_ver,omitempty"` + MaxTimeDiff uint64 `protobuf:"varint,9,opt,name=max_time_diff,json=maxTimeDiff,proto3" json:"max_time_diff,omitempty"` + ShortIds [][]byte `protobuf:"bytes,10,rep,name=short_ids,json=shortIds,proto3" json:"short_ids,omitempty"` + Fingerprint string `protobuf:"bytes,21,opt,name=Fingerprint,proto3" json:"Fingerprint,omitempty"` + ServerName string `protobuf:"bytes,22,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` + PublicKey []byte `protobuf:"bytes,23,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + ShortId []byte `protobuf:"bytes,24,opt,name=short_id,json=shortId,proto3" json:"short_id,omitempty"` + SpiderX string `protobuf:"bytes,25,opt,name=spider_x,json=spiderX,proto3" json:"spider_x,omitempty"` + SpiderY []int64 `protobuf:"varint,26,rep,packed,name=spider_y,json=spiderY,proto3" json:"spider_y,omitempty"` +} + +func (x *Config) Reset() { + *x = Config{} + if protoimpl.UnsafeEnabled { + mi := &file_transport_internet_reality_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_transport_internet_reality_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. +func (*Config) Descriptor() ([]byte, []int) { + return file_transport_internet_reality_config_proto_rawDescGZIP(), []int{0} +} + +func (x *Config) GetShow() bool { + if x != nil { + return x.Show + } + return false +} + +func (x *Config) GetDest() string { + if x != nil { + return x.Dest + } + return "" +} + +func (x *Config) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *Config) GetXver() uint64 { + if x != nil { + return x.Xver + } + return 0 +} + +func (x *Config) GetServerNames() []string { + if x != nil { + return x.ServerNames + } + return nil +} + +func (x *Config) GetPrivateKey() []byte { + if x != nil { + return x.PrivateKey + } + return nil +} + +func (x *Config) GetMinClientVer() []byte { + if x != nil { + return x.MinClientVer + } + return nil +} + +func (x *Config) GetMaxClientVer() []byte { + if x != nil { + return x.MaxClientVer + } + return nil +} + +func (x *Config) GetMaxTimeDiff() uint64 { + if x != nil { + return x.MaxTimeDiff + } + return 0 +} + +func (x *Config) GetShortIds() [][]byte { + if x != nil { + return x.ShortIds + } + return nil +} + +func (x *Config) GetFingerprint() string { + if x != nil { + return x.Fingerprint + } + return "" +} + +func (x *Config) GetServerName() string { + if x != nil { + return x.ServerName + } + return "" +} + +func (x *Config) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +func (x *Config) GetShortId() []byte { + if x != nil { + return x.ShortId + } + return nil +} + +func (x *Config) GetSpiderX() string { + if x != nil { + return x.SpiderX + } + return "" +} + +func (x *Config) GetSpiderY() []int64 { + if x != nil { + return x.SpiderY + } + return nil +} + +var File_transport_internet_reality_config_proto protoreflect.FileDescriptor + +var file_transport_internet_reality_config_proto_rawDesc = []byte{ + 0x0a, 0x27, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x2f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1f, 0x78, 0x72, 0x61, 0x79, 0x2e, + 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x2e, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x22, 0xdc, 0x03, 0x0a, 0x06, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x68, 0x6f, 0x77, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x04, 0x73, 0x68, 0x6f, 0x77, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, + 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x04, 0x78, 0x76, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, + 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, + 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x69, 0x6e, + 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x0c, 0x6d, 0x69, 0x6e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x12, + 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x76, 0x65, + 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x43, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x56, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x69, 0x6d, + 0x65, 0x5f, 0x64, 0x69, 0x66, 0x66, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x6d, 0x61, + 0x78, 0x54, 0x69, 0x6d, 0x65, 0x44, 0x69, 0x66, 0x66, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x6f, + 0x72, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x08, 0x73, 0x68, + 0x6f, 0x72, 0x74, 0x49, 0x64, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x46, 0x69, 0x6e, + 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x68, 0x6f, 0x72, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x68, 0x6f, 0x72, + 0x74, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x78, 0x18, + 0x19, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x58, 0x12, 0x19, + 0x0a, 0x08, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x79, 0x18, 0x1a, 0x20, 0x03, 0x28, 0x03, + 0x52, 0x07, 0x73, 0x70, 0x69, 0x64, 0x65, 0x72, 0x59, 0x42, 0x7f, 0x0a, 0x23, 0x63, 0x6f, 0x6d, + 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, + 0x50, 0x01, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, + 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0xaa, 0x02, 0x1f, 0x58, 0x72, 0x61, 0x79, 0x2e, + 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x2e, 0x52, 0x65, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_transport_internet_reality_config_proto_rawDescOnce sync.Once + file_transport_internet_reality_config_proto_rawDescData = file_transport_internet_reality_config_proto_rawDesc +) + +func file_transport_internet_reality_config_proto_rawDescGZIP() []byte { + file_transport_internet_reality_config_proto_rawDescOnce.Do(func() { + file_transport_internet_reality_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_reality_config_proto_rawDescData) + }) + return file_transport_internet_reality_config_proto_rawDescData +} + +var file_transport_internet_reality_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_transport_internet_reality_config_proto_goTypes = []interface{}{ + (*Config)(nil), // 0: xray.transport.internet.reality.Config +} +var file_transport_internet_reality_config_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_transport_internet_reality_config_proto_init() } +func file_transport_internet_reality_config_proto_init() { + if File_transport_internet_reality_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_transport_internet_reality_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Config); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_transport_internet_reality_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_transport_internet_reality_config_proto_goTypes, + DependencyIndexes: file_transport_internet_reality_config_proto_depIdxs, + MessageInfos: file_transport_internet_reality_config_proto_msgTypes, + }.Build() + File_transport_internet_reality_config_proto = out.File + file_transport_internet_reality_config_proto_rawDesc = nil + file_transport_internet_reality_config_proto_goTypes = nil + file_transport_internet_reality_config_proto_depIdxs = nil +} diff --git a/transport/internet/reality/config.proto b/transport/internet/reality/config.proto new file mode 100644 index 000000000000..f9ae3a4fd80a --- /dev/null +++ b/transport/internet/reality/config.proto @@ -0,0 +1,27 @@ +syntax = "proto3"; + +package xray.transport.internet.reality; +option csharp_namespace = "Xray.Transport.Internet.Reality"; +option go_package = "github.com/xtls/xray-core/transport/internet/reality"; +option java_package = "com.xray.transport.internet.reality"; +option java_multiple_files = true; + +message Config { + bool show = 1; + string dest = 2; + string type = 3; + uint64 xver = 4; + repeated string server_names = 5; + bytes private_key = 6; + bytes min_client_ver = 7; + bytes max_client_ver = 8; + uint64 max_time_diff = 9; + repeated bytes short_ids = 10; + + string Fingerprint = 21; + string server_name = 22; + bytes public_key = 23; + bytes short_id = 24; + string spider_x = 25; + repeated int64 spider_y = 26; +} diff --git a/transport/internet/reality/errors.generated.go b/transport/internet/reality/errors.generated.go new file mode 100644 index 000000000000..e578015f52e4 --- /dev/null +++ b/transport/internet/reality/errors.generated.go @@ -0,0 +1,9 @@ +package reality + +import "github.com/xtls/xray-core/common/errors" + +type errPathObjHolder struct{} + +func newError(values ...interface{}) *errors.Error { + return errors.New(values...).WithPathObj(errPathObjHolder{}) +} diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go new file mode 100644 index 000000000000..145f1531a940 --- /dev/null +++ b/transport/internet/reality/reality.go @@ -0,0 +1,269 @@ +package reality + +import ( + "bytes" + "context" + "crypto/aes" + "crypto/cipher" + "crypto/ed25519" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "crypto/sha512" + gotls "crypto/tls" + "crypto/x509" + "encoding/binary" + "fmt" + "io" + "math/big" + "net/http" + "reflect" + "regexp" + "strings" + "sync" + "time" + "unsafe" + + utls "github.com/refraction-networking/utls" + "github.com/xtls/reality" + "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/core" + "github.com/xtls/xray-core/transport/internet/tls" + "golang.org/x/crypto/hkdf" + "golang.org/x/net/http2" +) + +//go:generate go run github.com/xtls/xray-core/common/errors/errorgen + +type Conn struct { + *reality.Conn +} + +func (c *Conn) HandshakeAddress() net.Address { + if err := c.Handshake(); err != nil { + return nil + } + state := c.ConnectionState() + if state.ServerName == "" { + return nil + } + return net.ParseAddress(state.ServerName) +} + +func Server(c net.Conn, config *reality.Config) (net.Conn, error) { + realityConn, err := reality.Server(c, config) + return &Conn{Conn: realityConn}, err +} + +type UConn struct { + *utls.UConn + ServerName string + AuthKey []byte + Verified bool +} + +func (c *UConn) HandshakeAddress() net.Address { + if err := c.Handshake(); err != nil { + return nil + } + state := c.ConnectionState() + if state.ServerName == "" { + return nil + } + return net.ParseAddress(state.ServerName) +} + +func (c *UConn) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates") + certs := *(*([]*x509.Certificate))(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + p.Offset)) + if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok { + h := hmac.New(sha512.New, c.AuthKey) + h.Write(pub) + if bytes.Equal(h.Sum(nil), certs[0].Signature) { + c.Verified = true + return nil + } + } + opts := x509.VerifyOptions{ + DNSName: c.ServerName, + Intermediates: x509.NewCertPool(), + } + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + if _, err := certs[0].Verify(opts); err != nil { + return err + } + return nil +} + +func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destination) (net.Conn, error) { + localAddr := c.LocalAddr().String() + uConn := &UConn{} + utlsConfig := &utls.Config{ + VerifyPeerCertificate: uConn.VerifyPeerCertificate, + ServerName: config.ServerName, + InsecureSkipVerify: true, + SessionTicketsDisabled: true, + } + if utlsConfig.ServerName == "" && dest.Address.Family().IsDomain() { + utlsConfig.ServerName = dest.Address.Domain() + } + uConn.ServerName = utlsConfig.ServerName + fingerprint := tls.GetFingerprint(config.Fingerprint) + if fingerprint == nil { + return nil, newError("REALITY: failed to get fingerprint").AtError() + } + uConn.UConn = utls.UClient(c, utlsConfig, *fingerprint) + { + uConn.BuildHandshakeState() + hello := uConn.HandshakeState.Hello + hello.SessionId = make([]byte, 32) + copy(hello.Raw[39:], hello.SessionId) // the location of session ID + binary.BigEndian.PutUint64(hello.SessionId, uint64(time.Now().Unix())) + hello.SessionId[0] = core.Version_x + hello.SessionId[1] = core.Version_y + hello.SessionId[2] = core.Version_z + copy(hello.SessionId[8:], config.ShortId) + if config.Show { + fmt.Printf("REALITY localAddr: %v\thello.sessionId[:16]: %v\n", localAddr, hello.SessionId[:16]) + } + uConn.AuthKey = uConn.HandshakeState.State13.EcdheParams.SharedKey(config.PublicKey) + if uConn.AuthKey == nil { + return nil, errors.New("REALITY: SharedKey == nil") + } + if _, err := hkdf.New(sha256.New, uConn.AuthKey, hello.Random[:20], []byte("REALITY")).Read(uConn.AuthKey); err != nil { + return nil, err + } + block, _ := aes.NewCipher(uConn.AuthKey) + aead, _ := cipher.NewGCM(block) + aead.Seal(hello.SessionId[:0], hello.Random[20:], hello.SessionId[:16], hello.Raw) + copy(hello.Raw[39:], hello.SessionId) + if config.Show { + fmt.Printf("REALITY localAddr: %v\thello.sessionId: %v\n", localAddr, hello.SessionId) + fmt.Printf("REALITY localAddr: %v\tuConn.AuthKey: %v\n", localAddr, uConn.AuthKey) + } + } + if err := uConn.Handshake(); err != nil { + return nil, err + } + if config.Show { + fmt.Printf("REALITY localAddr: %v\tuConn.Verified: %v\n", localAddr, uConn.Verified) + } + if !uConn.Verified { + go func() { + client := &http.Client{ + Transport: &http2.Transport{ + DialTLSContext: func(ctx context.Context, network, addr string, cfg *gotls.Config) (net.Conn, error) { + fmt.Printf("REALITY localAddr: %v\tDialTLSContext\n", localAddr) + return uConn, nil + }, + }, + } + prefix := []byte("https://" + uConn.ServerName) + maps.Lock() + if maps.maps == nil { + maps.maps = make(map[string]map[string]bool) + } + paths := maps.maps[uConn.ServerName] + if paths == nil { + paths = make(map[string]bool) + paths[config.SpiderX] = true + maps.maps[uConn.ServerName] = paths + } + firstURL := string(prefix) + getPathLocked(paths) + maps.Unlock() + get := func(first bool) { + var ( + req *http.Request + resp *http.Response + err error + body []byte + ) + if first { + req, _ = http.NewRequest("GET", firstURL, nil) + } else { + maps.Lock() + req, _ = http.NewRequest("GET", string(prefix)+getPathLocked(paths), nil) + maps.Unlock() + } + req.Header.Set("User-Agent", fingerprint.Client) // TODO: User-Agent map + if first && config.Show { + fmt.Printf("REALITY localAddr: %v\treq.UserAgent(): %v\n", localAddr, req.UserAgent()) + } + times := 1 + if !first { + times = int(randBetween(config.SpiderY[4], config.SpiderY[5])) + } + for j := 0; j < times; j++ { + if !first && j == 0 { + req.Header.Set("Referer", firstURL) + } + req.AddCookie(&http.Cookie{Name: "padding", Value: strings.Repeat("0", int(randBetween(config.SpiderY[0], config.SpiderY[1])))}) + if resp, err = client.Do(req); err != nil { + break + } + req.Header.Set("Referer", req.URL.String()) + if body, err = io.ReadAll(resp.Body); err != nil { + break + } + maps.Lock() + for _, m := range href.FindAllSubmatch(body, -1) { + m[1] = bytes.TrimPrefix(m[1], prefix) + if !bytes.Contains(m[1], dot) { + paths[string(m[1])] = true + } + } + req.URL.Path = getPathLocked(paths) + if config.Show { + fmt.Printf("REALITY localAddr: %v\treq.Referer(): %v\n", localAddr, req.Referer()) + fmt.Printf("REALITY localAddr: %v\tlen(body): %v\n", localAddr, len(body)) + fmt.Printf("REALITY localAddr: %v\tlen(paths): %v\n", localAddr, len(paths)) + } + maps.Unlock() + if !first { + time.Sleep(time.Duration(randBetween(config.SpiderY[6], config.SpiderY[7])) * time.Millisecond) // interval + } + } + } + get(true) + concurrency := int(randBetween(config.SpiderY[2], config.SpiderY[3])) + for i := 0; i < concurrency; i++ { + go get(false) + } + // Do not close the connection + }() + time.Sleep(time.Duration(randBetween(config.SpiderY[8], config.SpiderY[9])) * time.Millisecond) // return + return nil, errors.New("REALITY: processed invalid connection") + } + return uConn, nil +} + +var href = regexp.MustCompile(`href="([/h].*?)"`) +var dot = []byte(".") + +var maps struct { + sync.Mutex + maps map[string]map[string]bool +} + +func getPathLocked(paths map[string]bool) string { + stopAt := int(randBetween(0, int64(len(paths)-1))) + i := 0 + for s := range paths { + if i == stopAt { + return s + } + i++ + } + return "/" +} + +func randBetween(left int64, right int64) int64 { + if left == right { + return left + } + bigInt, _ := rand.Int(rand.Reader, big.NewInt(right-left)) + return left + bigInt.Int64() +} diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index 5606cd8dfedc..c806246f23ac 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -7,6 +7,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -33,6 +34,10 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest)) conn = xtls.Client(conn, xtlsConfig) + } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + if conn, err = reality.UClient(conn, config, ctx, dest); err != nil { + return nil, err + } } tcpSettings := streamSettings.ProtocolSettings.(*Config) diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index 828bf97267d9..f6625ec13a6f 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -7,10 +7,12 @@ import ( "time" goxtls "github.com/xtls/go" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/xtls" @@ -18,13 +20,14 @@ import ( // Listener is an internet.Listener that listens for TCP connections. type Listener struct { - listener net.Listener - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - authConfig internet.ConnectionAuthenticator - config *Config - addConn internet.ConnHandler - locker *internet.FileLocker // for unix domain socket + listener net.Listener + tlsConfig *gotls.Config + xtlsConfig *goxtls.Config + realityConfig *goreality.Config + authConfig internet.ConnectionAuthenticator + config *Config + addConn internet.ConnHandler + locker *internet.FileLocker // for unix domain socket } // ListenTCP creates a new Listener based on configurations. @@ -78,6 +81,9 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { l.xtlsConfig = config.GetXTLSConfig() } + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + l.realityConfig = config.GetREALITYConfig() + } if tcpSettings.HeaderSettings != nil { headerConfig, err := tcpSettings.HeaderSettings.GetInstance() @@ -109,17 +115,22 @@ func (v *Listener) keepAccepting() { } continue } - - if v.tlsConfig != nil { - conn = tls.Server(conn, v.tlsConfig) - } else if v.xtlsConfig != nil { - conn = xtls.Server(conn, v.xtlsConfig) - } - if v.authConfig != nil { - conn = v.authConfig.Server(conn) - } - - v.addConn(stat.Connection(conn)) + go func() { + if v.tlsConfig != nil { + conn = tls.Server(conn, v.tlsConfig) + } else if v.xtlsConfig != nil { + conn = xtls.Server(conn, v.xtlsConfig) + } else if v.realityConfig != nil { + if conn, err = reality.Server(conn, v.realityConfig); err != nil { + newError(err).AtInfo().WriteToLog() + return + } + } + if v.authConfig != nil { + conn = v.authConfig.Server(conn) + } + v.addConn(stat.Connection(conn)) + }() } } From 82003f28b220be4690176bb266e1447d5972bbaf Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 11:43:18 +0000 Subject: [PATCH 59/91] Upgrade github.com/xtls/reality to 085bdf2104d3 Fixes https://github.com/XTLS/Xray-core/issues/1659 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ecf8e3548452..d14f5d2ddc8c 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 + github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index c2d2af911912..d32d88e75155 100644 --- a/go.sum +++ b/go.sum @@ -193,8 +193,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99 h1:H7I3fhMXA0GKSysu+KcSNMdX/o4MBElWR02/NIwhmpY= -github.com/xtls/reality v0.0.0-20230210055008-e814936a3d99/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 h1:Rp9BfXZ+Li5j5L40zAdFZLcr0nXrYBPgaNpQ9lQnpWg= +github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= From e1cd1fd33ece9c9190efd43acc356400d129cc05 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 12:39:18 +0000 Subject: [PATCH 60/91] Allow empty "shortId" (client side) --- infra/conf/transport_internet.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index d71795283e41..dd84a89af58e 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -637,9 +637,6 @@ func (c *REALITYConfig) Build() (proto.Message, error) { if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { return nil, newError(`invalid "publicKey": `, c.PublicKey) } - if c.ShortId == "" { - return nil, newError(`empty "shortId"`) - } config.ShortId = make([]byte, 8) if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { return nil, newError(`invalid "shortId": `, c.ShortId) From c7358a32f5b75dc31b5428432a231b03b7dc421b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 17 Feb 2023 21:07:27 +0800 Subject: [PATCH 61/91] Allow empty "spiderX" (client side) --- infra/conf/transport_internet.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index dd84a89af58e..4d2e92e4a15f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -642,7 +642,7 @@ func (c *REALITYConfig) Build() (proto.Message, error) { return nil, newError(`invalid "shortId": `, c.ShortId) } if c.SpiderX == "" { - return nil, newError(`empty "spiderX"`) + c.SpiderX = "/" } if c.SpiderX[0] != '/' { return nil, newError(`invalid "spiderX": `, c.SpiderX) From 4d5c3195d2a6efd6fe33fd13ad79e0b54d213937 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 18 Feb 2023 05:55:19 +0000 Subject: [PATCH 62/91] Refine random Fixes https://github.com/XTLS/Xray-core/issues/1666 --- transport/internet/tls/tls.go | 48 +++++++++++++++++------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 1a880b9850fc..2fd9a017dc21 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -173,47 +173,47 @@ var PresetFingerprints = map[string]*utls.ClientHelloID{ var ModernFingerprints = map[string]*utls.ClientHelloID{ // One of these will be chosen as `random` at startup - "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, - "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, - "helloios_auto": &utls.HelloIOS_Auto, - "helloios_12_1": &utls.HelloIOS_12_1, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, - "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, - "helloedge_auto": &utls.HelloEdge_Auto, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, - "hellosafari_auto": &utls.HelloSafari_Auto, "hellosafari_16_0": &utls.HelloSafari_16_0, - "hello360_auto": &utls.Hello360_Auto, "hello360_11_0": &utls.Hello360_11_0, - "helloqq_auto": &utls.HelloQQ_Auto, "helloqq_11_1": &utls.HelloQQ_11_1, } var OtherFingerprints = map[string]*utls.ClientHelloID{ - // Golang, randomized, and fingerprints that are more than 4 years old - "hellogolang": &utls.HelloGolang, - "hellorandomized": &utls.HelloRandomized, - "hellorandomizedalpn": &utls.HelloRandomizedALPN, - "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, - "hellofirefox_55": &utls.HelloFirefox_55, - "hellofirefox_56": &utls.HelloFirefox_56, - "hellofirefox_63": &utls.HelloFirefox_63, - "hellofirefox_65": &utls.HelloFirefox_65, - "hellochrome_58": &utls.HelloChrome_58, - "hellochrome_62": &utls.HelloChrome_62, - "hellochrome_70": &utls.HelloChrome_70, - "hellochrome_72": &utls.HelloChrome_72, - "helloios_11_1": &utls.HelloIOS_11_1, - "hello360_7_5": &utls.Hello360_7_5, + // Golang, randomized, auto, and fingerprints that are too old + "hellogolang": &utls.HelloGolang, + "hellorandomized": &utls.HelloRandomized, + "hellorandomizedalpn": &utls.HelloRandomizedALPN, + "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, + "hellofirefox_auto": &utls.HelloFirefox_Auto, + "hellofirefox_55": &utls.HelloFirefox_55, + "hellofirefox_56": &utls.HelloFirefox_56, + "hellofirefox_63": &utls.HelloFirefox_63, + "hellofirefox_65": &utls.HelloFirefox_65, + "hellochrome_auto": &utls.HelloChrome_Auto, + "hellochrome_58": &utls.HelloChrome_58, + "hellochrome_62": &utls.HelloChrome_62, + "hellochrome_70": &utls.HelloChrome_70, + "hellochrome_72": &utls.HelloChrome_72, + "helloios_auto": &utls.HelloIOS_Auto, + "helloios_11_1": &utls.HelloIOS_11_1, + "helloios_12_1": &utls.HelloIOS_12_1, + "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, + "helloedge_auto": &utls.HelloEdge_Auto, + "hellosafari_auto": &utls.HelloSafari_Auto, + "hello360_auto": &utls.Hello360_Auto, + "hello360_7_5": &utls.Hello360_7_5, + "helloqq_auto": &utls.HelloQQ_Auto, } From 9d3de59d3ffcf58c2d2aecb0866b3f0035baedd8 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Tue, 21 Feb 2023 13:43:13 +0000 Subject: [PATCH 63/91] Check "serverNames" and "shortIds" (client side) Prevents https://github.com/XTLS/Xray-core/issues/1675 --- infra/conf/transport_internet.