mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-22 00:21:29 +00:00
Enforce specific none flow for xtls vision
In the past, when user open xtls vision on the server side, plain vless+tls can connect. Pure tls is known to have certain tls in tls characters. Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
This commit is contained in:
parent
1d7c40d728
commit
2e30093ffd
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/golang/protobuf/proto"
|
||||
|
@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
|
|||
}
|
||||
account.Id = u.String()
|
||||
|
||||
switch account.Flow {
|
||||
accountFlow := account.Flow
|
||||
flows := strings.Split(account.Flow, ",")
|
||||
for _, f := range flows {
|
||||
t := strings.TrimSpace(f)
|
||||
if t != "none" {
|
||||
accountFlow = t
|
||||
}
|
||||
}
|
||||
switch accountFlow {
|
||||
case "", vless.XRO, vless.XRD, vless.XRV:
|
||||
case vless.XRS:
|
||||
return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
|
||||
|
|
|
@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||
|
||||
var netConn net.Conn
|
||||
var rawConn syscall.RawConn
|
||||
|
||||
allowNoneFlow := false
|
||||
accountFlow := account.Flow
|
||||
flows := strings.Split(account.Flow, ",")
|
||||
for _, f := range flows {
|
||||
t := strings.TrimSpace(f)
|
||||
if t == "none" {
|
||||
allowNoneFlow = true
|
||||
} else {
|
||||
accountFlow = t
|
||||
}
|
||||
}
|
||||
switch requestAddons.Flow {
|
||||
case vless.XRO, vless.XRD, vless.XRV:
|
||||
if account.Flow == requestAddons.Flow {
|
||||
if accountFlow == requestAddons.Flow {
|
||||
switch request.Command {
|
||||
case protocol.RequestCommandMux:
|
||||
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
||||
|
@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
|
|||
} else {
|
||||
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
|
||||
}
|
||||
case "":
|
||||
case "", "none":
|
||||
if accountFlow == vless.XRV && !allowNoneFlow {
|
||||
return newError(account.ID.String() + " is not able to use " + vless.XRV +
|
||||
". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
|
||||
}
|
||||
default:
|
||||
return newError("unknown request flow " + requestAddons.Flow).AtWarning()
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue