mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-15 01:09:20 +02:00
Don't do raw/splice copy in case of MITM
This commit is contained in:
parent
8a4217fdf5
commit
4cb2a128db
|
@ -28,6 +28,7 @@ import (
|
||||||
"github.com/xtls/xray-core/transport"
|
"github.com/xtls/xray-core/transport"
|
||||||
"github.com/xtls/xray-core/transport/internet"
|
"github.com/xtls/xray-core/transport/internet"
|
||||||
"github.com/xtls/xray-core/transport/internet/stat"
|
"github.com/xtls/xray-core/transport/internet/stat"
|
||||||
|
"github.com/xtls/xray-core/transport/internet/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
var useSplice bool
|
var useSplice bool
|
||||||
|
@ -225,9 +226,16 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
||||||
writeConn = inbound.Conn
|
writeConn = inbound.Conn
|
||||||
inTimer = inbound.Timer
|
inTimer = inbound.Timer
|
||||||
}
|
}
|
||||||
return proxy.CopyRawConnIfExist(ctx, conn, writeConn, link.Writer, timer, inTimer)
|
if !isTLSConn(conn) { // it would be tls conn in special use case of MITM, we need to let link handle traffic
|
||||||
|
return proxy.CopyRawConnIfExist(ctx, conn, writeConn, link.Writer, timer, inTimer)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var reader buf.Reader
|
||||||
|
if destination.Network == net.Network_TCP {
|
||||||
|
reader = buf.NewReader(conn)
|
||||||
|
} else {
|
||||||
|
reader = NewPacketReader(conn, UDPOverride)
|
||||||
}
|
}
|
||||||
reader := NewPacketReader(conn, UDPOverride)
|
|
||||||
if err := buf.Copy(reader, output, buf.UpdateActivity(timer)); err != nil {
|
if err := buf.Copy(reader, output, buf.UpdateActivity(timer)); err != nil {
|
||||||
return errors.New("failed to process response").Base(err)
|
return errors.New("failed to process response").Base(err)
|
||||||
}
|
}
|
||||||
|
@ -245,6 +253,19 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isTLSConn(conn stat.Connection) bool {
|
||||||
|
if conn != nil {
|
||||||
|
statConn, ok := conn.(*stat.CounterConnection)
|
||||||
|
if ok {
|
||||||
|
conn = statConn.Connection
|
||||||
|
}
|
||||||
|
if _, ok := conn.(*tls.Conn); ok {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewPacketReader(conn net.Conn, UDPOverride net.Destination) buf.Reader {
|
func NewPacketReader(conn net.Conn, UDPOverride net.Destination) buf.Reader {
|
||||||
iConn := conn
|
iConn := conn
|
||||||
statConn, ok := iConn.(*stat.CounterConnection)
|
statConn, ok := iConn.(*stat.CounterConnection)
|
||||||
|
|
Loading…
Reference in New Issue