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 4d2e92e4a15f..a81760cb8b15 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -631,12 +631,18 @@ func (c *REALITYConfig) Build() (proto.Message, error) { if config.Fingerprint == "hellogolang" { return nil, newError(`invalid "fingerprint": `, config.Fingerprint) } + if len(c.ServerNames) != 0 { + return nil, newError(`non-empty "serverNames", please use "serverName" instead`) + } if c.PublicKey == "" { return nil, newError(`empty "publicKey"`) } if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { return nil, newError(`invalid "publicKey": `, c.PublicKey) } + if len(c.ShortIds) != 0 { + return nil, newError(`non-empty "shortIds", please use "shortId" instead`) + } config.ShortId = make([]byte, 8) if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { return nil, newError(`invalid "shortId": `, c.ShortId) From 9e07d8304d6e4df6a299a7c4095d92ca161a5cea Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Tue, 21 Feb 2023 22:23:10 -0500 Subject: [PATCH 64/91] Add retry for test steps to download geofiles --- .github/workflows/test.yml | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ffdc64cbdbe5..03a2a37ec9b0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -37,15 +37,25 @@ jobs: - name: Prepare geo*dat if: ${{ matrix.os != 'windows-latest' }} - run: | - mkdir resources - wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat - wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | + mkdir resources + wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat + wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - name: Prepare geo*dat for Windows if: ${{ matrix.os == 'windows-latest' }} - run: | - mkdir resources - Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" - Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | + mkdir resources + Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" + Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" - name: Test run: go test -timeout 1h -v ./... From 7f16f4ccd923795bb516b384c552a98b96a275c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Feb 2023 00:59:30 +0000 Subject: [PATCH 65/91] Bump github.com/sagernet/sing from 0.1.6 to 0.1.7 Bumps [github.com/sagernet/sing](https://github.com/sagernet/sing) from 0.1.6 to 0.1.7. - [Release notes](https://github.com/sagernet/sing/releases) - [Commits](https://github.com/sagernet/sing/compare/v0.1.6...v0.1.7) --- updated-dependencies: - dependency-name: github.com/sagernet/sing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d14f5d2ddc8c..280211635e79 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.32.0 github.com/refraction-networking/utls v1.2.2 - github.com/sagernet/sing v0.1.6 + github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb diff --git a/go.sum b/go.sum index d32d88e75155..fd5cb1cc870f 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJp github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagernet/sing v0.1.6 h1:Qy63OUfKpcqKjfd5rPmUlj0RGjHZSK/PJn0duyCCsRg= -github.com/sagernet/sing v0.1.6/go.mod h1:JLSXsPTGRJFo/3X7EcAOCUgJH2/gAoxSJgBsnCZRp/w= +github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= +github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= From 267d93f7bd02773ce5074928767e2f28bd3eb770 Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Sat, 25 Feb 2023 00:42:02 +0800 Subject: [PATCH 66/91] Improve ReshapeMultiBuffer (#1636) * Improve ReshapeMultiBuffer * Improve again * Always resize --- proxy/vless/encoding/encoding.go | 36 +++++++++++++++----------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 1e8aaa922c39..fa5b438c82cf 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -469,38 +469,36 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt // ReshapeMultiBuffer prepare multi buffer for padding stucture (max 21 bytes) func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBuffer { - needReshape := false + needReshape := 0 for _, b := range buffer { if b.Len() >= buf.Size-21 { - needReshape = true + needReshape += 1 } } - if !needReshape { + if needReshape == 0 { return buffer } - mb2 := make(buf.MultiBuffer, 0, len(buffer)) - print := "" - for _, b := range buffer { - if b.Len() >= buf.Size-21 { - index := int32(bytes.LastIndex(b.Bytes(), tlsApplicationDataStart)) + mb2 := make(buf.MultiBuffer, 0, len(buffer)+needReshape) + toPrint := "" + for i, buffer1 := range buffer { + if buffer1.Len() >= buf.Size-21 { + index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart)) if index <= 0 { index = buf.Size / 2 } - buffer1 := buf.New() buffer2 := buf.New() - buffer1.Write(b.BytesTo(index)) - buffer2.Write(b.BytesFrom(index)) + buffer2.Write(buffer1.BytesFrom(index)) + buffer1.Resize(0, index) mb2 = append(mb2, buffer1, buffer2) - print += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) + " " + strconv.Itoa(int(buffer2.Len())) } else { - newbuffer := buf.New() - newbuffer.Write(b.Bytes()) - mb2 = append(mb2, newbuffer) - print += " " + strconv.Itoa(int(b.Len())) + mb2 = append(mb2, buffer1) + toPrint += " " + strconv.Itoa(int(buffer1.Len())) } + buffer[i] = nil } - buf.ReleaseMulti(buffer) - newError("ReshapeMultiBuffer ", print).WriteToLog(session.ExportIDToError(ctx)) + buffer = buffer[:0] + newError("ReshapeMultiBuffer ", toPrint).WriteToLog(session.ExportIDToError(ctx)) return mb2 } @@ -524,7 +522,7 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Cont *userUUID = nil } newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) - if (b != nil) { + if b != nil { newbuffer.Write(b.Bytes()) b.Release() b = nil From 03b8c094de7250c2724be8208f7253c1cb3622ce Mon Sep 17 00:00:00 2001 From: Yue Yin Date: Fri, 17 Feb 2023 16:01:24 +0800 Subject: [PATCH 67/91] Support SPKI Fingerprint Pinning Support SPKI Fingerprint Pinning for TLSObject --- infra/conf/transport_internet.go | 38 +++++++----- transport/internet/tls/config.go | 14 +++++ transport/internet/tls/config.pb.go | 38 ++++++++---- transport/internet/tls/config.proto | 7 +++ transport/internet/tls/pin.go | 6 ++ transport/internet/tls/pin_test.go | 89 +++++++++++++++++++++++++++++ 6 files changed, 169 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index a81760cb8b15..d0249b445184 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -343,19 +343,20 @@ func (c *TLSCertConfig) Build() (*tls.Certificate, error) { } type TLSConfig struct { - Insecure bool `json:"allowInsecure"` - Certs []*TLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - EnableSessionResumption bool `json:"enableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` - MinVersion string `json:"minVersion"` - MaxVersion string `json:"maxVersion"` - CipherSuites string `json:"cipherSuites"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites"` - Fingerprint string `json:"fingerprint"` - RejectUnknownSNI bool `json:"rejectUnknownSni"` - PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` + Insecure bool `json:"allowInsecure"` + Certs []*TLSCertConfig `json:"certificates"` + ServerName string `json:"serverName"` + ALPN *StringList `json:"alpn"` + EnableSessionResumption bool `json:"enableSessionResumption"` + DisableSystemRoot bool `json:"disableSystemRoot"` + MinVersion string `json:"minVersion"` + MaxVersion string `json:"maxVersion"` + CipherSuites string `json:"cipherSuites"` + PreferServerCipherSuites bool `json:"preferServerCipherSuites"` + Fingerprint string `json:"fingerprint"` + RejectUnknownSNI bool `json:"rejectUnknownSni"` + PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` + PinnedPeerCertificatePublicKeySha256 *[]string `json:"pinnedPeerCertificatePublicKeySha256"` } // Build implements Buildable. @@ -400,6 +401,17 @@ func (c *TLSConfig) Build() (proto.Message, error) { } } + if c.PinnedPeerCertificatePublicKeySha256 != nil { + config.PinnedPeerCertificatePublicKeySha256 = [][]byte{} + for _, v := range *c.PinnedPeerCertificatePublicKeySha256 { + hashValue, err := base64.StdEncoding.DecodeString(v) + if err != nil { + return nil, err + } + config.PinnedPeerCertificatePublicKeySha256 = append(config.PinnedPeerCertificatePublicKeySha256, hashValue) + } + } + return config, nil } diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index e1c128825401..9c1f8eee68f7 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -266,6 +266,20 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert } return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue)) } + + if c.PinnedPeerCertificatePublicKeySha256 != nil { + for _, v := range verifiedChains { + for _, cert := range v { + publicHash := GenerateCertPublicKeyHash(cert) + for _, c := range c.PinnedPeerCertificatePublicKeySha256 { + if hmac.Equal(publicHash, c) { + return nil + } + } + } + } + return newError("peer public key is unrecognized.") + } return nil } diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go index d038de6bf6bd..d02fa1122043 100644 --- a/transport/internet/tls/config.pb.go +++ b/transport/internet/tls/config.pb.go @@ -203,6 +203,11 @@ type Config struct { // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificateChainSha256 [][]byte `protobuf:"bytes,13,rep,name=pinned_peer_certificate_chain_sha256,json=pinnedPeerCertificateChainSha256,proto3" json:"pinned_peer_certificate_chain_sha256,omitempty"` + // @Document A pinned certificate public key sha256 hash. + // @Document If the server's public key hash does not match this value, the connection will be aborted. + // @Document This value replace allow_insecure. + // @Critical + PinnedPeerCertificatePublicKeySha256 [][]byte `protobuf:"bytes,14,rep,name=pinned_peer_certificate_public_key_sha256,json=pinnedPeerCertificatePublicKeySha256,proto3" json:"pinned_peer_certificate_public_key_sha256,omitempty"` } func (x *Config) Reset() { @@ -328,6 +333,13 @@ func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte { return nil } +func (x *Config) GetPinnedPeerCertificatePublicKeySha256() [][]byte { + if x != nil { + return x.PinnedPeerCertificatePublicKeySha256 + } + return nil +} + var File_transport_internet_tls_config_proto protoreflect.FileDescriptor var file_transport_internet_tls_config_proto_rawDesc = []byte{ @@ -357,7 +369,7 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, - 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xf3, 0x04, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, + 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xcc, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4a, 0x0a, 0x0b, 0x63, 0x65, 0x72, @@ -396,15 +408,21 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x20, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, 0x73, 0x0a, - 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, - 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, - 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, - 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, - 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x57, 0x0a, + 0x29, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, + 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0c, + 0x52, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, + 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, 0x73, 0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, + 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, + 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/tls/config.proto b/transport/internet/tls/config.proto index 28266e20d47d..227840a21d35 100644 --- a/transport/internet/tls/config.proto +++ b/transport/internet/tls/config.proto @@ -76,4 +76,11 @@ message Config { @Critical */ repeated bytes pinned_peer_certificate_chain_sha256 = 13; + + /* @Document A pinned certificate public key sha256 hash. + @Document If the server's public key hash does not match this value, the connection will be aborted. + @Document This value replace allow_insecure. + @Critical + */ + repeated bytes pinned_peer_certificate_public_key_sha256 = 14; } diff --git a/transport/internet/tls/pin.go b/transport/internet/tls/pin.go index a7b012b546d3..f561bfdf69dc 100644 --- a/transport/internet/tls/pin.go +++ b/transport/internet/tls/pin.go @@ -2,6 +2,7 @@ package tls import ( "crypto/sha256" + "crypto/x509" "encoding/base64" "encoding/pem" ) @@ -34,3 +35,8 @@ func GenerateCertChainHash(rawCerts [][]byte) []byte { } return hashValue } + +func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte { + out := sha256.Sum256(cert.RawSubjectPublicKeyInfo) + return out[:] +} diff --git a/transport/internet/tls/pin_test.go b/transport/internet/tls/pin_test.go index 9607fe1f71e1..cfc60e178081 100644 --- a/transport/internet/tls/pin_test.go +++ b/transport/internet/tls/pin_test.go @@ -1,6 +1,9 @@ package tls import ( + "crypto/x509" + "encoding/base64" + "encoding/pem" "testing" "github.com/stretchr/testify/assert" @@ -108,3 +111,89 @@ tzY45d4mjPs0fKCFKSsVM6YT0tX4NwIKsOaeQg30WLtRyDwYm6ma/a/UUUS0FloZ assert.Equal(t, "FW3SVMCL6um2wVltOdgJ3DpI82aredw83YoCblkMkVM=", hash) }) } + +func TestCalculateCertPublicKeyHash(t *testing.T) { + const Single = `-----BEGIN CERTIFICATE----- +MIINWTCCC0GgAwIBAgITLQAxbA/A+lw/1sLDAAAAADFsDzANBgkqhkiG9w0BAQsF +ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMjAeFw0yMjExMjUwMDU2 +NTZaFw0yMzA1MjUwMDU2NTZaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOH89lKmtkDnClFiQwfZofZO4h8C +Ye/+ChI67pEw5Q6/MxJzHiMKe8f1WaNuc+wkdHdct+BmQ+AftozIJt+eSN6IF7eY +dsutBvR87GNLFe40MBvfyvTQVM9Ulv04JxOpKTYnsf2wmktEI3y7FCgfm9RT71n+ +Zef8Z8fa4By7aGfbbCQ0DsHl5P9o3ug/eLQODzK9NuQlwcVBHD2Zvgo+K7WOsjgE +k8JnOr+2zc0WWT4OrWSDJE/3l+jvhxmZkrwgmks4m9zUZvAnYAz/xxVCJRqbI3Ou +S5fkJJ3f6IxPbS2i8OWz6tma1aIkgQaFNJQuYOJa1esfQcEzs6kb/Xx5DXUCAwEA +AaOCCWQwgglgMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgCt9776fP8QyIud +PZwePhhqtGcpXc+xDCTKhYY069yCigAAAYSsUtxtAAAEAwBHMEUCIQCP/Jpp337p +cKITqS/kNlA4bNY6TK1Ad0VlsdkzQU+oZgIgFZb2AcsyT1UKCmM3ziGsLdvS9MAT +D1g/kztyDXhkA70AdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA +AYSsUtsZAAAEAwBHMEUCIQDvlqXrdA440PW6b+JLj4F0ZVQNKHcv1lub0FhQqHgR +wAIgAtC7eXvXXhVBuO+Bd3fkDI0aGQM+pcvIesBoygzStjQAdQB6MoxU2LcttiDq +OOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYSsUtmfAAAEAwBGMEQCIDgjSYt6e/h8 +dv2KGEL3AJZUBH2gp1AA5saH8o3OyMJhAiBOCzo3oWlVFeF/8c0fxIIs9Fj4w8BY +INo0jNP/k7apgTAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUF +BwMCMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF +9OtggV2Fho5Bh8KYUAIBZAIBJzCBhwYIKwYBBQUHAQEEezB5MFMGCCsGAQUFBzAC +hkdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQl +MjBSU0ElMjBUTFMlMjBDQSUyMDAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29j +c3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUpuSPPchFlPGu8FTbzPhJTFxQ7RowDgYD +VR0PAQH/BAQDAgSwMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGlj +dC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYII +YmluZy5jb22CFmllb25saW5lLm1pY3Jvc29mdC5jb22CEyoud2luZG93c3NlYXJj +aC5jb22CGWNuLmllb25saW5lLm1pY3Jvc29mdC5jb22CESoub3JpZ2luLmJpbmcu +Y29tgg0qLm1tLmJpbmcubmV0gg4qLmFwaS5iaW5nLmNvbYIYZWNuLmRldi52aXJ0 +dWFsZWFydGgubmV0gg0qLmNuLmJpbmcubmV0gg0qLmNuLmJpbmcuY29tghBzc2wt +YXBpLmJpbmcuY29tghBzc2wtYXBpLmJpbmcubmV0gg4qLmFwaS5iaW5nLm5ldIIO +Ki5iaW5nYXBpcy5jb22CD2JpbmdzYW5kYm94LmNvbYIWZmVlZGJhY2subWljcm9z +b2Z0LmNvbYIbaW5zZXJ0bWVkaWEuYmluZy5vZmZpY2UubmV0gg5yLmJhdC5iaW5n +LmNvbYIQKi5yLmJhdC5iaW5nLmNvbYISKi5kaWN0LmJpbmcuY29tLmNugg8qLmRp +Y3QuYmluZy5jb22CDiouc3NsLmJpbmcuY29tghAqLmFwcGV4LmJpbmcuY29tghYq +LnBsYXRmb3JtLmNuLmJpbmcuY29tgg13cC5tLmJpbmcuY29tggwqLm0uYmluZy5j +b22CD2dsb2JhbC5iaW5nLmNvbYIRd2luZG93c3NlYXJjaC5jb22CDnNlYXJjaC5t +c24uY29tghEqLmJpbmdzYW5kYm94LmNvbYIZKi5hcGkudGlsZXMuZGl0dS5saXZl +LmNvbYIPKi5kaXR1LmxpdmUuY29tghgqLnQwLnRpbGVzLmRpdHUubGl2ZS5jb22C +GCoudDEudGlsZXMuZGl0dS5saXZlLmNvbYIYKi50Mi50aWxlcy5kaXR1LmxpdmUu +Y29tghgqLnQzLnRpbGVzLmRpdHUubGl2ZS5jb22CFSoudGlsZXMuZGl0dS5saXZl +LmNvbYILM2QubGl2ZS5jb22CE2FwaS5zZWFyY2gubGl2ZS5jb22CFGJldGEuc2Vh +cmNoLmxpdmUuY29tghVjbndlYi5zZWFyY2gubGl2ZS5jb22CDGRldi5saXZlLmNv +bYINZGl0dS5saXZlLmNvbYIRZmFyZWNhc3QubGl2ZS5jb22CDmltYWdlLmxpdmUu +Y29tgg9pbWFnZXMubGl2ZS5jb22CEWxvY2FsLmxpdmUuY29tLmF1ghRsb2NhbHNl +YXJjaC5saXZlLmNvbYIUbHM0ZC5zZWFyY2gubGl2ZS5jb22CDW1haWwubGl2ZS5j +b22CEW1hcGluZGlhLmxpdmUuY29tgg5sb2NhbC5saXZlLmNvbYINbWFwcy5saXZl +LmNvbYIQbWFwcy5saXZlLmNvbS5hdYIPbWluZGlhLmxpdmUuY29tgg1uZXdzLmxp +dmUuY29tghxvcmlnaW4uY253ZWIuc2VhcmNoLmxpdmUuY29tghZwcmV2aWV3Lmxv +Y2FsLmxpdmUuY29tgg9zZWFyY2gubGl2ZS5jb22CEnRlc3QubWFwcy5saXZlLmNv +bYIOdmlkZW8ubGl2ZS5jb22CD3ZpZGVvcy5saXZlLmNvbYIVdmlydHVhbGVhcnRo +LmxpdmUuY29tggx3YXAubGl2ZS5jb22CEndlYm1hc3Rlci5saXZlLmNvbYITd2Vi +bWFzdGVycy5saXZlLmNvbYIVd3d3LmxvY2FsLmxpdmUuY29tLmF1ghR3d3cubWFw +cy5saXZlLmNvbS5hdTCBsAYDVR0fBIGoMIGlMIGioIGfoIGchk1odHRwOi8vbXNj +cmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBSU0El +MjBUTFMlMjBDQSUyMDAyLmNybIZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br +aS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMENBJTIwMDIuY3Js +MFcGA1UdIARQME4wQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93 +d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAIBgZngQwBAgEwHwYDVR0j +BBgwFoAU/y9/4Qb0OPMt7SWNmML+DvZs/PowHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQB4OIB/EHxpF64iFZME7XkJjZYn +ZiYIfOfHs6EGDNn7fxvpZS9HVy1jOWv/RvzEbMuSV3b/fItaJN/zATBg5/6hb5Jq +HGIcnKmb+tYrKlYhSOngHSu/8/OYP1dFFIqcVe0769kwXaKUzLh6UVRaS+mB7GFc +sXmPMbv5NM7mCUEdMkOaoSmubfw/WzmmRGrcSmtCxtIwMcp8Jf13Esunq//4+9w3 +M/JXa8ubmXyrY63zt/Oz/NkVJvja89ueovscy6s5sw2r+Su4bRsJjmxwCbakp56K +rbh7z417LzW88MMuATvOyk/O8Rbw2KYVSEiQgO54kHI0YkHkJ/6IoeAT1pmCfHUE +Rd+Ec8T+/lE2BPLVqp8SjogDYiybb0IR5Gn2vYyUdzsS2h/C5qGNd2t5ehxfjQoL +G6Y3GJZQRxkSX6TLPYU0U63wWb4yeSxabpBlARaZMaAoqDa3cX53WCnrAXDz8vuH +yAtX2/Jq7IpybFK5kFzbxfI02Ik0aCWJUnXPL8L6esTskwvkzX8rSI/bjPrzcJL5 +B9pONLy6wc8/Arfu2eNlMbs8s/g8c5zkEc3fBZ9tJ1dqlnMAVgB2+fwI3aK4F34N +uyfZW7Xu65KkPhbMnO0GVGM7X4Lkyjm4ysQ9PIRV3MwMfXH+RBSXlIayLTcYG4gl +XF1a/qnao6nMjyTIyQ== +-----END CERTIFICATE----- +` + t.Run("singlepublickey", func(t *testing.T) { + block, _ := pem.Decode([]byte(Single)) + cert, err := x509.ParseCertificate(block.Bytes) + assert.Equal(t, err, nil) + hash := GenerateCertPublicKeyHash(cert) + hashstr := base64.StdEncoding.EncodeToString(hash) + assert.Equal(t, "xI/4mNm8xF9uDT4vA9G1+aKAaybwNlkRECnN8vGAHTM=", hashstr) + }) +} From c8b45808696f440235d42e264fe48dac4eeb37b9 Mon Sep 17 00:00:00 2001 From: xqzr <34030394+xqzr@users.noreply.github.com> Date: Sat, 25 Feb 2023 00:54:40 +0800 Subject: [PATCH 68/91] add `V6Only` (#1677) * add `V6Only` * add `V6Only` --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 56 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 6 ++++ 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index d0249b445184..21cc7e2299cf 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -727,6 +727,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -777,6 +778,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + V6Only: c.V6only, Interface: c.Interface, }, nil } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 67bf9f5aebfe..1fd38539c76a 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc v4.22.0 // source: transport/internet/config.proto package internet @@ -426,6 +426,7 @@ type SocketConfig struct { TcpKeepAliveIdle int32 `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"` TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` + V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` } func (x *SocketConfig) Reset() { @@ -551,6 +552,13 @@ func (x *SocketConfig) GetInterface() string { return "" } +func (x *SocketConfig) GetV6Only() bool { + if x != nil { + return x.V6Only + } + return false +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -603,7 +611,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x86, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0x9e, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -640,27 +648,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x63, 0x70, 0x43, 0x6f, 0x6e, 0x67, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, - 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, - 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, - 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, - 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, - 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, - 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, - 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, - 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, - 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, - 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, - 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, - 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, - 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, - 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, + 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, + 0x6c, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, + 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, + 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, + 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, + 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, + 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, + 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, + 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, + 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index bcd905a6324a..23a964fd3e3d 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -100,4 +100,6 @@ message SocketConfig { string