From 2e30093ffd962aef7b1a9c4a4383ae23380cf685 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sun, 4 Dec 2022 18:24:46 -0500 Subject: [PATCH] Enforce specific none flow for xtls vision In the past, when user open xtls vision on the server side, plain vless+tls can connect. Pure tls is known to have certain tls in tls characters. Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port. --- infra/conf/vless.go | 11 ++++++++++- proxy/vless/inbound/inbound.go | 20 +++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 1f69c7e4..79c32144 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -4,6 +4,7 @@ import ( "encoding/json" "runtime" "strconv" + "strings" "syscall" "github.com/golang/protobuf/proto" @@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { } account.Id = u.String() - switch account.Flow { + accountFlow := account.Flow + flows := strings.Split(account.Flow, ",") + for _, f := range flows { + t := strings.TrimSpace(f) + if t != "none" { + accountFlow = t + } + } + switch accountFlow { case "", vless.XRO, vless.XRD, vless.XRV: case vless.XRS: return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index daa6cde9..c092ebef 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s var netConn net.Conn var rawConn syscall.RawConn - + allowNoneFlow := false + accountFlow := account.Flow + flows := strings.Split(account.Flow, ",") + for _, f := range flows { + t := strings.TrimSpace(f) + if t == "none" { + allowNoneFlow = true + } else { + accountFlow = t + } + } switch requestAddons.Flow { case vless.XRO, vless.XRD, vless.XRV: - if account.Flow == requestAddons.Flow { + if accountFlow == requestAddons.Flow { switch request.Command { case protocol.RequestCommandMux: return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() @@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } else { return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() } - case "": + case "", "none": + if accountFlow == vless.XRV && !allowNoneFlow { + return newError(account.ID.String() + " is not able to use " + vless.XRV + + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() }