Allow multiple XUDP in Mux when using XTLS Vision (server side)

This commit is contained in:
RPRX 2023-04-12 23:20:38 +08:00 committed by GitHub
parent 01b7e5e9be
commit b33b0bc89d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 1 deletions

View file

@ -132,6 +132,12 @@ func (w *ServerWorker) handleStatusNew(ctx context.Context, meta *FrameMetadata,
ctx = log.ContextWithAccessMessage(ctx, msg) ctx = log.ContextWithAccessMessage(ctx, msg)
} }
if network := session.AllowedNetworkFromContext(ctx); network != net.Network_Unknown {
if meta.Target.Network != network {
return newError("unexpected network ", meta.Target.Network) // it will break the whole Mux connection
}
}
if meta.GlobalID != [8]byte{} { if meta.GlobalID != [8]byte{} {
mb, err := NewPacketReader(reader, &meta.Target).ReadMultiBuffer() mb, err := NewPacketReader(reader, &meta.Target).ReadMultiBuffer()
if err != nil { if err != nil {

View file

@ -4,6 +4,7 @@ import (
"context" "context"
_ "unsafe" _ "unsafe"
"github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/features/routing" "github.com/xtls/xray-core/features/routing"
) )
@ -22,6 +23,7 @@ const (
trackedConnectionErrorKey trackedConnectionErrorKey
dispatcherKey dispatcherKey
timeoutOnlyKey timeoutOnlyKey
allowedNetworkKey
) )
// ContextWithID returns a new context with the given ID. // ContextWithID returns a new context with the given ID.
@ -147,3 +149,14 @@ func TimeoutOnlyFromContext(ctx context.Context) bool {
} }
return false return false
} }
func ContextWithAllowedNetwork(ctx context.Context, network net.Network) context.Context {
return context.WithValue(ctx, allowedNetworkKey, network)
}
func AllowedNetworkFromContext(ctx context.Context) net.Network {
if val, ok := ctx.Value(allowedNetworkKey).(net.Network); ok {
return val
}
return net.Network_Unknown
}

View file

@ -495,7 +495,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
} }
case "": case "":
if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { if account.Flow == vless.XRV && request.Command == protocol.RequestCommandTCP {
return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning() return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning()
} }
default: default:
@ -510,6 +510,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
Reason: "", Reason: "",
Email: request.User.Email, Email: request.User.Email,
}) })
} else if account.Flow == vless.XRV {
ctx = session.ContextWithAllowedNetwork(ctx, net.Network_UDP)
} }
sessionPolicy = h.policyManager.ForLevel(request.User.Level) sessionPolicy = h.policyManager.ForLevel(request.User.Level)