Commit graph

242 commits

Author SHA1 Message Date
S-Mocking 59602db02d
Add "tproxy" option (#1189)
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

Co-authored-by: Mocking <fanhaiwang0817@gmail.com>
2022-08-20 09:02:18 -04:00
ksco.he 76638d793c fix(udp): check addr nil (close 1807) 2022-08-12 20:33:33 -04:00
yuhan6665 340234166b
Add TCPKeepAliveIdle in Sockopt option (#1166)
* Add TCP keep alive idle setting

* Add TCP keep alive idle setting: auto generated

* Add TCP keep alive support in Linux

* Add TCP keep alive support in MacOS, FreeBSD

* Add TCP keep alive support in Windows

* fix bug introduced in adding tcp keep alive adjustment

* embed macOS const to avoid platform inconsistency

* embed macOS const to avoid platform inconsistency(again)

* add TCP Keep Alive support in config

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* Separate TcpKeepAliveIdle and TcpKeepAliveInterval check logic

* Disable tcp keepAlive when TcpKeepAliveIdle < 0 and  TcpKeepAliveInterval <= 0

Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>

Co-authored-by: ValdikSS <iam@valdikss.org.ru>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
2022-07-31 09:55:40 -04:00
yuhan6665 00230a74d5
Fix new Quic lib: KeepAlivePeriod (#1139)
* Bump github.com/lucas-clemente/quic-go from 0.27.2 to 0.28.0

Bumps [github.com/lucas-clemente/quic-go](https://github.com/lucas-clemente/quic-go) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/lucas-clemente/quic-go/releases)
- [Changelog](https://github.com/lucas-clemente/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/lucas-clemente/quic-go/compare/v0.27.2...v0.28.0)

---
updated-dependencies:
- dependency-name: github.com/lucas-clemente/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix new Quic lib: KeepAlivePeriod

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-10 21:38:39 -04:00
世界 6f93ef7736
Remove useless error log 2022-06-01 11:11:53 +08:00
世界 f046feb9ca
Reformat code 2022-05-18 15:29:01 +08:00
yuhan6665 b413066012
Fakedns fix xUDP destination override (#1011)
* Fix UDP destination override

* Fix code style

* Fix fakedns object init

Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)

* Amend logic for handing fakedns client

A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.

Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2022-04-23 19:24:46 -04:00
yuhan6665 c9df755426 Add quic qlog to debug logs 2022-04-23 19:23:15 -04:00
yuhan6665 393d211d1e Rename quic session to connection
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
2022-04-09 00:48:02 -04:00
hmol233 b3ab94ef5b Refine domain socket permission 2022-02-18 22:01:29 -05:00
yuhan6665 41ce6ccf9f
Make reverse proxy compatible with v2fly (#924)
* Make reverse proxy compatible with v2fly

* Fix gitignore

* Regenerate proto files

- fix v2ray name in loopback

* Fix fly.org in unit tests
2022-02-04 21:59:50 -05:00
yuhan6665 578d903a9e
Quic related improvements (#915)
* DialSystem for Quic

DialSystem() is needed in case of Android client,
where the raw conn is protected for vpn service

* Fix client dialer log

Log such as:
tunneling request to tcp:www.google.com:80 via tcp:x.x.x.x:443
the second "tcp" is misleading when using mKcp or quic transport

Remove the second "tcp" and add the correct logging for transport dialer:
- transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
- transport/internet/quic: dialing quic to udp:x.x.x.x:443

* Quic new stream allocation mode

Currently this is how Quic works: client muxing all tcp and udp traffic through a single session, when there are more than 32 running streams in the session,
the next stream request will fail and open with a new session (port). Imagine lineup the session from left to right:
 |
 |  |
 |  |  |

As the streams finishes, we still open stream from the left, original session. So the base session will always be there and new sessions on the right come and go.
However, either due to QOS or bugs in Quic implementation, the traffic "wear out" the base session. It will become slower and in the end not receiving any data from server side.
I couldn't figure out a solution for this problem at the moment, as a workaround:
       |  |
    |  |  |
 |  |  |

