Commit Graph

161 Commits

Author SHA1 Message Date
yuhan6665 2e30093ffd Enforce specific none flow for xtls vision
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now  server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
2022-12-04 23:15:36 -05:00
yuhan6665 1d7c40d728 Enable Xtls Vision (Direct not Splice) for any inbound connection
Before this change, Vision client need a pure inbound like socks or http.
After this change, it will support any inbound.
This is useful in traffic forwarder use case inside China.
2022-12-04 23:15:36 -05:00
Senis John 143229b148 update: Implement the proxy.UserManager of ss2022 2022-12-03 21:19:31 -05:00
yuhan6665 d87758d46f Parse big server hello properly 2022-11-27 18:28:38 -05:00
yuhan6665 e5e9e58d66 Fix direct flow on Windows 2022-11-27 18:28:38 -05:00
nanoda0523 e18b52a5df
Implement WireGuard protocol as outbound (client) (#1344)
* implement WireGuard protocol for Outbound

* upload license

* fix build for openbsd & dragonfly os

* updated wireguard-go

* fix up

* switch to another wireguard fork

* fix

* switch to upstream

* open connection through internet.Dialer (#1)

* use internet.Dialer

* maybe better code

* fix

* real fix

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>

* fix bugs & add ability to recover during connection reset on UDP over TCP parent protocols

* improve performance

improve performance

* dns lookup endpoint && remove unused code

* interface address fallback

* better code && add config test case

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
2022-11-21 20:05:54 -05:00
yuhan6665 494a10971b Fix xtls vision issue with big server hello 2022-11-20 18:54:07 -05:00
yuhan6665 8006430c15 Add logic to filter TLS_AES_128_CCM_8_SHA256 2022-11-13 12:18:23 -05:00
yuhan6665 04278a8940 Refactor some variable names 2022-11-13 12:18:23 -05:00
yuhan6665 48f7cc2132 Reshape multi buffer to fix the padding when buffer is full 2022-11-13 12:18:23 -05:00
yuhan6665 8ef609ff46 Enable UTLS fingerprint for XTLS Vision 2022-11-06 21:50:19 -05:00
yuhan6665 fffd908db2 Fix direct and splice flow 2022-11-06 21:50:19 -05:00
yuhan6665 5e695327b1
Add XTLS RPRX's Vision (#1235)
* Add XTLS RPRX's Vision

* Add helpful warning when security is wrong

* Add XTLS padding (draft)

* Fix  number of packet to filter

* Xtls padding version 1.0 and unpadding logic
2022-10-29 00:51:59 -04:00
yuhan6665 8117b66949 Generate all protos 2022-10-10 13:17:32 -04:00
yuhan6665 c21595a937 Fix an issue with ss2022 generics 2022-09-16 21:54:37 -04:00
yuhan6665 debd2e3ba8 Remove compatibility code
The minimum support go version is already 1.18
2022-09-16 20:39:07 -04:00
yuhan6665 84537e98c4 Update xtls and go to 1.19 2022-09-15 22:06:59 -04:00
yuhan6665 71a9a6dd55 Update dependencies
- Sync with sing upstream
2022-08-27 22:57:14 -04:00
世界 7d52ded2a3
Update dependencies 2022-07-16 09:33:03 +08:00
世界 52930a16b2
Fix check ss bad udp request #1122 2022-06-28 07:50:18 +08:00
Shelikhoo d4f18b1342 Fix DoS attack vulnerability in VMess Option Processing 2022-06-19 19:13:37 -04:00
世界 ba4ce4c24f
Add shadowsocks 2022 relay service 2022-06-19 22:17:23 +08:00
世界 bd0cf955c7
Update shadowsocks-2022 multi-server usage 2022-06-07 11:17:08 +08:00
世界 c3505632fd
Add udp over tcp support for shadowsocks-2022 2022-06-01 11:49:02 +08:00
世界 f1d753f069
Fix build in legacy golang version 2022-05-31 15:55:38 +08:00
世界 91ce752405
Fix close pipe 2022-05-31 11:44:32 +08:00
世界 79f3057687
Migrate shadowsocks-2022 to protocol library 2022-05-26 07:35:17 +08:00
世界 1edce576ca
Fix missing user in shadowsocks-2022 inbound 2022-05-25 08:49:52 +08:00
世界 cf7e675c45
Add shadowsocks 2022 multi-user inbound 2022-05-24 07:37:14 +08:00
世界 087f0d1240
Add shadowsocks-2022 inbound/outbound (#1061) 2022-05-22 23:55:48 -04:00
世界 f046feb9ca
Reformat code 2022-05-18 15:29:01 +08:00
yuhan6665 41ce6ccf9f
Make reverse proxy compatible with v2fly (#924)
* Make reverse proxy compatible with v2fly

