Commit graph

116 commits

Author SHA1 Message Date
世界 3b8f09153e
Split utls library 2023-02-21 23:00:30 +08:00
世界 0188c2d67d
Add uTLS support for shadowtls 2023-02-21 20:48:18 +08:00
世界 d6c2a9aab7
Add shadow-tls support 2023-02-21 19:19:47 +08:00
RPRX 4d5c3195d2
Refine random
Fixes https://github.com/XTLS/Xray-core/issues/1666
2023-02-18 05:55:19 +00:00
RPRX 4d2e2b24d3
THE NEXT FUTURE becomes THE REALITY NOW
Thank @yuhan6665 for testing
2023-02-15 16:07:12 +00:00
RPRX 9046eda5ce
Add callClose to UDP Dispatcher
Fixes https://github.com/XTLS/Xray-core/issues/1611
2023-02-08 14:59:14 +08:00
RPRX f32921df30
Refine randomized
But we should avoid using it unless we have to, see
https://github.com/refraction-networking/utls/pull/157#issuecomment-1417156797
2023-02-08 14:51:15 +08:00
RPRX f176ec54ee
v1.7.3 2023-02-02 05:50:21 +00:00
pocketW bf35e9dcd6 fix: handle error raised by dispatcher 2023-02-01 10:17:42 -05:00
RPRX dc72cf2c78
Refine fingerprints
Fixes https://github.com/XTLS/Xray-core/issues/1577
2023-02-01 12:58:17 +00:00
RPRX b70912799b
Generate *.pb.go files with protoc v3.21.12
https://github.com/protocolbuffers/protobuf/releases/tag/v21.12
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2
go run ./infra/vprotogen
2023-01-30 04:35:30 +00:00
mra9776 f571aa72df
uTLS PinnedPeerCertificateChainSha256 (#1556)
* Add tests for utls PinnedPeerCertificateChain

* Fix utls not checking PinnedPeerCertificate

Co-authored-by: ahmadi <ahmadi@meshkan.com>
2023-01-27 04:19:49 +00:00
yuhan6665 3fb67f065a
Add fingerprint xray_random (#1540)
* Add fingerprint xray_random

xray_random means to pick a random uTLS fingerprint at the core startup
This way, the fingerprint is stable for a user for some days. While there is no identifiable signature for the whole xray community

* Fingerprint "random" refine

Exclude old fingerprint from RNG
2023-01-20 23:36:08 -05:00
aeeq 620eb63c1b Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494)
* Update sockopt_linux.go

add Interface Name

* Update config.pb.go

add Interface Name

* Update transport_internet.go

add Interface Name

* Update config.pb.go

* update config.proto add interface

* Update config.pb.go
2023-01-09 09:45:30 -05:00
yuhan6665 32ce7cd730 Add new uTLS fingerprints
- correct safari
- new format is the variable name in https://github.com/refraction-networking/utls/blob/master/u_common.go#L163
- notable ones "HelloChrome_106_Shuffle", "Hello360_Auto", "HelloQQ_Auto"
2023-01-09 09:19:53 -05:00
yuhan6665 c4fbdf1b78 Run core/format.go 2022-12-25 19:47:53 -05:00
aabbccgg 0565589b8b Changed quic MaxIdleTimeout from 30s to 5min & HandshakeIdleTimeout to 8s 2022-11-23 10:52:50 -05:00
Cubarco 8e75e9d763 Fix sockopt.TcpKeepAliveInterval
The Keep-Alive configs may be overridden with golang default settings when `tcpKeepAliveInterval` is set without `tcpKeepAliveIdle`.
2022-11-12 09:15:21 -05:00
Hirbod Behnam da0b13cca0
Added uTLS to gRPC (#1264)
* Added uTLS to gRPC

* Use base 16 of ciphers as StandardName
2022-10-21 21:06:36 -04:00
Hirbod Behnam 1f93cbbc5d
Added utls to websocket (#1256)
* Added utls to websocket

* Slightly better code

One less allocation
2022-10-18 10:34:41 -04:00
Hirbod Behnam 93c7ebe382 Added utls to http2 transport 2022-10-13 10:44:49 -04:00
yuhan6665 8117b66949 Generate all protos 2022-10-10 13:17:32 -04:00
xqzr 8cf23f1947
add tcpcongestion (#1234)
* add `tcpcongestion`

* Update sockopt_linux.go

* Update config.pb.go

* Update transport_internet.go

* Update config.pb.go

* Update transport_internet.go

* Update config.proto
2022-10-10 13:13:50 -04:00
Mocking 4140bcd11a Enhancement of "redirect" function, adding support for MacOS
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "Redirect"
}
}
}
]

