Insert padding with empty content to camouflage VLESS header (#1610)

This only affects the Vision client for protocols expecting server to send data first.
The change is compatible with existing version of Vision server.
This commit is contained in:
yuhan6665 2023-02-06 01:45:09 -05:00 committed by GitHub
parent 00c9576118
commit c3faa8b7ac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 9 deletions

View file

@ -506,25 +506,31 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu
// XtlsPadding add padding to eliminate length siganature during tls handshake // XtlsPadding add padding to eliminate length siganature during tls handshake
func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer { func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, ctx context.Context) *buf.Buffer {
var length int32 = 0 var contantLen int32 = 0
if b.Len() < 900 { var paddingLen int32 = 0
if b != nil {
contantLen = b.Len()
}
if contantLen < 900 {
l, err := rand.Int(rand.Reader, big.NewInt(500)) l, err := rand.Int(rand.Reader, big.NewInt(500))
if err != nil { if err != nil {
newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx)) newError("failed to generate padding").Base(err).WriteToLog(session.ExportIDToError(ctx))
} }
length = int32(l.Int64()) + 900 - b.Len() paddingLen = int32(l.Int64()) + 900 - contantLen
} }
newbuffer := buf.New() newbuffer := buf.New()
if userUUID != nil { if userUUID != nil {
newbuffer.Write(*userUUID) newbuffer.Write(*userUUID)
*userUUID = nil *userUUID = nil
} }
newbuffer.Write([]byte{command, byte(b.Len() >> 8), byte(b.Len()), byte(length >> 8), byte(length)}) newbuffer.Write([]byte{command, byte(contantLen >> 8), byte(contantLen), byte(paddingLen >> 8), byte(paddingLen)})
newbuffer.Write(b.Bytes()) if (b != nil) {
newbuffer.Extend(length) newbuffer.Write(b.Bytes())
newError("XtlsPadding ", b.Len(), " ", length, " ", command).WriteToLog(session.ExportIDToError(ctx)) b.Release()
b.Release() b = nil
b = nil }
newbuffer.Extend(paddingLen)
newError("XtlsPadding ", contantLen, " ", paddingLen, " ", command).WriteToLog(session.ExportIDToError(ctx))
return newbuffer return newbuffer
} }

View file

@ -249,6 +249,13 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
} }
} else if err1 != buf.ErrReadTimeout { } else if err1 != buf.ErrReadTimeout {
return err1 return err1
} else if requestAddons.Flow == vless.XRV {
mb := make(buf.MultiBuffer, 1)
mb[0] = encoding.XtlsPadding(nil, 0x01, &userUUID, ctx) // it must not be tls so padding finish with it (command 1)
newError("Insert padding with empty content to camouflage VLESS header ", mb.Len()).WriteToLog(session.ExportIDToError(ctx))
if err := serverWriter.WriteMultiBuffer(mb); err != nil {
return err
}
} }
} else { } else {
newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx)) newError("Reader is not timeout reader, will send out vless header separately from first payload").AtDebug().WriteToLog(session.ExportIDToError(ctx))