tcp_congestion = 12; string interface = 13; + + bool v6only = 14; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index a5b7a49f7601..e8376025e5ff 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -155,6 +155,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) } } + if config.V6Only { + if err := syscall.SetsockoptInt(int(fd), syscall.SOL_IPV6, syscall.IPV6_V6ONLY, 1); err != nil { + return newError("failed to set IPV6_V6ONLY", err) + } + } + return nil } From 336b2daeb9f29759c057a456b19904ad3215d0fa Mon Sep 17 00:00:00 2001 From: sduoduo233 <85996970+sduoduo233@users.noreply.github.com> Date: Sat, 25 Feb 2023 01:06:24 +0800 Subject: [PATCH 69/91] DNS Header for KCP (#1672) * dns header * fixed domain name encoding for dns header --------- Co-authored-by: kerry --- infra/conf/transport_authenticators.go | 14 ++ infra/conf/transport_internet.go | 1 + transport/internet/headers/dns/config.pb.go | 153 ++++++++++++++++++++ transport/internet/headers/dns/config.proto | 12 ++ transport/internet/headers/dns/dns.go | 57 ++++++++ 5 files changed, 237 insertions(+) create mode 100644 transport/internet/headers/dns/config.pb.go create mode 100644 transport/internet/headers/dns/config.proto create mode 100644 transport/internet/headers/dns/dns.go diff --git a/infra/conf/transport_authenticators.go b/infra/conf/transport_authenticators.go index 703a13662cef..46be85886868 100644 --- a/infra/conf/transport_authenticators.go +++ b/infra/conf/transport_authenticators.go @@ -4,6 +4,7 @@ import ( "sort" "github.com/golang/protobuf/proto" + "github.com/xtls/xray-core/transport/internet/headers/dns" "github.com/xtls/xray-core/transport/internet/headers/http" "github.com/xtls/xray-core/transport/internet/headers/noop" "github.com/xtls/xray-core/transport/internet/headers/srtp" @@ -49,6 +50,19 @@ func (WireguardAuthenticator) Build() (proto.Message, error) { return new(wireguard.WireguardConfig), nil } +type DNSAuthenticator struct { + Domain string `json:"domain"` +} + +func (v *DNSAuthenticator) Build() (proto.Message, error) { + config := new(dns.Config) + config.Domain = "www.baidu.com" + if len(v.Domain) > 0 { + config.Domain = v.Domain + } + return config, nil +} + type DTLSAuthenticator struct{} func (DTLSAuthenticator) Build() (proto.Message, error) { diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 21cc7e2299cf..92abb6885cb6 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -37,6 +37,7 @@ var ( "wechat-video": func() interface{} { return new(WechatVideoAuthenticator) }, "dtls": func() interface{} { return new(DTLSAuthenticator) }, "wireguard": func() interface{} { return new(WireguardAuthenticator) }, + "dns": func() interface{} { return new(DNSAuthenticator) }, }, "type", "") tcpHeaderLoader = NewJSONConfigLoader(ConfigCreatorCache{ diff --git a/transport/internet/headers/dns/config.pb.go b/transport/internet/headers/dns/config.pb.go new file mode 100644 index 000000000000..d42f537e33df --- /dev/null +++ b/transport/internet/headers/dns/config.pb.go @@ -0,0 +1,153 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.12 +// source: transport/internet/headers/dns/config.proto + +package dns + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Config struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` +} + +func (x *Config) Reset() { + *x = Config{} + if protoimpl.UnsafeEnabled { + mi := &file_transport_internet_headers_dns_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Config) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Config) ProtoMessage() {} + +func (x *Config) ProtoReflect() protoreflect.Message { + mi := &file_transport_internet_headers_dns_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Config.ProtoReflect.Descriptor instead. +func (*Config) Descriptor() ([]byte, []int) { + return file_transport_internet_headers_dns_config_proto_rawDescGZIP(), []int{0} +} + +func (x *Config) GetDomain() string { + if x != nil { + return x.Domain + } + return "" +} + +var File_transport_internet_headers_dns_config_proto protoreflect.FileDescriptor + +var file_transport_internet_headers_dns_config_proto_rawDesc = []byte{ + 0x0a, 0x2b, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x64, 0x6e, 0x73, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x64, + 0x6e, 0x73, 0x22, 0x20, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x16, 0x0a, 0x06, + 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x42, 0x8b, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, + 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x64, 0x6e, 0x73, + 0x50, 0x01, 0x5a, 0x38, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, + 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x23, 0x58, + 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x44, + 0x4e, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_transport_internet_headers_dns_config_proto_rawDescOnce sync.Once + file_transport_internet_headers_dns_config_proto_rawDescData = file_transport_internet_headers_dns_config_proto_rawDesc +) + +func file_transport_internet_headers_dns_config_proto_rawDescGZIP() []byte { + file_transport_internet_headers_dns_config_proto_rawDescOnce.Do(func() { + file_transport_internet_headers_dns_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_headers_dns_config_proto_rawDescData) + }) + return file_transport_internet_headers_dns_config_proto_rawDescData +} + +var file_transport_internet_headers_dns_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_transport_internet_headers_dns_config_proto_goTypes = []interface{}{ + (*Config)(nil), // 0: xray.transport.internet.headers.dns.Config +} +var file_transport_internet_headers_dns_config_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_transport_internet_headers_dns_config_proto_init() } +func file_transport_internet_headers_dns_config_proto_init() { + if File_transport_internet_headers_dns_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_transport_internet_headers_dns_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Config); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_transport_internet_headers_dns_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_transport_internet_headers_dns_config_proto_goTypes, + DependencyIndexes: file_transport_internet_headers_dns_config_proto_depIdxs, + MessageInfos: file_transport_internet_headers_dns_config_proto_msgTypes, + }.Build() + File_transport_internet_headers_dns_config_proto = out.File + file_transport_internet_headers_dns_config_proto_rawDesc = nil + file_transport_internet_headers_dns_config_proto_goTypes = nil + file_transport_internet_headers_dns_config_proto_depIdxs = nil +} diff --git a/transport/internet/headers/dns/config.proto b/transport/internet/headers/dns/config.proto new file mode 100644 index 000000000000..a9a44ff463ab --- /dev/null +++ b/transport/internet/headers/dns/config.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; + +package xray.transport.internet.headers.dns; +option csharp_namespace = "Xray.Transport.Internet.Headers.DNS"; +option go_package = "github.com/xtls/xray-core/transport/internet/headers/dns"; +option java_package = "com.xray.transport.internet.headers.dns"; +option java_multiple_files = true; + +message Config { + string domain = 1; +} + diff --git a/transport/internet/headers/dns/dns.go b/transport/internet/headers/dns/dns.go new file mode 100644 index 000000000000..5839bc8140b1 --- /dev/null +++ b/transport/internet/headers/dns/dns.go @@ -0,0 +1,57 @@ +package dns + +import ( + "context" + "encoding/binary" + + "github.com/miekg/dns" + "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/common/dice" +) + +type DNS struct { + header []byte +} + +func (d DNS) Size() int32 { + return int32(len(d.header)) +} + +// Serialize implements PacketHeader. +func (d DNS) Serialize(b []byte) { + copy(b, d.header) + binary.BigEndian.PutUint16(b[0:], dice.RollUint16()) // random transaction ID +} + +// NewDNS returns a new DNS instance based on given config. +func NewDNS(ctx context.Context, config interface{}) (interface{}, error) { + var header []byte + + header = binary.BigEndian.AppendUint16(header, 0x0000) // Transaction ID + header = binary.BigEndian.AppendUint16(header, 0x0100) // Flags: Standard query + header = binary.BigEndian.AppendUint16(header, 0x0001) // Questions + header = binary.BigEndian.AppendUint16(header, 0x0000) // Answer RRs + header = binary.BigEndian.AppendUint16(header, 0x0000) // Authority RRs + header = binary.BigEndian.AppendUint16(header, 0x0000) // Additional RRs + + buf := make([]byte, 0x100) + + off1, err := dns.PackDomainName(dns.Fqdn(config.(*Config).Domain), buf, 0, nil, false) + + if err != nil { + return nil, err + } + + header = append(header, buf[:off1]...) + + header = binary.BigEndian.AppendUint16(header, 0x0001) // Type: A + header = binary.BigEndian.AppendUint16(header, 0x0001) // Class: IN + + return DNS{ + header: header, + }, nil +} + +func init() { + common.Must(common.RegisterConfig((*Config)(nil), NewDNS)) +} From 2e201c57cc45b8bd33c80a651dbe116c418ccb19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Feb 2023 00:19:44 +0000 Subject: [PATCH 70/91] Bump github.com/quic-go/quic-go from 0.32.0 to 0.33.0 Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/quic-go/quic-go/releases) - [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md) - [Commits](https://github.com/quic-go/quic-go/compare/v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: github.com/quic-go/quic-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 7 +++---- go.sum | 14 ++++++-------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 280211635e79..dede210a77df 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/miekg/dns v1.1.50 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 - github.com/quic-go/quic-go v0.32.0 + github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 @@ -44,9 +44,8 @@ require ( github.com/klauspost/cpuid/v2 v2.2.3 // indirect github.com/onsi/ginkgo/v2 v2.8.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/quic-go/qtls-go1-18 v0.2.0 // indirect - github.com/quic-go/qtls-go1-19 v0.2.0 // indirect - github.com/quic-go/qtls-go1-20 v0.1.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.1 // indirect + github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect diff --git a/go.sum b/go.sum index fd5cb1cc870f..4bd8376b76e9 100644 --- a/go.sum +++ b/go.sum @@ -130,14 +130,12 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= -github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= -github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= -github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= -github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= -github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= -github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= +github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A= +github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk= +github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= +github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= From d208fd31c97703de1e6ebbba4e84f73414f42360 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Feb 2023 00:20:51 +0000 Subject: [PATCH 71/91] Bump github.com/sagernet/sing-shadowsocks Bumps [github.com/sagernet/sing-shadowsocks](https://github.com/sagernet/sing-shadowsocks) from 0.1.1-0.20230202035033-e3123545f2f7 to 0.1.1. - [Release notes](https://github.com/sagernet/sing-shadowsocks/releases) - [Commits](https://github.com/sagernet/sing-shadowsocks/commits/v0.1.1) --- updated-dependencies: - dependency-name: github.com/sagernet/sing-shadowsocks dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dede210a77df..01993c74ce68 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/quic-go/quic-go v0.33.0 github.com/refraction-networking/utls v1.2.2 github.com/sagernet/sing v0.1.7 - github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 + github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.1 diff --git a/go.sum b/go.sum index 4bd8376b76e9..f7e9ccb2519b 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstv github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= -github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7 h1:Plup6oEiyLzY3HDqQ+QsUBzgBGdVmcsgf3t8h940z9U= -github.com/sagernet/sing-shadowsocks v0.1.1-0.20230202035033-e3123545f2f7/go.mod h1:O5LtOs8Ivw686FqLpO0Zu+A0ROVE15VeqEK3yDRRAms= +github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= +github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo= github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI= github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U= From a5b297f9686afd6db63714a270e755c5bddd1d90 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 24 Feb 2023 12:29:45 -0500 Subject: [PATCH 72/91] Update test.yml Fix an issue when geoip fails download but geosite is ok https://github.com/XTLS/Xray-core/actions/runs/4264609454/jobs/7422911731 --- .github/workflows/test.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 03a2a37ec9b0..eeb28540f962 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,7 +35,7 @@ jobs: - name: Checkout codebase uses: actions/checkout@v3 - - name: Prepare geo*dat + - name: Prepare geoip if: ${{ matrix.os != 'windows-latest' }} uses: nick-fields/retry@v2 with: @@ -45,8 +45,16 @@ jobs: command: | mkdir resources wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat + - name: Prepare geosite + if: ${{ matrix.os != 'windows-latest' }} + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - - name: Prepare geo*dat for Windows + - name: Prepare geoip for Windows if: ${{ matrix.os == 'windows-latest' }} uses: nick-fields/retry@v2 with: @@ -56,6 +64,14 @@ jobs: command: | mkdir resources Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" + - name: Prepare geosite for Windows + if: ${{ matrix.os == 'windows-latest' }} + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 30 + max_attempts: 60 + command: | Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" - name: Test run: go test -timeout 1h -v ./... From c38179a67feb993d63adc99cc7f4918e4d1d5c57 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 26 Feb 2023 19:26:57 +0800 Subject: [PATCH 73/91] Upgrade github.com/xtls/reality to f34b4d174342 Fixes https://github.com/XTLS/Xray-core/issues/1712 --- go.mod | 2 +- go.sum | 4 ++-- proxy/vless/inbound/inbound.go | 8 ++++---- transport/internet/reality/config.go | 4 ++++ transport/internet/reality/reality.go | 2 +- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 01993c74ce68..070bc02b6d23 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 + github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index f7e9ccb2519b..3c8110ebf362 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3 h1:Rp9BfXZ+Li5j5L40zAdFZLcr0nXrYBPgaNpQ9lQnpWg= -github.com/xtls/reality v0.0.0-20230217102704-085bdf2104d3/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 h1:lu9BD/UFZexv70X7mbmSJOyRHRO23mPFrW1xPlLhkGk= +github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index a7863051fa09..d060f222b4aa 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -495,10 +495,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } netConn = tlsConn.NetConn() - if pc, ok := netConn.(*proxyproto.Conn); ok { - netConn = pc.Raw() - // 8192 > 4096, there is no need to process pc's bufReader - } t = reflect.TypeOf(tlsConn.Conn).Elem() p = uintptr(unsafe.Pointer(tlsConn.Conn)) } else if realityConn, ok := iConn.(*reality.Conn); ok { @@ -512,6 +508,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader + } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn() } diff --git a/transport/internet/reality/config.go b/transport/internet/reality/config.go index f7938db52800..58608720628e 100644 --- a/transport/internet/reality/config.go +++ b/transport/internet/reality/config.go @@ -1,6 +1,7 @@ package reality import ( + "net" "time" "github.com/xtls/reality" @@ -8,7 +9,10 @@ import ( ) func (c *Config) GetREALITYConfig() *reality.Config { + var dialer net.Dialer config := &reality.Config{ + DialContext: dialer.DialContext, + Show: c.Show, Type: c.Type, Dest: c.Dest, diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 145f1531a940..835c075aa762 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -52,7 +52,7 @@ func (c *Conn) HandshakeAddress() net.Address { } func Server(c net.Conn, config *reality.Config) (net.Conn, error) { - realityConn, err := reality.Server(c, config) + realityConn, err := reality.Server(context.Background(), c, config) return &Conn{Conn: realityConn}, err } From 9401d65ef16fc4268dcd26e2e0241115e6aa6fb9 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 27 Feb 2023 16:20:19 +0000 Subject: [PATCH 74/91] Add REALITY support to H2 server Now you are able to configure REALITY H2 server directly Before: REALITY VLESS fallbacks -> H2C inbound --- go.mod | 2 +- go.sum | 4 ++-- transport/internet/http/hub.go | 9 +++++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 070bc02b6d23..6b6f7c13379c 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 + github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index 3c8110ebf362..cf6d250758cf 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342 h1:lu9BD/UFZexv70X7mbmSJOyRHRO23mPFrW1xPlLhkGk= -github.com/xtls/reality v0.0.0-20230226072656-f34b4d174342/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 h1:kC3gtMw5yxMb9pJyKD4ZobwtiF9DgdubkSd5BhWTX5M= +github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/transport/internet/http/hub.go b/transport/internet/http/hub.go index 13149267397b..54abe298ae5b 100644 --- a/transport/internet/http/hub.go +++ b/transport/internet/http/hub.go @@ -7,6 +7,7 @@ import ( "strings" "time" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/net/cnc" @@ -15,6 +16,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/common/signal/done" "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tls" "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" @@ -187,14 +189,17 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti } if config == nil { + if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { + streamListener = goreality.NewListener(streamListener, config.GetREALITYConfig()) + } err = server.Serve(streamListener) if err != nil { - newError("stopping serving H2C").Base(err).WriteToLog(session.ExportIDToError(ctx)) + newError("stopping serving H2C or REALITY H2").Base(err).WriteToLog(session.ExportIDToError(ctx)) } } else { err = server.ServeTLS(streamListener, "", "") if err != nil { - newError("stopping serving TLS").Base(err).WriteToLog(session.ExportIDToError(ctx)) + newError("stopping serving TLS H2").Base(err).WriteToLog(session.ExportIDToError(ctx)) } } }() From 55dc26f22840c83045e6f34221533aa3cbe977a2 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Mon, 27 Feb 2023 19:52:01 +0000 Subject: [PATCH 75/91] Add REALITY support to gRPC client and server Now you are able to configure REALITY gRPC client and server Duplicate of REALITY H2, perhaps, just for fun --- go.mod | 2 +- go.sum | 4 ++-- infra/conf/transport_internet.go | 4 ++-- transport/internet/grpc/dial.go | 8 +++++++- transport/internet/grpc/hub.go | 5 +++++ 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6b6f7c13379c..b318b6bbc8dc 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 - github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 + github.com/xtls/reality v0.0.0-20230227192902-524506d97551 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 golang.org/x/net v0.7.0 diff --git a/go.sum b/go.sum index cf6d250758cf..02f4cb2e963e 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49u github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= -github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167 h1:kC3gtMw5yxMb9pJyKD4ZobwtiF9DgdubkSd5BhWTX5M= -github.com/xtls/reality v0.0.0-20230227150228-9e83b0bee167/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= +github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 92abb6885cb6..0af0f1e5498b 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -849,8 +849,8 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecurityType = tm.Type } if strings.EqualFold(c.Security, "reality") { - if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "domainsocket" { - return nil, newError("REALITY only supports TCP, H2 and DomainSocket for now.") + if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { + return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") } if c.REALITYSettings == nil { return nil, newError(`REALITY: Empty "realitySettings".`) diff --git a/transport/internet/grpc/dial.go b/transport/internet/grpc/dial.go index afc270bdc2de..4ab4b61521c0 100644 --- a/transport/internet/grpc/dial.go +++ b/transport/internet/grpc/dial.go @@ -11,6 +11,7 @@ import ( "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/grpc/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "google.golang.org/grpc" @@ -77,6 +78,7 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in globalDialerMap = make(map[dialerConf]*grpc.ClientConn) } tlsConfig := tls.ConfigFromStreamSettings(streamSettings) + realityConfig := reality.ConfigFromStreamSettings(streamSettings) sockopt := streamSettings.SocketSettings grpcSettings := streamSettings.ProtocolSettings.