Commit Graph

221 Commits

Author SHA1 Message Date
deorth-kku cae94570df Fixing tcp connestions leak
- always use HandshakeContext instead of Handshake

- pickup dailer dropped ctx

- rename HandshakeContextAddress to HandshakeAddressContext
2024-02-19 09:32:40 -05:00
yuhan6665 fa5d7a255b
Least load balancer (#2999)
* v5: Health Check & LeastLoad Strategy (rebased from 2c5a71490368500a982018a74a6d519c7e121816)

Some changes will be necessary to integrate it into V2Ray

* Update proto

* parse duration conf with time.Parse()

* moving health ping to observatory as a standalone component

* moving health ping to observatory as a standalone component: auto generated file

* add initialization for health ping

* incorporate changes in router implementation

* support principle target output

* add v4 json support for BurstObservatory & fix balancer reference

* update API command

* remove cancelled API

* return zero length value when observer is not found

* remove duplicated targeted dispatch

* adjust test with updated structure

* bug fix for observer

* fix strategy selector

* fix strategy least load

* Fix ticker usage

ticker.Close does not close ticker.C

* feat: Replace default Health Ping URL to HTTPS (#1991)

* fix selectLeastLoad() returns wrong number of nodes (#2083)

* Test: fix leastload strategy unit test

* fix(router): panic caused by concurrent map read and write (#2678)

* Clean up code

---------

Co-authored-by: Jebbs <qjebbs@gmail.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 世界 <i@sekai.icu>
Co-authored-by: Bernd Eichelberger <46166740+4-FLOSS-Free-Libre-Open-Source-Software@users.noreply.github.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: Rinka <kujourinka@gmail.com>
2024-02-17 22:51:37 -05:00
yuhan6665 bf02392969 Temporarily turn off sockopt for UDP on windows 2024-02-17 13:22:39 -05:00
风扇滑翔翼 303beff5dd Fix SockOpt does not work in UDP 2024-02-06 10:41:39 -05:00
dyhkwong da5a28a088
Fix #2654 (#2941)
* fix udp dispatcher

* fix test
2024-01-15 10:33:15 -05:00
Qi Lin 0ea2a50264 Add option `realitySettings.masterKeyLog` 2024-01-11 10:57:04 -05:00
Qi Lin 2b08d8638e Let `tlsSettings.masterKeyLog` and `tlsSettings.fingerprint` work together 2024-01-10 11:34:52 -05:00
yuhan6665 eacdda3c93 Fix connecting to quic outbound with domain address 2023-12-25 22:25:22 -05:00
hossinasaadi b7f21be8bc fix ecdh crash in reality 2023-12-24 15:38:44 -05:00
yuhan6665 d60281d0a5 Add DestIpAddress() in Dialer interface
Android client prepares an IP before proxy connection is established. It is useful when connecting to wireguard (or quic) outbound with domain address. E.g. engage.cloudflareclient.com:2408
2023-12-18 18:36:56 -05:00
Zhang San 5a5e615b46
Enable interface setting for socketopt under Windows (#2819)
* allow set interface under windows

Signed-off-by: San Zhang <zhangan@mail.com>

* polish code

Signed-off-by: San Zhang <zhangan@mail.com>

---------

Signed-off-by: San Zhang <zhangan@mail.com>
Co-authored-by: San Zhang <zhangan@mail.com>
2023-12-17 17:56:15 -05:00
风扇滑翔翼 69cbb4c47a Change WS upgraderBufferSize
due to https://github.com/gorilla/websocket/issues/223
2023-11-28 11:28:58 -05:00
yuhan6665 6f092bd212
Add "masterKeyLog" in TLS config (#2758)
* Add "enableMasterKeyLog" in TLS config

Turn on the debug option for Wireshark to decrypt traffic

* Change to "masterKeyLog" to configure a path
2023-11-27 10:08:34 -05:00
cty123 f1c81557dc #2605: Add safety check for type casting for QUIC dialer
Issue #2605 brought up real problem that QUIC dialer doesn't support sockopt at the moment. Inside `internet.DialSystem(...)` function, one of the branch that involves `redirect(...)` returns `cnc.connection` instance that is currently unhandled by the code logic, and thus caused program panic during runtime.