I came up with this new stream allocation mode, that it will never open new streams in the old sessions, but only from current or new session from right.
The keeplive config is turned off from server and client side. This way old sessions will natually close and new sessions keep generating.
Note the frequency of new session is still controlled by the server side. Server can assign a large max stream limit. In this case the new allocation mode will be similar to the current mode.
2022-01-28 18:11:30 -05:00
hmol233 63da3a5481 grpc: add initial_windows_size option 2021-12-19 21:14:14 -05:00
yuhan6665 e93da4bd02
Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
yaotthaha-vscode 4fc284a8e9 Try to fix UDP error 2021-12-01 12:02:27 -05:00
roc dd6769954c hotRelodaInterval --> hotReloadInterval 2021-10-26 21:45:31 -04:00
世界 5c366db847
Add observatory / latestPing balancing strategy
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
Xiaokang Wang 13bc0432bc
WebSocket Early Data Protocol Harmonization with V2Ray/V2Fly (#548)
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server

* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
2021-10-22 12:38:40 +08:00
yuhan6665 acb81ebe3d
Verify peer cert function for better man in the middle prevention (#746)
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
yuhan6665 c4fc277758
add comment for gRPC TLS silent failure behavior (#779)
When gRPC transport have been configured to use TLS, it may silently ignore TLS failure. This may make it harder to diagnose TLS setting issues when gRPC transport is used. This comment is added to help other developers be aware of this caveat.

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
世界 50e576081e
Add DispatchLink 2021-10-22 12:38:40 +08:00
世界 625cf7361a
Export PacketConnWrapper 2021-10-22 11:57:38 +08:00
yuhan6665 e286cdcaa8
Style: format code by gofumpt (#761) 2021-10-20 00:57:14 +08:00
yuhan6665 a229a7f85e
Revert "cancel failed grpc connection (#707)" (#768)
This reverts commit 0f79126379.
2021-10-16 21:07:45 +08:00
lucifer 5e606169f1
gRPC: Parse X-Real-IP header, fix #766 (#769) 2021-10-14 12:10:19 +08:00
Arthur Morgan 575c7a9687 adjust 2021-10-13 00:49:31 +08:00
yuhan6665 e6711d1b48
Add header and method support to http2 transport (#755)
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-12 15:58:12 +00:00
yuhan6665 4bb61701b5
Add tcpKeepAliveInterval in transport sockopt (#754)
Co-authored-by: Ahmad Karimi <ak12hastam@gmail.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-12 15:39:08 +00:00
yuhan6665 ef4c63812b
Fix: nullcheck on alternative systemDialer (#752)
* fix: null-check on alternative systemDialer
* delete deprecated option DualStack

Co-authored-by: rurirei <72071920+rurirei@users.noreply.github.com>
2021-10-12 15:32:45 +00:00
yuhan6665 3554886ce1
vformat supports multi-core processing (#757)
* Feat: vformat supports multi-core processing (#996)

Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-12 15:29:22 +00:00
hmol233 7033f7cf5f
Fix: protobuf file (#724) 2021-09-20 22:41:09 +08:00
Arthur Morgan ffc2f7c4e2 Style: format code 2021-09-20 21:00:55 +08:00
Arthur Morgan 24b637cd5e
Fix: CounterConnection with ReadV/WriteV (#720)
Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com>
2021-09-20 20:11:21 +08:00
WeidiDeng b0b2aaa70c
Fixed refresh error when multiple certificates exist (#663)
* Fix when there are multiple certs, after refresh from file all will be the same as the last.
2021-09-18 03:48:22 +08:00
yuhan6665 42d158bd85
vprotogen refine (#717)
* Update all proto files with existing vprotogen
* Chore: remove protoc-gen-gofast
* Feat: vprotogen adds version detector to block generation code from old protobuf version
* Feat: vprotogen refine logic

Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-09-18 01:16:14 +08:00
yuhan6665 0f79126379
cancel failed grpc connection (#707)
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-09-15 01:40:38 +08:00
Arthur Morgan e6019a89c9 adjust for go1.17 2021-09-08 01:30:20 +08:00
Arthur Morgan c950edede2
Merge pull request #618 from XTLS/fix/service-name
gRPC: Use `PathEscape` encoded service name
2021-09-08 00:53:55 +08:00
Arthur Morgan 64892fb2c3
Merge pull request #609 from XTLS/fix/dialer
Move `DomainStrategy` & `DialerProxy` to `DialSystem`
2021-09-08 00:53:37 +08:00
Arthur Morgan d9d239750b
Merge pull request #633 from XTLS/feature/h2-health-check
Add health check for h2 & gRPC
2021-09-08 00:52:10 +08:00
Arthur Morgan 7a9e72b133
Merge pull request #589 from bhoppi/main
Fix: new cert issuing is incorrectly delayed
2021-09-08 00:50:32 +08:00
hmol233 31c7141fef
gRPC: add keepalive option PermitWithoutStream 2021-07-05 21:25:21 +08:00
hmol233 57b9006d26
gRPC: add keepalive option for server 2021-07-05 21:25:03 +08:00
hmol233 d9d04a230f
Add h2 & gRPC health check 2021-07-03 16:01:59 +08:00
hmol233 3dc9fba20d
gRPC: Use PathEscape encoded service name 2021-06-27 16:46:26 +08:00
hmol233 86a8fb5d84
Move DomainStrategy & DialerProxy to DialSystem
Fix https://github.com/XTLS/Xray-core/issues/608
2021-06-18 19:28:02 +08:00
Bhoppi Chaw 2220411644 fix new cert issuing is incorrectly delayed 2021-06-05 23:32:05 +08:00
hmol233 3b8618b379
Fix linkname 2021-05-10 07:11:27 +08:00
hmol233 e8a8465220
Fix reject unknown sni with single cert 2021-05-10 00:28:40 +08:00
hmol233 1f92b948c0
Fix errNoCertificates 2021-05-10 00:11:45 +08:00
hmol233 53b99efe78
Add: reject unknown SNI
Co-Authored-By: 玖柒Max <60207794+jiuqi9997@users.noreply.github.com>
2021-05-09 23:47:21 +08:00
Bhoppi Chaw bf94fb53ca
Fix QUIC disconnecting issue (#475)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-04-06 16:37:28 +00:00
lucifer 1d13a8da49
fix grpc dial ipv6 address (#476) 2021-04-05 09:00:46 +08:00
RPRX 4bf8b6d89c
Fix uTLS fingerprints support
Thank @HirbodBehnam https://github.com/XTLS/Xray-core/issues/461
2021-04-01 09:15:18 +00:00
秋のかえで 7f2fad73d4
Chore: Upgrade dependencies (#432)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-03-31 06:18:34 +00:00
Jim Han 3ed14c2fcd
Fix: gRPC & HTTP/2 dialer (#445) 2021-03-30 16:43:31 +00:00
risetechlab b63049f404
Fix: TFO AsIs bug (#452) 2021-03-30 16:42:02 +00:00
RPRX a9e11075d1
Add uTLS fingerprints support (#451) 2021-03-29 10:08:29 +00:00
Jim Han e564d9ef7e
Fix: TCP & WS override AcceptProxyProtocol (#425) 2021-03-28 16:16:07 +00:00
RPRX e0910ab4d9
Update dialer.html 2021-03-23 16:55:05 +00:00
RPRX d46af8b5d4
Add WSS Browser Dialer support (#421) 2021-03-23 09:25:35 +00:00
Jim Han 0470381fe2
Fix: gRPC multi accepting empty bytes (#411) 2021-03-21 09:16:52 +00:00
maskedeken 36961ed882
Add remote addr to gRPC transport layer conn (#382)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-03-17 17:55:51 +00:00
