From 45353cd860ccacbc08f8bef99bb935174728804e Mon Sep 17 00:00:00 2001 From: Kobe Arthur Scofield <26771058+KobeArthurScofield@users.noreply.github.com> Date: Sun, 15 Sep 2024 18:22:25 +0800 Subject: [PATCH] Remove legacy `timeout` config (#577) * Remove `timeout` field in dokodemo-door * Remove `timeout` field in HTTP inbound * Minor fixes to The Great Chronicles * Force update wireguard inbound to russian docs --- docs/.vuepress/config/sidebar/ru.ts | 1 + docs/about/news.md | 27 ++++++----- docs/config/inbounds/dokodemo.md | 6 --- docs/config/inbounds/http.md | 7 --- docs/en/about/news.md | 14 +++--- docs/en/config/inbounds/dokodemo.md | 31 ++++++++++-- docs/en/config/inbounds/http.md | 7 --- docs/ru/about/news.md | 27 ++++++----- docs/ru/config/inbounds/dokodemo.md | 6 --- docs/ru/config/inbounds/http.md | 7 --- docs/ru/config/inbounds/wireguard.md | 71 ++++++++++++++++++++++++++++ 11 files changed, 137 insertions(+), 67 deletions(-) create mode 100644 docs/ru/config/inbounds/wireguard.md diff --git a/docs/.vuepress/config/sidebar/ru.ts b/docs/.vuepress/config/sidebar/ru.ts index a3345a3ea..fcc974592 100644 --- a/docs/.vuepress/config/sidebar/ru.ts +++ b/docs/.vuepress/config/sidebar/ru.ts @@ -41,6 +41,7 @@ export const sidebarRu: SidebarConfig = { '/ru/config/inbounds/trojan.md', '/ru/config/inbounds/vless.md', '/ru/config/inbounds/vmess.md', + '/ru/config/inbounds/wireguard.md', ], }, { diff --git a/docs/about/news.md b/docs/about/news.md index b8a5c7471..36bb097d2 100644 --- a/docs/about/news.md +++ b/docs/about/news.md @@ -25,19 +25,23 @@ sidebar: auto - 还有一些改进。 由于传统版本号的存在,为每个版本规划功能、进行排期已经严重阻碍了新功能的开发、合并、发布。所以我们决定从下个版本开始弃用传统的版本号,改用发版日期作为版本号,如 v24.8.30,并取消版本规划,全面采用流式更新,写好的功能直接合并,不再等待,预计每月月底发一个版本。 + 毕竟对于反审查软件来说,相较于传统的版本号,新功能的及时性、每月更新更为重要,而不是发一个功能确定的版本并长期维护。 + 下个版本会移除一些历史久远的代码,以后日常积累新代码、提醒迁移,跨年新版删代码、breaking。 + 我们相信有了各位的捐款以及对发版形式的革新,Xray-core 这个项目会发展得更好。 ## 2024.8.26 Project VLESS 群组创立。 -We have created [Project VLESS](https://t.me/projectVless) for non-Chinese users (Russian mainly). +We have created [Project VLESS](https://t.me/projectVless) for non-Chinese users (mainly Russian). ## 2024.8.3 第一个 [Project X NFT](https://github.com/XTLS/Xray-core/discussions/3633) 正式发行! + 就像 Xray 开创过很多历史一样,发行 NFT 也是这个领域前无古人的操作。这些 NFT 非常有纪念意义,甚至可以说是有历史意义,远大于现在的初始价格,假以时日它们必将价值连城。最后再次感谢大家对 Project X 的支持。 ## 2024.7.29 [v1.8.23](https://github.com/XTLS/Xray-core/releases/tag/v1.8.23) @@ -62,8 +66,7 @@ Project X 文档迎来了俄语版!感谢 [@iambabyninja](https://github.com/i ## 2024.7.15 -通过已知信息以及努力,Xray-core 现在重新支持 Windows 7!在后续的发版中,Windows 7 用户下载名为 Xray-win7-32.zip 或 Xray-win7-64.zip 的压缩包解压即可享受,感谢大家的支持! -具体使用方式请点[这里](../document/install.html) +通过已知信息以及努力,Xray-core 现在重新支持 Windows 7!在后续的发版中,Windows 7 用户下载名为 Xray-win7-32.zip 或 Xray-win7-64.zip 的压缩包解压即可享受,感谢大家的支持!具体使用方式请点[这里](../document/install.html) 虽然日后随着各方面升级 Windows 7 最终会离开,但是现在还是可以让这个时间来得稍微晚一些。 @@ -100,26 +103,27 @@ VLESS Seed 整备完毕,待势而发。 ## 2024.3.11 [v1.8.9](https://github.com/XTLS/Xray-core/releases/tag/v1.8.9) 新增 HTTPUpgrade 传输,听说比 WebSocket 要轻。 + - 已加入分享链接套餐~ ## 2024.2.29 gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这下 gRPC 也能“域前置”了,没有 ALPN 问题。 -## 2024.1.9 - -惊闻 Win7 无法运行新版 Xray-core?探索之下竟发现 Go 放弃了对 Win7 的支持。 -有什么办法能继续支持这个有些古老但是依然优雅的操作系统吗? - ## 2024.2.25 [v1.8.8](https://github.com/XTLS/Xray-core/releases/tag/v1.8.8) - 现在 XUDP 流量统一使用 Vision 填充了,速来体验。 - 新增了 leastLoad balancer。 - 修复错误、优化性能…… +## 2024.1.9 + +惊闻 Win7 无法运行新版 Xray-core?探索之下竟发现 Go 放弃了对 Win7 的支持。有什么办法能继续支持这个有些古老但是依然优雅的操作系统吗? + ## 2023.11.21 发表在 USENIX 顶会的[论文](https://t.me/projectXtls/212)证实,XTLS Vision 已经达到它的设计目标。 + 而 XTLS 也不会止步于此,如 X 射线一般穿破高耸的围墙。 ## 2023.11.18 [v1.8.6](https://github.com/XTLS/Xray-core/releases/tag/v1.8.6) @@ -137,6 +141,7 @@ gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这 ## 2023.8.29 [v1.8.4](https://github.com/XTLS/Xray-core/releases/tag/v1.8.4) 1.8.x 在经过半年的打磨后终于来到了第一个认可的正式版了。 + 同样地,这次集成的改进也不少,速来品尝! ## 2023.7.22 @@ -175,8 +180,7 @@ gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这 ## 2023.4.20 -经过长年累月的开发,累积代码不计其数…… -精简代码计划被提出了! +经过长年累月的开发,累积代码不计其数…… [精简代码计划](https://github.com/XTLS/Xray-core/discussions/1967) 被提出了! ## 2023.4.19 @@ -217,6 +221,7 @@ XTLS Vision 也已经完善,请两端升级至最新版食用。 ## 2023.3.4 > Legends never die, they become a part of ~~you~~ VLESS. +> > They simply fade away. ## 2023.3.2 @@ -366,7 +371,7 @@ Shadowsocks-2022 是重新设计的全新协议: ## 2021.7.14 -- AnXray ~~重金设计~~ 的新图标已经上线! +- AnXray ~~重金设计~~ 的新图标已经上线! - 现在图标的辨识度更高了。 - 过去三个星期,AnXray 共积累了 600 stars、2K+ 频道订阅数和 11K+ GitHub 下载量,感谢大家的支持。 - AX 为 AnXray 的缩写,推荐用 AX 指代 AnXray,简短方便 diff --git a/docs/config/inbounds/dokodemo.md b/docs/config/inbounds/dokodemo.md index 5fa512eb7..bed395467 100644 --- a/docs/config/inbounds/dokodemo.md +++ b/docs/config/inbounds/dokodemo.md @@ -9,7 +9,6 @@ Dokodemo door(任意门)可以监听一个本地端口,并把所有进入 "address": "8.8.8.8", "port": 53, "network": "tcp", - "timeout": 0, "followRedirect": false, "userLevel": 0 } @@ -29,10 +28,6 @@ Dokodemo door(任意门)可以监听一个本地端口,并把所有进入 可接收的网络协议类型。比如当指定为 `"tcp"` 时,仅会接收 TCP 流量。默认值为 `"tcp"`。 -> `timeout`: number - -连接空闲的时间限制。单位为秒。默认值为 `300`。处理一个连接时,如果在 `timeout` 时间内,没有任何数据被传输,则中断该连接。 - > `followRedirect`: true | false 当值为 `true` 时,dokodemo-door 会识别出由 iptables 转发而来的数据,并转发到相应的目标地址。 @@ -62,7 +57,6 @@ userLevel 的值, 对应 [policy](../policy.md#policyobject) 中 `level` 的值. "address": "mc.hypixel.net", "port": 25565, "network": "tcp", - "timeout": 0, "followRedirect": false, "userLevel": 0 }, diff --git a/docs/config/inbounds/http.md b/docs/config/inbounds/http.md index f433a3752..f0cb62aca 100644 --- a/docs/config/inbounds/http.md +++ b/docs/config/inbounds/http.md @@ -23,7 +23,6 @@ HTTP 协议。 ```json { - "timeout": 0, "accounts": [ { "user": "my-username", @@ -35,12 +34,6 @@ HTTP 协议。 } ``` -> `timeout`: number - -连接空闲的时间限制。单位为秒。默认值为 `300`, 0 表示不限时。 - -处理一个连接时,如果在 `timeout` 时间内,没有任何数据被传输,则中断该连接。 - > `accounts`: \[[AccountObject](#accountobject)\] 一个数组,数组中每个元素为一个用户帐号。默认值为空。 diff --git a/docs/en/about/news.md b/docs/en/about/news.md index 704993ae7..7fb5c05c0 100644 --- a/docs/en/about/news.md +++ b/docs/en/about/news.md @@ -107,16 +107,16 @@ Added HTTPUpgrade transport, said to be lighter than WebSocket. gRPC transport now also has a Host-like configuration field! It's called `authority`. Now gRPC can also "domain front," without ALPN issues. -## 2024.1.9 - -Shocked to hear that Win7 cannot run the new version of Xray-core? Upon exploration, it was discovered that Go has dropped support for Win7. Is there a way to continue supporting this somewhat ancient but still elegant operating system? - ## 2024.2.25 [v1.8.8](https://github.com/XTLS/Xray-core/releases/tag/v1.8.8) - Now XUDP traffic is uniformly padded with Vision, come and experience it. - Added leastLoad balancer. - Fixed errors, optimized performance... +## 2024.1.9 + +Shocked to hear that Win7 cannot run the new version of Xray-core? Upon exploration, it was discovered that Go has dropped support for Win7. Is there a way to continue supporting this somewhat ancient but still elegant operating system? + ## 2023.11.21 The [paper](https://t.me/projectXtls/212) published at the USENIX top conference confirms that XTLS Vision has achieved its design goals. And XTLS will not stop there, breaking through towering walls like X-rays. @@ -174,8 +174,7 @@ Maybe we can leverage [RealiTLScanner](https://github.com/XTLS/RealiTLScanner) ## 2023.4.20 -After years of development and countless lines of code... -The code simplification plan has been proposed! +After years of development and countless lines of code... [The code simplification plan](https://github.com/XTLS/Xray-core/discussions/1967) has been proposed! ## 2023.4.19 @@ -216,6 +215,7 @@ XTLS Vision has also been improved, please upgrade both ends to the latest versi ## 2023.3.4 > Legends never die, they become a part of ~~you~~ VLESS. +> > They simply fade away. ## 2023.3.2 @@ -390,7 +390,7 @@ Brought an improvement to tun2socks. You might get to enjoy it in the future~ ## 2021.4.12 -Introducing X-flutter preview; looking forward to what it might be like~ ~~🍪~~ +Let's foresee X-flutter; looking forward to what it might be like~ ~~🍪~~ ## 2021.4.6 diff --git a/docs/en/config/inbounds/dokodemo.md b/docs/en/config/inbounds/dokodemo.md index b61cb2c7b..8327255fc 100644 --- a/docs/en/config/inbounds/dokodemo.md +++ b/docs/en/config/inbounds/dokodemo.md @@ -9,7 +9,6 @@ Dokodemo door (Anywhere Door) can listen to a local port and forward all incomin "address": "8.8.8.8", "port": 53, "network": "tcp", - "timeout": 0, "followRedirect": false, "userLevel": 0 } @@ -29,10 +28,6 @@ The specified port on the destination address to forward the traffic to. It shou The supported network protocol type. For example, when specified as `"tcp"`, it will only receive TCP traffic. The default value is `"tcp"`. -> `timeout`: number - -The idle timeout in seconds. The default value is `300`. When handling a connection, if no data is transmitted within the timeout period, the connection will be terminated. - > `followRedirect`: true | false When set to `true`, dokodemo-door will recognize data forwarded by iptables and forward it to the corresponding destination address. @@ -45,6 +40,32 @@ The user level that the connection will use to determine the corresponding [Loca The value of `userLevel` corresponds to the value of `level` in the [policy](../policy.md#policyobject). If not specified, the default value is 0. +## Usage + +Dokodemo-door can be used as Transparent proxy (in the next section) and can be used to mapping a port. + +Some services does not support proxy likes SOCKS5, but using Tun or Tproxy could be too complicated. If these services only communicate with only one port (like iperf, Minecraft server, Wireguard endpoint, etc.), dokodemo-door can be used. + +Below is an example config (if the default outbound is an effective proxy): + +```json +{ + "listen": "127.0.0.1", + "port": 25565, + "protocol": "dokodemo-door", + "settings": { + "address": "mc.hypixel.net", + "port": 25565, + "network": "tcp", + "followRedirect": false, + "userLevel": 0 + }, + "tag": "mc" +} +``` + +The core will listen at `127.0.0.1:25565`, and the traffic coming in through this inbound will be send to `mc.hypixel.net:25565` (a Minecraft server) through the default outbound. Then you can connect the Minecraft client to the Hypixel server through the proxy by set the game server to `127.0.0.1:25565` in the Minecraft client. + ## Transparent Proxy Configuration Example Please refer to the [Transparent Proxy (TProxy) Configuration Tutorial](../../document/level-2/tproxy) for this section. diff --git a/docs/en/config/inbounds/http.md b/docs/en/config/inbounds/http.md index 2316fdda4..485a1e27e 100644 --- a/docs/en/config/inbounds/http.md +++ b/docs/en/config/inbounds/http.md @@ -23,7 +23,6 @@ In Linux, you can use the following environment variables to enable global HTTP ```json { - "timeout": 0, "accounts": [ { "user": "my-username", @@ -35,12 +34,6 @@ In Linux, you can use the following environment variables to enable global HTTP } ``` -> `timeout`: number - -The idle timeout in seconds. The default value is `300`, and 0 means no timeout. - -When handling a connection, if no data is transmitted within the timeout period, the connection will be terminated. - > `accounts`: \[[AccountObject](#accountobject)\] An array where each element represents a user account. The default value is an empty array. diff --git a/docs/ru/about/news.md b/docs/ru/about/news.md index 6d19de42c..3aa968628 100644 --- a/docs/ru/about/news.md +++ b/docs/ru/about/news.md @@ -25,19 +25,23 @@ sidebar: auto - 还有一些改进。 由于传统版本号的存在,为每个版本规划功能、进行排期已经严重阻碍了新功能的开发、合并、发布。所以我们决定从下个版本开始弃用传统的版本号,改用发版日期作为版本号,如 v24.8.30,并取消版本规划,全面采用流式更新,写好的功能直接合并,不再等待,预计每月月底发一个版本。 + 毕竟对于反审查软件来说,相较于传统的版本号,新功能的及时性、每月更新更为重要,而不是发一个功能确定的版本并长期维护。 + 下个版本会移除一些历史久远的代码,以后日常积累新代码、提醒迁移,跨年新版删代码、breaking。 + 我们相信有了各位的捐款以及对发版形式的革新,Xray-core 这个项目会发展得更好。 ## 2024.8.26 Project VLESS 群组创立。 -We have created [Project VLESS](https://t.me/projectVless) for non-Chinese users (Russian mainly). +We have created [Project VLESS](https://t.me/projectVless) for non-Chinese users (mainly Russian). ## 2024.8.3 第一个 [Project X NFT](https://github.com/XTLS/Xray-core/discussions/3633#discussioncomment-10231076) 正式发行! + 就像 Xray 开创过很多历史一样,发行 NFT 也是这个领域前无古人的操作。这些 NFT 非常有纪念意义,甚至可以说是有历史意义,远大于现在的初始价格,假以时日它们必将价值连城。最后再次感谢大家对 Project X 的支持。 ## 2024.7.29 [v1.8.23](https://github.com/XTLS/Xray-core/releases/tag/v1.8.23) @@ -62,8 +66,7 @@ Project X 文档迎来了俄语版!感谢 [@iambabyninja](https://github.com/i ## 2024.7.15 -通过已知信息以及努力,Xray-core 现在重新支持 Windows 7!在后续的发版中,Windows 7 用户下载名为 Xray-win7-32.zip 或 Xray-win7-64.zip 的压缩包解压即可享受,感谢大家的支持! -具体使用方式请点[这里](../document/install.html) +通过已知信息以及努力,Xray-core 现在重新支持 Windows 7!在后续的发版中,Windows 7 用户下载名为 Xray-win7-32.zip 或 Xray-win7-64.zip 的压缩包解压即可享受,感谢大家的支持!具体使用方式请点[这里](../document/install.html) 虽然日后随着各方面升级 Windows 7 最终会离开,但是现在还是可以让这个时间来得稍微晚一些。 @@ -100,26 +103,27 @@ VLESS Seed 整备完毕,待势而发。 ## 2024.3.11 [v1.8.9](https://github.com/XTLS/Xray-core/releases/tag/v1.8.9) 新增 HTTPUpgrade 传输,听说比 WebSocket 要轻。 + - 已加入分享链接套餐~ ## 2024.2.29 gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这下 gRPC 也能“域前置”了,没有 ALPN 问题。 -## 2024.1.9 - -惊闻 Win7 无法运行新版 Xray-core?探索之下竟发现 Go 放弃了对 Win7 的支持。 -有什么办法能继续支持这个有些古老但是依然优雅的操作系统吗? - ## 2024.2.25 [v1.8.8](https://github.com/XTLS/Xray-core/releases/tag/v1.8.8) - 现在 XUDP 流量统一使用 Vision 填充了,速来体验。 - 新增了 leastLoad balancer。 - 修复错误、优化性能…… +## 2024.1.9 + +惊闻 Win7 无法运行新版 Xray-core?探索之下竟发现 Go 放弃了对 Win7 的支持。有什么办法能继续支持这个有些古老但是依然优雅的操作系统吗? + ## 2023.11.21 发表在 USENIX 顶会的[论文](https://t.me/projectXtls/212)证实,XTLS Vision 已经达到它的设计目标。 + 而 XTLS 也不会止步于此,如 X 射线一般穿破高耸的围墙。 ## 2023.11.18 [v1.8.6](https://github.com/XTLS/Xray-core/releases/tag/v1.8.6) @@ -137,6 +141,7 @@ gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这 ## 2023.8.29 [v1.8.4](https://github.com/XTLS/Xray-core/releases/tag/v1.8.4) 1.8.x 在经过半年的打磨后终于来到了第一个认可的正式版了。 + 同样地,这次集成的改进也不少,速来品尝! ## 2023.7.22 @@ -175,8 +180,7 @@ gRPC 传输现在也有 Host 一样的配置字段了!它叫 `authority`。这 ## 2023.4.20 -经过长年累月的开发,累积代码不计其数…… -精简代码计划被提出了! +经过长年累月的开发,累积代码不计其数…… [精简代码计划](https://github.com/XTLS/Xray-core/discussions/1967) 被提出了! ## 2023.4.19 @@ -217,6 +221,7 @@ XTLS Vision 也已经完善,请两端升级至最新版食用。 ## 2023.3.4 > Legends never die, they become a part of ~~you~~ VLESS. +> > They simply fade away. ## 2023.3.2 @@ -366,7 +371,7 @@ Shadowsocks-2022 是重新设计的全新协议: ## 2021.7.14 -- AnXray ~~重金设计~~ 的新图标已经上线! +- AnXray ~~重金设计~~ 的新图标已经上线! - 现在图标的辨识度更高了。 - 过去三个星期,AnXray 共积累了 600 stars、2K+ 频道订阅数和 11K+ GitHub 下载量,感谢大家的支持。 - AX 为 AnXray 的缩写,推荐用 AX 指代 AnXray,简短方便 diff --git a/docs/ru/config/inbounds/dokodemo.md b/docs/ru/config/inbounds/dokodemo.md index c36fc819d..4b62cdd27 100644 --- a/docs/ru/config/inbounds/dokodemo.md +++ b/docs/ru/config/inbounds/dokodemo.md @@ -9,7 +9,6 @@ Dokodemo door может прослушивать локальный порт и "address": "8.8.8.8", "port": 53, "network": "tcp", - "timeout": 0, "followRedirect": false, "userLevel": 0 } @@ -29,10 +28,6 @@ Dokodemo door может прослушивать локальный порт и Поддерживаемые типы сетевых протоколов. Например, если указано `"tcp"`, то будет приниматься только трафик TCP. Значение по умолчанию: `"tcp"`. -> `timeout`: number - -Ограничение времени простоя соединения. Измеряется в секундах. Значение по умолчанию: `300`. Если во