Commit graph

1098 commits

Author SHA1 Message Date
yuhan6665 41ce6ccf9f
Make reverse proxy compatible with v2fly (#924)
* Make reverse proxy compatible with v2fly

* Fix gitignore

* Regenerate proto files

- fix v2ray name in loopback

* Fix fly.org in unit tests
2022-02-04 21:59:50 -05:00
Mustafa 42284a757c
chore fixed (#921)
* chore fixed
2022-02-02 19:57:32 -05:00
yuhan6665 d51db9469e Update version 1.5.3 2022-01-28 18:13:15 -05:00
yuhan6665 aa554871ef Update dependencies 2022-01-28 18:13:15 -05:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
dependabot[bot] 30a40aa6f1 Bump google.golang.org/grpc from 1.43.0 to 1.44.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.43.0 to 1.44.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.43.0...v1.44.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-25 20:56:13 -05:00
dependabot[bot] dfcfecf7d8 Bump github.com/google/go-cmp from 0.5.6 to 0.5.7
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.6...v0.5.7)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 09:54:41 -05:00
dependabot[bot] 68d37adf88 Bump github.com/lucas-clemente/quic-go from 0.24.0 to 0.25.0
Bumps [github.com/lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/lucas-clemente/quic-go/releases)
- [Changelog](https://github.com/lucas-clemente/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/lucas-clemente/quic-go/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/lucas-clemente/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 09:32:01 -05:00
Machtergreifung e96e5994d0 Update Vmess Warning Errors 2022-01-19 09:30:28 -05:00
yuhan6665 b4cdb6075b Remove a missed alterId in test 2022-01-14 17:52:12 -05:00
Machtergreifung dde033ca1f
go 1.17.6 (#900)
* go 1.17.6
2022-01-14 17:49:46 -05:00
Machtergreifung 9ad26fa049
chore fixed (#897)
* chore fixed
2022-01-12 21:51:47 -05:00
Machtergreifung 800b3bd3fe
chore fixed (#895)
* chore fixed
2022-01-10 23:39:58 -05:00
dependabot[bot] 1447615f3a Bump github.com/miekg/dns from 1.1.43 to 1.1.45
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.43 to 1.1.45.
- [Release notes](https://github.com/miekg/dns/releases)
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.43...v1.1.45)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-10 23:38:33 -05:00
yuhan6665 980b35b3fe Update version 1.5.2 2021-12-24 09:19:17 -05:00
yuhan6665 9ea1bf7c1d Fix shadowsocks xchacha cipher nonce size 2021-12-19 21:18:35 -05:00
hmol233 63da3a5481 grpc: add initial_windows_size option 2021-12-19 21:14:14 -05:00
rf2892jfdsajf 3057a7c999
doc: add contributing section to readme and update build instruction style (#863)
* doc: add bash style

* doc: add code of conduct to readme

Co-authored-by: Your Name <you@example.com>
2021-12-19 19:10:00 -05:00
xqzr c8e2a99e68 fix unsupported cipher method: xChaCha20-IETF-Poly1305 2021-12-16 18:57:06 -05:00
tritu 756bac7fa4 go 1.17.5 2021-12-15 21:12:00 -05:00
yuhan6665 b0a08d3ed3 Update version 1.5.1 2021-12-14 20:34:07 -05:00
yuhan6665 0d292e0dcd Update dependencies 2021-12-14 20:33:15 -05:00
yuhan6665 dd9da23a59 Add statistics in conn testing
Occasional error is observed when we execute long test
Print time and memory for better troubleshooting in the future

Co-authored-by: Jebbs <qjebbs@gmail.com>
2021-12-14 20:15:05 -05:00
yuhan6665 4e88a369c4 Fix vmess test with portList 2021-12-14 20:01:53 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yuhan6665 d5a7901601
Unified drain support for vmess and shadowsocks (#791)
* Added test for no terminate signal

* unified drain support for vmess and shadowsockets

* drain: add generated file

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-12-14 19:27:31 -05:00
Shelikhoo 6fb5c887b2 Fix DoS attack vulnerability in CommandSwitchAccountFactory 2021-12-11 20:14:57 -05:00
yaotthaha-vscode 4fc284a8e9 Try to fix UDP error 2021-12-01 12:02:27 -05:00
yuhan6665 7c240e8630 Fix null pointer exception for observatory
Core setup router object first, when InjectContext() is called, observatory object is still null,
so observatory need to be injected after InjectContext()
2021-11-20 00:48:02 -05:00
lucifer9 d6ae4e9ba2 Make it easier to configure multiple listening ports 2021-11-17 23:13:15 -05:00
dependabot[bot] c3298c38a0 Bump google.golang.org/grpc from 1.41.0 to 1.42.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.41.0 to 1.42.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.41.0...v1.42.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-04 21:09:16 -04:00
dev_0x1 eb6ced79e7 Add .vscode to ignored directories 2021-11-04 21:08:26 -04:00
秋のかえで 63d0cb1bd6
Refactor: new Shadowsocks validator (#629)
* Refactor: new Shadowsocks validator

* Fix NoneCliper cannot work

* Feat: refine the size of drain

* fix: fix validator after merge 'main'

* fix: UDP user logic

* style: refine code style
2021-10-31 22:10:26 -04:00
roc dd6769954c hotRelodaInterval --> hotReloadInterval 2021-10-26 21:45:31 -04:00
Zhu Sheng Li 28b17b529d
Add concurrency option for outbound observation
Add `enableConcurrency` option, false by default.

If it's set as `true`, start probing outbounds concurrently in every
circle of observation. Wait `probeInterval` between observation circles.
2021-10-26 13:09:03 +08:00
yuhan6665 abb8ba8b0e
Observatory related fixes (#788)
* fix:observatory not supported by multi-json

* Fix: observatory starts with empty config & fails to close (#957)

* Update strategy_leastping.go (#1019)

* add custom probe URL support for observatory

* add custom probe interval for observer

* apply coding style

* Fix: observatory log & JSON config(#1211)

Co-authored-by: ihotte <ihotte@yeah.net>

* Change default probe url from api.v2fly.org to www.google.com

* Cherry-pick missing code from branch 'dev-advloadblancer-2'

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
Co-authored-by: fanyiguan <52657276+fanyiguang@users.noreply.github.com>
Co-authored-by: ihotte <3087168217@qq.com>
Co-authored-by: ihotte <ihotte@yeah.net>
2021-10-26 13:00:31 +08:00
Shelikhoo 7038bded7b
Added experiment to avoid sending the termination signal
(cherry picked from commit c5357e1f000054ba5836468922cae52a830c8019)
2021-10-22 18:34:57 +08:00
Shelikhoo ff35118af5
VMess AEAD based packet length
(cherry picked from commit 08221600082a79376bdc262f2ffec1a3129ae98d)
2021-10-22 18:34:57 +08:00
世界 707efd6d12
Add loopback outound 2021-10-22 17:58:37 +08:00
世界 5c366db847
Add observatory / latestPing balancing strategy
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
世界 77d0419aca
Add socks4/4a support 2021-10-22 13:27:31 +08:00
maskedeken 238bd5d050
Add xchacha20-ietf-poly1305 for Shadowsocks 2021-10-22 13:24:29 +08:00
Loyalsoldier 3fe61ed4a2
Feat: add reverse match for GeoIP
(cherry picked from commit 3a50affa0a7316a9ad249f1b2b2996cb88948551)
2021-10-22 13:06:57 +08:00
Xiaokang Wang 13bc0432bc
WebSocket Early Data Protocol Harmonization with V2Ray/V2Fly (#548)
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server

* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
2021-10-22 12:38:40 +08:00
秋のかえで 9b204ed99b
Fix: Trojan fallback
(cherry picked from commit 908408dd45a58c3c284ecf0dfef539c5681230d9)
2021-10-22 12:38:40 +08:00
yuhan6665 acb81ebe3d
Verify peer cert function for better man in the middle prevention (#746)
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
yuhan6665 6a60332700
Create CODE_OF_CONDUCT.md (#941) (#749)
Co-authored-by: Kslr <kslrwang@gmail.com>
2021-10-22 12:38:40 +08:00
yuhan6665 45dc97e2b6
Use shadowsocket's bloomring for shadowsocket's replay protection (#764)
* use shadowsocket's bloomring for shadowsocket's replay protection

* added shadowsockets iv check for tcp socket

* Rename to shadowsockets iv check

* shadowsocks iv check config file

* iv check should proceed after decryption

* use shadowsocket's bloomring for shadowsocket's replay protection

* Chore: format code (#842)

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
yuhan6665 0f0a424e8c
Fix: use sorted cidr list (#1156) (#773)
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
yuhan6665 c4fc277758
add comment for gRPC TLS silent failure behavior (#779)
When gRPC transport have been configured to use TLS, it may silently ignore TLS failure. This may make it harder to diagnose TLS setting issues when gRPC transport is used. This comment is added to help other developers be aware of this caveat.

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00