They become a part of you

This commit is contained in:
RPRX 2023-03-04 15:39:27 +00:00 committed by GitHub
parent 9e5bc07bf2
commit c04c333afc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 30 deletions

View file

@ -700,7 +700,9 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
} }
config.ProtocolName = protocol config.ProtocolName = protocol
} }
if strings.EqualFold(c.Security, "tls") { switch strings.ToLower(c.Security) {
case "", "none":
case "tls":
tlsSettings := c.TLSSettings tlsSettings := c.TLSSettings
if tlsSettings == nil { if tlsSettings == nil {
tlsSettings = &TLSConfig{} tlsSettings = &TLSConfig{}
@ -712,8 +714,7 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
tm := serial.ToTypedMessage(ts) tm := serial.ToTypedMessage(ts)
config.SecuritySettings = append(config.SecuritySettings, tm) config.SecuritySettings = append(config.SecuritySettings, tm)
config.SecurityType = tm.Type config.SecurityType = tm.Type
} case "reality":
if strings.EqualFold(c.Security, "reality") {
if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" {
return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.")
} }
@ -727,6 +728,10 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
tm := serial.ToTypedMessage(ts) tm := serial.ToTypedMessage(ts)
config.SecuritySettings = append(config.SecuritySettings, tm) config.SecuritySettings = append(config.SecuritySettings, tm)
config.SecurityType = tm.Type config.SecurityType = tm.Type
case "xtls":
return nil, newError(`Please use VLESS flow "xtls-rprx-vision" with TLS or REALITY.`)
default:
return nil, newError(`Unknown security "` + c.Security + `".`)
} }
if c.TCPSettings != nil { if c.TCPSettings != nil {
ts, err := c.TCPSettings.Build() ts, err := c.TCPSettings.Build()

View file

@ -4,7 +4,6 @@ import (
"encoding/json" "encoding/json"
"runtime" "runtime"
"strconv" "strconv"
"strings"
"syscall" "syscall"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
@ -53,15 +52,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
} }
account.Id = u.String() account.Id = u.String()
accountFlow := account.Flow switch account.Flow {
flows := strings.Split(account.Flow, ",")
for _, f := range flows {
t := strings.TrimSpace(f)
if t != "none" {
accountFlow = t
}
}
switch accountFlow {
case "", vless.XRV: case "", vless.XRV:
default: default:
return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`)

View file

@ -450,20 +450,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
var rawConn syscall.RawConn var rawConn syscall.RawConn
var input *bytes.Reader var input *bytes.Reader
var rawInput *bytes.Buffer var rawInput *bytes.Buffer
allowNoneFlow := false
accountFlow := account.Flow
flows := strings.Split(account.Flow, ",")
for _, f := range flows {
t := strings.TrimSpace(f)
if t == "none" {
allowNoneFlow = true
} else {
accountFlow = t
}
}
switch requestAddons.Flow { switch requestAddons.Flow {
case vless.XRV: case vless.XRV:
if accountFlow == requestAddons.Flow { if account.Flow == requestAddons.Flow {
switch request.Command { switch request.Command {
case protocol.RequestCommandMux: case protocol.RequestCommandMux:
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
@ -503,10 +493,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
} else { } else {
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
} }
case "", "none": case "":
if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) { if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) {
return newError(account.ID.String() + " is not able to use " + vless.XRV + return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning()
". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
} }
default: default:
return newError("unknown request flow " + requestAddons.Flow).AtWarning() return newError("unknown request flow " + requestAddons.Flow).AtWarning()
@ -557,7 +546,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
// TODO enable splice // TODO enable splice
ctx = session.ContextWithInbound(ctx, nil) ctx = session.ContextWithInbound(ctx, nil)
err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(), err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(),
&numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello) &numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello)
} else { } else {
// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer))