From 242f3b0e0b635699db26a991aa6c0cd47927e8b6 Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Sun, 16 Apr 2023 21:15:36 +0000 Subject: [PATCH] XTLS protocol: Apply Vision's padding to XUDP Mux & Minor fixes It's recommended to enable XUDP Mux when using XTLS Vision Thank @yuhan6665 for testing --- proxy/vless/encoding/encoding.go | 7 +++++-- proxy/vless/inbound/inbound.go | 10 ++++------ proxy/vless/outbound/outbound.go | 6 +++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index 27d1fb01..f668c402 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -21,6 +21,7 @@ import ( "github.com/xtls/xray-core/common/signal" "github.com/xtls/xray-core/features/stats" "github.com/xtls/xray-core/proxy/vless" + "github.com/xtls/xray-core/transport/internet/reality" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" ) @@ -227,8 +228,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater if ok { iConn = statConn.Connection } - if xc, ok := iConn.(*tls.Conn); ok { - iConn = xc.NetConn() + if tlsConn, ok := iConn.(*tls.Conn); ok { + iConn = tlsConn.NetConn() + } else if realityConn, ok := iConn.(*reality.Conn); ok { + iConn = realityConn.NetConn() } if tc, ok := iConn.(*net.TCPConn); ok { newError("XtlsRead splice").WriteToLog(session.ExportIDToError(ctx)) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8d9b9b43..688c98a3 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -456,10 +456,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s case vless.XRV: if account.Flow == requestAddons.Flow { switch request.Command { - case protocol.RequestCommandMux: - return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() case protocol.RequestCommandUDP: return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() + case protocol.RequestCommandMux: + fallthrough // we will break Mux connections that contain TCP requests case protocol.RequestCommandTCP: var t reflect.Type var p uintptr @@ -474,10 +474,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s netConn = realityConn.NetConn() t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) - } else if _, ok := iConn.(*tls.UConn); ok { - return newError("XTLS only supports UTLS fingerprint for the outbound.").AtWarning() } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } if pc, ok := netConn.(*proxyproto.Conn); ok { netConn = pc.Raw() @@ -495,7 +493,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } case "": - if account.Flow == vless.XRV && request.Command == protocol.RequestCommandTCP { + if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() } default: diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 4cdae764..4f42ea9f 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -135,13 +135,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte fallthrough case vless.XRV: switch request.Command { - case protocol.RequestCommandMux: - requestAddons.Flow = "" // let server break Mux connections that contain TCP requests case protocol.RequestCommandUDP: if !allowUDP443 && request.Port == 443 { return newError("XTLS rejected UDP/443 traffic").AtInfo() } requestAddons.Flow = "" + case protocol.RequestCommandMux: + fallthrough // let server break Mux connections that contain TCP requests case protocol.RequestCommandTCP: var t reflect.Type var p uintptr @@ -158,7 +158,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte t = reflect.TypeOf(realityConn.Conn).Elem() p = uintptr(unsafe.Pointer(realityConn.Conn)) } else { - return newError("XTLS only supports TCP, mKCP and DomainSocket for now.").AtWarning() + return newError("XTLS only supports TLS and REALITY directly for now.").AtWarning() } if sc, ok := netConn.(syscall.Conn); ok { rawConn, _ = sc.SyscallConn()