время обработки соединения в течение `timeout` секунд не передается никаких данных, соединение разрывается. - > `followRedirect`: true | false Если значение равно `true`, dokodemo-door будет распознавать данные, перенаправленные iptables, и пересылать их на соответствующий целевой адрес. @@ -62,7 +57,6 @@ Dokodemo door может прослушивать локальный порт и "address": "mc.hypixel.net", "port": 25565, "network": "tcp", - "timeout": 0, "followRedirect": false, "userLevel": 0 }, diff --git a/docs/ru/config/inbounds/http.md b/docs/ru/config/inbounds/http.md index ac934e0ea..8cf6e0e89 100644 --- a/docs/ru/config/inbounds/http.md +++ b/docs/ru/config/inbounds/http.md @@ -23,7 +23,6 @@ ```json { - "timeout": 0, "accounts": [ { "user": "my-username", @@ -35,12 +34,6 @@ } ``` -> `timeout`: number - -Ограничение времени простоя соединения. Измеряется в секундах. Значение по умолчанию: `300`, значение 0 означает отсутствие ограничения времени. - -Если в течение `timeout` секунд во время обработки соединения не было передано никаких данных, соединение разрывается. - > `accounts`: \[[AccountObject](#accountobject)\] Массив, каждый элемент которого представляет собой учетную запись пользователя. Значение по умолчанию: пустой массив. diff --git a/docs/ru/config/inbounds/wireguard.md b/docs/ru/config/inbounds/wireguard.md new file mode 100644 index 000000000..699b97698 --- /dev/null +++ b/docs/ru/config/inbounds/wireguard.md @@ -0,0 +1,71 @@ +# Wireguard + +User-space implementation of the Wireguard protocol. + +::: danger +**The Wireguard protocol is not specifically designed for circumvention purposes. If used as the outer layer for circumvention, its characteristics may lead to server blocking.** +::: + +## InboundConfigurationObject + +```json +{ + "secretKey": "PRIVATE_KEY", + "peers": [ + { + "publicKey": "PUBLIC_KEY", + "allowedIPs":[""] + } + ], + "kernelMode": true, // optional, default true if it's supported and permission is sufficient + "mtu": 1420, // optional, default 1420 +} +``` + +> `secretKey`: string + +Private key. Required. + +> `mtu`: int + +Fragmentation size of the underlying Wireguard tun. + +
+MTU Calculation Method + +The structure of a Wireguard packet is as follows: + +``` +- 20-byte IPv4 header or 40 byte IPv6 header +- 8-byte UDP header +- 4-byte type +- 4-byte key index +- 8-byte nonce +- N-byte encrypted data +- 16-byte authentication tag +``` + +`N-byte encrypted data` is the MTU value we need. Depending on whether the endpoint is IPv4 or IPv6, the specific values can be 1440 (IPv4) or 1420 (IPv6). If in a special environment, subtract additional bytes accordingly (e.g., subtract 8 more bytes for PPPoE over home broadband). + +
+ +> `peers`: \[ [Peers](#peers) \] + +List of peer servers, where each entry is a server configuration. + +### Peers + +```json +{ + "publicKey": "PUBLIC_KEY", + "allowedIPs": ["0.0.0.0/0"] // optional, default ["0.0.0.0/0", "::/0"] +} +``` + +> `publicKey`: string + +Public key, used for verification. + +> `allowedIPs`: string array + +Allowed source IPs.