RPRX a0a32ee00d
Add gRPC Transport support (#356)
Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com>
2021-03-14 15:02:07 +00:00
RPRX 60b06877bf
Add WebSocket 0-RTT support (#375) 2021-03-14 07:10:10 +00:00
RPRX 819717d278
Fix https://github.com/XTLS/Xray-core/issues/366 2021-03-12 11:38:36 +00:00
Jim Han d7cd71b741
Resolve conflicting changes in DNS #309 #341 (#346)
Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
2021-03-07 07:12:50 +00:00
Jim Han db32ce6fd9
Enhance DNS and Dialer (#341) 2021-03-06 16:29:17 +00:00
risetechlab ad1807dd99
Enhance TCP Fast Open (#310) 2021-03-06 14:45:12 +00:00
Jim Han 7fb1f65354
Fix https://github.com/XTLS/Xray-core/issues/289 (#300) 2021-03-01 02:43:27 +00:00
RPRX 8b9c0ae593
Enable (X)TLS hot reloading by default (#281)
Super BiuBiu
2021-02-20 02:15:57 +00:00
秋のかえで 347d9735da
Remove (x)tls.WithNextProto("h2") in tcp/hub.go (#260) 2021-02-18 11:50:09 +00:00
eMeab 81d993158f
Support hot reloading of certificate and key files (#225) 2021-02-12 15:33:19 +00:00
eMeab c13b8ec9bb
Fix OCSP Stapling (#172)
Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
2021-01-30 23:17:07 +00:00
Arthur Morgan ba41513967
Changes from v2fly-core (#173) 2021-01-22 03:35:56 +00:00
RPRX 7df135a5c4
Disable session resumption by default
https://github.com/v2fly/v2ray-core/issues/557#issuecomment-751962569
2021-01-01 11:33:09 +00:00
RPRX 13ad3fddf6
Refactor: *net.UDPAddr -> *net.Destination
https://t.me/projectXray/111998
2020-12-28 09:40:28 +00:00
RPRX 6bcac6cb10 Move common/net/connection.go into cnc folder 2020-12-28 03:20:39 +08:00
RPRX a78db47571
Adjust OCSP Stapling 2020-12-25 15:10:12 +00:00
eMeab 3d7e86efba
Add OCSP Stapling for TLS & XTLS (#92) 2020-12-25 08:01:20 +00:00
Arthur Morgan 6f25191822
Changes from v2ray-core (#93) 2020-12-24 19:45:35 +00:00
RPRX 8f8f7dd66f
Refactor: Shadowsocks & Trojan UDP FullCone NAT
https://t.me/projectXray/95704
2020-12-23 13:06:21 +00:00
RPRX ff9bb2d8df
Optimize cipherSuites setting loader 2020-12-17 09:25:30 +00:00
RPRX 38faac5ffc
Adjust config loader of TLS & XTLS 2020-12-16 15:59:04 +00:00
eMeab 88dfed931b
Add cipherSuites setting for TLS & XTLS (#78) 2020-12-16 12:53:55 +00:00
Jim Han fe445f8e1a
Fix: HTTP dialer uses ctx instead of context.Background() (#79) 2020-12-16 11:52:45 +00:00
RPRX ed0e9b12dc
Adjust ProtoBuf of TLS & XTLS 2020-12-16 08:50:18 +00:00
eMeab dab978749c
Add minVersion setting for TLS & XTLS (#77) 2020-12-16 05:20:24 +00:00
RPRX f8faf3c8b8 Removal: confonly 2020-12-11 13:05:29 +08:00
RPRX f1eb5e3d08
Refactor: Support TCP/IPv6 in REDIRECT mode
十分感谢 @badO1a5A90 @LGA1150 协助测试

https://github.com/XTLS/Xray-core/issues/48#issuecomment-741509789

https://github.com/v2ray/v2ray-core/issues/1309#issuecomment-447432696
2020-12-09 12:16:38 +00:00
RPRX 16544c18ab v1.1.0 2020-12-04 09:36:16 +08:00
RPRX c7f7c08ead v1.0.0 2020-11-25 19:01:53 +08:00