Fix VLESS fallbacks SNI shunt

2024-07-06 09:59:19 +03:00 · 2021-01-14 21:55:52 +00:00 · 2021-01-14 21:55:52 +00:00 · f13ac3cb55
parent 638e8384b6
commit f13ac3cb55
1 changed files with 60 additions and 34 deletions
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@ -109,12 +109,30 @@ func New(ctx context.Context, config *Config, dc dns.Client) (*Handler, error) {
 				}
 			*/
 		}
 		for _, apfb := range handler.fallbacks {
 			if apfb[""] != nil {
 				for alpn, pfb := range apfb {
 					if alpn != "" { // && alpn != "h2" {
 						for path, fb := range apfb[""] {
 							if pfb[path] == nil {
 								pfb[path] = fb
 							}
 						}
 					}
 				}
 			}
 		}
 		if handler.fallbacks[""] != nil {
-			for alpn, pfb := range handler.fallbacks {
+			for name, apfb := range handler.fallbacks {
-				if alpn != "" { // && alpn != "h2" {
+				if name != "" {
-					for path, fb := range handler.fallbacks[""] {
+					for alpn, pfb := range handler.fallbacks[""] {
-						if pfb[path] == nil {
+						if apfb[alpn] == nil {
-							pfb[path] = fb
+							apfb[alpn] = make(map[string]*Fallback)
 						}
 						for path, fb := range pfb {
 							if apfb[alpn][path] == nil {
 								apfb[alpn][path] = fb
 							}
 						}
 					}
 				}
@ -175,8 +193,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 	var requestAddons *encoding.Addons
 	var err error
-	apfb := h.fallbacks
+	napfb := h.fallbacks
-	isfb := apfb != nil
+	isfb := napfb != nil
 	if isfb && firstLen < 18 {
 		err = newError("fallback directly")
@ -193,36 +211,44 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 			name := ""
 			alpn := ""
-			if len(apfb) > 1 || apfb[""] == nil {
+			if tlsConn, ok := iConn.(*tls.Conn); ok {
-				if tlsConn, ok := iConn.(*tls.Conn); ok {
+				cs := tlsConn.ConnectionState()
-					name = tlsConn.ConnectionState().ServerName
+				name = cs.ServerName
-					alpn = tlsConn.ConnectionState().NegotiatedProtocol
+				alpn = cs.NegotiatedProtocol
-					newError("realServerName = " + name).AtInfo().WriteToLog(sid)
+				newError("realName = " + name).AtInfo().WriteToLog(sid)
-					newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
+				newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
-				} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
+			} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-					name = xtlsConn.ConnectionState().ServerName
+				cs := xtlsConn.ConnectionState()
-					alpn = xtlsConn.ConnectionState().NegotiatedProtocol
+				name = cs.ServerName
-					newError("realServerName = " + name).AtInfo().WriteToLog(sid)
+				alpn = cs.NegotiatedProtocol
-					newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
+				newError("realName = " + name).AtInfo().WriteToLog(sid)
-				}
+				newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
-				labels := strings.Split(name, ".")
+			}
-				for i := range labels {
+
-					labels[i] = "*"
+			if len(napfb) > 1 || napfb[""] == nil {
-					candidate := strings.Join(labels, ".")
+				if napfb[name] == nil {
-					if apfb[candidate] != nil {
+					generic := "*"
-						name = candidate
+					if index := strings.IndexByte(name, '.'); index != -1 {
-						break
+						generic += name[index:]
 					}
 					if napfb[generic] != nil {
 						name = generic
 					}
 				}
 				if apfb[name] == nil {
 					name = ""
 				}
 				if apfb[name][alpn] == nil {
 					alpn = ""
 				}
 			}
-			pfb := apfb[name][alpn]
+
 			if napfb[name] == nil {
 				name = ""
 			}
 			apfb := napfb[name]
 			if apfb == nil {
 				return newError(`failed to find the default "name" config`).AtWarning()
 			}
 			if apfb[alpn] == nil {
 				alpn = ""
 			}
 			pfb := apfb[alpn]
 			if pfb == nil {
 				return newError(`failed to find the default "alpn" config`).AtWarning()
 			}