(*Config) @@ -116,7 +118,11 @@ func getGrpcClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } address := net.ParseAddress(rawHost) - return internet.DialSystem(gctx, net.TCPDestination(address, port), sockopt) + c, err := internet.DialSystem(gctx, net.TCPDestination(address, port), sockopt) + if err == nil && realityConfig != nil { + return reality.UClient(c, realityConfig, ctx, dest) + } + return c, err }), } diff --git a/transport/internet/grpc/hub.go b/transport/internet/grpc/hub.go index 4f5530700b89..9bce2274fcdb 100644 --- a/transport/internet/grpc/hub.go +++ b/transport/internet/grpc/hub.go @@ -4,11 +4,13 @@ import ( "context" "time" + goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/grpc/encoding" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/tls" "google.golang.org/grpc" "google.golang.org/grpc/credentials" @@ -125,6 +127,9 @@ func Listen(ctx context.Context, address net.Address, port net.Port, settings *i encoding.RegisterGRPCServiceServerX(s, listener, grpcSettings.getNormalizedName()) + if config := reality.ConfigFromStreamSettings(settings); config != nil { + streamListener = goreality.NewListener(streamListener, config.GetREALITYConfig()) + } if err = s.Serve(streamListener); err != nil { newError("Listener for gRPC ended").Base(err).WriteToLog() } From 2d898480be108472dbe2f091ce73705904c8eed9 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Mon, 27 Feb 2023 22:14:37 -0500 Subject: [PATCH 76/91] Vision padding upgrade (#1646) * Vision server allow multiple blocks of padding * Fix Vision client to support multiple possible padding blocks * Vision padding upgrade - Now we have two types of padding: long (pad to 900-1400) and traditional (0-256) - Long padding is applied to tls handshakes and first (empty) packet - Traditional padding is applied to all beginning (7) packets of the connection (counted two-way) - Since receiver changed its way to unpad buffer in fd6973b3c67a6e5a982734a8c288b56845b69cb9, we can freely extend padding packet length easily in the future - Simplify code * Adjust receiver withinPaddingBuffers Now default withinPaddingBuffers = true to give it a chance to do unpadding * Fix magic numbers for Vision Thanks @H1JK Thanks @RPRX for guidance --- proxy/vless/encoding/encoding.go | 86 ++++++++++++++++++++------------ proxy/vless/inbound/inbound.go | 10 ++-- proxy/vless/outbound/outbound.go | 11 ++-- 3 files changed, 63 insertions(+), 44 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index fa5b438c82cf..7a218aef5681 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -36,6 +36,23 @@ var ( tlsClientHandShakeStart = []byte{0x16, 0x03} tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} + + Tls13CipherSuiteDic = map[uint16]string{ + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", + } +) + +const ( + tlsHandshakeTypeClientHello byte = 0x01 + tlsHandshakeTypeServerHello byte = 0x02 + + CommandPaddingContinue byte = 0x00 + CommandPaddingEnd byte = 0x01 + CommandPaddingDirect byte = 0x02 ) var addrParser = protocol.NewAddressParser( @@ -256,7 +273,7 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater ) error { err := func() error { var ct stats.Counter - filterUUID := true + withinPaddingBuffers := true shouldSwitchToDirectCopy := false var remainingContent int32 = -1 var remainingPadding int32 = -1 @@ -294,13 +311,15 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } buffer, err := reader.ReadMultiBuffer() if !buffer.IsEmpty() { - if filterUUID && (*isTLS || *numberOfPacketToFilter > 0) { + if withinPaddingBuffers || *numberOfPacketToFilter > 0 { buffer = XtlsUnpadding(ctx, buffer, userUUID, &remainingContent, &remainingPadding, ¤tCommand) if remainingContent == 0 && remainingPadding == 0 { if currentCommand == 1 { - filterUUID = false + withinPaddingBuffers = false + remainingContent = -1 + remainingPadding = -1 // set to initial state to parse the next padding } else if currentCommand == 2 { - filterUUID = false + withinPaddingBuffers = false shouldSwitchToDirectCopy = true // XTLS Vision processes struct TLS Conn's input and rawInput if inputBuffer, err := buf.ReadFrom(input); err == nil { @@ -313,9 +332,15 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater buffer, _ = buf.MergeMulti(buffer, rawInputBuffer) } } - } else if currentCommand != 0 { + } else if currentCommand == 0 { + withinPaddingBuffers = true + } else { newError("XtlsRead unknown command ", currentCommand, buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } + } else if remainingContent > 0 || remainingPadding > 0 { + withinPaddingBuffers = true + } else { + withinPaddingBuffers = false } } if *numberOfPacketToFilter > 0 { @@ -342,12 +367,12 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater // XtlsWrite filter and write xtls protocol func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, - ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + ctx context.Context, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, ) error { err := func() error { var ct stats.Counter - filterTlsApplicationData := true + isPadding := true shouldSwitchToDirectCopy := false for { buffer, err := reader.ReadMultiBuffer() @@ -355,27 +380,26 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate if *numberOfPacketToFilter > 0 { XtlsFilterTls(buffer, numberOfPacketToFilter, enableXtls, isTLS12orAbove, isTLS, cipher, remainingServerHello, ctx) } - if filterTlsApplicationData && *isTLS { + if isPadding { buffer = ReshapeMultiBuffer(ctx, buffer) var xtlsSpecIndex int for i, b := range buffer { - if b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) { - var command byte = 0x01 + if *isTLS && b.Len() >= 6 && bytes.Equal(tlsApplicationDataStart, b.BytesTo(3)) { + var command byte = CommandPaddingEnd if *enableXtls { shouldSwitchToDirectCopy = true xtlsSpecIndex = i - command = 0x02 + command = CommandPaddingDirect } - filterTlsApplicationData = false - buffer[i] = XtlsPadding(b, command, userUUID, ctx) + isPadding = false + buffer[i] = XtlsPadding(b, command, nil, *isTLS, ctx) break - } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 0 { - // maybe tls 1.1 or 1.0 - filterTlsApplicationData = false - buffer[i] = XtlsPadding(b, 0x01, userUUID, ctx) + } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early + isPadding = false + buffer[i] = XtlsPadding(b, CommandPaddingEnd, nil, *isTLS, ctx) break } - buffer[i] = XtlsPadding(b, 0x00, userUUID, ctx) + buffer[i] = XtlsPadding(b, CommandPaddingContinue, nil, *isTLS, ctx) } if shouldSwitchToDirectCopy { encryptBuffer, directBuffer := buf.SplitMulti(buffer, xtlsSpecIndex+1) @@ -422,7 +446,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *numberOfPacketToFilter-- if b.Len() >= 6 { startsBytes := b.BytesTo(6) - if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == 0x02 { + if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == tlsHandshakeTypeServerHello { *remainingServerHello = (int32(startsBytes[3])<<8 | int32(startsBytes[4])) + 5 *isTLS12orAbove = true *isTLS = true @@ -433,7 +457,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt } else { newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } - } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == 0x01 { + } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == tlsHandshakeTypeClientHello { *isTLS = true newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) } @@ -483,7 +507,7 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu for i, buffer1 := range buffer { if buffer1.Len() >= buf.Size-21 { index := int32(bytes.LastIndex(buffer1.Bytes(), tlsApplicationDataStart)) - if index <= 0 { + if index <= 0 || index > buf.Size-21 { index = buf.Size / 2 } buffer2 := buf.New() @@ -503,23 +527,28 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu } // XtlsPadding add padding to eliminate length siganature during tls handshake -func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer { +func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { var contantLen int32 = 0 var paddingLen int32 = 0 if b != nil { contantLen = b.Len() } - if contantLen < 900 { + if contantLen < 900 && longPadding { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } paddingLen = int32(l.Int64()) + 900 - contantLen + } else { + l, err := rand.Int(rand.Reader, big.NewInt(256)) + if err != nil { + newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) + } + paddingLen = int32(l.Int64()) } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) - *userUUID = nil } newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { @@ -543,6 +572,7 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, posByte = 16 *remainingContent = 0 *remainingPadding = 0 + *currentCommand = 0 break } } @@ -601,11 +631,3 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, buf.ReleaseMulti(buffer) return mb2 } - -var Tls13CipherSuiteDic = map[uint16]string{ - 0x1301: "TLS_AES_128_GCM_SHA256", - 0x1302: "TLS_AES_256_GCM_SHA384", - 0x1303: "TLS_CHACHA20_POLY1305_SHA256", - 0x1304: "TLS_AES_128_CCM_SHA256", - 0x1305: "TLS_AES_128_CCM_8_SHA256", -} diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index d060f222b4aa..434dec79430e 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -624,11 +624,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - if isTLS { - multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) - } + multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) + for i, b := range multiBuffer { + multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) } } if err := clientWriter.WriteMultiBuffer(multiBuffer); err != nil { @@ -645,7 +643,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index e532dfb68c79..6991d2765c62 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -243,10 +243,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if err1 == nil { if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) - if isTLS { - for i, b := range multiBuffer { - multiBuffer[i] = encoding.XtlsPadding(b, 0x00, &userUUID, ctx) - } + multiBuffer = encoding.ReshapeMultiBuffer(ctx, multiBuffer) + for i, b := range multiBuffer { + multiBuffer[i] = encoding.XtlsPadding(b, encoding.CommandPaddingContinue, &userUUID, isTLS, ctx) } } if err := serverWriter.WriteMultiBuffer(multiBuffer); err != nil { @@ -256,7 +255,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte return err1 } else if requestAddons.Flow == vless.XRV { mb := make(buf.MultiBuffer, 1) - mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1) + mb[0] = encoding.XtlsPadding(nil, encoding.CommandPaddingContinue, &userUUID, true, ctx) // we do a long padding to hide vless header newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx)) if err := serverWriter.WriteMultiBuffer(mb); err != nil { return err @@ -285,7 +284,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer From cc4be239cf2f89f05c046f63666cf11cc1e5b332 Mon Sep 17 00:00:00 2001 From: HalfLife Date: Sat, 25 Feb 2023 10:26:28 +0800 Subject: [PATCH 77/91] transfer geodat with actions/cache --- .github/workflows/release.yml | 73 ++++++++++++++++++++++++++--------- .github/workflows/test.yml | 43 +++------------------ 2 files changed, 59 insertions(+), 57 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d529d33fb6e..edbc01c18bc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,51 @@ on: - "go.sum" - ".github/workflows/*.yml" jobs: + prepare: + runs-on: ubuntu-latest + steps: + - name: Restore Cache + uses: actions/cache/restore@v3 + with: + path: resources + key: xray-geodat- + + - name: Update Geodat + id: update + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + retry_wait_seconds: 60 + max_attempts: 60 + command: | + [ -d 'resources' ] || mkdir resources + LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') + for i in "${LIST[@]}" + do + INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) + FILE_NAME="${INFO[2]}.dat" + echo -e "Verifying HASH key..." + HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" + if [ -s "./resources/${FILE_NAME}" ] && [ "$(sha256sum "./resources/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ]; then + continue + else + echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." + curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./resources/${FILE_NAME} + echo -e "Verifying HASH key..." + [ "$(sha256sum "./resources/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } + echo "unhit=true" >> $GITHUB_OUTPUT + fi + done + + - name: Save Cache + uses: actions/cache/save@v3 + if: ${{ steps.update.outputs.unhit }} + with: + path: resources + key: xray-geodat-${{ github.sha }}-${{ github.run_number }} + build: + needs: prepare permissions: contents: write strategy: @@ -160,26 +204,17 @@ jobs: cd ./build_assets || exit 1 mv xray xray.exe - - name: Prepare to release - uses: nick-fields/retry@v2 + - name: Restore Cache + uses: actions/cache/restore@v3 with: - timeout_minutes: 60 - retry_wait_seconds: 60 - max_attempts: 60 - command: | - cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md - cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - LIST=('geoip geoip geoip' 'domain-list-community dlc geosite') - for i in "${LIST[@]}" - do - INFO=($(echo $i | awk 'BEGIN{FS=" ";OFS=" "} {print $1,$2,$3}')) - FILE_NAME="${INFO[2]}.dat" - echo -e "Downloading https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat..." - curl -L "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat" -o ./build_assets/${FILE_NAME} - echo -e "Verifying HASH key..." - HASH="$(curl -sL "https://raw.githubusercontent.com/v2fly/${INFO[0]}/release/${INFO[1]}.dat.sha256sum" | awk -F ' ' '{print $1}')" - [ "$(sha256sum "./build_assets/${FILE_NAME}" | awk -F ' ' '{print $1}')" == "${HASH}" ] || { echo -e "The HASH key of ${FILE_NAME} does not match cloud one."; exit 1; } - done + path: resources + key: xray-geodat- + + - name: Copy README.md & LICENSE + run: | + mv -f resources/* build_assets + cp ${GITHUB_WORKSPACE}/README.md ./build_assets/README.md + cp ${GITHUB_WORKSPACE}/LICENSE ./build_assets/LICENSE - name: Create ZIP archive shell: bash diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eeb28540f962..49af621b96d6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,44 +34,11 @@ jobs: check-latest: true - name: Checkout codebase uses: actions/checkout@v3 - - - name: Prepare geoip - if: ${{ matrix.os != 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - mkdir resources - wget -O ./resources/geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat - - name: Prepare geosite - if: ${{ matrix.os != 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - wget -O ./resources/geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat - - name: Prepare geoip for Windows - if: ${{ matrix.os == 'windows-latest' }} - uses: nick-fields/retry@v2 - with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - mkdir resources - Invoke-WebRequest -Uri "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" -OutFile "./resources/geoip.dat" - - name: Prepare geosite for Windows - if: ${{ matrix.os == 'windows-latest' }} - uses: nick-fields/retry@v2 + - name: Restore Cache + uses: actions/cache/restore@v3 with: - timeout_minutes: 60 - retry_wait_seconds: 30 - max_attempts: 60 - command: | - Invoke-WebRequest -Uri "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" -OutFile "./resources/geosite.dat" + path: resources + key: xray-geodat- + enableCrossOsArchive: true - name: Test run: go test -timeout 1h -v ./... From fbc7c1cf84febfc577bd4af360ba72170bb60163 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Feb 2023 01:51:20 +0000 Subject: [PATCH 78/91] Bump github.com/miekg/dns from 1.1.50 to 1.1.51 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.50 to 1.1.51. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.50...v1.1.51) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 26 +++++++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index b318b6bbc8dc..4965f027beb3 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 - github.com/miekg/dns v1.1.50 + github.com/miekg/dns v1.1.51 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 diff --git a/go.sum b/go.sum index 02f4cb2e963e..53c4c9fc41eb 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= -github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo= +github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -194,6 +194,7 @@ github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8x github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= @@ -205,6 +206,7 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -215,6 +217,8 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -228,8 +232,10 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -243,6 +249,7 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -253,20 +260,24 @@ golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -282,7 +293,8 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 43bc92903053a5c52eac6275f2a2c7b71fb25a02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Feb 2023 19:52:51 +0000 Subject: [PATCH 79/91] Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4965f027beb3..30ea9109404c 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb - github.com/stretchr/testify v1.8.1 + github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 github.com/xtls/reality v0.0.0-20230227192902-524506d97551 diff --git a/go.sum b/go.sum index 53c4c9fc41eb..c07740a97dde 100644 --- a/go.sum +++ b/go.sum @@ -182,8 +182,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI= github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= From 7b54255cc1b3ce4c275b713e6289d0cd45ec50ea Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Wed, 1 Mar 2023 08:43:00 -0500 Subject: [PATCH 80/91] Fix padding extends out of bound --- proxy/vless/encoding/encoding.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 7a218aef5681..d42a15682178 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -556,6 +556,9 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool b.Release() b = nil } + if paddingLen > buf.Size - newbuffer.Len() { + paddingLen = buf.Size - newbuffer.Len() + } newbuffer.Extend(paddingLen) newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer From 6526e74d49eec5a4bb9a5e448a271d17f262d64b Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Mar 2023 14:50:26 +0000 Subject: [PATCH 81/91] Add WaitReadCloser to make H2 real 0-RTT --- transport/internet/http/dialer.go | 66 ++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 9 deletions(-) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 25ede63fb543..75adc249b882 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -3,6 +3,7 @@ package http import ( "context" gotls "crypto/tls" + "io" "net/http" "net/url" "sync" @@ -166,23 +167,70 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me // Disable any compression method from server. request.Header.Set("Accept-Encoding", "identity") - response, err := client.Do(request) - if err != nil { - return nil, newError("failed to dial to ", dest).Base(err).AtWarning() - } - if response.StatusCode != 200 { - return nil, newError("unexpected status", response.StatusCode).AtWarning() - } + wrc := &WaitReadCloser{Wait: make(chan struct{})} + go func() { + response, err := client.Do(request) + if err != nil { + newError("failed to dial to ", dest).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx)) + wrc.Close() + return + } + if response.StatusCode != 200 { + newError("unexpected status", response.StatusCode).AtWarning().WriteToLog(session.ExportIDToError(ctx)) + wrc.Close() + return + } + wrc.Set(response.Body) + }() bwriter := buf.NewBufferedWriter(pwriter) common.Must(bwriter.SetBuffered(false)) return cnc.NewConnection( - cnc.ConnectionOutput(response.Body), + cnc.ConnectionOutput(wrc), cnc.ConnectionInput(bwriter), - cnc.ConnectionOnClose(common.ChainedClosable{breader, bwriter, response.Body}), + cnc.ConnectionOnClose(common.ChainedClosable{breader, bwriter, wrc}), ), nil } func init() { common.Must(internet.RegisterTransportDialer(protocolName, Dial)) } + +type WaitReadCloser struct { + Wait chan struct{} + io.ReadCloser +} + +func (w *WaitReadCloser) Set(rc io.ReadCloser) { + w.ReadCloser = rc + defer func() { + if err := recover(); err != nil { + rc.Close() + } + }() + close(w.Wait) +} + +func (w *WaitReadCloser) Read(b []byte) (int, error) { + if w.ReadCloser == nil { + if <-w.Wait; w.ReadCloser == nil { + return 0, io.ErrClosedPipe + } + } + return w.ReadCloser.Read(b) +} + +func (w *WaitReadCloser) Close() error { + if w.ReadCloser != nil { + return w.ReadCloser.Close() + } + defer func() { + if err := recover(); err != nil { + if w.ReadCloser != nil { + w.ReadCloser.Close() + } + } + }() + close(w.Wait) + return nil +} From ccba465590c126210fb3de302de4a410aec69690 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 2 Mar 2023 16:55:42 +0000 Subject: [PATCH 82/91] Add reserved to WireGuard config Fixes https://github.com/XTLS/Xray-core/issues/1730 --- infra/conf/wireguard.go | 6 ++++++ proxy/wireguard/bind.go | 5 +++++ proxy/wireguard/config.pb.go | 27 ++++++++++++++++++--------- proxy/wireguard/config.proto | 1 + proxy/wireguard/wireguard.go | 7 ++++--- 5 files changed, 34 insertions(+), 12 deletions(-) diff --git a/infra/conf/wireguard.go b/infra/conf/wireguard.go index c4dec367dfb0..6b102b14d17e 100644 --- a/infra/conf/wireguard.go +++ b/infra/conf/wireguard.go @@ -52,6 +52,7 @@ type WireGuardConfig struct { Peers []*WireGuardPeerConfig `json:"peers"` MTU int `json:"mtu"` NumWorkers int `json:"workers"` + Reserved []byte `json:"reserved"` } func (c *WireGuardConfig) Build() (proto.Message, error) { @@ -90,6 +91,11 @@ func (c *WireGuardConfig) Build() (proto.Message, error) { // we don't need to process fallback manually config.NumWorkers = int32(c.NumWorkers) + if len(c.Reserved) != 0 && len(c.Reserved) != 3 { + return nil, newError(`"reserved" should be empty or 3 bytes`) + } + config.Reserved = c.Reserved + return config, nil } diff --git a/proxy/wireguard/bind.go b/proxy/wireguard/bind.go index 1136f5ed8f6d..a90a97036b3a 100644 --- a/proxy/wireguard/bind.go +++ b/proxy/wireguard/bind.go @@ -31,6 +31,7 @@ type netBindClient struct { dialer internet.Dialer dns dns.Client dnsOption dns.IPOption + reserved []byte readQueue chan *netReadInfo } @@ -157,6 +158,10 @@ func (bind *netBindClient) Send(buff []byte, endpoint conn.Endpoint) error { } } + if len(buff) > 3 && len(bind.reserved) == 3 { + copy(buff[1:], bind.reserved) + } + _, err = nend.conn.Write(buff) return err diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go index e290af8a0e30..75d5787b7cff 100644 --- a/proxy/wireguard/config.pb.go +++ b/proxy/wireguard/config.pb.go @@ -109,6 +109,7 @@ type DeviceConfig struct { Peers []*PeerConfig `protobuf:"bytes,3,rep,name=peers,proto3" json:"peers,omitempty"` Mtu int32 `protobuf:"varint,4,opt,name=mtu,proto3" json:"mtu,omitempty"` NumWorkers int32 `protobuf:"varint,5,opt,name=num_workers,json=numWorkers,proto3" json:"num_workers,omitempty"` + Reserved []byte `protobuf:"bytes,6,opt,name=reserved,proto3" json:"reserved,omitempty"` } func (x *DeviceConfig) Reset() { @@ -178,6 +179,13 @@ func (x *DeviceConfig) GetNumWorkers() int32 { return 0 } +func (x *DeviceConfig) GetReserved() []byte { + if x != nil { + return x.Reserved + } + return nil +} + var File_proxy_wireguard_config_proto protoreflect.FileDescriptor var file_proxy_wireguard_config_proto_rawDesc = []byte{ @@ -195,7 +203,7 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{ 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x69, 0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, - 0x64, 0x49, 0x70, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, + 0x64, 0x49, 0x70, 0x73, 0x22, 0xd0, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, @@ -206,14 +214,15 @@ var file_proxy_wireguard_config_proto_rawDesc = []byte{ 0x67, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, 0x75, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1f, 0x0a, 0x0b, 0x6e, 0x75, 0x6d, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0a, 0x6e, 0x75, 0x6d, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x42, 0x5e, 0x0a, 0x18, 0x63, - 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, - 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, - 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, - 0x75, 0x61, 0x72, 0x64, 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x0a, 0x6e, 0x75, 0x6d, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x72, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x42, 0x5e, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x78, + 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, + 0x61, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, + 0xaa, 0x02, 0x14, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x57, 0x69, + 0x72, 0x65, 0x47, 0x75, 0x61, 0x72, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/wireguard/config.proto b/proxy/wireguard/config.proto index dde3b41b05cb..810a1126c484 100644 --- a/proxy/wireguard/config.proto +++ b/proxy/wireguard/config.proto @@ -20,4 +20,5 @@ message DeviceConfig { repeated PeerConfig peers = 3; int32 mtu = 4; int32 num_workers = 5; + bytes reserved = 6; } \ No newline at end of file diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go index 51cee8767d68..2b7e1c875c9d 100644 --- a/proxy/wireguard/wireguard.go +++ b/proxy/wireguard/wireguard.go @@ -82,9 +82,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte }) // bind := conn.NewStdNetBind() // TODO: conn.Bind wrapper for dialer bind := &netBindClient{ - dialer: dialer, - workers: int(h.conf.NumWorkers), - dns: h.dns, + dialer: dialer, + workers: int(h.conf.NumWorkers), + dns: h.dns, + reserved: h.conf.Reserved, } net, err := h.makeVirtualTun(bind) From a4790133d23547f219628f445f576171b3921ab6 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 2 Mar 2023 21:42:48 -0500 Subject: [PATCH 83/91] Fix padding extends out of bound again --- proxy/vless/encoding/encoding.