Fix xtls vision issue with big server hello

This commit is contained in:
yuhan6665 2022-11-20 18:54:07 -05:00
parent 34b3f0204a
commit 494a10971b

View file

@ -406,7 +406,7 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt
startsBytes := b.BytesTo(6) startsBytes := b.BytesTo(6)
if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == 0x02 { if bytes.Equal(tlsServerHandShakeStart, startsBytes[:3]) && startsBytes[5] == 0x02 {
total := (int(startsBytes[3])<<8 | int(startsBytes[4])) + 5 total := (int(startsBytes[3])<<8 | int(startsBytes[4])) + 5
if b.Len() >= int32(total) && total >= 74 { if b.Len() >= 74 && total >= 74 {
if bytes.Contains(b.BytesTo(int32(total)), tls13SupportedVersions) { if bytes.Contains(b.BytesTo(int32(total)), tls13SupportedVersions) {
sessionIdLen := int32(b.Byte(43)) sessionIdLen := int32(b.Byte(43))
cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3) cipherSuite := b.BytesRange(43 + sessionIdLen + 1, 43 + sessionIdLen + 3)
@ -417,22 +417,24 @@ func XtlsFilterTls(buffer buf.MultiBuffer, numberOfPacketToFilter *int, enableXt
} else if (v != "TLS_AES_128_CCM_8_SHA256") { } else if (v != "TLS_AES_128_CCM_8_SHA256") {
*enableXtls = true *enableXtls = true
} }
newError("XtlsFilterTls13 found tls 1.3! ", buffer.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx)) newError("XtlsFilterTls found tls 1.3! ", buffer.Len(), " ", v).WriteToLog(session.ExportIDToError(ctx))
} else { } else {
newError("XtlsFilterTls13 found tls 1.2! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) newError("XtlsFilterTls found tls 1.2! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
} }
*isTLS12orAbove = true *isTLS12orAbove = true
*isTLS = true *isTLS = true
*numberOfPacketToFilter = 0 *numberOfPacketToFilter = 0
return return
} else {
newError("XtlsFilterTls short server hello, tls 1.2 or older? ", b.Len(), " ", total).WriteToLog(session.ExportIDToError(ctx))
} }
} else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == 0x01 { } else if bytes.Equal(tlsClientHandShakeStart, startsBytes[:2]) && startsBytes[5] == 0x01 {
*isTLS = true *isTLS = true
newError("XtlsFilterTls13 found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) newError("XtlsFilterTls found tls client hello! ", buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
} }
} }
if *numberOfPacketToFilter <= 0 { if *numberOfPacketToFilter <= 0 {
newError("XtlsFilterTls13 stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx)) newError("XtlsFilterTls stop filtering", buffer.Len()).WriteToLog(session.ExportIDToError(ctx))
} }
} }
} }