* Fix gitignore

* Regenerate proto files

- fix v2ray name in loopback

* Fix fly.org in unit tests
2022-02-04 21:59:50 -05:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
Machtergreifung e96e5994d0 Update Vmess Warning Errors 2022-01-19 09:30:28 -05:00
yuhan6665 9ea1bf7c1d Fix shadowsocks xchacha cipher nonce size 2021-12-19 21:18:35 -05:00
yuhan6665 4e88a369c4 Fix vmess test with portList 2021-12-14 20:01:53 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yuhan6665 d5a7901601
Unified drain support for vmess and shadowsocks (#791)
* Added test for no terminate signal

* unified drain support for vmess and shadowsockets

* drain: add generated file

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-12-14 19:27:31 -05:00
Shelikhoo 6fb5c887b2 Fix DoS attack vulnerability in CommandSwitchAccountFactory 2021-12-11 20:14:57 -05:00
lucifer9 d6ae4e9ba2 Make it easier to configure multiple listening ports 2021-11-17 23:13:15 -05:00
秋のかえで 63d0cb1bd6
Refactor: new Shadowsocks validator (#629)
* Refactor: new Shadowsocks validator

* Fix NoneCliper cannot work

* Feat: refine the size of drain

* fix: fix validator after merge 'main'

* fix: UDP user logic

* style: refine code style
2021-10-31 22:10:26 -04:00
Shelikhoo 7038bded7b
Added experiment to avoid sending the termination signal
(cherry picked from commit c5357e1f000054ba5836468922cae52a830c8019)
2021-10-22 18:34:57 +08:00
Shelikhoo ff35118af5
VMess AEAD based packet length
(cherry picked from commit 08221600082a79376bdc262f2ffec1a3129ae98d)
2021-10-22 18:34:57 +08:00
世界 707efd6d12
Add loopback outound 2021-10-22 17:58:37 +08:00
世界 77d0419aca
Add socks4/4a support 2021-10-22 13:27:31 +08:00
maskedeken 238bd5d050
Add xchacha20-ietf-poly1305 for Shadowsocks 2021-10-22 13:24:29 +08:00
秋のかえで 9b204ed99b
Fix: Trojan fallback
(cherry picked from commit 908408dd45a58c3c284ecf0dfef539c5681230d9)
2021-10-22 12:38:40 +08:00
yuhan6665 45dc97e2b6
Use shadowsocket's bloomring for shadowsocket's replay protection (#764)
* use shadowsocket's bloomring for shadowsocket's replay protection

* added shadowsockets iv check for tcp socket

* Rename to shadowsockets iv check

* shadowsocks iv check config file

* iv check should proceed after decryption

* use shadowsocket's bloomring for shadowsocket's replay protection

* Chore: format code (#842)

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
yuhan6665 e286cdcaa8
Style: format code by gofumpt (#761) 2021-10-20 00:57:14 +08:00
世界 cd4631ce99
Merge dns (#722)
* DNS: add clientip for specific nameserver

* Refactoring: DNS App

* DNS: add DNS over QUIC support

* Feat: add disableCache option for DNS

* Feat: add queryStrategy option for DNS

* Feat: add disableFallback & skipFallback option for DNS

* Feat: DNS hosts support multiple addresses

* Feat: DNS transport over TCP

* DNS: fix typo & refine code

* DNS: refine code

* Add disableFallbackIfMatch dns option

* Feat: routing and freedom outbound ignore Fake DNS

Turn off fake DNS for request sent from Routing and Freedom outbound.
Fake DNS now only apply to DNS outbound.
This is important for Android, where VPN service take over all system DNS
traffic and pass it to core.  "UseIp" option can be used in Freedom outbound
to avoid getting fake IP and fail connection.