It seems the sockopt support for QUIC protocol requires a couple changes including making `cnc.connection` public, such that we can handle in dialer, along with some thorough tests, this commit simply adds safety check to explicity state the fact that QUIC isn't working with sockopt. And the implementation of the feature can be scheduled later on.
2023-11-14 10:14:26 -05:00
yuhan6665 7523f7f440
统一 `domainStrategy` 行为. (#2720)
* 统一 `domainStrategy` 行为.

* Update proto

---------

Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
2023-11-12 16:37:02 -05:00
yuhan6665 d9fd3f8eb1
Freedom xdomain strategy (#2719)
* 统一 `domainStrategy` 行为.

* aliases NG.

* 化简.

* 调整.

* Let it crash.

* Update proto

---------

Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
2023-11-12 16:27:39 -05:00
yuhan6665 cc4b28b159 Remove dragonfly build 2023-11-12 14:30:50 -05:00
yuhan6665 d24a636c75 Move some log from stdout to ray log 2023-10-28 21:31:54 -04:00
yuhan6665 4f05e0ac2b Unify environment var readers 2023-10-29 15:16:57 -04:00
hossinasaadi 6177ec7faf add bindAddr for darwin 2023-10-16 10:24:28 -04:00
yuhan6665 e244db76fb Update all dependencies 2023-09-29 23:06:15 -04:00
Hossin Asaadi 07ae08126c binding socket interface to sockopt_darwin.go 2023-09-22 10:35:59 -04:00
yylt c00e56c0da
Add `tcpMptcp` to `sockopt` (#2520) 2023-09-07 17:32:27 +00:00
dyhkwong b8bd243df5
Fix buffer.UDP destination override (#2356) 2023-08-29 07:12:36 +00:00
RPRX d92002ad12
Dialer: Set TimeoutOnly for `gctx` and `hctx`
https://github.com/XTLS/Xray-core/issues/2232#issuecomment-1694570914

Thank @cty123 for testing

Fixes https://github.com/XTLS/Xray-core/issues/2232

BTW: Use `uConn.HandshakeContext(ctx)` in REALITY
2023-08-27 05:55:58 +00:00
A1lo 10d6b06578 fix(transport): correctly release UDS locker file (#2305)
* fix(transport): correctly release UDS locker file

* use callback function to do some jobs after create listener
2023-08-26 07:35:44 -04:00
RPRX 2d5475f428 Update transport/internet/reality/reality.go
Fixes https://github.com/XTLS/Xray-core/issues/2491
2023-08-26 07:33:26 -04:00
cty123 efe8f3f4d6 fix(config): fix grpc cofnig parsing when service name only has one '/' char 2023-08-20 22:19:13 -04:00
RPRX 51769fdde1
H2 transport: Abandon `client` if `client.Do(request)` failed
See https://github.com/golang/go/issues/30702

Fixes https://github.com/XTLS/Xray-core/issues/2355
2023-07-22 06:06:25 +08:00
RPRX ee21763928 Run "go fmt ./..." 2023-06-18 09:46:57 -04:00
RPRX 084f4f2e4c Update comments in reality.go 2023-06-15 13:07:08 -04:00
Hellojack 65b467e448 REALITY protocol: Add ChaCha20-Poly1305 auth mode (#2212)
https://github.com/XTLS/REALITY/pull/4
2023-06-15 13:06:46 -04:00
yuhan6665 d11d72be6c Update proto file and fix protoc version parsing
The new protoc cli return version v23.1,
so we parse the file version v4.23.1 without "4."
2023-06-11 13:36:06 -04:00
dependabot[bot] 86b4b81f1d Bump github.com/quic-go/quic-go from 0.34.0 to 0.35.1
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.34.0 to 0.35.1.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.34.0...v0.35.1)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 18:23:56 -04:00
sambali9 5f5ae37571
Added tcp fragmentation for freedom outbound (#2021)
* Added tcp fragmentation for freedom outbound

* Added TCP_NODELAY to outbound sockopt

* Changed fragment parameters to accept ranges and changed strategy to use length

* Changed packetNumber to packets, supporting range.

* Refactored the freedom fragment logic

* Refine Write()

---------

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-05-22 02:59:58 +00:00
yuhan6665 c80646a045
Clean code dependencies on github.com/miekg/dns (#2099) 2023-05-21 03:40:56 +00:00
rurirei d9af02812f
Add ctx to UDP dispatcherConn (#2024) 2023-05-06 03:18:08 +00:00
xqzr dd81ad5342
Add `tcpMaxSeg` to `sockopt` (#2002) 2023-04-30 00:03:30 +00:00
世界 18e5b0963f
Update dependencies 2023-04-23 19:32:07 +08:00
yichya QC 90d915ea05 feat: add tcp_user_timeout
```json
{"streamSettings":{"sockopt": {"tcpUserTimeout": 10000}}}
```

run `gofmt -w -s .` as well
2023-04-22 20:41:43 -04:00
yuhan6665 197bc78ea1 Turn off Quic qlog since it jam the regular test info 2023-04-17 11:56:55 -04:00
RPRX be23d5d3b7
XUDP protocol: Add Global ID & UoT Migration
The first UoT protocol that supports UoT Migration
Thank @yuhan6665 for testing
2023-04-06 10:21:35 +00:00
RPRX 2c0a89f7dc
REALITY protocol: Set the fourth byte as reserved 2023-03-31 22:39:57 +00:00
RPRX beb603af06 Allow IP address ServerName when "serverName" is not configured
In this case, TLS Client Hello will not have SNI (RFC 6066, Section 3)
2023-03-26 10:57:20 +00:00
Hirbod Behnam 526c6789ed Add custom path to gRPC (#1815) 2023-03-26 09:28:19 +03:30
Hirbod Behnam 6872be5cc3 Add user agent to gRPC (#1790) 2023-03-26 09:23:42 +03:30
RPRX 0573760346
Do not show ciphertext SessionID or full AuthKey 2023-03-20 23:39:56 +08:00
世界 55efac7236
Reformat code 2023-03-17 13:17:08 +08:00
xqzr c3322294be
Add `tcpWindowClamp` to `sockopt` (#1757)
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2023-03-09 13:51:16 +00:00
RPRX 836e84b851
Add recover() to H2 server's flushWriter.Write()
Fixes https://github.com/XTLS/Xray-core/issues/1748
2023-03-08 14:06:20 +00:00
yuhan6665 9e5bc07bf2
Legends never die (#1725) 2023-03-04 10:39:26 +00:00
RPRX 6526e74d49
Add WaitReadCloser to make H2 real 0-RTT 2023-03-02 14:50:26 +00:00
RPRX 55dc26f228
Add REALITY support to gRPC client and server
Now you are able to configure REALITY gRPC client and server
Duplicate of REALITY H2, perhaps, just for fun
2023-02-27 19:52:01 +00:00
RPRX 9401d65ef1
Add REALITY support to H2 server
Now you are able to configure REALITY H2 server directly
Before: REALITY VLESS fallbacks -> H2C inbound
2023-02-27 16:20:19 +00:00
RPRX c38179a67f
Upgrade github.com/xtls/reality to f34b4d174342
Fixes https://github.com/XTLS/Xray-core/issues/1712
2023-02-26 19:26:57 +08:00
sduoduo233 336b2daeb9
DNS Header for KCP (#1672)
* dns header

* fixed domain name encoding for dns header

---------

Co-authored-by: kerry <lvhaiyangkerry@gmail.com>
2023-02-24 12:06:24 -05:00
xqzr c8b4580869
add `V6Only` (#1677)
* add `V6Only`

* add `V6Only`
2023-02-24 11:54:40 -05:00
Yue Yin 03b8c094de Support SPKI Fingerprint Pinning
Support SPKI Fingerprint Pinning for TLSObject
2023-02-24 11:47:00 -05:00
RPRX 4d5c3195d2
Refine random
Fixes https://github.com/XTLS/Xray-core/issues/1666
2023-02-18 05:55:19 +00:00
RPRX 4d2e2b24d3
THE NEXT FUTURE becomes THE REALITY NOW
Thank @yuhan6665 for testing
2023-02-15 16:07:12 +00:00
RPRX 9046eda5ce
Add callClose to UDP Dispatcher
Fixes https://github.com/XTLS/Xray-core/issues/1611
2023-02-08 14:59:14 +08:00
RPRX f32921df30
Refine randomized
But we should avoid using it unless we have to, see
https://github.com/refraction-networking/utls/pull/157#issuecomment-1417156797
2023-02-08 14:51:15 +08:00
RPRX f176ec54ee
v1.7.3 2023-02-02 05:50:21 +00:00
pocketW bf35e9dcd6 fix: handle error raised by dispatcher 2023-02-01 10:17:42 -05:00
RPRX dc72cf2c78
Refine fingerprints
Fixes https://github.com/XTLS/Xray-core/issues/1577
2023-02-01 12:58:17 +00:00
RPRX b70912799b
Generate *.pb.go files with protoc v3.21.12
https://github.com/protocolbuffers/protobuf/releases/tag/v21.12
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2
go run ./infra/vprotogen
2023-01-30 04:35:30 +00:00
mra9776 f571aa72df
uTLS PinnedPeerCertificateChainSha256 (#1556)
* Add tests for utls PinnedPeerCertificateChain

* Fix utls not checking PinnedPeerCertificate

Co-authored-by: ahmadi <ahmadi@meshkan.com>
2023-01-27 04:19:49 +00:00
yuhan6665 3fb67f065a
Add fingerprint xray_random (#1540)
* Add fingerprint xray_random

xray_random means to pick a random uTLS fingerprint at the core startup
This way, the fingerprint is stable for a user for some days. While there is no identifiable signature for the whole xray community

* Fingerprint "random" refine

Exclude old fingerprint from RNG
2023-01-20 23:36:08 -05:00
aeeq 620eb63c1b Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494)
* Update sockopt_linux.go

add Interface Name

* Update config.pb.go

add Interface Name

* Update transport_internet.go

add Interface Name

* Update config.pb.go

* update config.proto add interface

* Update config.pb.go
2023-01-09 09:45:30 -05:00
yuhan6665 32ce7cd730 Add new uTLS fingerprints
- correct safari
- new format is the variable name in https://github.com/refraction-networking/utls/blob/master/u_common.go#L163
- notable ones "HelloChrome_106_Shuffle", "Hello360_Auto", "HelloQQ_Auto"
2023-01-09 09:19:53 -05:00
yuhan6665 c4fbdf1b78 Run core/format.go 2022-12-25 19:47:53 -05:00
aabbccgg 0565589b8b Changed quic MaxIdleTimeout from 30s to 5min & HandshakeIdleTimeout to 8s 2022-11-23 10:52:50 -05:00
Cubarco 8e75e9d763 Fix sockopt.TcpKeepAliveInterval
The Keep-Alive configs may be overridden with golang default settings when `tcpKeepAliveInterval` is set without `tcpKeepAliveIdle`.
2022-11-12 09:15:21 -05:00
Hirbod Behnam da0b13cca0
Added uTLS to gRPC (#1264)
* Added uTLS to gRPC

* Use base 16 of ciphers as StandardName
2022-10-21 21:06:36 -04:00
Hirbod Behnam 1f93cbbc5d
Added utls to websocket (#1256)
* Added utls to websocket

* Slightly better code

One less allocation
2022-10-18 10:34:41 -04:00
Hirbod Behnam 93c7ebe382 Added utls to http2 transport 2022-10-13 10:44:49 -04:00
yuhan6665 8117b66949 Generate all protos 2022-10-10 13:17:32 -04:00
xqzr 8cf23f1947
add `tcpcongestion` (#1234)
* add `tcpcongestion`

* Update sockopt_linux.go

* Update config.pb.go

* Update transport_internet.go

* Update config.pb.go

* Update transport_internet.go

* Update config.proto
2022-10-10 13:13:50 -04:00
Mocking 4140bcd11a Enhancement of "redirect" function, adding support for MacOS
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "Redirect"
}
}
}
]

还原#1189 提交
2022-08-22 10:33:58 -04:00
S-Mocking 59602db02d
Add "tproxy" option (#1189)
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

Co-authored-by: Mocking <fanhaiwang0817@gmail.com>
2022-08-20 09:02:18 -04:00
ksco.he 76638d793c fix(udp): check addr nil (close 1807) 2022-08-12 20:33:33 -04:00
yuhan6665 340234166b
Add TCPKeepAliveIdle in Sockopt option (#1166)
* Add TCP keep alive idle setting

* Add TCP keep alive idle setting: auto generated

* Add TCP keep alive support in Linux

* Add TCP keep alive support in MacOS, FreeBSD

* Add TCP keep alive support in Windows

* fix bug introduced in adding tcp keep alive adjustment

* embed macOS const to avoid platform inconsistency

* embed macOS const to avoid platform inconsistency(again)

* add TCP Keep Alive support in config

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* Separate TcpKeepAliveIdle and TcpKeepAliveInterval check logic

* Disable tcp keepAlive when TcpKeepAliveIdle < 0 and  TcpKeepAliveInterval <= 0

Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>

Co-authored-by: ValdikSS <iam@valdikss.org.ru>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
2022-07-31 09:55:40 -04:00
yuhan6665 00230a74d5
Fix new Quic lib: KeepAlivePeriod (#1139)
* Bump github.com/lucas-clemente/quic-go from 0.27.2 to 0.28.0

Bumps [github.com/lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/lucas-clemente/quic-go/releases)
- [Changelog](https://github.com/lucas-clemente/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/lucas-clemente/quic-go/compare/v0.27.2...v0.28.0)

---
updated-dependencies:
- dependency-name: github.com/lucas-clemente/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix new Quic lib: KeepAlivePeriod

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-10 21:38:39 -04:00
世界 6f93ef7736
Remove useless error log 2022-06-01 11:11:53 +08:00
世界 f046feb9ca
Reformat code 2022-05-18 15:29:01 +08:00
yuhan6665 b413066012
Fakedns fix xUDP destination override (#1011)
* Fix UDP destination override

* Fix code style

* Fix fakedns object init

Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)

* Amend logic for handing fakedns client

A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.

Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2022-04-23 19:24:46 -04:00
yuhan6665 c9df755426 Add quic qlog to debug logs 2022-04-23 19:23:15 -04:00
yuhan6665 393d211d1e Rename quic session to connection
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
2022-04-09 00:48:02 -04:00
hmol233 b3ab94ef5b Refine domain socket permission 2022-02-18 22:01:29 -05:00
yuhan6665 41ce6ccf9f
Make reverse proxy compatible with v2fly (#924)
* Make reverse proxy compatible with v2fly

* Fix gitignore

* Regenerate proto files

- fix v2ray name in loopback

* Fix fly.org in unit tests
2022-02-04 21:59:50 -05:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
hmol233 63da3a5481 grpc: add initial_windows_size option 2021-12-19 21:14:14 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yaotthaha-vscode 4fc284a8e9 Try to fix UDP error 2021-12-01 12:02:27 -05:00
roc dd6769954c hotRelodaInterval --> hotReloadInterval 2021-10-26 21:45:31 -04:00
世界 5c366db847
Add observatory / latestPing balancing strategy
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
Xiaokang Wang 13bc0432bc
WebSocket Early Data Protocol Harmonization with V2Ray/V2Fly (#548)
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server

* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
2021-10-22 12:38:40 +08:00
yuhan6665 acb81ebe3d
Verify peer cert function for better man in the middle prevention (#746)
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
yuhan6665 c4fc277758
add comment for gRPC TLS silent failure behavior (#779)
When gRPC transport have been configured to use TLS, it may silently ignore TLS failure. This may make it harder to diagnose TLS setting issues when gRPC transport is used. This comment is added to help other developers be aware of this caveat.

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
世界 50e576081e
Add DispatchLink 2021-10-22 12:38:40 +08:00