Fix Trojan XTLS

This commit is contained in:
RPRX 2020-12-14 17:05:15 +08:00 committed by GitHub
parent decb012f9d
commit 2e942e0303
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 31 deletions

View file

@ -52,6 +52,17 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) {
Password: rec.Password, Password: rec.Password,
Flow: rec.Flow, Flow: rec.Flow,
} }
switch account.Flow {
case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443":
case "xtls-rprx-splice", "xtls-rprx-splice-udp443":
if runtime.GOOS != "linux" && runtime.GOOS != "android" {
return nil, newError(`Trojan servers: "` + account.Flow + `" only support linux in this version`)
}
default:
return nil, newError(`Trojan servers: "flow" doesn't support "` + account.Flow + `" in this version`)
}
trojan := &protocol.ServerEndpoint{ trojan := &protocol.ServerEndpoint{
Address: rec.Address.Build(), Address: rec.Address.Build(),
Port: uint32(rec.Port), Port: uint32(rec.Port),
@ -107,6 +118,14 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) {
Flow: rawUser.Flow, Flow: rawUser.Flow,
} }
switch account.Flow {
case "", "xtls-rprx-origin", "xtls-rprx-direct":
case "xtls-rprx-splice":
return nil, newError(`Trojan clients: inbound doesn't support "xtls-rprx-splice" in this version, please use "xtls-rprx-direct" instead`)
default:
return nil, newError(`Trojan clients: "flow" doesn't support "` + account.Flow + `" in this version`)
}
user.Email = rawUser.Email user.Email = rawUser.Email
user.Level = uint32(rawUser.Level) user.Level = uint32(rawUser.Level)
user.Account = serial.ToTypedMessage(account) user.Account = serial.ToTypedMessage(account)

View file

@ -79,62 +79,63 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
defer conn.Close() defer conn.Close()
user := server.PickUser()
account, ok := user.Account.(*MemoryAccount)
if !ok {
return newError("user account is not valid")
}
iConn := conn iConn := conn
statConn, ok := iConn.(*internet.StatCouterConnection) statConn, ok := iConn.(*internet.StatCouterConnection)
if ok { if ok {
iConn = statConn.Connection iConn = statConn.Connection
} }
user := server.PickUser()
account, ok := user.Account.(*MemoryAccount)
if !ok {
return newError("user account is not valid")
}
connWriter := &ConnWriter{
Flow: account.Flow,
}
var rawConn syscall.RawConn var rawConn syscall.RawConn
var sctx context.Context var sctx context.Context
connWriter := &ConnWriter{}
allowUDP443 := false allowUDP443 := false
switch account.Flow { switch connWriter.Flow {
case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443": case XRO + "-udp443", XRD + "-udp443", XRS + "-udp443":
allowUDP443 = true allowUDP443 = true
account.Flow = account.Flow[:16] connWriter.Flow = connWriter.Flow[:16]
fallthrough fallthrough
case XRO, XRD, XRS: case XRO, XRD, XRS:
if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
return newError(account.Flow + " doesn't support Mux").AtWarning() return newError(connWriter.Flow + " doesn't support Mux").AtWarning()
} }
if destination.Network == net.Network_UDP { if destination.Network == net.Network_UDP {
if !allowUDP443 && destination.Port == 443 { if !allowUDP443 && destination.Port == 443 {
return newError(account.Flow + " stopped UDP/443").AtInfo() return newError(connWriter.Flow + " stopped UDP/443").AtInfo()
} }
connWriter.Flow = ""
} else { // enable XTLS only if making TCP request } else { // enable XTLS only if making TCP request
if xtlsConn, ok := iConn.(*xtls.Conn); ok { if xtlsConn, ok := iConn.(*xtls.Conn); ok {
xtlsConn.RPRX = true xtlsConn.RPRX = true
xtlsConn.SHOW = trojanXTLSShow xtlsConn.SHOW = xtls_show
xtlsConn.MARK = "XTLS" xtlsConn.MARK = "XTLS"
if account.Flow == XRS { if connWriter.Flow == XRS {
sctx = ctx sctx = ctx
account.Flow = XRD connWriter.Flow = XRD
} }
if account.Flow == XRD { if connWriter.Flow == XRD {
xtlsConn.DirectMode = true xtlsConn.DirectMode = true
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
rawConn, _ = sc.SyscallConn() rawConn, _ = sc.SyscallConn()
} }
} }
connWriter.Flow = account.Flow
} else { } else {
return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning() return newError(`failed to use ` + connWriter.Flow + `, maybe "security" is not "xtls"`).AtWarning()
} }
} }
case "": default:
if _, ok := iConn.(*xtls.Conn); ok { if _, ok := iConn.(*xtls.Conn); ok {
panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`) panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`)
} }
default:
return newError("unsupported flow " + account.Flow).AtWarning()
} }
sessionPolicy := c.policyManager.ForLevel(user.Level) sessionPolicy := c.policyManager.ForLevel(user.Level)
@ -211,6 +212,6 @@ func init() {
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
if xtlsShow == "true" { if xtlsShow == "true" {
trojanXTLSShow = true xtls_show = true
} }
} }

View file

@ -28,7 +28,7 @@ var (
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain), protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
) )
trojanXTLSShow = false xtls_show = false
) )
const ( const (
@ -90,10 +90,10 @@ func (c *ConnWriter) writeHeader() error {
command := commandTCP command := commandTCP
if c.Target.Network == net.Network_UDP { if c.Target.Network == net.Network_UDP {
command = commandUDP command = commandUDP
} else if c.Flow == XRO {
command = commandXRO
} else if c.Flow == XRD { } else if c.Flow == XRD {
command = commandXRD command = commandXRD
} else if c.Flow == XRO {
command = commandXRO
} }
if _, err := buffer.Write(c.Account.Key); err != nil { if _, err := buffer.Write(c.Account.Key); err != nil {
@ -211,10 +211,10 @@ func (c *ConnReader) ParseHeader() error {
network := net.Network_TCP network := net.Network_TCP
if command[0] == commandUDP { if command[0] == commandUDP {
network = net.Network_UDP network = net.Network_UDP
} else if command[0] == commandXRO {
c.Flow = XRO
} else if command[0] == commandXRD { } else if command[0] == commandXRD {
c.Flow = XRD c.Flow = XRD
} else if command[0] == commandXRO {
c.Flow = XRO
} }
addr, port, err := addrParser.ReadAddressPort(nil, c.Reader) addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)

View file

@ -38,7 +38,7 @@ func init() {
xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) xtlsShow := platform.NewEnvFlag("xray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
if xtlsShow == "true" { if xtlsShow == "true" {
trojanXTLSShow = true xtls_show = true
} }
} }
@ -219,7 +219,8 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
} }
if xtlsConn, ok := iConn.(*xtls.Conn); ok { if xtlsConn, ok := iConn.(*xtls.Conn); ok {
xtlsConn.RPRX = true xtlsConn.RPRX = true
xtlsConn.SHOW = trojanXTLSShow xtlsConn.SHOW = xtls_show
xtlsConn.MARK = "XTLS"
if clientReader.Flow == XRD { if clientReader.Flow == XRD {
xtlsConn.DirectMode = true xtlsConn.DirectMode = true
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
@ -230,11 +231,9 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning() return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning()
} }
} else { } else {
return newError("unable to use ", clientReader.Flow).AtWarning() return newError(account.Password + " is not able to use " + clientReader.Flow).AtWarning()
} }
case "": case "":
default:
return newError("unsupported flow " + account.Flow).AtWarning()
} }
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{