Fix VLESS fallbacks SNI shunt

This commit is contained in:
RPRX 2021-01-14 21:55:52 +00:00 committed by GitHub
parent 638e8384b6
commit f13ac3cb55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -109,10 +109,11 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) {
} }
*/ */
} }
if handler.fallbacks[""] != nil { for _, apfb := range handler.fallbacks {
for alpn, pfb := range handler.fallbacks { if apfb[""] != nil {
for alpn, pfb := range apfb {
if alpn != "" { // && alpn != "h2" { if alpn != "" { // && alpn != "h2" {
for path, fb := range handler.fallbacks[""] { for path, fb := range apfb[""] {
if pfb[path] == nil { if pfb[path] == nil {
pfb[path] = fb pfb[path] = fb
} }
@ -121,6 +122,23 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) {
} }
} }
} }
if handler.fallbacks[""] != nil {
for name, apfb := range handler.fallbacks {
if name != "" {
for alpn, pfb := range handler.fallbacks[""] {
if apfb[alpn] == nil {
apfb[alpn] = make(map[string]*Fallback)
}
for path, fb := range pfb {
if apfb[alpn][path] == nil {
apfb[alpn][path] = fb
}
}
}
}
}
}
}
return handler, nil return handler, nil
} }
@ -175,8 +193,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
var requestAddons *encoding.Addons var requestAddons *encoding.Addons
var err error var err error
apfb := h.fallbacks napfb := h.fallbacks
isfb := apfb != nil isfb := napfb != nil
if isfb && firstLen < 18 { if isfb && firstLen < 18 {
err = newError("fallback directly") err = newError("fallback directly")
@ -193,36 +211,44 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
name := "" name := ""
alpn := "" alpn := ""
if len(apfb) > 1 || apfb[""] == nil {
if tlsConn, ok := iConn.(*tls.Conn); ok { if tlsConn, ok := iConn.(*tls.Conn); ok {
name = tlsConn.ConnectionState().ServerName cs := tlsConn.ConnectionState()
alpn = tlsConn.ConnectionState().NegotiatedProtocol name = cs.ServerName
newError("realServerName = " + name).AtInfo().WriteToLog(sid) alpn = cs.NegotiatedProtocol
newError("realName = " + name).AtInfo().WriteToLog(sid)
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
} else if xtlsConn, ok := iConn.(*xtls.Conn); ok { } else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
name = xtlsConn.ConnectionState().ServerName cs := xtlsConn.ConnectionState()
alpn = xtlsConn.ConnectionState().NegotiatedProtocol name = cs.ServerName
newError("realServerName = " + name).AtInfo().WriteToLog(sid) alpn = cs.NegotiatedProtocol
newError("realName = " + name).AtInfo().WriteToLog(sid)
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
} }
labels := strings.Split(name, ".")
for i := range labels { if len(napfb) > 1 || napfb[""] == nil {
labels[i] = "*" if napfb[name] == nil {
candidate := strings.Join(labels, ".") generic := "*"
if apfb[candidate] != nil { if index := strings.IndexByte(name, '.'); index != -1 {
name = candidate generic += name[index:]
break }
if napfb[generic] != nil {
name = generic
} }
} }
if apfb[name] == nil {
name = ""
}
if apfb[name][alpn] == nil {
alpn = ""
} }
if napfb[name] == nil {
name = ""
} }
pfb := apfb[name][alpn] apfb := napfb[name]
if apfb == nil {
return newError(`failed to find the default "name" config`).AtWarning()
}
if apfb[alpn] == nil {
alpn = ""
}
pfb := apfb[alpn]
if pfb == nil { if pfb == nil {
return newError(`failed to find the default "alpn" config`).AtWarning() return newError(`failed to find the default "alpn" config`).AtWarning()
} }