RPRX
ad3d347cfc
XTLS Vision: Apply padding to single XUDP by default at client side
...
Requires Xray-core v1.8.1+ at server side: 242f3b0e0b
2024-02-02 20:32:46 +00:00
yuhan6665
d21e9b0abd
Try a better fix for rare ssl error with freedom splice
...
It seems the root cause is if the flag set at the inbound pipe reader, it is a race condition and freedom outbound can possibly do splice at the same time with inbound xtls writer.
Now we set the flag at the earliest and always do splice at the next buffer cycle.
2024-01-26 04:42:45 -05:00
yuhan6665
3167a70ff8
Try to fix rare ssl error with freedom splice
2024-01-26 02:29:26 -05:00
yuhan6665
d60281d0a5
Add DestIpAddress() in Dialer interface
...
Android client prepares an IP before proxy connection is established. It is useful when connecting to wireguard (or quic) outbound with domain address. E.g. engage.cloudflareclient.com:2408
2023-12-18 18:36:56 -05:00
H1JK
c01a30e8f4
Cleanup sing buffer usage
2023-12-17 17:37:08 -05:00
wyx2685
31a8fae764
Fix deprecated StackNew() function
2023-12-12 11:28:26 -05:00
yuhan6665
6f092bd212
Add "masterKeyLog" in TLS config ( #2758 )
...
* Add "enableMasterKeyLog" in TLS config
Turn on the debug option for Wireshark to decrypt traffic
* Change to "masterKeyLog" to configure a path
2023-11-27 10:08:34 -05:00
yuhan6665
2570855cd7
Update v1.8.6
2023-11-17 20:11:40 -05:00
hax0r31337
0ac7da2fc8
WireGuard Inbound (User-space WireGuard server) ( #2477 )
...
* feat: wireguard inbound
* feat(command): generate wireguard compatible keypair
* feat(wireguard): connection idle timeout
* fix(wireguard): close endpoint after connection closed
* fix(wireguard): resolve conflicts
* feat(wireguard): set cubic as default cc algorithm in gVisor TUN
* chore(wireguard): resolve conflict
* chore(wireguard): remove redurant code
* chore(wireguard): remove redurant code
* feat: rework server for gvisor tun
* feat: keep user-space tun as an option
* fix: exclude android from native tun build
* feat: auto kernel tun
* fix: build
* fix: regulate function name & fix test
2023-11-17 22:27:17 -05:00
yuhan6665
d9fd3f8eb1
Freedom xdomain strategy ( #2719 )
...
* 统一 `domainStrategy` 行为.
* aliases NG.
* 化简.
* 调整.
* Let it crash.
* Update proto
---------
Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
2023-11-12 16:27:39 -05:00
yuhan6665
a109389efb
Wireguard resolve strategy ( #2717 )
...
* 增加 wireguard 出站选项 `resolveStrategy`.
* They become a part of you.
* 移除不必要的选项别名.
* aliases NG.
* 微调.
---------
Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
2023-11-12 15:52:09 -05:00
yuhan6665
5ae3791a8e
feat : upgrade wireguard go sdk ( #2716 )
...
Co-authored-by: kunson <kunson@kunsondeMacBook-Pro-3.local>
Co-authored-by: 世界 <i@sekai.icu>
2023-11-12 15:10:01 -05:00
yuhan6665
999bdc58d3
Turn on freedom splice by default
2023-10-29 15:16:57 -04:00
yuhan6665
4f05e0ac2b
Unify environment var readers
2023-10-29 15:16:57 -04:00
yuhan6665
291061e9da
Fix an edge case reshaping buffer too long
2023-10-21 03:20:51 -04:00
yuhan6665
cf575be678
Fix unwrap tls conn
2023-09-21 15:35:56 -04:00
yuhan6665
585d5ba7c8
Fix Vision reader
2023-09-17 12:56:29 -04:00
yuhan6665
d6d225c698
Refactor Vision reader writer
...
- Vision now use traffic states to capture two-way info about a connection
- XTLS is de-couple with Vision, it only read traffic states to switch to direct copy mode
- fix a edge case error when Vision unpadding read 5 command bytes
2023-09-13 08:01:34 -04:00
yuhan6665
efd32b0fb2
Enable splice for freedom outbound (downlink only)
...
- Add outbound name
- Add outbound conn in ctx
- Refactor splice: it can be turn on from all inbounds and outbounds
- Refactor splice: Add splice copy to vless inbound
- Fix http error test
- Add freedom splice toggle via env var
- Populate outbound obj in context
- Use CanSpliceCopy to mark a connection
- Turn off splice by default
2023-09-07 14:17:39 -04:00
douglarek
d616f6160d
Fix go 1.21 build, see https://github.com/XTLS/Xray-core/issues/2466
2023-08-24 11:17:31 -04:00
cty123
a343d68944
fix(proxy): removed the udp payload length check when encryption is disabled
2023-08-19 23:13:43 -04:00
hax0r31337
f67167bb3b
refactor(deps): replace github.com/golang/protobuf with google.golang.org/protobuf
2023-08-10 10:43:27 -04:00
cty123
b68a43f4fc
fix: correct the logic of converting SocksAddr into net.Destination.
2023-07-19 16:01:35 -04:00
cty123
8eb3cfe144
fix: Patch potential nil pointer deference in proxy::http::client::fillRequestHeader().
2023-07-15 20:17:11 -04:00
RPRX
f0f3b417f7
Refactor: Fragmentation
...
5f5ae37571
9122d0f056
2023-07-06 16:30:39 +00:00
RPRX
6d4194415d
Clean unnecessary code in Trojan
2023-07-06 15:18:05 +00:00
Eken Chan
6d8fe7315f
XRV should work without rawConn
2023-06-22 10:21:27 -04:00
RPRX
ee21763928
Run "go fmt ./..."
2023-06-18 09:46:57 -04:00
RPRX
667279af57
Add "nonIPQuery" to DNS outbound ("drop" by default)
...
And fixed a memory leak
And regenerated *.pb.go
2023-06-18 09:45:32 -04:00
rrouzbeh
9122d0f056
Add TLS Hello Fragmentation for freedom outbound ( #2131 )
...
* Replace TCP Segmentation with TLS Hello Fragmentation
* Update infra/conf/freedom.go
* Refine proxy/freedom/freedom.go
---------
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-06-18 09:27:55 -04:00
yuhan6665
9112cfd39c
Clean legacy vmess ( #2199 )
...
* Remove legacy Vmess
* validators
* protos
2023-06-12 10:32:25 -04:00
yuhan6665
d11d72be6c
Update proto file and fix protoc version parsing
...
The new protoc cli return version v23.1,
so we parse the file version v4.23.1 without "4."
2023-06-11 13:36:06 -04:00
yuhan6665
c9f517108c
Remove mtproto
2023-06-06 23:38:34 -04:00
sambali9
5f5ae37571
Added tcp fragmentation for freedom outbound ( #2021 )
...
* Added tcp fragmentation for freedom outbound
* Added TCP_NODELAY to outbound sockopt
* Changed fragment parameters to accept ranges and changed strategy to use length
* Changed packetNumber to packets, supporting range.
* Refactored the freedom fragment logic
* Refine Write()
---------
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-05-22 02:59:58 +00:00
jcdong98
e7324700ed
Fix memory leak caused by Wireguard outbound
2023-05-14 20:05:04 -04:00
Zeyu Chen
bfd5da2f00
fix: dns empty response
2023-05-01 10:19:50 -04:00
世界
18e5b0963f
Update dependencies
2023-04-23 19:32:07 +08:00
RPRX
242f3b0e0b
XTLS protocol: Apply Vision's padding to XUDP Mux & Minor fixes
...
It's recommended to enable XUDP Mux when using XTLS Vision
Thank @yuhan6665 for testing
2023-04-16 21:15:36 +00:00
RPRX
4f601530fa
Allow multiple XUDP in Mux when using XTLS Vision (client side)
2023-04-14 22:51:09 +00:00
RPRX
b33b0bc89d
Allow multiple XUDP in Mux when using XTLS Vision (server side)
2023-04-12 23:20:38 +08:00
yuhan6665
05d24d6827
Amend XUDP related logs
...
- Useful for debug XUDP improvements
- Move XUDP log in core log
- Freedom connection log show local port
2023-04-09 13:29:39 -04:00
RPRX
be23d5d3b7
XUDP protocol: Add Global ID & UoT Migration
...
The first UoT protocol that supports UoT Migration
Thank @yuhan6665 for testing
2023-04-06 10:21:35 +00:00
世界
172f353bd7
Update dependencies
2023-03-20 15:01:38 +08:00
世界
55efac7236
Reformat code
2023-03-17 13:17:08 +08:00
世界
f57ec13880
Update UoT protocol
2023-03-17 13:17:08 +08:00
RPRX
c04c333afc
They become a part of you
2023-03-04 15:39:27 +00:00
yuhan6665
9e5bc07bf2
Legends never die ( #1725 )
2023-03-04 10:39:26 +00:00
RPRX
4c8ee0af50
Set reserved to zero after Read()
...
Thank @IRN-Kawakaze for testing
2023-03-03 15:39:16 +00:00
yuhan6665
25ea69fc3a
Fix Vision inserting multiple uuid headers
...
This happen for stream inbound like http
2023-03-03 09:45:10 -05:00
yuhan6665
a4790133d2
Fix padding extends out of bound again
2023-03-02 21:42:48 -05:00
RPRX
ccba465590
Add reserved to WireGuard config
...
Fixes https://github.com/XTLS/Xray-core/issues/1730
2023-03-02 16:55:42 +00:00
yuhan6665
7b54255cc1
Fix padding extends out of bound
2023-03-01 08:43:00 -05:00
yuhan6665
2d898480be
Vision padding upgrade ( #1646 )
...
* Vision server allow multiple blocks of padding
* Fix Vision client to support multiple possible padding blocks
* Vision padding upgrade
- Now we have two types of padding: long (pad to 900-1400) and traditional (0-256)
- Long padding is applied to tls handshakes and first (empty) packet
- Traditional padding is applied to all beginning (7) packets of the connection (counted two-way)
- Since receiver changed its way to unpad buffer in fd6973b3c6
, we can freely extend padding packet length easily in the future
- Simplify code
* Adjust receiver withinPaddingBuffers
Now default withinPaddingBuffers = true to give it a chance to do unpadding
* Fix magic numbers for Vision
Thanks @H1JK
Thanks @RPRX for guidance
2023-02-27 22:14:37 -05:00
RPRX
c38179a67f
Upgrade github.com/xtls/reality to f34b4d174342
...
Fixes https://github.com/XTLS/Xray-core/issues/1712
2023-02-26 19:26:57 +08:00
Hellojack
267d93f7bd
Improve ReshapeMultiBuffer ( #1636 )
...
* Improve ReshapeMultiBuffer
* Improve again
* Always resize
2023-02-24 11:42:02 -05:00
RPRX
4d2e2b24d3
THE NEXT FUTURE becomes THE REALITY NOW
...
Thank @yuhan6665 for testing
2023-02-15 16:07:12 +00:00
yuhan6665
c3faa8b7ac
Insert padding with empty content to camouflage VLESS header ( #1610 )
...
This only affects the Vision client for protocols expecting server to send data first.
The change is compatible with existing version of Vision server.
2023-02-06 06:45:09 +00:00
RPRX
74416570d4
Format VLESS inbound.go and outbound.go
2023-01-31 18:02:12 +00:00
RPRX
b70912799b
Generate *.pb.go files with protoc v3.21.12
...
https://github.com/protocolbuffers/protobuf/releases/tag/v21.12
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2
go run ./infra/vprotogen
2023-01-30 04:35:30 +00:00
yuhan6665
15bb23e4ec
XTLS Vision rejects Mux except for XUDP ( #1567 )
...
* Xtls vision reject vless-tcp-tls+Mux
* Address review comment
2023-01-28 05:39:36 +00:00
yuhan6665
fb212905bd
XTLS Vision checks outer TLS version ( #1554 )
2023-01-27 03:43:58 +00:00
MP
77d2f9edd7
Revise the Code per XTLS#1515 ( #1536 )
...
* Use buf.FromBytes(make([]byte, 0, buf.Size)) to create `first`
Fixes https://github.com/XTLS/Xray-core/issues/1515
* Update server.go
* Update inbound.go
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-01-16 22:18:58 -05:00
RPRX
8c0d3c0257
XTLS Vision supports acceptProxyProtocol (test needed)
...
Fixes https://github.com/XTLS/Xray-core/issues/1339
2023-01-07 11:01:53 +00:00
RPRX
6f61021f7a
XTLS Vision processes struct TLS Conn's input and rawInput
...
Fixes https://github.com/XTLS/Xray-core/issues/1444
2023-01-06 05:37:16 +00:00
yuhan6665
c4fbdf1b78
Run core/format.go
2022-12-25 19:47:53 -05:00
PMExtra
c9b6fc0104
Add custom header support for HTTP proxy
2022-12-18 21:48:23 -05:00
pocketW
a55cf1d0bf
fix: email inconsistent
2022-12-15 08:35:07 -05:00
yuhan6665
f35ded79ad
Vision only reject TCP command for VLESS-TCP-TLS
...
UDP and MUX command currently has no flow value.
Also the character is the same with or without XTLS
2022-12-12 21:20:01 -05:00
yuhan6665
bc4de6a026
Fix VLESS client doesn't handle traffic if not send data first
...
Certain ssh, mySQL and reverse proxy need server data first in a connection
2022-12-11 09:44:40 -05:00
yuhan6665
2e30093ffd
Enforce specific none flow for xtls vision
...