* Fix test

* Fix dns return

* Fix local dns return empty

* Apply timeout to dns outbound

* Update app/dns/config.go

Co-authored-by: Loyalsoldier <10487845+loyalsoldier@users.noreply.github.com>
Co-authored-by: Ye Zhihao <vigilans@foxmail.com>
Co-authored-by: maskedeken <52683904+maskedeken@users.noreply.github.com>
Co-authored-by: V2Fly Team <51714622+vcptr@users.noreply.github.com>
Co-authored-by: CalmLong <37164399+calmlong@users.noreply.github.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: 朱聖黎 <digglife@gmail.com>
Co-authored-by: rurirei <72071920+rurirei@users.noreply.github.com>
Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Co-authored-by: Arthur Morgan <4637240+badO1a5A90@users.noreply.github.com>
2021-10-16 21:02:51 +08:00
KallyDev 4abf98c1be
Move from deprecated ioutil to os and io packages (#744) 2021-09-29 02:49:34 +08:00
世界 3b31189f13
Send shadowsocks handshake with payload if available (#736) 2021-09-27 13:30:58 +08:00
hmol233 7033f7cf5f
Fix: protobuf file (#724) 2021-09-20 22:41:09 +08:00
Arthur Morgan ffc2f7c4e2 Style: format code 2021-09-20 21:00:55 +08:00
Arthur Morgan 24b637cd5e
Fix: CounterConnection with ReadV/WriteV (#720)
Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com>
2021-09-20 20:11:21 +08:00
yuhan6665 f2cb13a8ec
Deprecate legacy VMess header with a planned decommission (#712)
* Deprecate legacy VMess header with a planned decommission
* show legacy warning only once

Co-authored-by: Xiaokang Wang <xiaokangwang@outlook.com>
Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2021-09-20 14:46:05 +08:00
yuhan6665 42d158bd85
vprotogen refine (#717)
* Update all proto files with existing vprotogen
* Chore: remove protoc-gen-gofast
* Feat: vprotogen adds version detector to block generation code from old protobuf version
* Feat: vprotogen refine logic

Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-09-18 01:16:14 +08:00
yuhan6665 00bcd40c34
remove deprecate ciphers in shadowsocks (#710)
* remove deprecate ciphers in shadowsocks

