From 623cb24644d5f075358c9eae4699dcbbe1409b3b Mon Sep 17 00:00:00 2001 From: Kslr Date: Fri, 20 Nov 2020 15:53:10 +0800 Subject: [PATCH] Remove XTLS (#431) * remove xtls * generate pb * Update protoc * Clean up go.mod & go.sum * format code * restore vless flow * fix codacy * do NOT interfere with pb.go files Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> --- go.mod | 1 - go.sum | 2 - infra/conf/transport_internet.go | 99 ----- infra/conf/trojan.go | 4 - infra/conf/v2ray.go | 17 +- infra/conf/vless.go | 12 - infra/conf/vless_test.go | 6 +- main/distro/all/all.go | 1 - proxy/trojan/client.go | 55 +-- proxy/trojan/config.go | 4 +- proxy/trojan/config.pb.go | 65 ++-- proxy/trojan/config.proto | 1 - proxy/trojan/protocol.go | 23 +- proxy/trojan/server.go | 41 --- proxy/vless/account.go | 2 +- proxy/vless/account.pb.go | 2 +- proxy/vless/account.proto | 2 +- proxy/vless/encoding/addons.go | 22 +- proxy/vless/encoding/encoding.go | 40 --- proxy/vless/inbound/inbound.go | 73 +--- proxy/vless/outbound/outbound.go | 70 +--- proxy/vless/vless.go | 5 - transport/internet/domainsocket/dial.go | 3 - transport/internet/domainsocket/listener.go | 20 +- transport/internet/kcp/dialer.go | 3 - transport/internet/kcp/listener.go | 25 +- transport/internet/tcp/dialer.go | 4 - transport/internet/tcp/hub.go | 9 - transport/internet/xtls/config.go | 241 ------------- transport/internet/xtls/config.pb.go | 379 -------------------- transport/internet/xtls/config.proto | 47 --- transport/internet/xtls/config_other.go | 53 --- transport/internet/xtls/config_test.go | 100 ------ transport/internet/xtls/config_windows.go | 14 - transport/internet/xtls/errors.generated.go | 9 - transport/internet/xtls/xtls.go | 38 -- 36 files changed, 59 insertions(+), 1433 deletions(-) delete mode 100644 transport/internet/xtls/config.go delete mode 100644 transport/internet/xtls/config.pb.go delete mode 100644 transport/internet/xtls/config.proto delete mode 100644 transport/internet/xtls/config_other.go delete mode 100644 transport/internet/xtls/config_test.go delete mode 100644 transport/internet/xtls/config_windows.go delete mode 100644 transport/internet/xtls/errors.generated.go delete mode 100644 transport/internet/xtls/xtls.go diff --git a/go.mod b/go.mod index 1724b523f..3ca770671 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,6 @@ require ( github.com/seiflotfy/cuckoofilter v0.0.0-20201009151232-afb285a456ab github.com/stretchr/testify v1.6.1 github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885 - github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0 go.starlark.net v0.0.0-20201014215153-dff0ae5b4820 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 diff --git a/go.sum b/go.sum index 53a3c0f43..f28ecc826 100644 --- a/go.sum +++ b/go.sum @@ -173,8 +173,6 @@ github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885 h1:nbFN1ZhtcffOD3ZWx0L github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0 h1:Q0OSaIJ+wOy38+g5KYVP9slhbznXwsYGkzscpUrVsak= -github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0/go.mod h1:5TB2+k58gx4A4g2Nf5miSHNDF6CuAzHKpWBooLAshTs= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.starlark.net v0.0.0-20201014215153-dff0ae5b4820 h1:GsJfRMJ3pXl+Pa5CkSQKIA1hNIo1u0M7I2+ff3RCCME= diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index c0bb27d67..64ce1c3c1 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -16,7 +16,6 @@ import ( "v2ray.com/core/transport/internet/tcp" "v2ray.com/core/transport/internet/tls" "v2ray.com/core/transport/internet/websocket" - "v2ray.com/core/transport/internet/xtls" ) var ( @@ -321,81 +320,6 @@ func (c *TLSConfig) Build() (proto.Message, error) { return config, nil } -type XTLSCertConfig struct { - CertFile string `json:"certificateFile"` - CertStr []string `json:"certificate"` - KeyFile string `json:"keyFile"` - KeyStr []string `json:"key"` - Usage string `json:"usage"` -} - -// Build implements Buildable. -func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) { - certificate := new(xtls.Certificate) - - cert, err := readFileOrString(c.CertFile, c.CertStr) - if err != nil { - return nil, newError("failed to parse certificate").Base(err) - } - certificate.Certificate = cert - - if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 { - key, err := readFileOrString(c.KeyFile, c.KeyStr) - if err != nil { - return nil, newError("failed to parse key").Base(err) - } - certificate.Key = key - } - - switch strings.ToLower(c.Usage) { - case "encipherment": - certificate.Usage = xtls.Certificate_ENCIPHERMENT - case "verify": - certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY - case "issue": - certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE - default: - certificate.Usage = xtls.Certificate_ENCIPHERMENT - } - - return certificate, nil -} - -type XTLSConfig struct { - Insecure bool `json:"allowInsecure"` - InsecureCiphers bool `json:"allowInsecureCiphers"` - Certs []*XTLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - DisableSessionResumption bool `json:"disableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` -} - -// Build implements Buildable. -func (c *XTLSConfig) Build() (proto.Message, error) { - config := new(xtls.Config) - config.Certificate = make([]*xtls.Certificate, len(c.Certs)) - for idx, certConf := range c.Certs { - cert, err := certConf.Build() - if err != nil { - return nil, err - } - config.Certificate[idx] = cert - } - serverName := c.ServerName - config.AllowInsecure = c.Insecure - config.AllowInsecureCiphers = c.InsecureCiphers - if len(c.ServerName) > 0 { - config.ServerName = serverName - } - if c.ALPN != nil && len(*c.ALPN) > 0 { - config.NextProtocol = []string(*c.ALPN) - } - config.DisableSessionResumption = c.DisableSessionResumption - config.DisableSystemRoot = c.DisableSystemRoot - return config, nil -} - type TransportProtocol string // Build implements Buildable. @@ -457,7 +381,6 @@ type StreamConfig struct { Network *TransportProtocol `json:"network"` Security string `json:"security"` TLSSettings *TLSConfig `json:"tlsSettings"` - XTLSSettings *XTLSConfig `json:"xtlsSettings"` TCPSettings *TCPConfig `json:"tcpSettings"` KCPSettings *KCPConfig `json:"kcpSettings"` WSSettings *WebSocketConfig `json:"wsSettings"` @@ -482,9 +405,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { if strings.EqualFold(c.Security, "tls") { tlsSettings := c.TLSSettings if tlsSettings == nil { - if c.XTLSSettings != nil { - return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`) - } tlsSettings = &TLSConfig{} } ts, err := tlsSettings.Build() @@ -495,25 +415,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) { config.SecuritySettings = append(config.SecuritySettings, tm) config.SecurityType = tm.Type } - if strings.EqualFold(c.Security, "xtls") { - if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" { - return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.") - } - xtlsSettings := c.XTLSSettings - if xtlsSettings == nil { - if c.TLSSettings != nil { - return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`) - } - xtlsSettings = &XTLSConfig{} - } - ts, err := xtlsSettings.Build() - if err != nil { - return nil, newError("Failed to build XTLS config.").Base(err) - } - tm := serial.ToTypedMessage(ts) - config.SecuritySettings = append(config.SecuritySettings, tm) - config.SecurityType = tm.Type - } if c.TCPSettings != nil { ts, err := c.TCPSettings.Build() if err != nil { diff --git a/infra/conf/trojan.go b/infra/conf/trojan.go index 1eff0354d..673a24757 100644 --- a/infra/conf/trojan.go +++ b/infra/conf/trojan.go @@ -21,7 +21,6 @@ type TrojanServerTarget struct { Password string `json:"password"` Email string `json:"email"` Level byte `json:"level"` - Flow string `json:"flow"` } // TrojanClientConfig is configuration of trojan servers @@ -50,7 +49,6 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) { } account := &trojan.Account{ Password: rec.Password, - Flow: rec.Flow, } trojan := &protocol.ServerEndpoint{ Address: rec.Address.Build(), @@ -86,7 +84,6 @@ type TrojanUserConfig struct { Password string `json:"password"` Level byte `json:"level"` Email string `json:"email"` - Flow string `json:"flow"` } // TrojanServerConfig is Inbound configuration @@ -104,7 +101,6 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) { user := new(protocol.User) account := &trojan.Account{ Password: rawUser.Password, - Flow: rawUser.Flow, } user.Email = rawUser.Email diff --git a/infra/conf/v2ray.go b/infra/conf/v2ray.go index 612c598f4..576e50437 100644 --- a/infra/conf/v2ray.go +++ b/infra/conf/v2ray.go @@ -11,7 +11,6 @@ import ( "v2ray.com/core/app/proxyman" "v2ray.com/core/app/stats" "v2ray.com/core/common/serial" - "v2ray.com/core/transport/internet/xtls" ) var ( @@ -205,9 +204,6 @@ func (c *InboundDetourConfig) Build() (*core.InboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } receiverSettings.StreamSettings = ss } if c.SniffingConfig != nil { @@ -275,9 +271,6 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { if err != nil { return nil, err } - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") { - return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.") - } senderSettings.StreamSettings = ss } @@ -290,15 +283,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) { } if c.MuxSettings != nil { - ms := c.MuxSettings.Build() - if ms != nil && ms.Enabled { - if ss := senderSettings.StreamSettings; ss != nil { - if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) { - return nil, newError("XTLS doesn't support Mux for now.") - } - } - } - senderSettings.MultiplexSettings = ms + senderSettings.MultiplexSettings = c.MuxSettings.Build() } settings := []byte("{}") diff --git a/infra/conf/vless.go b/infra/conf/vless.go index 3d2dbfc3f..6ef387d42 100644 --- a/infra/conf/vless.go +++ b/infra/conf/vless.go @@ -45,12 +45,6 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) { return nil, newError(`VLESS clients: invalid user`).Base(err) } - switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-direct": - default: - return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`) - } - if account.Encryption != "" { return nil, newError(`VLESS clients: "encryption" should not in inbound settings`) } @@ -165,12 +159,6 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) { return nil, newError(`VLESS users: invalid user`).Base(err) } - switch account.Flow { - case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443": - default: - return nil, newError(`VLESS users: "flow" doesn't support "` + account.Flow + `" in this version`) - } - if account.Encryption != "none" { return nil, newError(`VLESS users: please add/set "encryption":"none" for every user`) } diff --git a/infra/conf/vless_test.go b/infra/conf/vless_test.go index 01eb9619d..12035095b 100644 --- a/infra/conf/vless_test.go +++ b/infra/conf/vless_test.go @@ -26,7 +26,6 @@ func TestVLessOutbound(t *testing.T) { "users": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-origin-udp443", "encryption": "none", "level": 0 } @@ -47,7 +46,6 @@ func TestVLessOutbound(t *testing.T) { { Account: serial.ToTypedMessage(&vless.Account{ Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-origin-udp443", Encryption: "none", }), Level: 0, @@ -71,7 +69,6 @@ func TestVLessInbound(t *testing.T) { "clients": [ { "id": "27848739-7e62-4138-9fd3-098a63964b6b", - "flow": "xtls-rprx-origin", "level": 0, "email": "love@v2fly.org" } @@ -97,8 +94,7 @@ func TestVLessInbound(t *testing.T) { Clients: []*protocol.User{ { Account: serial.ToTypedMessage(&vless.Account{ - Id: "27848739-7e62-4138-9fd3-098a63964b6b", - Flow: "xtls-rprx-origin", + Id: "27848739-7e62-4138-9fd3-098a63964b6b", }), Level: 0, Email: "love@v2fly.org", diff --git a/main/distro/all/all.go b/main/distro/all/all.go index ef4774769..f7ae90eb7 100644 --- a/main/distro/all/all.go +++ b/main/distro/all/all.go @@ -46,7 +46,6 @@ import ( _ "v2ray.com/core/transport/internet/tls" _ "v2ray.com/core/transport/internet/udp" _ "v2ray.com/core/transport/internet/websocket" - _ "v2ray.com/core/transport/internet/xtls" // Transport headers _ "v2ray.com/core/transport/internet/headers/http" diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 0b96abaae..b97461761 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -10,7 +10,6 @@ import ( "v2ray.com/core/common" "v2ray.com/core/common/buf" "v2ray.com/core/common/net" - "v2ray.com/core/common/platform" "v2ray.com/core/common/protocol" "v2ray.com/core/common/retry" "v2ray.com/core/common/session" @@ -19,7 +18,6 @@ import ( "v2ray.com/core/features/policy" "v2ray.com/core/transport" "v2ray.com/core/transport/internet" - "v2ray.com/core/transport/internet/xtls" ) // Client is a inbound handler for trojan protocol @@ -85,46 +83,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter return newError("user account is not valid") } - iConn := conn - if statConn, ok := iConn.(*internet.StatCouterConnection); ok { - iConn = statConn.Connection - } - - connWriter := &ConnWriter{} - allowUDP443 := false - switch account.Flow { - case XRO + "-udp443", XRD + "-udp443": - allowUDP443 = true - account.Flow = account.Flow[:16] - fallthrough - case XRO, XRD: - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(account.Flow + " doesn't support Mux").AtWarning() - } - if destination.Network == net.Network_UDP { - if !allowUDP443 && destination.Port == 443 { - return newError(account.Flow + " stopped UDP/443").AtInfo() - } - } else { // enable XTLS only if making TCP request - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = trojanXTLSShow - connWriter.Flow = account.Flow - if account.Flow == XRD { - xtlsConn.DirectMode = true - } - } else { - return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } - case "": - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`) - } - default: - return newError("unsupported flow " + account.Flow).AtWarning() - } - sessionPolicy := c.policyManager.ForLevel(user.Level) ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -134,9 +92,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter var bodyWriter buf.Writer bufferWriter := buf.NewBufferedWriter(buf.NewWriter(conn)) - connWriter.Writer = bufferWriter - connWriter.Target = destination - connWriter.Account = account + connWriter := &ConnWriter{Writer: bufferWriter, Target: destination, Account: account} if destination.Network == net.Network_UDP { bodyWriter = &PacketWriter{Writer: connWriter, Target: destination} @@ -146,7 +102,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter // write some request payload to buffer if err = buf.CopyOnceTimeout(link.Reader, bodyWriter, time.Millisecond*100); err != nil && err != buf.ErrNotTimeoutReader && err != buf.ErrReadTimeout { - return newError("failed to write A reqeust payload").Base(err).AtWarning() + return newError("failed to write A request payload").Base(err).AtWarning() } // Flush; bufferWriter.WriteMultiBufer now is bufferWriter.writer.WriteMultiBuffer @@ -187,11 +143,4 @@ func init() { common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewClient(ctx, config.(*ClientConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - trojanXTLSShow = true - } } diff --git a/proxy/trojan/config.go b/proxy/trojan/config.go index d9fb89987..03a666c88 100644 --- a/proxy/trojan/config.go +++ b/proxy/trojan/config.go @@ -3,7 +3,7 @@ package trojan import ( "crypto/sha256" "encoding/hex" - fmt "fmt" + "fmt" "v2ray.com/core/common" "v2ray.com/core/common/protocol" @@ -13,7 +13,6 @@ import ( type MemoryAccount struct { Password string Key []byte - Flow string } // AsAccount implements protocol.AsAccount. @@ -23,7 +22,6 @@ func (a *Account) AsAccount() (protocol.Account, error) { return &MemoryAccount{ Password: password, Key: key, - Flow: a.Flow, }, nil } diff --git a/proxy/trojan/config.pb.go b/proxy/trojan/config.pb.go index 5e361db32..79e7bb4de 100644 --- a/proxy/trojan/config.pb.go +++ b/proxy/trojan/config.pb.go @@ -32,7 +32,6 @@ type Account struct { unknownFields protoimpl.UnknownFields Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"` - Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` } func (x *Account) Reset() { @@ -74,13 +73,6 @@ func (x *Account) GetPassword() string { return "" } -func (x *Account) GetFlow() string { - if x != nil { - return x.Flow - } - return "" -} - type Fallback struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -272,37 +264,36 @@ var file_proxy_trojan_config_proto_rawDesc = []byte{ 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a, + 0x6f, 0x74, 0x6f, 0x22, 0x25, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, - 0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x22, 0x6e, - 0x0a, 0x08, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, - 0x70, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, - 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52, - 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, - 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, + 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x6e, 0x0a, 0x08, 0x46, 0x61, + 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52, 0x0a, 0x0c, 0x43, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x06, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x76, 0x32, 0x72, + 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x87, + 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x22, 0x87, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, - 0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66, - 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, - 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, - 0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b, - 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76, - 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x2f, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52, - 0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, - 0x6f, 0x6a, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, + 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, + 0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x76, 0x32, 0x72, + 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, + 0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66, + 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, + 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76, 0x32, 0x72, 0x61, 0x79, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, + 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, + 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, 0x6f, 0x6a, 0x61, 0x6e, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/trojan/config.proto b/proxy/trojan/config.proto index 28045c41c..cfac0b0e8 100644 --- a/proxy/trojan/config.proto +++ b/proxy/trojan/config.proto @@ -11,7 +11,6 @@ import "common/protocol/server_spec.proto"; message Account { string password = 1; - string flow = 2; } message Fallback { diff --git a/proxy/trojan/protocol.go b/proxy/trojan/protocol.go index 35189dafe..0c5386d42 100644 --- a/proxy/trojan/protocol.go +++ b/proxy/trojan/protocol.go @@ -17,23 +17,12 @@ var ( protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6), protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain), ) - - trojanXTLSShow = false ) const ( - maxLength = 8192 - // XRD is constant for XTLS direct mode - XRD = "xtls-rprx-direct" - // XRO is constant for XTLS origin mode - XRO = "xtls-rprx-origin" - + maxLength = 8192 commandTCP byte = 1 commandUDP byte = 3 - - // for XTLS - commandXRD byte = 0xf0 // XTLS direct mode - commandXRO byte = 0xf1 // XTLS origin mode ) // ConnWriter is TCP Connection Writer Wrapper for trojan protocol @@ -41,7 +30,6 @@ type ConnWriter struct { io.Writer Target net.Destination Account *MemoryAccount - Flow string headerSent bool } @@ -78,10 +66,6 @@ func (c *ConnWriter) writeHeader() error { command := commandTCP if c.Target.Network == net.Network_UDP { command = commandUDP - } else if c.Flow == XRO { - command = commandXRO - } else if c.Flow == XRD { - command = commandXRD } if _, err := buffer.Write(c.Account.Key); err != nil { @@ -175,7 +159,6 @@ func (w *PacketWriter) writePacket(payload []byte, dest net.Destination) (int, e type ConnReader struct { io.Reader Target net.Destination - Flow string headerParsed bool } @@ -199,10 +182,6 @@ func (c *ConnReader) ParseHeader() error { network := net.Network_TCP if command[0] == commandUDP { network = net.Network_UDP - } else if command[0] == commandXRO { - c.Flow = XRO - } else if command[0] == commandXRD { - c.Flow = XRD } addr, port, err := addrParser.ReadAddressPort(nil, c.Reader) diff --git a/proxy/trojan/server.go b/proxy/trojan/server.go index 237e36f42..6e51829f9 100644 --- a/proxy/trojan/server.go +++ b/proxy/trojan/server.go @@ -15,7 +15,6 @@ import ( "v2ray.com/core/common/errors" "v2ray.com/core/common/log" "v2ray.com/core/common/net" - "v2ray.com/core/common/platform" "v2ray.com/core/common/protocol" udp_proto "v2ray.com/core/common/protocol/udp" "v2ray.com/core/common/retry" @@ -26,20 +25,12 @@ import ( "v2ray.com/core/features/routing" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/udp" - "v2ray.com/core/transport/internet/xtls" ) func init() { common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return NewServer(ctx, config.(*ServerConfig)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - trojanXTLSShow = true - } } // Server is an inbound connection handler that handles messages in trojan protocol. @@ -202,35 +193,6 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher) } - // handle tcp request - account, ok := user.Account.(*MemoryAccount) - if !ok { - return newError("user account is not valid") - } - - switch clientReader.Flow { - case XRO, XRD: - if account.Flow == clientReader.Flow { - if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress { - return newError(clientReader.Flow + " doesn't support Mux").AtWarning() - } - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = trojanXTLSShow - if clientReader.Flow == XRD { - xtlsConn.DirectMode = true - } - } else { - return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } else { - return newError("unable to use ", clientReader.Flow).AtWarning() - } - case "": - default: - return newError("unsupported flow " + account.Flow).AtWarning() - } - ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ From: conn.RemoteAddr(), To: destination, @@ -332,9 +294,6 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro if tlsConn, ok := iConn.(*tls.Conn); ok { alpn = tlsConn.ConnectionState().NegotiatedProtocol newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - alpn = xtlsConn.ConnectionState().NegotiatedProtocol - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } if apfb[alpn] == nil { alpn = "" diff --git a/proxy/vless/account.go b/proxy/vless/account.go index 0357fa803..54e7622e1 100644 --- a/proxy/vless/account.go +++ b/proxy/vless/account.go @@ -24,7 +24,7 @@ func (a *Account) AsAccount() (protocol.Account, error) { type MemoryAccount struct { // ID of the account. ID *protocol.ID - // Flow of the account. May be "xtls-rprx-origin". + // Flow of the account. Flow string // Encryption of the account. Used for client connections, and only accepts "none" for now. Encryption string diff --git a/proxy/vless/account.pb.go b/proxy/vless/account.pb.go index a85145727..19c08e9a9 100644 --- a/proxy/vless/account.pb.go +++ b/proxy/vless/account.pb.go @@ -32,7 +32,7 @@ type Account struct { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Flow settings. May be "xtls-rprx-origin". + // Flow settings. Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` // Encryption settings. Only applies to client side, and only accepts "none" for now. Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"` diff --git a/proxy/vless/account.proto b/proxy/vless/account.proto index 35e7ae1d0..64bbdf057 100644 --- a/proxy/vless/account.proto +++ b/proxy/vless/account.proto @@ -9,7 +9,7 @@ option java_multiple_files = true; message Account { // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57". string id = 1; - // Flow settings. May be "xtls-rprx-origin". + // Flow settings. string flow = 2; // Encryption settings. Only applies to client side, and only accepts "none" for now. string encryption = 3; diff --git a/proxy/vless/encoding/addons.go b/proxy/vless/encoding/addons.go index c847f0079..b37b275f8 100644 --- a/proxy/vless/encoding/addons.go +++ b/proxy/vless/encoding/addons.go @@ -9,22 +9,11 @@ import ( "v2ray.com/core/common/buf" "v2ray.com/core/common/protocol" - "v2ray.com/core/proxy/vless" ) +// EncodeHeaderAddons Add addons byte to the header func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error { switch addons.Flow { - case vless.XRO, vless.XRD: - bytes, err := proto.Marshal(addons) - if err != nil { - return newError("failed to marshal addons protobuf value").Base(err) - } - if err := buffer.WriteByte(byte(len(bytes))); err != nil { - return newError("failed to write addons protobuf length").Base(err) - } - if _, err := buffer.Write(bytes); err != nil { - return newError("failed to write addons protobuf value").Base(err) - } default: if err := buffer.WriteByte(0); err != nil { return newError("failed to write addons protobuf length").Base(err) @@ -121,13 +110,6 @@ func (w *MultiLengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { return w.Writer.WriteMultiBuffer(mb2Write) } -func NewLengthPacketWriter(writer io.Writer) *LengthPacketWriter { - return &LengthPacketWriter{ - Writer: writer, - cache: make([]byte, 0, 65536), - } -} - type LengthPacketWriter struct { io.Writer cache []byte @@ -135,7 +117,6 @@ type LengthPacketWriter struct { func (w *LengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error { length := mb.Len() // none of mb is nil - // fmt.Println("Write", length) if length == 0 { return nil } @@ -171,7 +152,6 @@ func (r *LengthPacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) { return nil, newError("failed to read packet length").Base(err) } length := int32(r.cache[0])<<8 | int32(r.cache[1]) - // fmt.Println("Read", length) mb := make(buf.MultiBuffer, 0, length/buf.Size+1) for length > 0 { size := length diff --git a/proxy/vless/encoding/encoding.go b/proxy/vless/encoding/encoding.go index e6d0f6665..3d09c5b20 100644 --- a/proxy/vless/encoding/encoding.go +++ b/proxy/vless/encoding/encoding.go @@ -5,18 +5,11 @@ package encoding //go:generate go run v2ray.com/core/common/errors/errorgen import ( - "fmt" "io" - "syscall" - "v2ray.com/core/common/buf" - "v2ray.com/core/common/errors" "v2ray.com/core/common/net" "v2ray.com/core/common/protocol" - "v2ray.com/core/common/signal" - "v2ray.com/core/features/stats" "v2ray.com/core/proxy/vless" - "v2ray.com/core/transport/internet/xtls" ) const ( @@ -173,36 +166,3 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A return responseAddons, nil } - -func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter) error { - err := func() error { - var ct stats.Counter - for { - if conn.DirectIn { - conn.DirectIn = false - reader = buf.NewReadVReader(conn.Connection, rawConn) - ct = counter - if conn.SHOW { - fmt.Println(conn.MARK, "ReadV") - } - } - buffer, err := reader.ReadMultiBuffer() - if !buffer.IsEmpty() { - if ct != nil { - ct.Add(int64(buffer.Len())) - } - timer.Update() - if werr := writer.WriteMultiBuffer(buffer); werr != nil { - return werr - } - } - if err != nil { - return err - } - } - }() - if err != nil && errors.Cause(err) != io.EOF { - return err - } - return nil -} diff --git a/proxy/vless/inbound/inbound.go b/proxy/vless/inbound/inbound.go index c35cb1406..4534b3bd2 100644 --- a/proxy/vless/inbound/inbound.go +++ b/proxy/vless/inbound/inbound.go @@ -8,7 +8,6 @@ import ( "context" "io" "strconv" - "syscall" "time" "v2ray.com/core" @@ -17,7 +16,6 @@ import ( "v2ray.com/core/common/errors" "v2ray.com/core/common/log" "v2ray.com/core/common/net" - "v2ray.com/core/common/platform" "v2ray.com/core/common/protocol" "v2ray.com/core/common/retry" "v2ray.com/core/common/session" @@ -27,16 +25,10 @@ import ( feature_inbound "v2ray.com/core/features/inbound" "v2ray.com/core/features/policy" "v2ray.com/core/features/routing" - "v2ray.com/core/features/stats" "v2ray.com/core/proxy/vless" "v2ray.com/core/proxy/vless/encoding" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" -) - -var ( - xtls_show = false ) func init() { @@ -50,13 +42,6 @@ func init() { } return New(ctx, config.(*Config), dc) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an inbound connection handler that handles messages in VLess protocol. @@ -194,9 +179,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i if tlsConn, ok := iConn.(*tls.Conn); ok { alpn = tlsConn.ConnectionState().NegotiatedProtocol newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) - } else if xtlsConn, ok := iConn.(*xtls.Conn); ok { - alpn = xtlsConn.ConnectionState().NegotiatedProtocol - newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid) } if apfb[alpn] == nil { alpn = "" @@ -370,44 +352,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i } inbound.User = request.User - account := request.User.Account.(*vless.MemoryAccount) - - responseAddons := &encoding.Addons{ - // Flow: requestAddons.Flow, - } - - var rawConn syscall.RawConn - - switch requestAddons.Flow { - case vless.XRO, vless.XRD: - if account.Flow == requestAddons.Flow { - switch request.Command { - case protocol.RequestCommandMux: - return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() - case protocol.RequestCommandUDP: - return newError(requestAddons.Flow + " doesn't support UDP").AtWarning() - case protocol.RequestCommandTCP: - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } - } else { - return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning() - } - case "": - default: - return newError("unknown request flow " + requestAddons.Flow).AtWarning() - } + responseAddons := &encoding.Addons{} if request.Command != protocol.RequestCommandMux { ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ @@ -438,20 +383,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i // default: clientReader := reader clientReader := encoding.DecodeBodyAddons(reader, request, requestAddons) - var err error - - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter) - } else { - // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer - err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)) - } - - if err != nil { + // from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer + if err := buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)); err != nil { return newError("failed to transfer request payload").Base(err).AtInfo() } diff --git a/proxy/vless/outbound/outbound.go b/proxy/vless/outbound/outbound.go index b738e950f..d331702ff 100644 --- a/proxy/vless/outbound/outbound.go +++ b/proxy/vless/outbound/outbound.go @@ -6,43 +6,28 @@ package outbound import ( "context" - "syscall" "time" + "v2ray.com/core/proxy/vless" "v2ray.com/core" "v2ray.com/core/common" "v2ray.com/core/common/buf" "v2ray.com/core/common/net" - "v2ray.com/core/common/platform" "v2ray.com/core/common/protocol" "v2ray.com/core/common/retry" "v2ray.com/core/common/session" "v2ray.com/core/common/signal" "v2ray.com/core/common/task" "v2ray.com/core/features/policy" - "v2ray.com/core/features/stats" - "v2ray.com/core/proxy/vless" "v2ray.com/core/proxy/vless/encoding" "v2ray.com/core/transport" "v2ray.com/core/transport/internet" - "v2ray.com/core/transport/internet/xtls" -) - -var ( - xtls_show = false ) func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { return New(ctx, config.(*Config)) })) - - const defaultFlagValue = "NOT_DEFINED_AT_ALL" - - xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue }) - if xtlsShow == "true" { - xtls_show = true - } } // Handler is an outbound connection handler for VLess protocol. @@ -127,44 +112,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte Flow: account.Flow, } - var rawConn syscall.RawConn - - allowUDP443 := false - switch requestAddons.Flow { - case vless.XRO + "-udp443", vless.XRD + "-udp443": - allowUDP443 = true - requestAddons.Flow = requestAddons.Flow[:16] - fallthrough - case vless.XRO, vless.XRD: - switch request.Command { - case protocol.RequestCommandMux: - return newError(requestAddons.Flow + " doesn't support Mux").AtWarning() - case protocol.RequestCommandUDP: - if !allowUDP443 && request.Port == 443 { - return newError(requestAddons.Flow + " stopped UDP/443").AtInfo() - } - requestAddons.Flow = "" - case protocol.RequestCommandTCP: - if xtlsConn, ok := iConn.(*xtls.Conn); ok { - xtlsConn.RPRX = true - xtlsConn.SHOW = xtls_show - xtlsConn.MARK = "XTLS" - if requestAddons.Flow == vless.XRD { - xtlsConn.DirectMode = true - if sc, ok := xtlsConn.Connection.(syscall.Conn); ok { - rawConn, _ = sc.SyscallConn() - } - } - } else { - return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning() - } - } - default: - if _, ok := iConn.(*xtls.Conn); ok { - panic(`To avoid misunderstanding, you must fill in VLESS "flow" when using XTLS.`) - } - } - sessionPolicy := h.policyManager.ForLevel(request.User.Level) ctx, cancel := context.WithCancel(ctx) timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle) @@ -200,6 +147,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte switch requestAddons.Flow { default: } + return nil } @@ -214,18 +162,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte // default: serverReader := buf.NewReader(conn) serverReader := encoding.DecodeBodyAddons(conn, request, responseAddons) - if rawConn != nil { - var counter stats.Counter - if statConn != nil { - counter = statConn.ReadCounter - } - err = encoding.ReadV(serverReader, clientWriter, timer, iConn.(*xtls.Conn), rawConn, counter) - } else { - // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer - err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)) - } - - if err != nil { + // from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer + if err := buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)); err != nil { return newError("failed to transfer response payload").Base(err).AtInfo() } diff --git a/proxy/vless/vless.go b/proxy/vless/vless.go index 84972306f..b122b5754 100644 --- a/proxy/vless/vless.go +++ b/proxy/vless/vless.go @@ -6,8 +6,3 @@ package vless //go:generate go run v2ray.com/core/common/errors/errorgen - -const ( - XRO = "xtls-rprx-origin" - XRD = "xtls-rprx-direct" -) diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go index d3a43f48a..bd6591de3 100644 --- a/transport/internet/domainsocket/dial.go +++ b/transport/internet/domainsocket/dial.go @@ -11,7 +11,6 @@ import ( "v2ray.com/core/common/net" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" ) func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (internet.Connection, error) { @@ -28,8 +27,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil } return conn, nil diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go index 72f57968e..aba951d0a 100644 --- a/transport/internet/domainsocket/listener.go +++ b/transport/internet/domainsocket/listener.go @@ -10,24 +10,21 @@ import ( "os" "strings" - goxtls "github.com/xtls/go" "golang.org/x/sys/unix" "v2ray.com/core/common" "v2ray.com/core/common/net" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" ) type Listener struct { - addr *net.UnixAddr - ln net.Listener - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - config *Config - addConn internet.ConnHandler - locker *fileLocker + addr *net.UnixAddr + ln net.Listener + tlsConfig *gotls.Config + config *Config + addConn internet.ConnHandler + locker *fileLocker } func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) { @@ -62,9 +59,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { ln.