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index d42a15682178..20468fd01e68 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -528,17 +528,17 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu // XtlsPadding add padding to eliminate length siganature during tls handshake func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer { - var contantLen int32 = 0 + var contentLen int32 = 0 var paddingLen int32 = 0 if b != nil { - contantLen = b.Len() + contentLen = b.Len() } - if contantLen < 900 && longPadding { + if contentLen < 900 && longPadding { l, err := rand.Int(rand.Reader, big.NewInt(500)) if err != nil { newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) } - paddingLen = int32(l.Int64()) + 900 - contantLen + paddingLen = int32(l.Int64()) + 900 - contentLen } else { l, err := rand.Int(rand.Reader, big.NewInt(256)) if err != nil { @@ -546,21 +546,21 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool } paddingLen = int32(l.Int64()) } + if paddingLen > buf.Size - 21 - contentLen { + paddingLen = buf.Size - 21 - contentLen + } newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) } - newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)}) + newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { newbuffer.Write(b.Bytes()) b.Release() b = nil } - if paddingLen > buf.Size - newbuffer.Len() { - paddingLen = buf.Size - newbuffer.Len() - } newbuffer.Extend(paddingLen) - newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) + newError("XtlsPadding ", contentLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx)) return newbuffer } From 25ea69fc3a67fdf309472e4e611d5ddd8b5d3e94 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Fri, 3 Mar 2023 09:45:10 -0500 Subject: [PATCH 84/91] Fix Vision inserting multiple uuid headers This happen for stream inbound like http --- proxy/vless/encoding/encoding.go | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 20468fd01e68..c7edf486e483 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -552,6 +552,7 @@ func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool newbuffer := buf.New() if userUUID != nil { newbuffer.Write(*userUUID) + *userUUID = nil } newbuffer.Write([]byte{command, byte(contentLen >> 8), byte(contentLen), byte(paddingLen >> 8), byte(paddingLen)}) if b != nil { From 4c8ee0af50bbabd29e6766f0d9509add6fc0b2e7 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Fri, 3 Mar 2023 15:39:16 +0000 Subject: [PATCH 85/91] Set reserved to zero after Read() Thank @IRN-Kawakaze for testing --- proxy/wireguard/bind.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/proxy/wireguard/bind.go b/proxy/wireguard/bind.go index a90a97036b3a..527f0e74e52b 100644 --- a/proxy/wireguard/bind.go +++ b/proxy/wireguard/bind.go @@ -129,6 +129,13 @@ func (bind *netBindClient) connectTo(endpoint *netEndpoint) error { return } i, err := c.Read(v.buff) + + if i > 3 { + v.buff[1] = 0 + v.buff[2] = 0 + v.buff[3] = 0 + } + v.bytes = i v.endpoint = endpoint v.err = err From 9e5bc07bf29bad54b8294dd04d89cafe402d120c Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 4 Mar 2023 05:39:26 -0500 Subject: [PATCH 86/91] Legends never die (#1725) --- go.mod | 1 - go.sum | 2 - infra/conf/transport_internet.go | 135 ------ infra/conf/trojan.go | 10 +- infra/conf/vless.go | 10 +- infra/conf/vless_test.go | 8 +- infra/conf/xray.go | 17 +- main/distro/all/all.go | 1 - proxy/trojan/client.go | 61 --- proxy/trojan/protocol.go | 93 ---- proxy/trojan/server.go | 67 +-- proxy/vless/account.go | 2 +- proxy/vless/account.pb.go | 2 +- proxy/vless/account.proto | 2 +- proxy/vless/encoding/addons.go | 2 +- proxy/vless/encoding/encoding.go | 61 --- proxy/vless/inbound/inbound.go | 95 ++-- proxy/vless/outbound/outbound.go | 93 ++-- proxy/vless/vless.go | 3 - transport/internet/domainsocket/dial.go | 3 - transport/internet/domainsocket/listener.go | 8 - transport/internet/kcp/dialer.go | 3 - transport/internet/kcp/listener.go | 8 - transport/internet/tcp/dialer.go | 4 - transport/internet/tcp/hub.go | 8 - transport/internet/xtls/config.go | 377 --------------- transport/internet/xtls/config.pb.go | 478 -------------------- transport/internet/xtls/config.proto | 76 ---- transport/internet/xtls/config_other.go | 53 --- transport/internet/xtls/config_test.go | 97 ---- transport/internet/xtls/config_windows.go | 14 - transport/internet/xtls/errors.generated.go | 9 - transport/internet/xtls/unsafe.go | 6 - transport/internet/xtls/xtls.go | 35 -- 34 files changed, 71 insertions(+), 1773 deletions(-) delete mode 100644 transport/internet/xtls/config.go delete mode 100644 transport/internet/xtls/config.pb.go delete mode 100644 transport/internet/xtls/config.proto delete mode 100644 transport/internet/xtls/config_other.go delete mode 100644 transport/internet/xtls/config_test.go delete mode 100644 transport/internet/xtls/config_windows.go delete mode 100644 transport/internet/xtls/errors.generated.go delete mode 100644 transport/internet/xtls/unsafe.go delete mode 100644 transport/internet/xtls/xtls.go diff --git a/go.mod b/go.mod index 30ea9109404c..6a63aec9a22f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,6 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 github.com/xtls/reality v0.0.0-20230227192902-524506d97551 go.starlark.net v0.0.0-20230128213706-3f75dec8e403 golang.org/x/crypto v0.6.0 diff --git a/go.sum b/go.sum index c07740a97dde..3fc8c2b55d5a 100644 --- a/go.sum +++ b/go.sum @@ -189,8 +189,6 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3 h1:a3Y4WVjCxwoyO4E2xdNvq577tW8lkSBgyrA8E9+2NtM= -github.com/xtls/go v0.0.0-20230107031059-4610f88d00f3/go.mod h1:YJTRELIWrGxR1s8xcEBgxcxBfwQfMGjdvNLTjN9XFgY= github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 0af0f1e5498b..b8f96f6ea049 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -26,7 +26,6 @@ import ( "github.com/xtls/xray-core/transport/internet/tcp" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/websocket" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -416,117 +415,6 @@ func (c *TLSConfig) Build() (proto.Message, error) { return config, nil } -type XTLSCertConfig struct { - CertFile string `json:"certificateFile"` - CertStr []string `json:"certificate"` - KeyFile string `json:"keyFile"` - KeyStr []string `json:"key"` - Usage string `json:"usage"` - OcspStapling uint64 `json:"ocspStapling"` - OneTimeLoading bool `json:"oneTimeLoading"` -} - -// Build implements Buildable. -func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) { - certificate := new(xtls.Certificate) - cert, err := readFileOrString(c.CertFile, c.CertStr) - if err != nil { - return nil, newError("failed to parse certificate").Base(err) - } - certificate.Certificate = cert - certificate.CertificatePath = c.CertFile - - if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 { - key, err := readFileOrString(c.KeyFile, c.KeyStr) - if err != nil { - return nil, newError("failed to parse key").Base(err) - } - certificate.Key = key - certificate.KeyPath = c.KeyFile - } - - switch strings.ToLower(c.Usage) { - case "encipherment": - certificate.Usage = xtls.Certificate_ENCIPHERMENT - case "verify": - certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY - case "issue": - certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE - default: - certificate.Usage = xtls.Certificate_ENCIPHERMENT - } - if certificate.KeyPath == "" && certificate.CertificatePath == "" { - certificate.OneTimeLoading = true - } else { - certificate.OneTimeLoading = c.OneTimeLoading - } - certificate.OcspStapling = c.OcspStapling - - return certificate, nil -} - -type XTLSConfig struct { - Insecure bool `json:"allowInsecure"` - Certs []*XTLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - EnableSessionResumption bool `json:"enableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` - MinVersion string `json:"minVersion"` - MaxVersion string `json:"maxVersion"` - CipherSuites string `json:"cipherSuites"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites"` - Fingerprint string `json:"fingerprint"` - RejectUnknownSNI bool `json:"rejectUnknownSni"` - PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` -} - -// Build implements Buildable. -func (c *XTLSConfig) Build() (proto.Message, error) { - config := new(xtls.Config) - config.Certificate = make([]*xtls.Certificate, len(c.Certs)) - for idx, certConf := range c.Certs { - cert, err := certConf.Build() - if err != nil { - return nil, err - } - config.Certificate[idx] = cert - } - serverName := c.ServerName - config.AllowInsecure = c.Insecure - if len(c.ServerName) > 0 { - config.ServerName = serverName - } - if c.ALPN != nil && len(*c.ALPN) > 0 { - config.NextProtocol = []string(*c.ALPN) - } - config.EnableSessionResumption = c.EnableSessionResumption - config.DisableSystemRoot = c.DisableSystemRoot - config.MinVersion = c.MinVersion - config.MaxVersion = c.MaxVersion - config.CipherSuites = c.CipherSuites - config.PreferServerCipherSuites = c.PreferServerCipherSuites - if c.Fingerprint != "" { - return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`) - } - config.RejectUnknownSni = c.RejectUnknownSNI - - if c.PinnedPeerCertificateChainSha256 != nil { - config.PinnedPeerCertificateChainSha256 = [][]byte{} - for _, v := range *c.PinnedPeerCertificateChainSha256 { - hashValue, err := base64.StdEncoding.DecodeString(v) - if err != nil { - return nil, err - } - config.PinnedPeerCertificateChainSha256 = append(config.PinnedPeerCertificateChainSha256, hashValue) - } - } - - newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog() - - return config, nil -} - type REALITYConfig struct { Show bool `json:"show"` Dest json.RawMessage `json:"dest"` @@ -788,7 +676,6 @@ type StreamConfig struct { Network *TransportProtocol `json:"network"` Security string `json:"security"` TLSSettings *TLSConfig `json:"tlsSettings"` - XTLSSettings *XTLSConfig `json:"xtlsSettings"` REALITYSettings *REALITYConfig `json:"realitySettings"` TCPSettings *TCPConfig `json:"tcpSettings"` KCPSettings *KCPConfig `json:"kcpSettings"` @@ -816,9 +703,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { if strings.EqualFold(c.Security, "tls") { tlsSettings := c.TLSSettings if tlsSettings == nil { - if c.XTLSSettings != nil { - return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`) - } tlsSettings = &TLSConfig{} } ts, err := tlsSettings.Build() @@ -829,25 +713,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type } - if strings.EqualFold(c.Security, "xtls") { - if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" { - return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.") - } - xtlsSettings := c.XTLSSettings - if xtlsSettings == nil { - if c.TLSSettings != nil { - return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`) - } - xtlsSettings = &XTLSConfig{} - } - ts, err := xtlsSettings.Build() - if err != nil { - return nil, newError("Failed to build XTLS config.").Base(err) - } - tm := serial.ToTypedMessage(ts) - config.SecuritySettings = append(config.SecuritySettings, tm) - config.SecurityType = tm.Type - } if strings.EqualFold(c.Security, "reality") { if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index 80ae7bb65147..e7d8738b92ce 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -53,11 +53,7 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) { } switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443": - case "xtls-rprx-splice", "xtls-rprx-splice-udp443": - if runtime.GOOS != "linux" && runtime.GOOS != "android" { - return nil, newError(`Trojan servers: "` + account.Flow + `" only support linux in this version`) - } + case "": default: return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`) } @@ -119,9 +115,7 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) { } switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-direct": - case "xtls-rprx-splice": - return nil, newError(`Trojan clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) + case "": default: return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`) } diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 79c321443ee6..01a2090baca5 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -62,9 +62,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } } switch accountFlow { - case "", vless.XRO, vless.XRD, vless.XRV: - case vless.XRS: - return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) + case "", vless.XRV: default: return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) } @@ -191,11 +189,7 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) { account.Id = u.String() switch account.Flow { - case "", vless.XRO, vless.XRO + "-udp443", vless.XRD, vless.XRD + "-udp443", vless.XRV, vless.XRV + "-udp443": - case vless.XRS, vless.XRS + "-udp443": - if runtime.GOOS != "linux" && runtime.GOOS != "android" { - return nil, newError(`VLESS users: "` + account.Flow + `" only support linux in this version`) - } + case "", vless.XRV, vless.XRV + "-udp443": default: return nil, newError(`VLESS users: "flow" doesn't support "` + account.Flow + `" in this version`) } diff --git a/infra/conf/vless_test.go b/infra/conf/vless_test.go index 819ee9421858..0f70243797e1 100644 --- a/infra/conf/vless_test.go +++ b/infra/conf/vless_test.go @@ -26,7 +26,7 @@ func TestVLessOutbound(t *testing.T) { "users": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-direct-udp443", + "flow": "xtls-rprx-vision-udp443", "encryption": "none", "level": 0 } @@ -47,7 +47,7 @@ func TestVLessOutbound(t *testing.T) { { Account: serial.ToTypedMessage(&vless.Account{ Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-direct-udp443", + Flow: "xtls-rprx-vision-udp443", Encryption: "none", }), Level: 0, @@ -71,7 +71,7 @@ func TestVLessInbound(t *testing.T) { "clients": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-direct", + "flow": "xtls-rprx-vision", "level": 0, "email": "love@example.com" } @@ -98,7 +98,7 @@ func TestVLessInbound(t *testing.T) { { Account: serial.ToTypedMessage(&vless.Account{ Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-direct", + Flow: "xtls-rprx-vision", }), Level: 0, Email: "love@example.com", diff --git a/infra/conf/xray.go b/infra/conf/xray.go index cda512da9ff0..949e55344242 100644 --- a/infra/conf/xray.go +++ b/infra/conf/xray.go @@ -13,7 +13,6 @@ import ( "github.com/xtls/xray-core/common/serial" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/transport/internet" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -236,9 +235,6 @@ func (c *InboundDetourConfig) Build() (*core.InboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } receiverSettings.StreamSettings = ss } if c.SniffingConfig != nil { @@ -319,9 +315,6 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } senderSettings.StreamSettings = ss } @@ -346,15 +339,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { } if c.MuxSettings != nil { - ms := c.MuxSettings.Build() - if ms != nil && ms.Enabled { - if ss := senderSettings.StreamSettings; ss != nil { - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) { - return nil, newError("XTLS doesn't support Mux for now.") - } - } - } - senderSettings.MultiplexSettings = ms + senderSettings.MultiplexSettings = c.MuxSettings.Build() } settings := []byte("{}") diff --git a/main/distro/all/all.go b/main/distro/all/all.go index 7fb7307128fc..0e38fcf6643c 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -61,7 +61,6 @@ import ( _ "github.com/xtls/xray-core/transport/internet/tls" _ "github.com/xtls/xray-core/transport/internet/udp" _ "github.com/xtls/xray-core/transport/internet/websocket" - _ "github.com/xtls/xray-core/transport/internet/xtls" // Transport headers _ "github.com/xtls/xray-core/transport/internet/headers/http" diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 353b326e28d3..ffd10359e01f 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -2,14 +2,12 @@ package trojan import ( "context" - "syscall" "time" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -17,11 +15,9 @@ import ( "github.com/xtls/xray-core/common/task" core "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/transport" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Client is a inbound handler for trojan protocol @@ -97,49 +93,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter Flow: account.Flow, } - var rawConn syscall.RawConn - var sctx context.Context - - allowUDP443 := false - switch connWriter.Flow { - case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443": - allowUDP443 = true - connWriter.Flow = connWriter.Flow[:16] - fallthrough - case XRO, XRD, XRS: - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(connWriter.Flow + " doesn't support Mux").AtWarning() - } - if destination.Network == net.Network_UDP { - if !allowUDP443 && destination.Port == 443 { - return newError(connWriter.Flow + " stopped UDP/443").AtInfo() - } - connWriter.Flow = "" - } else { // enable XTLS only if making TCP request - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if connWriter.Flow == XRS { - sctx = ctx - connWriter.Flow = XRD - } - if connWriter.Flow == XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + connWriter.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } - default: - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`) - } - } - sessionPolicy := c.policyManager.ForLevel(user.Level) ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -193,13 +146,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter } else { reader = buf.NewReader(conn) } - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - return ReadV(reader, link.Writer, timer, iConn.(*xtls.Conn), rawConn, counter, sctx) - } return buf.Copy(reader, link.Writer, buf.UpdateActivity(timer)) } @@ -215,11 +161,4 @@ func init() { common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewClient(ctx, config.(*ClientConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } diff --git a/proxy/trojan/protocol.go b/proxy/trojan/protocol.go index 38f0b85478dc..363cf9e02d12 100644 --- a/proxy/trojan/protocol.go +++ b/proxy/trojan/protocol.go @@ -1,22 +1,12 @@ package trojan import ( - "context" "encoding/binary" - fmt "fmt" "io" - "runtime" - "syscall" "github.com/xtls/xray-core/common/buf" - "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/protocol" - "github.com/xtls/xray-core/common/session" - "github.com/xtls/xray-core/common/signal" - "github.com/xtls/xray-core/features/stats" - "github.com/xtls/xray-core/transport/internet/stat" - "github.com/xtls/xray-core/transport/internet/xtls" ) var ( @@ -27,25 +17,13 @@ var ( protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6), protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain), ) - - xtls_show = false ) const ( maxLength = 8192 - // XRS is constant for XTLS splice mode - XRS = "xtls-rprx-splice" - // XRD is constant for XTLS direct mode - XRD = "xtls-rprx-direct" - // XRO is constant for XTLS origin mode - XRO = "xtls-rprx-origin" commandTCP byte = 1 commandUDP byte = 3 - - // for XTLS - commandXRD byte = 0xf0 // XTLS direct mode - commandXRO byte = 0xf1 // XTLS origin mode ) // ConnWriter is TCP Connection Writer Wrapper for trojan protocol @@ -90,10 +68,6 @@ func (c *ConnWriter) writeHeader() error { command := commandTCP if c.Target.Network == net.Network_UDP { command = commandUDP - } else if c.Flow == XRD { - command = commandXRD - } else if c.Flow == XRO { - command = commandXRO } if _, err := buffer.Write(c.Account.Key); err != nil { @@ -201,10 +175,6 @@ func (c *ConnReader) ParseHeader() error { network := net.Network_TCP if command[0] == commandUDP { network = net.Network_UDP - } else if command[0] == commandXRD { - c.Flow = XRD - } else if command[0] == commandXRO { - c.Flow = XRO } addr, port, err := addrParser.ReadAddressPort(nil, c.Reader) @@ -288,66 +258,3 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { return mb, nil } - -func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter, sctx context.Context) error { - err := func() error { - var ct stats.Counter - for { - if conn.DirectIn { - conn.DirectIn = false - if sctx != nil { - if inbound := session.InboundFromContext(sctx); inbound != nil && inbound.Conn != nil { - iConn := inbound.Conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - if xc, ok := iConn.(*xtls.Conn); ok { - iConn = xc.NetConn() - } - if tc, ok := iConn.