Co-authored-by: Kslr <kslrwang@gmail.com>
2021-09-17 04:13:07 +08:00
RPRX 100edc370b
Stop at '?' when reading HTTP PATH before shunting 2021-03-12 11:50:59 +00:00
RPRX 924fe16077
Skip Port 53, 443 before using single XUDP for VLESS & VMess 2021-03-08 18:36:45 +00:00
yuhan6665 f50eff5ebb
Add Fake DNS support (#309)
Co-authored-by: Xiaokang Wang <xiaokangwang@outlook.com>
Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
Co-authored-by: kslr <kslrwang@gmail.com>
2021-03-07 04:39:50 +00:00
RPRX e1a5392beb
Use buf.PacketReader when UDPOverride is available 2021-03-06 07:19:09 +00:00
RPRX 055fb51ed9
Apply UDPOverride to Freedom Outbound PacketReader 2021-03-05 12:06:37 +00:00
秋のかえで 6380abca73
feat: enforcing VMessAEAD via environment variable (#334) 2021-03-05 08:41:51 +00:00
秋のかえで 1dae2c5636
feat: vmess zero encryption (#333) 2021-03-05 08:41:18 +00:00
RPRX fed8610d3f
Fix Freedom Outbound UDP redirect
已检查 b.UDP 各源头:Mux(VLESS、VMess)、Trojan、Shadowsocks、Socks、TPROXY(Dokodemo-door)
2021-02-17 13:37:55 +00:00
RPRX d22c2d034c
Avoid panic in KDF func for Go 1.16
2a206c7fcc
2021-02-17 03:02:03 +00:00
秋のかえで df39991bb3
Refactor: Add Shadowsocks Validator (#233) 2021-02-12 15:17:31 +00:00
秋のかえで 96d7156eba
Fix a typo (#236) 2021-02-12 13:23:30 +00:00
RPRX d170416219
Add environment variable XRAY_CONE_DISABLED option 2021-02-11 15:37:02 +00:00
RPRX 8ca8a7126b Add XUDP support by simply renaming vudp to xudp
https://t.me/projectXray/243505
2021-02-11 11:33:08 +00:00
RPRX 1174ff3090
Refactor: VLESS & VMess & Mux UDP FullCone NAT
https://t.me/projectXray/242770
2021-02-11 01:28:21 +00:00
Jim Han 4cd343f2d5
Fix tests (#201)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-30 13:01:20 +00:00
RPRX 303fd6e261
Standardize Socks Outbound Authentication Behavior 2021-01-28 03:11:17 +00:00
RPRX ceff4185dc
Improve the request for UDP Associate in Socks5 2021-01-26 23:53:01 +00:00
RPRX 8ffc430351
Fix VLESS & Trojan fallbacks xver 2021-01-23 21:06:15 +00:00
Bohan Yang 5bc1bf30ae
Fix fallbacks xver when original address is not TCP address (#182)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-22 03:26:57 +00:00
Arthur Morgan 5aa053a65f
Convert domain names to lowercase before matching (#195)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-21 23:37:55 +00:00
Jim Han 7f5e34c857
Regenerate .pb.go files (#187)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-21 18:58:19 +00:00
RPRX b60cf02603
Optimize TPROXY Inbound UDP write back
Enhanced stability.
2021-01-20 23:58:59 +00:00
RPRX ae98dc75cf
Set unix.SO_REUSEPORT=1 for TPROXY Inbound FakeUDP
Solved some issues.
2021-01-19 14:50:21 +00:00
RPRX 8ff43519fd
Fix Shadowsocks tests; AEAD drop small UDP packets
https://t.me/projectXray/172063
2021-01-19 10:35:30 +00:00
RPRX 33755d6e90
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations)
https://t.me/projectXray/170851
2021-01-18 22:52:35 +00:00
RPRX 99863aa2ac
Add SNI shunt support for Trojan fallbacks 2021-01-18 07:41:00 +00:00
RPRX 88f6537540
Make necessary maps in non-empty names before copy 2021-01-15 11:36:31 +00:00
RPRX f0efc0cfde
As substring to match in VLESS fallbacks SNI shunt 2021-01-15 09:43:39 +00:00
RPRX f13ac3cb55
Fix VLESS fallbacks SNI shunt 2021-01-14 21:55:52 +00:00
eMeab d85162ea44
Add SNI shunt support for VLESS (#141) 2021-01-13 15:13:51 +00:00
maskedeken 96adf3fbca
Trojan: Do not panic when UDP dispatcher failed to write response (#153) 2021-01-11 09:30:57 +00:00
RPRX ee15cc253f
Improve configuration detector (cone or symmetric) 2021-01-10 07:50:21 +00:00
RPRX 700966508f
Improve the response to UDP Associate in Socks5 2021-01-09 16:36:20 +00:00
RPRX 7427a55ef1
Adjust Trojan Outbound postRequest 2021-01-08 12:00:46 +00:00
RPRX fb0e517158
Adjust Trojan & Socks handleUDPPayload 2021-01-08 06:00:51 +00:00
maskedeken d5aeb6c545
Refine Trojan packet reader & writer (#142) 2021-01-08 03:55:25 +00:00
RPRX 161e18299c
Fix TPROXY UDP/IPv6
https://github.com/XTLS/Xray-core/issues/137#issuecomment-756064627

十分感谢 @Ninedyz @changyp6
2021-01-07 12:21:27 +00:00
RPRX c41a1a56fe
Refactor: TPROXY inbound UDP write back
https://t.me/projectXray/119670

虽然不一定是最终的版本,但值得记录,感谢协助测试的各位朋友,特别感谢 @yichya @huyz
2020-12-31 15:57:15 +00:00
RPRX 310a938511
VLESS & VMess are not ready to accept FullCone yet 2020-12-30 08:10:26 +00:00
RPRX 2da07e0f8a
Refactor: FullCone TPROXY Inbound & Socks Outbound
https://t.me/projectXray/116037
2020-12-29 11:50:17 +00:00
RPRX 13ad3fddf6
Refactor: *net.UDPAddr -> *net.Destination
https://t.me/projectXray/111998
2020-12-28 09:40:28 +00:00
Arthur Morgan 6f25191822
Changes from v2ray-core (#93) 2020-12-24 19:45:35 +00:00