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - ln.xtlsConfig = config.GetXTLSConfig() - } go ln.run() @@ -95,8 +89,6 @@ func (ln *Listener) run() { if ln.tlsConfig != nil { conn = tls.Server(conn, ln.tlsConfig) - } else if ln.xtlsConfig != nil { - conn = xtls.Server(conn, ln.xtlsConfig) } ln.addConn(internet.Connection(conn)) diff --git a/transport/internet/kcp/dialer.go b/transport/internet/kcp/dialer.go index 83050edc0..4a6d9b4ff 100644 --- a/transport/internet/kcp/dialer.go +++ b/transport/internet/kcp/dialer.go @@ -13,7 +13,6 @@ import ( "v2ray.com/core/common/net" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" ) var ( @@ -90,8 +89,6 @@ func DialKCP(ctx context.Context, dest net.Destination, streamSettings *internet if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest))) - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - iConn = xtls.Client(iConn, config.GetXTLSConfig(xtls.WithDestination(dest))) } return iConn, nil diff --git a/transport/internet/kcp/listener.go b/transport/internet/kcp/listener.go index 298d3fb83..e0411aa20 100644 --- a/transport/internet/kcp/listener.go +++ b/transport/internet/kcp/listener.go @@ -8,15 +8,12 @@ import ( gotls "crypto/tls" "sync" - goxtls "github.com/xtls/go" - "v2ray.com/core/common" "v2ray.com/core/common/buf" "v2ray.com/core/common/net" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" "v2ray.com/core/transport/internet/udp" - "v2ray.com/core/transport/internet/xtls" ) type ConnectionID struct { @@ -28,15 +25,14 @@ type ConnectionID struct { // Listener defines a server listening for connections type Listener struct { sync.Mutex - sessions map[ConnectionID]*Connection - hub *udp.Hub - tlsConfig *gotls.Config - xtlsConfig *goxtls.Config - config *Config - reader PacketReader - header internet.PacketHeader - security cipher.AEAD - addConn internet.ConnHandler + sessions map[ConnectionID]*Connection + hub *udp.Hub + tlsConfig *gotls.Config + config *Config + reader PacketReader + header internet.PacketHeader + security cipher.AEAD + addConn internet.ConnHandler } func NewListener(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (*Listener, error) { @@ -64,9 +60,6 @@ func NewListener(ctx context.Context, address net.Address, port net.Port, stream if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig() } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig() - } hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024)) if err != nil { @@ -139,8 +132,6 @@ func (l *Listener) OnReceive(payload *buf.Buffer, src net.Destination) { var netConn internet.Connection = conn if l.tlsConfig != nil { netConn = tls.Server(conn, l.tlsConfig) - } else if l.xtlsConfig != nil { - netConn = xtls.Server(conn, l.xtlsConfig) } l.addConn(netConn) diff --git a/transport/internet/tcp/dialer.go b/transport/internet/tcp/dialer.go index 6c744dead..e6f414e0b 100644 --- a/transport/internet/tcp/dialer.go +++ b/transport/internet/tcp/dialer.go @@ -10,7 +10,6 @@ import ( "v2ray.com/core/common/session" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" ) // Dial dials a new TCP connection to the given destination. @@ -31,9 +30,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me } */ conn = tls.Client(conn, tlsConfig) - } else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest)) - conn = xtls.Client(conn, xtlsConfig) } tcpSettings := streamSettings.ProtocolSettings.(*Config) diff --git a/transport/internet/tcp/hub.go b/transport/internet/tcp/hub.go index 49a459f12..7cfb69436 100644 --- a/transport/internet/tcp/hub.go +++ b/transport/internet/tcp/hub.go @@ -8,21 +8,17 @@ import ( "strings" "time" - goxtls "github.com/xtls/go" - "v2ray.com/core/common" "v2ray.com/core/common/net" "v2ray.com/core/common/session" "v2ray.com/core/transport/internet" "v2ray.com/core/transport/internet/tls" - "v2ray.com/core/transport/internet/xtls" ) // Listener is an internet.Listener that listens for TCP connections. type Listener struct { listener net.Listener tlsConfig *gotls.Config - xtlsConfig *goxtls.Config authConfig internet.ConnectionAuthenticator config *Config addConn internet.ConnHandler @@ -77,9 +73,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe if config := tls.ConfigFromStreamSettings(streamSettings); config != nil { l.tlsConfig = config.GetTLSConfig(tls.WithNextProto("h2")) } - if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil { - l.xtlsConfig = config.GetXTLSConfig(xtls.WithNextProto("h2")) - } if tcpSettings.HeaderSettings != nil { headerConfig, err := tcpSettings.HeaderSettings.GetInstance() @@ -114,8 +107,6 @@ func (v *Listener) keepAccepting() { if v.tlsConfig != nil { conn = tls.Server(conn, v.tlsConfig) - } else if v.xtlsConfig != nil { - conn = xtls.Server(conn, v.xtlsConfig) } if v.authConfig != nil { conn = v.authConfig.Server(conn) diff --git a/transport/internet/xtls/config.go b/transport/internet/xtls/config.go deleted file mode 100644 index 0fc2708f6..000000000 --- a/transport/internet/xtls/config.go +++ /dev/null @@ -1,241 +0,0 @@ -// +build !confonly - -package xtls - -import ( - "crypto/x509" - "sync" - "time" - - xtls "github.com/xtls/go" - - "v2ray.com/core/common/net" - "v2ray.com/core/common/protocol/tls/cert" - "v2ray.com/core/transport/internet" -) - -var ( - globalSessionCache = xtls.NewLRUClientSessionCache(128) -) - -// ParseCertificate converts a cert.Certificate to Certificate. -func ParseCertificate(c *cert.Certificate) *Certificate { - if c != nil { - certPEM, keyPEM := c.ToPEM() - return &Certificate{ - Certificate: certPEM, - Key: keyPEM, - } - } - return nil -} - -func (c *Config) loadSelfCertPool() (*x509.CertPool, error) { - root := x509.NewCertPool() - for _, cert := range c.Certificate { - if !root.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("failed to append cert").AtWarning() - } - } - return root, nil -} - -// BuildCertificates builds a list of TLS certificates from proto definition. -func (c *Config) BuildCertificates() []xtls.Certificate { - certs := make([]xtls.Certificate, 0, len(c.Certificate)) - for _, entry := range c.Certificate { - if entry.Usage != Certificate_ENCIPHERMENT { - continue - } - keyPair, err := xtls.X509KeyPair(entry.Certificate, entry.Key) - if err != nil { - newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog() - continue - } - certs = append(certs, keyPair) - } - return certs -} - -func isCertificateExpired(c *xtls.Certificate) bool { - if c.Leaf == nil && len(c.Certificate) > 0 { - if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil { - c.Leaf = pc - } - } - - // If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate. - return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute)) -} - -func issueCertificate(rawCA *Certificate, domain string) (*xtls.Certificate, error) { - parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key) - if err != nil { - return nil, newError("failed to parse raw certificate").Base(err) - } - newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain)) - if