From 5c2bf477bb2313471a6f4ac91e4ba139379a869e Mon Sep 17 00:00:00 2001
From: Darien Raymond <admin@v2ray.com>
Date: Wed, 4 Jul 2018 18:47:06 +0200
Subject: [PATCH] check connection type

---
 proxy/mtproto/server.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/proxy/mtproto/server.go b/proxy/mtproto/server.go
index 01f454864..48ef8f736 100644
--- a/proxy/mtproto/server.go
+++ b/proxy/mtproto/server.go
@@ -8,6 +8,7 @@ import (
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/crypto"
 	"v2ray.com/core/common/net"
+	"v2ray.com/core/common/predicate"
 	"v2ray.com/core/common/protocol"
 	"v2ray.com/core/common/task"
 	"v2ray.com/core/transport/internet"
@@ -61,12 +62,17 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
 	if err != nil {
 		return newError("failed to read authentication header").Base(err)
 	}
+	defer putAuthenticationObject(auth)
 
 	auth.ApplySecret(s.account.Secret)
 
 	decryptor := crypto.NewAesCTRStream(auth.DecodingKey[:], auth.DecodingNonce[:])
 	decryptor.XORKeyStream(auth.Header[:], auth.Header[:])
 
+	if !predicate.BytesAll(auth.Header[56:60], 0xef) {
+		return newError("invalid connection type: ", auth.Header[56:60])
+	}
+
 	dcID := auth.DataCenterID()
 	if dcID >= uint16(len(dcList)) {
 		return newError("invalid data center id: ", dcID)