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
2022-12-04 23:15:36 -05:00
yuhan6665
1d7c40d728
Enable Xtls Vision (Direct not Splice) for any inbound connection
...
Before this change, Vision client need a pure inbound like socks or http.
After this change, it will support any inbound.
This is useful in traffic forwarder use case inside China.
2022-12-04 23:15:36 -05:00
Senis John
143229b148
update: Implement the proxy.UserManager of ss2022
2022-12-03 21:19:31 -05:00
yuhan6665
d87758d46f
Parse big server hello properly
2022-11-27 18:28:38 -05:00
yuhan6665
e5e9e58d66
Fix direct flow on Windows
2022-11-27 18:28:38 -05:00
nanoda0523
e18b52a5df
Implement WireGuard protocol as outbound (client) ( #1344 )
...
* implement WireGuard protocol for Outbound
* upload license
* fix build for openbsd & dragonfly os
* updated wireguard-go
* fix up
* switch to another wireguard fork
* fix
* switch to upstream
* open connection through internet.Dialer (#1 )
* use internet.Dialer
* maybe better code
* fix
* real fix
Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
* fix bugs & add ability to recover during connection reset on UDP over TCP parent protocols
* improve performance
improve performance
* dns lookup endpoint && remove unused code
* interface address fallback
* better code && add config test case
Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
2022-11-21 20:05:54 -05:00
yuhan6665
494a10971b
Fix xtls vision issue with big server hello
2022-11-20 18:54:07 -05:00
yuhan6665
8006430c15
Add logic to filter TLS_AES_128_CCM_8_SHA256
2022-11-13 12:18:23 -05:00
yuhan6665
04278a8940
Refactor some variable names
2022-11-13 12:18:23 -05:00
yuhan6665
48f7cc2132
Reshape multi buffer to fix the padding when buffer is full
2022-11-13 12:18:23 -05:00
yuhan6665
8ef609ff46
Enable UTLS fingerprint for XTLS Vision
2022-11-06 21:50:19 -05:00
yuhan6665
fffd908db2
Fix direct and splice flow
2022-11-06 21:50:19 -05:00
yuhan6665
5e695327b1
Add XTLS RPRX's Vision ( #1235 )
...
* Add XTLS RPRX's Vision
* Add helpful warning when security is wrong
* Add XTLS padding (draft)
* Fix number of packet to filter
* Xtls padding version 1.0 and unpadding logic
2022-10-29 00:51:59 -04:00
yuhan6665
8117b66949
Generate all protos
2022-10-10 13:17:32 -04:00
yuhan6665
c21595a937
Fix an issue with ss2022 generics
2022-09-16 21:54:37 -04:00
yuhan6665
debd2e3ba8
Remove compatibility code
...
The minimum support go version is already 1.18
2022-09-16 20:39:07 -04:00
yuhan6665
84537e98c4
Update xtls and go to 1.19
2022-09-15 22:06:59 -04:00
yuhan6665
71a9a6dd55
Update dependencies
...
- Sync with sing upstream
2022-08-27 22:57:14 -04:00
世界
7d52ded2a3
Update dependencies
2022-07-16 09:33:03 +08:00
世界
52930a16b2
Fix check ss bad udp request #1122
2022-06-28 07:50:18 +08:00
Shelikhoo
d4f18b1342
Fix DoS attack vulnerability in VMess Option Processing
2022-06-19 19:13:37 -04:00
世界
ba4ce4c24f
Add shadowsocks 2022 relay service
2022-06-19 22:17:23 +08:00
世界
bd0cf955c7
Update shadowsocks-2022 multi-server usage
2022-06-07 11:17:08 +08:00
世界
c3505632fd
Add udp over tcp support for shadowsocks-2022
2022-06-01 11:49:02 +08:00
世界
f1d753f069
Fix build in legacy golang version
2022-05-31 15:55:38 +08:00
世界
91ce752405
Fix close pipe
2022-05-31 11:44:32 +08:00
世界
79f3057687
Migrate shadowsocks-2022 to protocol library
2022-05-26 07:35:17 +08:00
世界
1edce576ca
Fix missing user in shadowsocks-2022 inbound
2022-05-25 08:49:52 +08:00
世界
cf7e675c45
Add shadowsocks 2022 multi-user inbound
2022-05-24 07:37:14 +08:00
世界
087f0d1240
Add shadowsocks-2022 inbound/outbound ( #1061 )
2022-05-22 23:55:48 -04:00
世界
f046feb9ca
Reformat code
2022-05-18 15:29:01 +08:00