diff --git a/app/dns/dnscommon.go b/app/dns/dnscommon.go index fa3ac406..df1b17af 100644 --- a/app/dns/dnscommon.go +++ b/app/dns/dnscommon.go @@ -7,8 +7,8 @@ import ( "time" "github.com/xtls/xray-core/common" - "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/log" "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/session" "github.com/xtls/xray-core/core" diff --git a/core/context.go b/core/context.go index d28ac7e3..50427964 100644 --- a/core/context.go +++ b/core/context.go @@ -26,7 +26,8 @@ func MustFromContext(ctx context.Context) *Instance { return x } -/* toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. +/* + toContext returns ctx from the given context, or creates an Instance if the context doesn't find that. It is unsupported to use this function to create a context that is suitable to invoke Xray's internal component in third party code, you shouldn't use //go:linkname to alias of this function into your own package and @@ -34,7 +35,6 @@ use this function in your third party code. For third party code, usage enabled by creating a context to interact with Xray's internal component is unsupported, and may break at any time. - */ func toContext(ctx context.Context, v *Instance) context.Context { if FromContext(ctx) != v { @@ -43,7 +43,8 @@ func toContext(ctx context.Context, v *Instance) context.Context { return ctx } -/*ToBackgroundDetachedContext create a detached context from another context +/* +ToBackgroundDetachedContext create a detached context from another context Internal API */ func ToBackgroundDetachedContext(ctx context.Context) context.Context { diff --git a/infra/conf/shadowsocks.go b/infra/conf/shadowsocks.go index d35aa3ab..4b94c8e8 100644 --- a/infra/conf/shadowsocks.go +++ b/infra/conf/shadowsocks.go @@ -107,7 +107,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Email = v.Email return config, nil } - + if v.Cipher == "" { return nil, newError("shadowsocks 2022 (multi-user): missing server method") } @@ -120,7 +120,7 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { config.Method = v.Cipher config.Key = v.Password config.Network = v.NetworkList.Build() - + for _, user := range v.Users { if user.Cipher != "" { return nil, newError("shadowsocks 2022 (multi-user): users must have empty method") @@ -145,10 +145,10 @@ func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) { return nil, newError("shadowsocks 2022 (relay): all users must have relay address") } config.Destinations = append(config.Destinations, &shadowsocks_2022.RelayDestination{ - Key: user.Password, - Email: user.Email, + Key: user.Password, + Email: user.Email, Address: user.Address.Build(), - Port: uint32(user.Port), + Port: uint32(user.Port), }) } return config, nil diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index efbe4075..62afaaaf 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -533,7 +533,7 @@ type SocketConfig struct { DialerProxy string `json:"dialerProxy"` TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` - TCPCongestion string `json:"tcpCongestion"` + TCPCongestion string `json:"tcpCongestion"` } // Build implements Buildable. @@ -582,7 +582,7 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { DialerProxy: c.DialerProxy, TcpKeepAliveInterval: c.TCPKeepAliveInterval, TcpKeepAliveIdle: c.TCPKeepAliveIdle, - TcpCongestion: c.TCPCongestion, + TcpCongestion: c.TCPCongestion, }, nil } diff --git a/proxy/shadowsocks_2022/inbound.go b/proxy/shadowsocks_2022/inbound.go index 52b0a798..55bdda9f 100644 --- a/proxy/shadowsocks_2022/inbound.go +++ b/proxy/shadowsocks_2022/inbound.go @@ -11,7 +11,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/shadowsocks_2022/inbound_multi.go b/proxy/shadowsocks_2022/inbound_multi.go index 91342c76..662a171c 100644 --- a/proxy/shadowsocks_2022/inbound_multi.go +++ b/proxy/shadowsocks_2022/inbound_multi.go @@ -15,7 +15,6 @@ import ( E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" - "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/log" diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index e1987d98..9a1ec425 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -31,10 +31,12 @@ const ( Version = byte(0) ) -var tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} -var tlsClientHandShakeStart = []byte{0x16, 0x03} -var tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} -var tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +var ( + tls13SupportedVersions = []byte{0x00, 0x2b, 0x00, 0x02, 0x03, 0x04} + tlsClientHandShakeStart = []byte{0x16, 0x03} + tlsServerHandShakeStart = []byte{0x16, 0x03, 0x03} + tlsApplicationDataStart = []byte{0x17, 0x03, 0x03} +) var addrParser = protocol.NewAddressParser( protocol.AddressFamilyByte(byte(protocol.AddressTypeIPv4), net.AddressFamilyIPv4), @@ -247,9 +249,10 @@ func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, c } // XtlsRead filter and read xtls protocol -func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, - counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, - isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32) error { +func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, rawConn syscall.RawConn, + counter stats.Counter, ctx context.Context, userUUID []byte, numberOfPacketToFilter *int, enableXtls *bool, + isTLS12orAbove *bool, isTLS *bool, cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterUUID := true @@ -326,9 +329,10 @@ func XtlsRead(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater } // XtlsWrite filter and write xtls protocol -func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, - ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32) error { +func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn net.Conn, counter stats.Counter, + ctx context.Context, userUUID *[]byte, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, +) error { err := func() error { var ct stats.Counter filterTlsApplicationData := true @@ -354,7 +358,7 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate buffer[i] = XtlsPadding(b, command, userUUID, ctx) break } else if !*isTLS12orAbove && *numberOfPacketToFilter <= 0 { - //maybe tls 1.1 or 1.0 + // maybe tls 1.1 or 1.0 filterTlsApplicationData = false buffer[i] = XtlsPadding(b, 0x01, userUUID, ctx) break @@ -399,8 +403,9 @@ func XtlsWrite(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdate } // XtlsFilterTls filter and recognize tls 1.3 and other info -func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, - cipher *uint16, remainingServerHello *int32, ctx context.Context) { +func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXtls *bool, isTLS12orAbove *bool, isTLS *bool, + cipher *uint16, remainingServerHello *int32, ctx context.Context, +) { for _, b := range buffer { *numberOfPacketToFilter-- if b.Len() >= 6 { @@ -411,8 +416,8 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt *isTLS = true if b.Len() >= 79 && *remainingServerHello >= 79 { sessionIdLen := int32(b.Byte(43)) - cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3) - *cipher = uint16(cipherSuite[0]) << 8 | uint16(cipherSuite[1]) + cipherSuite := b.BytesRange(43+sessionIdLen+1, 43+sessionIdLen+3) + *cipher = uint16(cipherSuite[0])<<8 | uint16(cipherSuite[1]) } else { newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", *remainingServerHello).WriteToLog(session.ExportIDToError(ctx)) } @@ -431,7 +436,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt v, ok := Tls13CipherSuiteDic[*cipher] if !ok { v = "Old cipher: " + strconv.FormatUint(uint64(*cipher), 16) - } else if (v != "TLS_AES_128_CCM_8_SHA256") { + } else if v != "TLS_AES_128_CCM_8_SHA256" { *enableXtls = true } newError("XtlsFilterTls found tls 1.3! ", b.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) @@ -582,9 +587,9 @@ func XtlsUnpadding(ctx context.Context, buffer buf.MultiBuffer, userUUID []byte, } var Tls13CipherSuiteDic = map[uint16]string{ - 0x1301 : "TLS_AES_128_GCM_SHA256", - 0x1302 : "TLS_AES_256_GCM_SHA384", - 0x1303 : "TLS_CHACHA20_POLY1305_SHA256", - 0x1304 : "TLS_AES_128_CCM_SHA256", - 0x1305 : "TLS_AES_128_CCM_8_SHA256", + 0x1301: "TLS_AES_128_GCM_SHA256", + 0x1302: "TLS_AES_256_GCM_SHA384", + 0x1303: "TLS_CHACHA20_POLY1305_SHA256", + 0x1304: "TLS_AES_128_CCM_SHA256", + 0x1305: "TLS_AES_128_CCM_8_SHA256", } diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index 8aa337c3..347f6710 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -493,8 +493,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s } case "", "none": if accountFlow == vless.XRV && !allowNoneFlow && request.Command == protocol.RequestCommandTCP { - return newError(account.ID.String() + " is not able to use " + vless.XRV + - ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() + return newError(account.ID.String() + " is not able to use " + vless.XRV + + ". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning() } default: return newError("unknown request flow " + requestAddons.Flow).AtWarning() @@ -542,11 +542,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.ReadCounter } - //TODO enable splice + // TODO enable splice ctx = session.ContextWithInbound(ctx, nil) if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter, ctx) } @@ -600,7 +600,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(serverReader, clientWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index 6dde2736..d7ed63fa 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -220,7 +220,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte userUUID := account.ID.Bytes() timeoutReader, ok := clientReader.