(*net.TCPConn); ok { - if conn.SHOW { - fmt.Println(conn.MARK, "Splice") - } - runtime.Gosched() // necessary - w, err := tc.ReadFrom(conn.NetConn()) - if counter != nil { - counter.Add(w) - } - if statConn != nil && statConn.WriteCounter != nil { - statConn.WriteCounter.Add(w) - } - return err - } else { - panic("XTLS Splice: not TCP inbound") - } - } else { - // panic("XTLS Splice: nil inbound or nil inbound.Conn") - } - } - reader = buf.NewReadVReader(conn.NetConn(), rawConn, nil) - ct = counter - if conn.SHOW { - fmt.Println(conn.MARK, "ReadV") - } - } - buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } - } - if err != nil { - return err - } - } - }() - if err != nil && errors.Cause(err) != io.EOF { - return err - } - return nil -} diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 30b52ad35a7b..029d4effb534 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -5,7 +5,6 @@ import ( "io" "strconv" "strings" - "syscall" "time" "github.com/xtls/xray-core/common" @@ -13,7 +12,6 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" udp_proto "github.com/xtls/xray-core/common/protocol/udp" "github.com/xtls/xray-core/common/retry" @@ -23,25 +21,16 @@ import ( "github.com/xtls/xray-core/core" "github.com/xtls/xray-core/features/policy" "github.com/xtls/xray-core/features/routing" - "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" - "github.com/xtls/xray-core/transport/internet/xtls" ) func init() { common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewServer(ctx, config.(*ServerConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Server is an inbound connection handler that handles messages in trojan protocol. @@ -235,39 +224,6 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher) } - // handle tcp request - account, ok := user.Account.(*MemoryAccount) - if !ok { - return newError("user account is not valid") - } - - var rawConn syscall.RawConn - - switch clientReader.Flow { - case XRO, XRD: - if account.Flow == clientReader.Flow { - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(clientReader.Flow + " doesn't support Mux").AtWarning() - } - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if clientReader.Flow == XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } else { - return newError(account.Password + " is not able to use " + clientReader.Flow).AtWarning() - } - case "": - } - ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ From: conn.RemoteAddr(), To: destination, @@ -277,7 +233,7 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Con }) newError("received request for ", destination).WriteToLog(sid) - return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher, iConn, rawConn, statConn) + return s.handleConnection(ctx, sessionPolicy, destination, clientReader, buf.NewWriter(conn), dispatcher, iConn, statConn) } func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReader, clientWriter *PacketWriter, dispatcher routing.Dispatcher) error { @@ -343,7 +299,7 @@ func (s *Server) handleUDPPayload(ctx context.Context, clientReader *PacketReade func (s *Server) handleConnection(ctx context.Context, sessionPolicy policy.Session, destination net.Destination, clientReader buf.Reader, - clientWriter buf.Writer, dispatcher routing.Dispatcher, iConn stat.Connection, rawConn syscall.RawConn, statConn *stat.CounterConnection, + clientWriter buf.Writer, dispatcher routing.Dispatcher, iConn stat.Connection, statConn *stat.CounterConnection, ) error { ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -356,18 +312,7 @@ func (s *Server) handleConnection(ctx context.Context, sessionPolicy policy.Sess requestDone := func() error { defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly) - - var err error - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - err = ReadV(clientReader, link.Writer, timer, iConn.(*xtls.Conn), rawConn, counter, nil) - } else { - err = buf.Copy(clientReader, link.Writer, buf.UpdateActivity(timer)) - } - if err != nil { + if buf.Copy(clientReader, link.Writer, buf.UpdateActivity(timer)) != nil { return newError("failed to transfer request").Base(err) } return nil @@ -406,12 +351,6 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - cs := xtlsConn.ConnectionState() - name = cs.ServerName - alpn = cs.NegotiatedProtocol - newError("realName = " + name).AtInfo().WriteToLog(sid) - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } else if realityConn, ok := iConn.(*reality.Conn); ok { cs := realityConn.ConnectionState() name = cs.ServerName diff --git a/proxy/vless/account.go b/proxy/vless/account.go index 40443424da3a..b20a9539b3a5 100644 --- a/proxy/vless/account.go +++ b/proxy/vless/account.go @@ -22,7 +22,7 @@ func (a *Account) AsAccount() (protocol.Account, error) { type MemoryAccount struct { // ID of the account. ID *protocol.ID - // Flow of the account. May be "xtls-rprx-direct". + // Flow of the account. May be "xtls-rprx-vision". Flow string // Encryption of the account. Used for client connections, and only accepts "none" for now. Encryption string diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index ea425c735197..a52fc8f1d582 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -27,7 +27,7 @@ type Account struct { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Flow settings. May be "xtls-rprx-direct". + // Flow settings. May be "xtls-rprx-vision". Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` // Encryption settings. Only applies to client side, and only accepts "none" for now. Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"` diff --git a/proxy/vless/account.proto b/proxy/vless/account.proto index 38bd614485b4..51d2cb7deaaf 100644 --- a/proxy/vless/account.proto +++ b/proxy/vless/account.proto @@ -9,7 +9,7 @@ option java_multiple_files = true; message Account { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". string id = 1; - // Flow settings. May be "xtls-rprx-direct". + // Flow settings. May be "xtls-rprx-vision". string flow = 2; // Encryption settings. Only applies to client side, and only accepts "none" for now. string encryption = 3; diff --git a/proxy/vless/encoding/addons.go b/proxy/vless/encoding/addons.go index fb457412ecd1..d62e400f697c 100644 --- a/proxy/vless/encoding/addons.go +++ b/proxy/vless/encoding/addons.go @@ -11,7 +11,7 @@ import ( func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error { switch addons.Flow { - case vless.XRO, vless.XRD, vless.XRV: + case vless.XRV: bytes, err := proto.Marshal(addons) if err != nil { return newError("failed to marshal addons protobuf value").Base(err) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index c7edf486e483..b96acee91e56 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -6,7 +6,6 @@ import ( "bytes" "context" "crypto/rand" - "fmt" "io" "math/big" "runtime" @@ -24,7 +23,6 @@ import ( "github.com/xtls/xray-core/proxy/vless" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) const ( @@ -206,65 +204,6 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A return responseAddons, nil } -func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter, ctx context.Context) error { - err := func() error { - var ct stats.Counter - for { - if conn.DirectIn { - conn.DirectIn = false - if inbound := session.InboundFromContext(ctx); inbound != nil && inbound.Conn != nil { - iConn := inbound.Conn - statConn, ok := iConn.(*stat.CounterConnection) - if ok { - iConn = statConn.Connection - } - if xc, ok := iConn.(*xtls.Conn); ok { - iConn = xc.NetConn() - } - if tc, ok := iConn.(*net.TCPConn); ok { - if conn.SHOW { - fmt.Println(conn.MARK, "Splice") - } - runtime.Gosched() // necessary - w, err := tc.ReadFrom(conn.NetConn()) - if counter != nil { - counter.Add(w) - } - if statConn != nil && statConn.WriteCounter != nil { - statConn.WriteCounter.Add(w) - } - return err - } else { - panic("XTLS Splice: not TCP inbound") - } - } - reader = buf.NewReadVReader(conn.NetConn(), rawConn, nil) - ct = counter - if conn.SHOW { - fmt.Println(conn.MARK, "ReadV") - } - } - buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } - } - if err != nil { - return err - } - } - }() - if err != nil && errors.Cause(err) != io.EOF { - return err - } - return nil -} - // XtlsRead filter and read xtls protocol func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, input *bytes.Reader, rawInput *bytes.Buffer, diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 434dec79430e..642cc39f7497 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -20,7 +20,6 @@ import ( "github.com/xtls/xray-core/common/errors" "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -37,11 +36,8 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) -var xtls_show = false - func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { var dc dns.Client @@ -53,13 +49,6 @@ func init() { } return New(ctx, config.(*Config), dc) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an inbound connection handler that handles messages in VLess protocol. @@ -241,12 +230,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s alpn = cs.NegotiatedProtocol newError("realName = " + name).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - cs := xtlsConn.ConnectionState() - name = cs.ServerName - alpn = cs.NegotiatedProtocol - newError("realName = " + name).AtInfo().WriteToLog(sid) - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } else if realityConn, ok := iConn.(*reality.Conn); ok { cs := realityConn.ConnectionState() name = cs.ServerName @@ -479,7 +462,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } } switch requestAddons.Flow { - case vless.XRO, vless.XRD, vless.XRV: + case vless.XRV: if accountFlow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: @@ -487,51 +470,35 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s case protocol.RequestCommandUDP: return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() case protocol.RequestCommandTCP: - if requestAddons.Flow == vless.XRV { - var t reflect.Type - var p uintptr - if tlsConn, ok := iConn.(*tls.Conn); ok { - if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { - return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() - } - netConn = tlsConn.NetConn() - t = reflect.TypeOf(tlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(tlsConn.Conn)) - } else if realityConn, ok := iConn.(*reality.Conn); ok { - netConn = realityConn.NetConn() - t = reflect.TypeOf(realityConn.Conn).Elem() - p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*tls.UConn); ok { - return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() - } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() - } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() - } - if pc, ok := netConn.(*proxyproto.Conn); ok { - netConn = pc.Raw() - // 8192 > 4096, there is no need to process pc's bufReader - } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - i, _ := t.FieldByName("input") - r, _ := t.FieldByName("rawInput") - input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) - rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } + var t reflect.Type + var p uintptr + if tlsConn, ok := iConn.(*tls.Conn); ok { + if tlsConn.ConnectionState().Version != gotls.VersionTLS13 { + return newError(`failed to use `+requestAddons.Flow+`, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning() } + netConn = tlsConn.NetConn() + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.Conn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) + } else if _, ok := iConn.(*tls.UConn); ok { + return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() + return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + } + if pc, ok := netConn.(*proxyproto.Conn); ok { + netConn = pc.Raw() + // 8192 > 4096, there is no need to process pc's bufReader } + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() @@ -589,12 +556,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) - if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) - } else { - err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) - } + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 6991d2765c62..cde09bade72d 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -15,7 +15,6 @@ import ( "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/protocol" "github.com/xtls/xray-core/common/retry" "github.com/xtls/xray-core/common/session" @@ -32,22 +31,12 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) -var xtls_show = false - func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("xray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an outbound connection handler for VLess protocol. @@ -140,11 +129,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte var rawInput *bytes.Buffer allowUDP443 := false switch requestAddons.Flow { - case vless.XRO + "-udp443", vless.XRD + "-udp443", vless.XRS + "-udp443", vless.XRV + "-udp443": + case vless.XRV + "-udp443": allowUDP443 = true requestAddons.Flow = requestAddons.Flow[:16] fallthrough - case vless.XRO, vless.XRD, vless.XRS, vless.XRV: + case vless.XRV: switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -154,53 +143,30 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte } requestAddons.Flow = "" case protocol.RequestCommandTCP: - if requestAddons.Flow == vless.XRV { - var t reflect.Type - var p uintptr - if tlsConn, ok := iConn.(*tls.Conn); ok { - netConn = tlsConn.NetConn() - t = reflect.TypeOf(tlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(tlsConn.Conn)) - } else if utlsConn, ok := iConn.(*tls.UConn); ok { - netConn = utlsConn.NetConn() - t = reflect.TypeOf(utlsConn.Conn).Elem() - p = uintptr(unsafe.Pointer(utlsConn.Conn)) - } else if realityConn, ok := iConn.(*reality.UConn); ok { - netConn = realityConn.NetConn() - t = reflect.TypeOf(realityConn.Conn).Elem() - p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*xtls.Conn); ok { - return newError(`failed to use ` + requestAddons.Flow + `, vision "security" must be "tls" or "reality"`).AtWarning() - } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() - } - if sc, ok := netConn.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - i, _ := t.FieldByName("input") - r, _ := t.FieldByName("rawInput") - input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) - rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRS { - requestAddons.Flow = vless.XRD - } - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.NetConn().(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } + var t reflect.Type + var p uintptr + if tlsConn, ok := iConn.(*tls.Conn); ok { + netConn = tlsConn.NetConn() + t = reflect.TypeOf(tlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(tlsConn.Conn)) + } else if utlsConn, ok := iConn.(*tls.UConn); ok { + netConn = utlsConn.NetConn() + t = reflect.TypeOf(utlsConn.Conn).Elem() + p = uintptr(unsafe.Pointer(utlsConn.Conn)) + } else if realityConn, ok := iConn.(*reality.UConn); ok { + netConn = realityConn.NetConn() + t = reflect.TypeOf(realityConn.Conn).Elem() + p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() + return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() } - } - default: - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in VLESS "flow" when using XTLS.`) + if sc, ok := netConn.(syscall.Conn); ok { + rawConn, _ = sc.SyscallConn() + } + i, _ := t.FieldByName("input") + r, _ := t.FieldByName("rawInput") + input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) + rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) } } @@ -320,15 +286,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.ReadCounter } - if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) - } else { - if requestAddons.Flow != vless.XRS { - ctx = session.ContextWithInbound(ctx, nil) - } - err = encoding.ReadV(serverReader, clientWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) - } + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) diff --git a/proxy/vless/vless.go b/proxy/vless/vless.go index 1e78b8afbadd..09827a540eba 100644 --- a/proxy/vless/vless.go +++ b/proxy/vless/vless.go @@ -8,8 +8,5 @@ package vless //go:generate go run github.com/xtls/xray-core/common/errors/errorgen const ( - XRO = "xtls-rprx-origin" - XRD = "xtls-rprx-direct" - XRS = "xtls-rprx-splice" XRV = "xtls-rprx-vision" ) diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go index 2a7727eec147..a0032b36694e 100644 --- a/transport/internet/domainsocket/dial.go +++ b/transport/internet/domainsocket/dial.go @@ -12,7 +12,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (stat.Connection, error) { @@ -29,8 +28,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { return reality.UClient(conn, config, ctx, dest) } diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go index 9c05c95f03be..323321e4deee 100644 --- a/transport/internet/domainsocket/listener.go +++ b/transport/internet/domainsocket/listener.go @@ -9,7 +9,6 @@ import ( "os" "strings" - goxtls "github.com/xtls/go" goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" @@ -17,7 +16,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" "golang.org/x/sys/unix" ) @@ -25,7 +23,6 @@ type Listener struct { addr *net.UnixAddr ln net.Listener tlsConfig *gotls.Config - xtlsConfig *goxtls.Config realityConfig *goreality.Config config *Config addConn internet.ConnHandler @@ -64,9 +61,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { ln.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - ln.xtlsConfig = config.GetXTLSConfig() - } if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { ln.realityConfig = config.GetREALITYConfig() } @@ -100,8 +94,6 @@ func (ln *Listener) run() { go func() { if ln.tlsConfig != nil { conn = tls.Server(conn, ln.tlsConfig) - } else if ln.xtlsConfig != nil { - conn = xtls.Server(conn, ln.xtlsConfig) } else if ln.realityConfig != nil { if conn, err = reality.Server(conn, ln.realityConfig); err != nil { newError(err).AtInfo().WriteToLog() diff --git a/transport/internet/kcp/dialer.go b/transport/internet/kcp/dialer.go index dd6393bc6af6..3e8d1220e346 100644 --- a/transport/internet/kcp/dialer.go +++ b/transport/internet/kcp/dialer.go @@ -12,7 +12,6 @@ import ( "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) var globalConv = uint32(dice.RollUint16()) @@ -87,8 +86,6 @@ func DialKCP(ctx context.Context, dest net.Destination, streamSettings *internet if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest))) - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - iConn = xtls.Client(iConn, config.GetXTLSConfig(xtls.WithDestination(dest))) } return iConn, nil diff --git a/transport/internet/kcp/listener.go b/transport/internet/kcp/listener.go index 6cf2a5398340..baf38e6dbd52 100644 --- a/transport/internet/kcp/listener.go +++ b/transport/internet/kcp/listener.go @@ -6,7 +6,6 @@ import ( gotls "crypto/tls" "sync" - goxtls "github.com/xtls/go" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" @@ -14,7 +13,6 @@ import ( "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/internet/udp" - "github.com/xtls/xray-core/transport/internet/xtls" ) type ConnectionID struct { @@ -29,7 +27,6 @@ type Listener struct { sessions map[ConnectionID]*Connection hub *udp.Hub tlsConfig *gotls.Config - xtlsConfig *goxtls.Config config *Config reader PacketReader header internet.PacketHeader @@ -62,9 +59,6 @@ func NewListener(ctx context.Context, address net.Address, port net.Port, stream if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig() - } hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024)) if err != nil { @@ -137,8 +131,6 @@ func (l *Listener) OnReceive(payload *buf.Buffer, src net.Destination) { var netConn stat.Connection = conn if l.tlsConfig != nil { netConn = tls.Server(conn, l.tlsConfig) - } else if l.xtlsConfig != nil { - netConn = xtls.Server(conn, l.xtlsConfig) } l.addConn(netConn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index c806246f23ac..840062b1f288 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -10,7 +10,6 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Dial dials a new TCP connection to the given destination. @@ -31,9 +30,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me } else { conn = tls.Client(conn, tlsConfig) } - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest)) - conn = xtls.Client(conn, xtlsConfig) } else if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { if conn, err = reality.UClient(conn, config, ctx, dest); err != nil { return nil, err diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index f6625ec13a6f..392228c60cf7 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -6,7 +6,6 @@ import ( "strings" "time" - goxtls "github.com/xtls/go" goreality "github.com/xtls/reality" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/net" @@ -15,14 +14,12 @@ import ( "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" - "github.com/xtls/xray-core/transport/internet/xtls" ) // Listener is an internet.Listener that listens for TCP connections. type Listener struct { listener net.Listener tlsConfig *gotls.Config - xtlsConfig *goxtls.Config realityConfig *goreality.Config authConfig internet.ConnectionAuthenticator config *Config @@ -78,9 +75,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig() - } if config := reality.ConfigFromStreamSettings(streamSettings); config != nil { l.realityConfig = config.GetREALITYConfig() } @@ -118,8 +112,6 @@ func (v *Listener) keepAccepting() { go func() { if v.tlsConfig != nil { conn = tls.Server(conn, v.tlsConfig) - } else if v.xtlsConfig != nil { - conn = xtls.Server(conn, v.xtlsConfig) } else if v.realityConfig != nil { if conn, err = reality.Server(conn, v.realityConfig); err != nil { newError(err).AtInfo().WriteToLog() diff --git a/transport/internet/xtls/config.go b/transport/internet/xtls/config.go deleted file mode 100644 index c1d93f4c6801..000000000000 --- a/transport/internet/xtls/config.go +++ /dev/null @@ -1,377 +0,0 @@ -package xtls - -import ( - "crypto/hmac" - "crypto/x509" - "encoding/base64" - "strings" - "sync" - "time" - - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" - "github.com/xtls/xray-core/common/ocsp" - "github.com/xtls/xray-core/common/platform/filesystem" - "github.com/xtls/xray-core/common/protocol/tls/cert" - "github.com/xtls/xray-core/transport/internet" - "github.com/xtls/xray-core/transport/internet/tls" -) - -var globalSessionCache = xtls.NewLRUClientSessionCache(128) - -// ParseCertificate converts a cert.Certificate to Certificate. -func ParseCertificate(c *cert.Certificate) *Certificate { - if c != nil { - certPEM, keyPEM := c.ToPEM() - return &Certificate{ - Certificate: certPEM, - Key: keyPEM, - } - } - return nil -} - -func (c *Config) loadSelfCertPool() (*x509.CertPool, error) { - root := x509.NewCertPool() - for _, cert := range c.Certificate { - if !root.