Commit Graph

58 Commits (9e5bc07bf29bad54b8294dd04d89cafe402d120c)

Author SHA1 Message Date
yuhan6665 9e5bc07bf2
Legends never die (#1725) 2023-03-04 10:39:26 +00:00
yuhan6665 25ea69fc3a Fix Vision inserting multiple uuid headers
This happen for stream inbound like http
2023-03-03 09:45:10 -05:00
yuhan6665 a4790133d2 Fix padding extends out of bound again 2023-03-02 21:42:48 -05:00
yuhan6665 7b54255cc1 Fix padding extends out of bound 2023-03-01 08:43:00 -05:00
yuhan6665 2d898480be
Vision padding upgrade (#1646)
* Vision server allow multiple blocks of padding

* Fix Vision client to support multiple possible padding blocks

* Vision padding upgrade

- Now we have two types of padding: long (pad to 900-1400) and traditional (0-256)
- Long padding is applied to tls handshakes and first (empty) packet
- Traditional padding is applied to all beginning (7) packets of the connection (counted two-way)
- Since receiver changed its way to unpad buffer in fd6973b3c6, we can freely extend padding packet length easily in the future
- Simplify code

* Adjust receiver withinPaddingBuffers

Now default withinPaddingBuffers = true to give it a chance to do unpadding

* Fix magic numbers for Vision
Thanks @H1JK

Thanks @RPRX for guidance
2023-02-27 22:14:37 -05:00
RPRX c38179a67f
Upgrade github.com/xtls/reality to f34b4d174342
Fixes https://github.com/XTLS/Xray-core/issues/1712
2023-02-26 19:26:57 +08:00
Hellojack 267d93f7bd
Improve ReshapeMultiBuffer (#1636)
* Improve ReshapeMultiBuffer

* Improve again

* Always resize
2023-02-24 11:42:02 -05:00
RPRX 4d2e2b24d3
THE NEXT FUTURE becomes THE REALITY NOW
Thank @yuhan6665 for testing
2023-02-15 16:07:12 +00:00
yuhan6665 c3faa8b7ac
Insert padding with empty content to camouflage VLESS header (#1610)
This only affects the Vision client for protocols expecting server to send data first.
The change is compatible with existing version of Vision server.
2023-02-06 06:45:09 +00:00
RPRX 74416570d4
Format VLESS inbound.go and outbound.go 2023-01-31 18:02:12 +00:00
RPRX b70912799b
Generate *.pb.go files with protoc v3.21.12
https://github.com/protocolbuffers/protobuf/releases/tag/v21.12
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2
go run ./infra/vprotogen
2023-01-30 04:35:30 +00:00
yuhan6665 15bb23e4ec
XTLS Vision rejects Mux except for XUDP (#1567)
* Xtls vision reject vless-tcp-tls+Mux

* Address review comment
2023-01-28 05:39:36 +00:00
yuhan6665 fb212905bd
XTLS Vision checks outer TLS version (#1554) 2023-01-27 03:43:58 +00:00
MP 77d2f9edd7
Revise the Code per XTLS#1515 (#1536)
* Use buf.FromBytes(make([]byte, 0, buf.Size)) to create `first`

