Enforce specific none flow for xtls vision

In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now  server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
This commit is contained in:
yuhan6665 2022-12-04 18:24:46 -05:00
parent 1d7c40d728
commit 2e30093ffd
2 changed files with 27 additions and 4 deletions

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"runtime" "runtime"
"strconv" "strconv"
"strings"
"syscall" "syscall"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
@ -52,7 +53,15 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
} }
account.Id = u.String() account.Id = u.String()
switch account.Flow { accountFlow := account.Flow
flows := strings.Split(account.Flow, ",")
for _, f := range flows {
t := strings.TrimSpace(f)
if t != "none" {
accountFlow = t
}
}
switch accountFlow {
case "", vless.XRO, vless.XRD, vless.XRV: case "", vless.XRO, vless.XRD, vless.XRV:
case vless.XRS: case vless.XRS:
return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`) return nil, newError(`VLESS clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)

View file

@ -441,10 +441,20 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
var netConn net.Conn var netConn net.Conn
var rawConn syscall.RawConn var rawConn syscall.RawConn
allowNoneFlow := false
accountFlow := account.Flow
flows := strings.Split(account.Flow, ",")
for _, f := range flows {
t := strings.TrimSpace(f)
if t == "none" {
allowNoneFlow = true
} else {
accountFlow = t
}
}
switch requestAddons.Flow { switch requestAddons.Flow {
case vless.XRO, vless.XRD, vless.XRV: case vless.XRO, vless.XRD, vless.XRV:
if account.Flow == requestAddons.Flow { if accountFlow == requestAddons.Flow {
switch request.Command { switch request.Command {
case protocol.RequestCommandMux: case protocol.RequestCommandMux:
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
@ -481,7 +491,11 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
} else { } else {
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
} }
case "": case "", "none":
if accountFlow == vless.XRV && !allowNoneFlow {
return newError(account.ID.String() + " is not able to use " + vless.XRV +
". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
}
default: default:
return newError("unknown request flow " + requestAddons.Flow).AtWarning() return newError("unknown request flow " + requestAddons.Flow).AtWarning()
} }