(buf.TimeoutReader) if ok { - multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond*500) + multiBuffer, err1 := timeoutReader.ReadMultiBufferTimeout(time.Millisecond * 500) if err1 == nil { if requestAddons.Flow == vless.XRV { encoding.XtlsFilterTls(multiBuffer, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello, ctx) @@ -250,7 +250,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte if statConn != nil { counter = statConn.WriteCounter } - err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, + err = encoding.XtlsWrite(clientReader, serverWriter, timer, netConn, counter, ctx, &userUUID, &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer @@ -287,8 +287,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte counter = statConn.ReadCounter } if requestAddons.Flow == vless.XRV { - err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), - &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) + err = encoding.XtlsRead(serverReader, clientWriter, timer, netConn, rawConn, counter, ctx, account.ID.Bytes(), + &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) } else { if requestAddons.Flow != vless.XRS { ctx = session.ContextWithInbound(ctx, nil) diff --git a/proxy/vmess/validator.go b/proxy/vmess/validator.go index 30c44af7..c638a23b 100644 --- a/proxy/vmess/validator.go +++ b/proxy/vmess/validator.go @@ -252,7 +252,9 @@ func (v *TimedUserValidator) BurnTaintFuse(userHash []byte) error { return ErrNotFound } -/* ShouldShowLegacyWarn will return whether a Legacy Warning should be shown +/* + ShouldShowLegacyWarn will return whether a Legacy Warning should be shown + Not guaranteed to only return true once for every inbound, but it is okay. */ func (v *TimedUserValidator) ShouldShowLegacyWarn() bool { diff --git a/transport/internet/kcp/kcp.go b/transport/internet/kcp/kcp.go index 242dce94..1a486faa 100644 --- a/transport/internet/kcp/kcp.go +++ b/transport/internet/kcp/kcp.go @@ -1,8 +1,9 @@ // Package kcp - A Fast and Reliable ARQ Protocol // // Acknowledgement: -// skywind3000@github for inventing the KCP protocol -// xtaci@github for translating to Golang +// +// skywind3000@github for inventing the KCP protocol +// xtaci@github for translating to Golang package kcp //go:generate go run github.com/xtls/xray-core/common/errors/errorgen diff --git a/transport/internet/quic/dialer.go b/transport/internet/quic/dialer.go index 9e12513e..0e4c6a6b 100644 --- a/transport/internet/quic/dialer.go +++ b/transport/internet/quic/dialer.go @@ -140,8 +140,8 @@ func (s *clientConnections) openConnection(ctx context.Context, destAddr net.Add } quicConfig := &quic.Config{ - ConnectionIDLength: 12, - KeepAlivePeriod: 0, + ConnectionIDLength: 12, + KeepAlivePeriod: 0, HandshakeIdleTimeout: time.Second * 8, MaxIdleTimeout: time.Second * 300, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/quic/hub.go b/transport/internet/quic/hub.go index 5d7e2b95..27a7e7e0 100644 --- a/transport/internet/quic/hub.go +++ b/transport/internet/quic/hub.go @@ -106,8 +106,8 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti quicConfig := &quic.Config{ ConnectionIDLength: 12, KeepAlivePeriod: 0, - HandshakeIdleTimeout: time.Second * 8, - MaxIdleTimeout: time.Second * 300, + HandshakeIdleTimeout: time.Second * 8, + MaxIdleTimeout: time.Second * 300, MaxIncomingStreams: 32, MaxIncomingUniStreams: -1, Tracer: qlog.NewTracer(func(_ logging.Perspective, connID []byte) io.WriteCloser { diff --git a/transport/internet/sockopt_darwin.go b/transport/internet/sockopt_darwin.go index 87a524cb..5a50efa7 100644 --- a/transport/internet/sockopt_darwin.go +++ b/transport/internet/sockopt_darwin.go @@ -1,11 +1,12 @@ package internet import ( - "github.com/xtls/xray-core/common/net" - "golang.org/x/sys/unix" "os" "syscall" "unsafe" + + "github.com/xtls/xray-core/common/net" + "golang.org/x/sys/unix" ) const ( diff --git a/transport/internet/sockopt_linux.go b/transport/internet/sockopt_linux.go index a5a83298..c805e2e3 100644 --- a/transport/internet/sockopt_linux.go +++ b/transport/internet/sockopt_linux.go @@ -78,11 +78,11 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { @@ -128,11 +128,11 @@ func applyInboundSocketOptions(network string, fd uintptr, config *SocketConfig) } } - if config.TcpCongestion != "" { - if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { - return newError("failed to set TCP_CONGESTION", err) - } - } + if config.TcpCongestion != "" { + if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil { + return newError("failed to set TCP_CONGESTION", err) + } + } } if config.Tproxy.IsEnabled() { diff --git a/transport/internet/tls/grpc.go b/transport/internet/tls/grpc.go index ede921b7..a698196b 100644 --- a/transport/internet/tls/grpc.go +++ b/transport/internet/tls/grpc.go @@ -3,11 +3,12 @@ package tls import ( "context" gotls "crypto/tls" - utls "github.com/refraction-networking/utls" - "google.golang.org/grpc/credentials" "net" "net/url" "strconv" + + utls "github.com/refraction-networking/utls" + "google.golang.org/grpc/credentials" ) // grpcUtlsInfo contains the auth information for a TLS authenticated connection. diff --git a/transport/internet/websocket/ws.go b/transport/internet/websocket/ws.go index 55387100..85c5ffb0 100644 --- a/transport/internet/websocket/ws.go +++ b/transport/internet/websocket/ws.go @@ -1,4 +1,5 @@ -/*Package websocket implements WebSocket transport +/* +Package websocket implements WebSocket transport WebSocket transport implements an HTTP(S) compliable, surveillance proof transport method with plausible deniability. */ diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go index 10e678de..452780d2 100644 --- a/transport/internet/xtls/xtls.go +++ b/transport/internet/xtls/xtls.go @@ -2,7 +2,6 @@ package xtls import ( xtls "github.com/xtls/go" - "github.com/xtls/xray-core/common/net" )