Fixes https://github.com/XTLS/Xray-core/issues/1515

* Update server.go

* Update inbound.go

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-01-16 22:18:58 -05:00
RPRX 8c0d3c0257
XTLS Vision supports acceptProxyProtocol (test needed)
Fixes https://github.com/XTLS/Xray-core/issues/1339
2023-01-07 11:01:53 +00:00
RPRX 6f61021f7a
XTLS Vision processes struct TLS Conn's input and rawInput
Fixes https://github.com/XTLS/Xray-core/issues/1444
2023-01-06 05:37:16 +00:00
yuhan6665 c4fbdf1b78 Run core/format.go 2022-12-25 19:47:53 -05:00
yuhan6665 f35ded79ad Vision only reject TCP command for VLESS-TCP-TLS
UDP and MUX command currently has no flow value.
Also the character is the same with or without XTLS
2022-12-12 21:20:01 -05:00
yuhan6665 bc4de6a026 Fix VLESS client doesn't handle traffic if not send data first
Certain ssh, mySQL and reverse proxy need server data first in a connection
2022-12-11 09:44:40 -05:00
yuhan6665 2e30093ffd Enforce specific none flow for xtls vision
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now  server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
2022-12-04 23:15:36 -05:00
yuhan6665 1d7c40d728 Enable Xtls Vision (Direct not Splice) for any inbound connection
Before this change, Vision client need a pure inbound like socks or http.
After this change, it will support any inbound.
This is useful in traffic forwarder use case inside China.
2022-12-04 23:15:36 -05:00
yuhan6665 d87758d46f Parse big server hello properly 2022-11-27 18:28:38 -05:00
yuhan6665 e5e9e58d66 Fix direct flow on Windows 2022-11-27 18:28:38 -05:00
yuhan6665 494a10971b Fix xtls vision issue with big server hello 2022-11-20 18:54:07 -05:00
yuhan6665 8006430c15 Add logic to filter TLS_AES_128_CCM_8_SHA256 2022-11-13 12:18:23 -05:00
yuhan6665 04278a8940 Refactor some variable names 2022-11-13 12:18:23 -05:00
yuhan6665 48f7cc2132 Reshape multi buffer to fix the padding when buffer is full 2022-11-13 12:18:23 -05:00
yuhan6665 8ef609ff46 Enable UTLS fingerprint for XTLS Vision 2022-11-06 21:50:19 -05:00
yuhan6665 fffd908db2 Fix direct and splice flow 2022-11-06 21:50:19 -05:00
yuhan6665 5e695327b1
Add XTLS RPRX's Vision (#1235)
* Add XTLS RPRX's Vision

* Add helpful warning when security is wrong

* Add XTLS padding (draft)

* Fix  number of packet to filter

* Xtls padding version 1.0 and unpadding logic
2022-10-29 00:51:59 -04:00
yuhan6665 8117b66949 Generate all protos 2022-10-10 13:17:32 -04:00
yuhan6665 84537e98c4 Update xtls and go to 1.19 2022-09-15 22:06:59 -04:00
世界 f046feb9ca
Reformat code 2022-05-18 15:29:01 +08:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yuhan6665 e286cdcaa8
Style: format code by gofumpt (#761) 2021-10-20 00:57:14 +08:00
hmol233 7033f7cf5f
Fix: protobuf file (#724) 2021-09-20 22:41:09 +08:00
Arthur Morgan 24b637cd5e
Fix: CounterConnection with ReadV/WriteV (#720)
Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com>
2021-09-20 20:11:21 +08:00
yuhan6665 42d158bd85
vprotogen refine (#717)
* Update all proto files with existing vprotogen
* Chore: remove protoc-gen-gofast
* Feat: vprotogen adds version detector to block generation code from old protobuf version
* Feat: vprotogen refine logic

Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-09-18 01:16:14 +08:00
RPRX 100edc370b
Stop at '?' when reading HTTP PATH before shunting 2021-03-12 11:50:59 +00:00
RPRX 924fe16077
Skip Port 53, 443 before using single XUDP for VLESS & VMess 2021-03-08 18:36:45 +00:00
RPRX d170416219
Add environment variable XRAY_CONE_DISABLED option 2021-02-11 15:37:02 +00:00
RPRX 8ca8a7126b Add XUDP support by simply renaming vudp to xudp
https://t.me/projectXray/243505
2021-02-11 11:33:08 +00:00
RPRX 1174ff3090
Refactor: VLESS & VMess & Mux UDP FullCone NAT
https://t.me/projectXray/242770
2021-02-11 01:28:21 +00:00
RPRX 8ffc430351
Fix VLESS & Trojan fallbacks xver 2021-01-23 21:06:15 +00:00
Bohan Yang 5bc1bf30ae
Fix fallbacks xver when original address is not TCP address (#182)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-22 03:26:57 +00:00
Arthur Morgan 5aa053a65f
Convert domain names to lowercase before matching (#195)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-21 23:37:55 +00:00
Jim Han 7f5e34c857
Regenerate .pb.go files (#187)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-21 18:58:19 +00:00
RPRX 88f6537540
Make necessary maps in non-empty names before copy 2021-01-15 11:36:31 +00:00
RPRX f0efc0cfde
As substring to match in VLESS fallbacks SNI shunt 2021-01-15 09:43:39 +00:00