还原#1189 提交
2022-08-22 10:33:58 -04:00
S-Mocking 59602db02d
Add "tproxy" option (#1189)
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

Co-authored-by: Mocking <fanhaiwang0817@gmail.com>
2022-08-20 09:02:18 -04:00
ksco.he 76638d793c fix(udp): check addr nil (close 1807) 2022-08-12 20:33:33 -04:00
yuhan6665 340234166b
Add TCPKeepAliveIdle in Sockopt option (#1166)
* Add TCP keep alive idle setting

* Add TCP keep alive idle setting: auto generated

* Add TCP keep alive support in Linux

* Add TCP keep alive support in MacOS, FreeBSD

* Add TCP keep alive support in Windows

* fix bug introduced in adding tcp keep alive adjustment

* embed macOS const to avoid platform inconsistency

* embed macOS const to avoid platform inconsistency(again)

* add TCP Keep Alive support in config

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* Separate TcpKeepAliveIdle and TcpKeepAliveInterval check logic

* Disable tcp keepAlive when TcpKeepAliveIdle < 0 and  TcpKeepAliveInterval <= 0

Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>

Co-authored-by: ValdikSS <iam@valdikss.org.ru>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
2022-07-31 09:55:40 -04:00
yuhan6665 00230a74d5
Fix new Quic lib: KeepAlivePeriod (#1139)
* Bump github.com/lucas-clemente/quic-go from 0.27.2 to 0.28.0

Bumps [github.com/lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/lucas-clemente/quic-go/releases)
- [Changelog](https://github.com/lucas-clemente/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/lucas-clemente/quic-go/compare/v0.27.2...v0.28.0)

---
updated-dependencies:
- dependency-name: github.com/lucas-clemente/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix new Quic lib: KeepAlivePeriod

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-10 21:38:39 -04:00
世界 6f93ef7736
Remove useless error log 2022-06-01 11:11:53 +08:00
世界 f046feb9ca
Reformat code 2022-05-18 15:29:01 +08:00
yuhan6665 b413066012
Fakedns fix xUDP destination override (#1011)
* Fix UDP destination override

* Fix code style

* Fix fakedns object init

Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)

* Amend logic for handing fakedns client

A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.

Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2022-04-23 19:24:46 -04:00
yuhan6665 c9df755426 Add quic qlog to debug logs 2022-04-23 19:23:15 -04:00
yuhan6665 393d211d1e Rename quic session to connection
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
2022-04-09 00:48:02 -04:00
hmol233 b3ab94ef5b Refine domain socket permission 2022-02-18 22:01:29 -05:00
yuhan6665 41ce6ccf9f
Make reverse proxy compatible with v2fly (#924)
* Make reverse proxy compatible with v2fly

* Fix gitignore

* Regenerate proto files

- fix v2ray name in loopback

* Fix fly.org in unit tests
2022-02-04 21:59:50 -05:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
hmol233 63da3a5481 grpc: add initial_windows_size option 2021-12-19 21:14:14 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yaotthaha-vscode 4fc284a8e9 Try to fix UDP error 2021-12-01 12:02:27 -05:00
roc dd6769954c hotRelodaInterval --> hotReloadInterval 2021-10-26 21:45:31 -04:00
世界 5c366db847
Add observatory / latestPing balancing strategy
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
Xiaokang Wang 13bc0432bc
WebSocket Early Data Protocol Harmonization with V2Ray/V2Fly (#548)
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server

* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
2021-10-22 12:38:40 +08:00
yuhan6665 acb81ebe3d
Verify peer cert function for better man in the middle prevention (#746)
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
yuhan6665 c4fc277758
add comment for gRPC TLS silent failure behavior (#779)
When gRPC transport have been configured to use TLS, it may silently ignore TLS failure. This may make it harder to diagnose TLS setting issues when gRPC transport is used. This comment is added to help other developers be aware of this caveat.

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
世界 50e576081e
Add DispatchLink 2021-10-22 12:38:40 +08:00
世界 625cf7361a
Export PacketConnWrapper 2021-10-22 11:57:38 +08:00
yuhan6665 e286cdcaa8
Style: format code by gofumpt (#761) 2021-10-20 00:57:14 +08:00
yuhan6665 a229a7f85e
Revert "cancel failed grpc connection (#707)" (#768)
This reverts commit 0f79126379.
2021-10-16 21:07:45 +08:00
lucifer 5e606169f1
gRPC: Parse X-Real-IP header, fix #766 (#769) 2021-10-14 12:10:19 +08:00
Arthur Morgan 575c7a9687 adjust 2021-10-13 00:49:31 +08:00