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("failed to append cert").AtWarning() - } - } - return root, nil -} - -// BuildCertificates builds a list of TLS certificates from proto definition. -func (c *Config) BuildCertificates() []*xtls.Certificate { - certs := make([]*xtls.Certificate, 0, len(c.Certificate)) - for _, entry := range c.Certificate { - if entry.Usage != Certificate_ENCIPHERMENT { - continue - } - keyPair, err := xtls.X509KeyPair(entry.Certificate, entry.Key) - if err != nil { - newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog() - continue - } - keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0]) - if err != nil { - newError("ignoring invalid certificate").Base(err).AtWarning().WriteToLog() - continue - } - certs = append(certs, &keyPair) - if !entry.OneTimeLoading { - var isOcspstapling bool - hotReloadInterval := uint64(3600) - if entry.OcspStapling != 0 { - hotReloadInterval = entry.OcspStapling - isOcspstapling = true - } - index := len(certs) - 1 - go func(entry *Certificate, cert *xtls.Certificate, index int) { - t := time.NewTicker(time.Duration(hotReloadInterval) * time.Second) - for { - if entry.CertificatePath != "" && entry.KeyPath != "" { - newCert, err := filesystem.ReadFile(entry.CertificatePath) - if err != nil { - newError("failed to parse certificate").Base(err).AtError().WriteToLog() - <-t.C - continue - } - newKey, err := filesystem.ReadFile(entry.KeyPath) - if err != nil { - newError("failed to parse key").Base(err).AtError().WriteToLog() - <-t.C - continue - } - if string(newCert) != string(entry.Certificate) && string(newKey) != string(entry.Key) { - newKeyPair, err := xtls.X509KeyPair(newCert, newKey) - if err != nil { - newError("ignoring invalid X509 key pair").Base(err).AtError().WriteToLog() - <-t.C - continue - } - if newKeyPair.Leaf, err = x509.ParseCertificate(newKeyPair.Certificate[0]); err != nil { - newError("ignoring invalid certificate").Base(err).AtError().WriteToLog() - <-t.C - continue - } - cert = &newKeyPair - } - } - if isOcspstapling { - if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil { - newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog() - } else if string(newOCSPData) != string(cert.OCSPStaple) { - cert.OCSPStaple = newOCSPData - } - } - certs[index] = cert - <-t.C - } - }(entry, certs[index], index) - } - } - return certs -} - -func isCertificateExpired(c *xtls.Certificate) bool { - if c.Leaf == nil && len(c.Certificate) > 0 { - if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil { - c.Leaf = pc - } - } - - // If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate. - return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute)) -} - -func issueCertificate(rawCA *Certificate, domain string) (*xtls.Certificate, error) { - parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key) - if err != nil { - return nil, newError("failed to parse raw certificate").Base(err) - } - newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain)) - if err != nil { - return nil, newError("failed to generate new certificate for ", domain).Base(err) - } - newCertPEM, newKeyPEM := newCert.ToPEM() - cert, err := xtls.X509KeyPair(newCertPEM, newKeyPEM) - return &cert, err -} - -func (c *Config) getCustomCA() []*Certificate { - certs := make([]*Certificate, 0, len(c.Certificate)) - for _, certificate := range c.Certificate { - if certificate.Usage == Certificate_AUTHORITY_ISSUE { - certs = append(certs, certificate) - } - } - return certs -} - -func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - var access sync.RWMutex - - return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - domain := hello.ServerName - certExpired := false - - access.RLock() - certificate, found := c.NameToCertificate[domain] - access.RUnlock() - - if found { - if !isCertificateExpired(certificate) { - return certificate, nil - } - certExpired = true - } - - if certExpired { - newCerts := make([]xtls.Certificate, 0, len(c.Certificates)) - - access.Lock() - for _, certificate := range c.Certificates { - if !isCertificateExpired(&certificate) { - newCerts = append(newCerts, certificate) - } - } - - c.Certificates = newCerts - access.Unlock() - } - - var issuedCertificate *xtls.Certificate - - // Create a new certificate from existing CA if possible - for _, rawCert := range ca { - if rawCert.Usage == Certificate_AUTHORITY_ISSUE { - newCert, err := issueCertificate(rawCert, domain) - if err != nil { - newError("failed to issue new certificate for ", domain).Base(err).WriteToLog() - continue - } - - access.Lock() - c.Certificates = append(c.Certificates, *newCert) - issuedCertificate = &c.Certificates[len(c.Certificates)-1] - access.Unlock() - break - } - } - - if issuedCertificate == nil { - return nil, newError("failed to create a new certificate for ", domain) - } - - access.Lock() - c.BuildNameToCertificate() - access.Unlock() - - return issuedCertificate, nil - } -} - -func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - if len(certs) == 0 { - return nil, errNoCertificates - } - sni := strings.ToLower(hello.ServerName) - if !rejectUnknownSNI && (len(certs) == 1 || sni == "") { - return certs[0], nil - } - gsni := "*" - if index := strings.IndexByte(sni, '.'); index != -1 { - gsni += sni[index:] - } - for _, keyPair := range certs { - if keyPair.Leaf.Subject.CommonName == sni || keyPair.Leaf.Subject.CommonName == gsni { - return keyPair, nil - } - for _, name := range keyPair.Leaf.DNSNames { - if name == sni || name == gsni { - return keyPair, nil - } - } - } - if rejectUnknownSNI { - return nil, errNoCertificates - } - return certs[0], nil - } -} - -func (c *Config) parseServerName() string { - return c.ServerName -} - -func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { - if c.PinnedPeerCertificateChainSha256 != nil { - hashValue := tls.GenerateCertChainHash(rawCerts) - for _, v := range c.PinnedPeerCertificateChainSha256 { - if hmac.Equal(hashValue, v) { - return nil - } - } - return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue)) - } - return nil -} - -// GetXTLSConfig converts this Config into xtls.Config. -func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config { - root, err := c.getCertPool() - if err != nil { - newError("failed to load system root certificate").AtError().Base(err).WriteToLog() - } - - if c == nil { - return &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: false, - NextProtos: nil, - SessionTicketsDisabled: true, - } - } - - config := &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: c.AllowInsecure, - NextProtos: c.NextProtocol, - SessionTicketsDisabled: !c.EnableSessionResumption, - VerifyPeerCertificate: c.verifyPeerCert, - } - - for _, opt := range opts { - opt(config) - } - - caCerts := c.getCustomCA() - if len(caCerts) > 0 { - config.GetCertificate = getGetCertificateFunc(config, caCerts) - } else { - config.GetCertificate = getNewGetCertificateFunc(c.BuildCertificates(), c.RejectUnknownSni) - } - - if sn := c.parseServerName(); len(sn) > 0 { - config.ServerName = sn - } - - if len(config.NextProtos) == 0 { - config.NextProtos = []string{"h2", "http/1.1"} - } - - switch c.MinVersion { - case "1.0": - config.MinVersion = xtls.VersionTLS10 - case "1.1": - config.MinVersion = xtls.VersionTLS11 - case "1.2": - config.MinVersion = xtls.VersionTLS12 - case "1.3": - config.MinVersion = xtls.VersionTLS13 - } - - switch c.MaxVersion { - case "1.0": - config.MaxVersion = xtls.VersionTLS10 - case "1.1": - config.MaxVersion = xtls.VersionTLS11 - case "1.2": - config.MaxVersion = xtls.VersionTLS12 - case "1.3": - config.MaxVersion = xtls.VersionTLS13 - } - - if len(c.CipherSuites) > 0 { - id := make(map[string]uint16) - for _, s := range xtls.CipherSuites() { - id[s.Name] = s.ID - } - for _, n := range strings.Split(c.CipherSuites, ":") { - if id[n] != 0 { - config.CipherSuites = append(config.CipherSuites, id[n]) - } - } - } - - config.PreferServerCipherSuites = c.PreferServerCipherSuites - - return config -} - -// Option for building XTLS config. -type Option func(*xtls.Config) - -// WithDestination sets the server name in XTLS config. -func WithDestination(dest net.Destination) Option { - return func(config *xtls.Config) { - if dest.Address.Family().IsDomain() && config.ServerName == "" { - config.ServerName = dest.Address.Domain() - } - } -} - -// WithNextProto sets the ALPN values in XTLS config. -func WithNextProto(protocol ...string) Option { - return func(config *xtls.Config) { - if len(config.NextProtos) == 0 { - config.NextProtos = protocol - } - } -} - -// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found. -func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config { - if settings == nil { - return nil - } - config, ok := settings.SecuritySettings.(*Config) - if !ok { - return nil - } - return config -} diff --git a/transport/internet/xtls/config.pb.go b/transport/internet/xtls/config.pb.go deleted file mode 100644 index edb1f3ff79d8..000000000000 --- a/transport/internet/xtls/config.pb.go +++ /dev/null @@ -1,478 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 -// source: transport/internet/xtls/config.proto - -package xtls - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Certificate_Usage int32 - -const ( - Certificate_ENCIPHERMENT Certificate_Usage = 0 - Certificate_AUTHORITY_VERIFY Certificate_Usage = 1 - Certificate_AUTHORITY_ISSUE Certificate_Usage = 2 -) - -// Enum value maps for Certificate_Usage. -var ( - Certificate_Usage_name = map[int32]string{ - 0: "ENCIPHERMENT", - 1: "AUTHORITY_VERIFY", - 2: "AUTHORITY_ISSUE", - } - Certificate_Usage_value = map[string]int32{ - "ENCIPHERMENT": 0, - "AUTHORITY_VERIFY": 1, - "AUTHORITY_ISSUE": 2, - } -) - -func (x Certificate_Usage) Enum() *Certificate_Usage { - p := new(Certificate_Usage) - *p = x - return p -} - -func (x Certificate_Usage) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor { - return file_transport_internet_xtls_config_proto_enumTypes[0].Descriptor() -} - -func (Certificate_Usage) Type() protoreflect.EnumType { - return &file_transport_internet_xtls_config_proto_enumTypes[0] -} - -func (x Certificate_Usage) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use Certificate_Usage.Descriptor instead. -func (Certificate_Usage) EnumDescriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0, 0} -} - -type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TLS certificate in x509 format. - Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"` - // TLS key in x509 format. - Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` - Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=xray.transport.internet.xtls.Certificate_Usage" json:"usage,omitempty"` - OcspStapling uint64 `protobuf:"varint,4,opt,name=ocsp_stapling,json=ocspStapling,proto3" json:"ocsp_stapling,omitempty"` - // TLS certificate path - CertificatePath string `protobuf:"bytes,5,opt,name=certificate_path,json=certificatePath,proto3" json:"certificate_path,omitempty"` - // TLS Key path - KeyPath string `protobuf:"bytes,6,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"` - // If true, one-Time Loading - OneTimeLoading bool `protobuf:"varint,7,opt,name=One_time_loading,json=OneTimeLoading,proto3" json:"One_time_loading,omitempty"` -} - -func (x *Certificate) Reset() { - *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Certificate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Certificate) ProtoMessage() {} - -func (x *Certificate) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. -func (*Certificate) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0} -} - -func (x *Certificate) GetCertificate() []byte { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Certificate) GetKey() []byte { - if x != nil { - return x.Key - } - return nil -} - -func (x *Certificate) GetUsage() Certificate_Usage { - if x != nil { - return x.Usage - } - return Certificate_ENCIPHERMENT -} - -func (x *Certificate) GetOcspStapling() uint64 { - if x != nil { - return x.OcspStapling - } - return 0 -} - -func (x *Certificate) GetCertificatePath() string { - if x != nil { - return x.CertificatePath - } - return "" -} - -func (x *Certificate) GetKeyPath() string { - if x != nil { - return x.KeyPath - } - return "" -} - -func (x *Certificate) GetOneTimeLoading() bool { - if x != nil { - return x.OneTimeLoading - } - return false -} - -type Config struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether or not to allow self-signed certificates. - AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` - // List of certificates to be served on server. - Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"` - // Override server name. - ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` - // Lists of string as ALPN values. - NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"` - // Whether or not to enable session (ticket) resumption. - EnableSessionResumption bool `protobuf:"varint,5,opt,name=enable_session_resumption,json=enableSessionResumption,proto3" json:"enable_session_resumption,omitempty"` - // If true, root certificates on the system will not be loaded for - // verification. - DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"` - // The minimum TLS version. - MinVersion string `protobuf:"bytes,7,opt,name=min_version,json=minVersion,proto3" json:"min_version,omitempty"` - // The maximum TLS version. - MaxVersion string `protobuf:"bytes,8,opt,name=max_version,json=maxVersion,proto3" json:"max_version,omitempty"` - // Specify cipher suites, except for TLS 1.3. - CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` - // Whether the server selects its most preferred ciphersuite. - PreferServerCipherSuites bool `protobuf:"varint,10,opt,name=prefer_server_cipher_suites,json=preferServerCipherSuites,proto3" json:"prefer_server_cipher_suites,omitempty"` - RejectUnknownSni bool `protobuf:"varint,12,opt,name=reject_unknown_sni,json=rejectUnknownSni,proto3" json:"reject_unknown_sni,omitempty"` - // @Document A pinned certificate chain sha256 hash. - // @Document If the server's hash does not match this value, the connection will be aborted. - // @Document This value replace allow_insecure. - // @Critical - PinnedPeerCertificateChainSha256 [][]byte `protobuf:"bytes,13,rep,name=pinned_peer_certificate_chain_sha256,json=pinnedPeerCertificateChainSha256,proto3" json:"pinned_peer_certificate_chain_sha256,omitempty"` -} - -func (x *Config) Reset() { - *x = Config{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Config) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Config) ProtoMessage() {} - -func (x *Config) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Config.ProtoReflect.Descriptor instead. -func (*Config) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{1} -} - -func (x *Config) GetAllowInsecure() bool { - if x != nil { - return x.AllowInsecure - } - return false -} - -func (x *Config) GetCertificate() []*Certificate { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Config) GetServerName() string { - if x != nil { - return x.ServerName - } - return "" -} - -func (x *Config) GetNextProtocol() []string { - if x != nil { - return x.NextProtocol - } - return nil -} - -func (x *Config) GetEnableSessionResumption() bool { - if x != nil { - return x.EnableSessionResumption - } - return false -} - -func (x *Config) GetDisableSystemRoot() bool { - if x != nil { - return x.DisableSystemRoot - } - return false -} - -func (x *Config) GetMinVersion() string { - if x != nil { - return x.MinVersion - } - return "" -} - -func (x *Config) GetMaxVersion() string { - if x != nil { - return x.MaxVersion - } - return "" -} - -func (x *Config) GetCipherSuites() string { - if x != nil { - return x.CipherSuites - } - return "" -} - -func (x *Config) GetPreferServerCipherSuites() bool { - if x != nil { - return x.PreferServerCipherSuites - } - return false -} - -func (x *Config) GetRejectUnknownSni() bool { - if x != nil { - return x.RejectUnknownSni - } - return false -} - -func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte { - if x != nil { - return x.PinnedPeerCertificateChainSha256 - } - return nil -} - -var File_transport_internet_xtls_config_proto protoreflect.FileDescriptor - -var file_transport_internet_xtls_config_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1c, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, - 0x78, 0x74, 0x6c, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x2e, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, - 0x23, 0x0a, 0x0d, 0x6f, 0x63, 0x73, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x69, 0x6e, 0x67, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x53, 0x74, 0x61, 0x70, - 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, - 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x12, 0x28, 0x0a, 0x10, 0x4f, 0x6e, - 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6c, 0x6f, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x4f, 0x6e, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x4c, 0x6f, 0x61, - 0x64, 0x69, 0x6e, 0x67, 0x22, 0x44, 0x0a, 0x05, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, - 0x0c, 0x45, 0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, - 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, - 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, - 0x54, 0x59, 0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xd2, 0x04, 0x0a, 0x06, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, - 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4b, 0x0a, 0x0b, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x29, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, - 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6e, 0x65, - 0x78, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, - 0x3a, 0x0a, 0x19, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x17, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x13, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x72, 0x6f, - 0x6f, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, - 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x6d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, - 0x6d, 0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, - 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, - 0x65, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x6e, 0x6b, 0x6e, - 0x6f, 0x77, 0x6e, 0x5f, 0x73, 0x6e, 0x69, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, - 0x65, 0x6a, 0x65, 0x63, 0x74, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x6e, 0x69, 0x12, - 0x4e, 0x0a, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, - 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x20, 0x70, - 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x42, - 0x76, 0x0a, 0x20, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, - 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, - 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1c, 0x58, 0x72, 0x61, 0x79, 0x2e, - 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x65, 0x74, 0x2e, 0x58, 0x74, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_transport_internet_xtls_config_proto_rawDescOnce sync.Once - file_transport_internet_xtls_config_proto_rawDescData = file_transport_internet_xtls_config_proto_rawDesc -) - -func file_transport_internet_xtls_config_proto_rawDescGZIP() []byte { - file_transport_internet_xtls_config_proto_rawDescOnce.Do(func() { - file_transport_internet_xtls_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_xtls_config_proto_rawDescData) - }) - return file_transport_internet_xtls_config_proto_rawDescData -} - -var file_transport_internet_xtls_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_transport_internet_xtls_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_transport_internet_xtls_config_proto_goTypes = []interface{}{ - (Certificate_Usage)(0), // 0: xray.transport.internet.xtls.Certificate.Usage - (*Certificate)(nil), // 1: xray.transport.internet.xtls.Certificate - (*Config)(nil), // 2: xray.transport.internet.xtls.Config -} -var file_transport_internet_xtls_config_proto_depIdxs = []int32{ - 0, // 0: xray.transport.internet.xtls.Certificate.usage:type_name -> xray.transport.internet.xtls.Certificate.Usage - 1, // 1: xray.transport.internet.xtls.Config.certificate:type_name -> xray.transport.internet.xtls.Certificate - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_transport_internet_xtls_config_proto_init() } -func file_transport_internet_xtls_config_proto_init() { - if File_transport_internet_xtls_config_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_transport_internet_xtls_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_transport_internet_xtls_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Config); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_transport_internet_xtls_config_proto_rawDesc, - NumEnums: 1, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_transport_internet_xtls_config_proto_goTypes, - DependencyIndexes: file_transport_internet_xtls_config_proto_depIdxs, - EnumInfos: file_transport_internet_xtls_config_proto_enumTypes, - MessageInfos: file_transport_internet_xtls_config_proto_msgTypes, - }.Build() - File_transport_internet_xtls_config_proto = out.File - file_transport_internet_xtls_config_proto_rawDesc = nil - file_transport_internet_xtls_config_proto_goTypes = nil - file_transport_internet_xtls_config_proto_depIdxs = nil -} diff --git a/transport/internet/xtls/config.proto b/transport/internet/xtls/config.proto deleted file mode 100644 index e2e57e558c80..000000000000 --- a/transport/internet/xtls/config.proto +++ /dev/null @@ -1,76 +0,0 @@ -syntax = "proto3"; - -package xray.transport.internet.xtls; -option csharp_namespace = "Xray.Transport.Internet.Xtls"; -option go_package = "github.com/xtls/xray-core/transport/internet/xtls"; -option java_package = "com.xray.transport.internet.xtls"; -option java_multiple_files = true; - -message Certificate { - // TLS certificate in x509 format. - bytes certificate = 1; - - // TLS key in x509 format. - bytes key = 2; - - enum Usage { - ENCIPHERMENT = 0; - AUTHORITY_VERIFY = 1; - AUTHORITY_ISSUE = 2; - } - - Usage usage = 3; - - uint64 ocsp_stapling = 4; - - // TLS certificate path - string certificate_path = 5; - - // TLS Key path - string key_path = 6; - - // If true, one-Time Loading - bool One_time_loading = 7; -} - -message Config { - // Whether or not to allow self-signed certificates. - bool allow_insecure = 1; - - // List of certificates to be served on server. - repeated Certificate certificate = 2; - - // Override server name. - string server_name = 3; - - // Lists of string as ALPN values. - repeated string next_protocol = 4; - - // Whether or not to enable session (ticket) resumption. - bool enable_session_resumption = 5; - - // If true, root certificates on the system will not be loaded for - // verification. - bool disable_system_root = 6; - - // The minimum TLS version. - string min_version = 7; - - // The maximum TLS version. - string max_version = 8; - - // Specify cipher suites, except for TLS 1.3. - string cipher_suites = 9; - - // Whether the server selects its most preferred ciphersuite. - bool prefer_server_cipher_suites = 10; - - bool reject_unknown_sni = 12; - - /* @Document A pinned certificate chain sha256 hash. - @Document If the server's hash does not match this value, the connection will be aborted. - @Document This value replace allow_insecure. - @Critical - */ - repeated bytes pinned_peer_certificate_chain_sha256 = 13; -} diff --git a/transport/internet/xtls/config_other.go b/transport/internet/xtls/config_other.go deleted file mode 100644 index a429cf37c09c..000000000000 --- a/transport/internet/xtls/config_other.go +++ /dev/null @@ -1,53 +0,0 @@ -//go:build !windows -// +build !windows - -package xtls - -import ( - "crypto/x509" - "sync" -) - -type rootCertsCache struct { - sync.Mutex - pool *x509.CertPool -} - -func (c *rootCertsCache) load() (*x509.CertPool, error) { - c.Lock() - defer c.Unlock() - - if c.pool != nil { - return c.pool, nil - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - c.pool = pool - return pool, nil -} - -var rootCerts rootCertsCache - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - if len(c.Certificate) == 0 { - return rootCerts.load() - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, newError("system root").AtWarning().Base(err) - } - for _, cert := range c.Certificate { - if !pool.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("append cert to root").AtWarning().Base(err) - } - } - return pool, err -} diff --git a/transport/internet/xtls/config_test.go b/transport/internet/xtls/config_test.go deleted file mode 100644 index bd7fbf1d1276..000000000000 --- a/transport/internet/xtls/config_test.go +++ /dev/null @@ -1,97 +0,0 @@ -package xtls_test - -import ( - "crypto/x509" - "testing" - "time" - - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/protocol/tls/cert" - . "github.com/xtls/xray-core/transport/internet/xtls" -) - -func TestCertificateIssuing(t *testing.T) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestExpiredCertificate(t *testing.T) { - caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)) - expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com")) - - certificate := ParseCertificate(caCert) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - certificate2 := ParseCertificate(expiredCert) - - c := &Config{ - Certificate: []*Certificate{ - certificate, - certificate2, - }, - } - - xtlsConfig := c.GetXTLSConfig() - xrayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestInsecureCertificates(t *testing.T) { - c := &Config{} - - xtlsConfig := c.GetXTLSConfig() - if len(xtlsConfig.CipherSuites) > 0 { - t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites) - } -} - -func BenchmarkCertificateIssuing(b *testing.B) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - lenCerts := len(xtlsConfig.Certificates) - - b.ResetTimer() - - for i := 0; i < b.N; i++ { - _, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.example.com", - }) - delete(xtlsConfig.NameToCertificate, "www.example.com") - xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts] - } -} diff --git a/transport/internet/xtls/config_windows.go b/transport/internet/xtls/config_windows.go deleted file mode 100644 index 68f82b409c95..000000000000 --- a/transport/internet/xtls/config_windows.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build windows -// +build windows - -package xtls - -import "crypto/x509" - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - return nil, nil -} diff --git a/transport/internet/xtls/errors.generated.go b/transport/internet/xtls/errors.generated.go deleted file mode 100644 index bce26cc1cf2b..000000000000 --- a/transport/internet/xtls/errors.generated.go +++ /dev/null @@ -1,9 +0,0 @@ -package xtls - -import "github.com/xtls/xray-core/common/errors" - -type errPathObjHolder struct{} - -func newError(values ...interface{}) *errors.Error { - return errors.New(values...).WithPathObj(errPathObjHolder{}) -} diff --git a/transport/internet/xtls/unsafe.go b/transport/internet/xtls/unsafe.go deleted file mode 100644 index 96c89416c441..000000000000 --- a/transport/internet/xtls/unsafe.go +++ /dev/null @@ -1,6 +0,0 @@ -package xtls - -import _ "unsafe" - -//go:linkname errNoCertificates github.com/xtls/go.errNoCertificates -var errNoCertificates error diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go deleted file mode 100644 index 452780d2a4d2..000000000000 --- a/transport/internet/xtls/xtls.go +++ /dev/null @@ -1,35 +0,0 @@ -package xtls - -import ( - xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" -) - -//go:generate go run github.com/xtls/xray-core/common/errors/errorgen - -type Conn struct { - *xtls.Conn -} - -func (c *Conn) HandshakeAddress() net.Address { - if err := c.Handshake(); err != nil { - return nil - } - state := c.ConnectionState() - if state.ServerName == "" { - return nil - } - return net.ParseAddress(state.ServerName) -} - -// Client initiates a XTLS client handshake on the given connection. -func Client(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Client(c, config) - return &Conn{Conn: xtlsConn} -} - -// Server initiates a XTLS server handshake on the given connection. -func Server(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Server(c, config) - return &Conn{Conn: xtlsConn} -} From c04c333afc68fa43a630ed1022473994a987f804 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sat, 4 Mar 2023 15:39:27 +0000 Subject: [PATCH 87/91] They become a part of you --- infra/conf/transport_internet.go | 11 ++++++++--- infra/conf/vless.go | 11 +---------- proxy/vless/inbound/inbound.go | 23 ++++++----------------- 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index b8f96f6ea049..c46bd964f11f 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -700,7 +700,9 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { } config.ProtocolName = protocol } - if strings.EqualFold(c.Security, "tls") { + switch strings.ToLower(c.Security) { + case "", "none": + case "tls": tlsSettings := c.TLSSettings if tlsSettings == nil { tlsSettings = &TLSConfig{} @@ -712,8 +714,7 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { tm := serial.ToTypedMessage(ts) config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type - } - if strings.EqualFold(c.Security, "reality") { + case "reality": if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") } @@ -727,6 +728,10 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { tm := serial.ToTypedMessage(ts) config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type + case "xtls": + return nil, newError(`Please use VLESS flow "xtls-rprx-vision" with TLS or REALITY.`) + default: + return nil, newError(`Unknown security "` + c.Security + `".`) } if c.TCPSettings != nil { ts, err := c.TCPSettings.Build() diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 01a2090baca5..d829cdee4bb8 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -4,7 +4,6 @@ import ( "encoding/json" "runtime" "strconv" - "strings" "syscall" "github.com/golang/protobuf/proto" @@ -53,15 +52,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } account.Id = u.String() - accountFlow := account.Flow - flows := strings.Split(account.Flow, ",") - for _, f := range flows { - t := strings.TrimSpace(f) - if t != "none" { - accountFlow = t - } - } - switch accountFlow { + switch account.Flow { case "", vless.XRV: default: return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 642cc39f7497..b3def4bb0adc 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -450,20 +450,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var rawConn syscall.RawConn var input *bytes.Reader var rawInput *bytes.Buffer - allowNoneFlow := false - accountFlow := account.Flow - flows := strings.Split(account.Flow, ",") - for _, f := range flows { - t := strings.TrimSpace(f) - if t == "none" { - allowNoneFlow = true - } else { - accountFlow = t - } - } + switch requestAddons.Flow { case vless.XRV: - if accountFlow == requestAddons.Flow { + if account.Flow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -503,10 +493,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } - case "", "none": - if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { - return newError(account.ID.String() + " is not able to use " + vless.XRV + - ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + case "": + if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { + return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() @@ -557,7 +546,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) From 4a0b45d1ffb1afba0fd2c21db97f9b97e025f30c Mon Sep 17 00:00:00 2001 From: Hellojack <106379370+H1JK@users.noreply.github.com> Date: Wed, 8 Mar 2023 21:43:42 +0800 Subject: [PATCH 88/91] Output real private key in x25519 command (#1747) --- main/commands/all/x25519.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/main/commands/all/x25519.go b/main/commands/all/x25519.go index 4ab1d09d5b23..e7909d9bff9e 100644 --- a/main/commands/all/x25519.go +++ b/main/commands/all/x25519.go @@ -4,7 +4,6 @@ import ( "crypto/rand" "encoding/base64" "fmt" - "io" "github.com/xtls/xray-core/main/commands/base" "golang.org/x/crypto/curve25519" @@ -44,17 +43,26 @@ func executeX25519(cmd *base.Command, args []string) { goto out } } + if privateKey == nil { privateKey = make([]byte, curve25519.ScalarSize) - if _, err = io.ReadFull(rand.Reader, privateKey); err != nil { + if _, err = rand.Read(privateKey); err != nil { output = err.Error() goto out } } + + // Modify random bytes using algorithm described at: + // https://cr.yp.to/ecdh.html. + privateKey[0] &= 248 + privateKey[31] &= 127 + privateKey[31] |= 64 + if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil { output = err.Error() goto out } + output = fmt.Sprintf("Private key: %v\nPublic key: %v", base64.RawURLEncoding.EncodeToString(privateKey), base64.RawURLEncoding.EncodeToString(publicKey)) From 836e84b8510a9478bc00dd8690cb71a51a607d11 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 8 Mar 2023 14:06:20 +0000 Subject: [PATCH 89/91] Add recover() to H2 server's flushWriter.Write() Fixes https://github.com/XTLS/Xray-core/issues/1748 --- transport/internet/http/dialer.go | 8 +++----- transport/internet/http/hub.go | 7 +++++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/transport/internet/http/dialer.go b/transport/internet/http/dialer.go index 75adc249b882..010a95a5936b 100644 --- a/transport/internet/http/dialer.go +++ b/transport/internet/http/dialer.go @@ -204,7 +204,7 @@ type WaitReadCloser struct { func (w *WaitReadCloser) Set(rc io.ReadCloser) { w.ReadCloser = rc defer func() { - if err := recover(); err != nil { + if recover() != nil { rc.Close() } }() @@ -225,10 +225,8 @@ func (w *WaitReadCloser) Close() error { return w.ReadCloser.Close() } defer func() { - if err := recover(); err != nil { - if w.ReadCloser != nil { - w.ReadCloser.Close() - } + if recover() != nil && w.ReadCloser != nil { + w.ReadCloser.Close() } }() close(w.Wait) diff --git a/transport/internet/http/hub.go b/transport/internet/http/hub.go index 54abe298ae5b..551f897e3e5a 100644 --- a/transport/internet/http/hub.go +++ b/transport/internet/http/hub.go @@ -51,6 +51,13 @@ func (fw flushWriter) Write(p []byte) (n int, err error) { return 0, io.ErrClosedPipe } + defer func() { + if recover() != nil { + fw.d.Close() + err = io.ErrClosedPipe + } + }() + n, err = fw.w.Write(p) if f, ok := fw.w.(http.Flusher); ok && err == nil { f.Flush() From c3322294be71ab2433b44f69d7f30db5001c510c Mon Sep 17 00:00:00 2001 From: xqzr <34030394+xqzr@users.noreply.github.com> Date: Thu, 9 Mar 2023 21:51:16 +0800 Subject: [PATCH 90/91] Add `tcpWindowClamp` to `sockopt` (#1757) Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com> --- infra/conf/transport_internet.go | 2 ++ transport/internet/config.pb.go | 54 +++++++++++++++++------------ transport/internet/config.proto | 2 ++ transport/internet/sockopt_linux.go | 14 +++++++- 4 files changed, 49 insertions(+), 23 deletions(-) diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index c46bd964f11f..63c8fbed8cdd 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -616,6 +616,7 @@ type SocketConfig struct { TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` TCPCongestion string `json:"tcpCongestion"` + TCPWindowClamp int32 `json:"tcpWindowClamp"` V6only bool `json:"v6only"` Interface string `json:"interface"` } @@ -667,6 +668,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, TcpCongestion: c.TCPCongestion, + TcpWindowClamp: c.TCPWindowClamp, V6Only: c.V6only, Interface: c.Interface, }, nil diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index 1fd38539c76a..90dcd7863987 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -427,6 +427,7 @@ type SocketConfig struct { TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"` Interface string `protobuf:"bytes,13,opt,name=interface,proto3" json:"interface,omitempty"` V6Only bool `protobuf:"varint,14,opt,name=v6only,proto3" json:"v6only,omitempty"` + TcpWindowClamp int32 `protobuf:"varint,15,opt,name=tcp_window_clamp,json=tcpWindowClamp,proto3" json:"tcp_window_clamp,omitempty"` } func (x *SocketConfig) Reset() { @@ -559,6 +560,13 @@ func (x *SocketConfig) GetV6Only() bool { return false } +func (x *SocketConfig) GetTcpWindowClamp() int32 { + if x != nil { + return x.TcpWindowClamp + } + return 0 +} + var File_transport_internet_config_proto protoreflect.FileDescriptor var file_transport_internet_config_proto_rawDesc = []byte{ @@ -611,7 +619,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0x9e, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xc8, 0x05, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -650,27 +658,29 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, - 0x6c, 0x79, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, - 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, - 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, - 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, - 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, - 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, - 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, - 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, - 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, - 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x6c, 0x79, 0x12, 0x28, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, + 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x63, + 0x70, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x22, 0x2f, 0x0a, 0x0a, + 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, + 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, + 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, + 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, + 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, + 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, + 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, + 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, + 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, + 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, + 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, + 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, + 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, + 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, + 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index 23a964fd3e3d..574d698e6266 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -102,4 +102,6 @@ message SocketConfig { string interface = 13; bool v6only = 14; + + int32 tcp_window_clamp = 15; } diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index e8376025e5ff..eda5de151056 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -46,7 +46,7 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set SO_MARK").Base(err) } } - + if config.Interface != "" { if err := syscall.BindToDevice(int(fd), config.Interface); err != nil { return newError("failed to set Interface").Base(err) @@ -89,6 +89,12 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf return newError("failed to set TCP_CONGESTION", err) } } + + if config.TcpWindowClamp > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { + return newError("failed to set TCP_WINDOW_CLAMP", err) + } + } } if config.Tproxy.IsEnabled() { @@ -139,6 +145,12 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) return newError("failed to set TCP_CONGESTION", err) } } + + if config.TcpWindowClamp > 0 { + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_WINDOW_CLAMP, int(config.TcpWindowClamp)); err != nil { + return newError("failed to set TCP_WINDOW_CLAMP", err) + } + } } if config.Tproxy.IsEnabled() { From d6801ab03162bedc20b336132a6cf2952bab7ac8 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Thu, 9 Mar 2023 13:55:09 +0000 Subject: [PATCH 91/91] v1.8.0 --- core/core.go | 4 +-- go.mod | 36 ++++++++++++------------- go.sum | 74 ++++++++++++++++++++++++++-------------------------- 3 files changed, 57 insertions(+), 57 deletions(-) diff --git a/core/core.go b/core/core.go index 8ab199364c8d..05148110910d 100644 --- a/core/core.go +++ b/core/core.go @@ -20,8 +20,8 @@ import ( var ( Version_x byte = 1 - Version_y byte = 7 - Version_z byte = 5 + Version_y byte = 8 + Version_z byte = 0 ) var ( diff --git a/go.mod b/go.mod index 6a63aec9a22f..58f1cd651d91 100644 --- a/go.mod +++ b/go.mod @@ -5,54 +5,54 @@ go 1.20 require ( github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.6.0 - github.com/golang/protobuf v1.5.2 + github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/gorilla/websocket v1.5.0 github.com/miekg/dns v1.1.51 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.6.2 github.com/quic-go/quic-go v0.33.0 - github.com/refraction-networking/utls v1.2.2 + github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db github.com/sagernet/sing v0.1.7 github.com/sagernet/sing-shadowsocks v0.1.1 github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb github.com/stretchr/testify v1.8.2 github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e - github.com/xtls/reality v0.0.0-20230227192902-524506d97551 - go.starlark.net v0.0.0-20230128213706-3f75dec8e403 - golang.org/x/crypto v0.6.0 - golang.org/x/net v0.7.0 + github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 + go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 + golang.org/x/crypto v0.7.0 + golang.org/x/net v0.8.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.5.0 + golang.org/x/sys v0.6.0 google.golang.org/grpc v1.53.0 - google.golang.org/protobuf v1.28.1 + google.golang.org/protobuf v1.29.0 gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h12.io/socks v1.0.3 ) require ( - github.com/andybalholm/brotli v1.0.4 // indirect + github.com/andybalholm/brotli v1.0.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect - github.com/klauspost/compress v1.15.15 // indirect - github.com/klauspost/cpuid/v2 v2.2.3 // indirect - github.com/onsi/ginkgo/v2 v2.8.1 // indirect + github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 // indirect + github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/onsi/ginkgo/v2 v2.9.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.1 // indirect github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect go.uber.org/atomic v1.10.0 // indirect - golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect - golang.org/x/mod v0.8.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/exp v0.0.0-20230307190834-24139beb5833 // indirect + golang.org/x/mod v0.9.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.6.0 // indirect - google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect + golang.org/x/tools v0.7.0 // indirect + google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/blake3 v1.1.7 // indirect diff --git a/go.sum b/go.sum index 3fc8c2b55d5a..ab32e439b7ac 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= +github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= @@ -58,8 +58,8 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= @@ -76,8 +76,8 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U= -github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg= +github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10 h1:CqYfpuYIjnlNxM3msdyPRKabhXZWbKjf3Q8BWROFBso= +github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -91,11 +91,11 @@ github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= -github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= +github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= +github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= -github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -112,9 +112,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU= -github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= -github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q= +github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8= +github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -136,8 +136,8 @@ github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3w github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= -github.com/refraction-networking/utls v1.2.2 h1:uBE6V173CwG8MQrSBpNZHAix1fxOvuLKYyjFAu3uqo0= -github.com/refraction-networking/utls v1.2.2/go.mod h1:L1goe44KvhnTfctUffM2isnJpSjPlYShrhXDeZaoYKw= +github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db h1:ULRv/GPW5KYDafE0FACN2no+HTCyQLUtfyOIeyp3GNc= +github.com/refraction-networking/utls v1.2.3-0.20230308205431-4f1df6c200db/go.mod h1:kHXvVB66a4BzVRYC4Em7e1HAfp7uwOCCw0+2CZ3sMY8= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -189,13 +189,13 @@ github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/reality v0.0.0-20230227192902-524506d97551 h1:zOP9NvpCMa1Y58UmA9EhbWs5/FNKvqwD5EyDLVit2LI= -github.com/xtls/reality v0.0.0-20230227192902-524506d97551/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= +github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8 h1:LLtLxEe3S0Ko+ckqt4t29RLskpNdOZfgjZCC2/Byr50= +github.com/xtls/reality v0.0.0-20230309125256-0d0713b108c8/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.starlark.net v0.0.0-20230128213706-3f75dec8e403 h1:jPeC7Exc+m8OBJUlWbBLh0O5UZPM7yU5W4adnhhbG4U= -go.starlark.net v0.0.0-20230128213706-3f75dec8e403/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg= +go.starlark.net v0.0.0-20230302034142-4b1e35fe2254/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= @@ -205,11 +205,11 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230307190834-24139beb5833 h1:SChBja7BCQewoTAU7IgvucQKMIXrEpFxNMs0spT3/5s= +golang.org/x/exp v0.0.0-20230307190834-24139beb5833/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -217,8 +217,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -234,8 +234,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -265,8 +265,8 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -276,8 +276,8 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -293,8 +293,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -313,8 +313,8 @@ google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -333,8 +333,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= +google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=