err != nil { - return nil, newError("failed to generate new certificate for ", domain).Base(err) - } - newCertPEM, newKeyPEM := newCert.ToPEM() - cert, err := xtls.X509KeyPair(newCertPEM, newKeyPEM) - return &cert, err -} - -func (c *Config) getCustomCA() []*Certificate { - certs := make([]*Certificate, 0, len(c.Certificate)) - for _, certificate := range c.Certificate { - if certificate.Usage == Certificate_AUTHORITY_ISSUE { - certs = append(certs, certificate) - } - } - return certs -} - -func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - var access sync.RWMutex - - return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { - domain := hello.ServerName - certExpired := false - - access.RLock() - certificate, found := c.NameToCertificate[domain] - access.RUnlock() - - if found { - if !isCertificateExpired(certificate) { - return certificate, nil - } - certExpired = true - } - - if certExpired { - newCerts := make([]xtls.Certificate, 0, len(c.Certificates)) - - access.Lock() - for _, certificate := range c.Certificates { - if !isCertificateExpired(&certificate) { - newCerts = append(newCerts, certificate) - } - } - - c.Certificates = newCerts - access.Unlock() - } - - var issuedCertificate *xtls.Certificate - - // Create a new certificate from existing CA if possible - for _, rawCert := range ca { - if rawCert.Usage == Certificate_AUTHORITY_ISSUE { - newCert, err := issueCertificate(rawCert, domain) - if err != nil { - newError("failed to issue new certificate for ", domain).Base(err).WriteToLog() - continue - } - - access.Lock() - c.Certificates = append(c.Certificates, *newCert) - issuedCertificate = &c.Certificates[len(c.Certificates)-1] - access.Unlock() - break - } - } - - if issuedCertificate == nil { - return nil, newError("failed to create a new certificate for ", domain) - } - - access.Lock() - c.BuildNameToCertificate() - access.Unlock() - - return issuedCertificate, nil - } -} - -func (c *Config) parseServerName() string { - return c.ServerName -} - -// GetXTLSConfig converts this Config into xtls.Config. -func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config { - root, err := c.getCertPool() - if err != nil { - newError("failed to load system root certificate").AtError().Base(err).WriteToLog() - } - - if c == nil { - return &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: false, - NextProtos: nil, - SessionTicketsDisabled: false, - } - } - - config := &xtls.Config{ - ClientSessionCache: globalSessionCache, - RootCAs: root, - InsecureSkipVerify: c.AllowInsecure, - NextProtos: c.NextProtocol, - SessionTicketsDisabled: c.DisableSessionResumption, - } - - for _, opt := range opts { - opt(config) - } - - config.Certificates = c.BuildCertificates() - config.BuildNameToCertificate() - - caCerts := c.getCustomCA() - if len(caCerts) > 0 { - config.GetCertificate = getGetCertificateFunc(config, caCerts) - } - - if sn := c.parseServerName(); len(sn) > 0 { - config.ServerName = sn - } - - if len(config.NextProtos) == 0 { - config.NextProtos = []string{"h2", "http/1.1"} - } - - return config -} - -// Option for building XTLS config. -type Option func(*xtls.Config) - -// WithDestination sets the server name in XTLS config. -func WithDestination(dest net.Destination) Option { - return func(config *xtls.Config) { - if dest.Address.Family().IsDomain() && config.ServerName == "" { - config.ServerName = dest.Address.Domain() - } - } -} - -// WithNextProto sets the ALPN values in XTLS config. -func WithNextProto(protocol ...string) Option { - return func(config *xtls.Config) { - if len(config.NextProtos) == 0 { - config.NextProtos = protocol - } - } -} - -// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found. -func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config { - if settings == nil { - return nil - } - config, ok := settings.SecuritySettings.(*Config) - if !ok { - return nil - } - return config -} diff --git a/transport/internet/xtls/config.pb.go b/transport/internet/xtls/config.pb.go deleted file mode 100644 index 862d5f26e..000000000 --- a/transport/internet/xtls/config.pb.go +++ /dev/null @@ -1,379 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.25.0 -// protoc v3.13.0 -// source: transport/internet/xtls/config.proto - -package xtls - -import ( - proto "github.com/golang/protobuf/proto" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a compile-time assertion that a sufficiently up-to-date version -// of the legacy proto package is being used. -const _ = proto.ProtoPackageIsVersion4 - -type Certificate_Usage int32 - -const ( - Certificate_ENCIPHERMENT Certificate_Usage = 0 - Certificate_AUTHORITY_VERIFY Certificate_Usage = 1 - Certificate_AUTHORITY_ISSUE Certificate_Usage = 2 -) - -// Enum value maps for Certificate_Usage. -var ( - Certificate_Usage_name = map[int32]string{ - 0: "ENCIPHERMENT", - 1: "AUTHORITY_VERIFY", - 2: "AUTHORITY_ISSUE", - } - Certificate_Usage_value = map[string]int32{ - "ENCIPHERMENT": 0, - "AUTHORITY_VERIFY": 1, - "AUTHORITY_ISSUE": 2, - } -) - -func (x Certificate_Usage) Enum() *Certificate_Usage { - p := new(Certificate_Usage) - *p = x - return p -} - -func (x Certificate_Usage) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor { - return file_transport_internet_xtls_config_proto_enumTypes[0].Descriptor() -} - -func (Certificate_Usage) Type() protoreflect.EnumType { - return &file_transport_internet_xtls_config_proto_enumTypes[0] -} - -func (x Certificate_Usage) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use Certificate_Usage.Descriptor instead. -func (Certificate_Usage) EnumDescriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0, 0} -} - -type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // XTLS certificate in x509 format. - Certificate []byte `protobuf:"bytes,1,opt,name=Certificate,proto3" json:"Certificate,omitempty"` - // XTLS key in x509 format. - Key []byte `protobuf:"bytes,2,opt,name=Key,proto3" json:"Key,omitempty"` - Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=v2ray.core.transport.internet.xtls.Certificate_Usage" json:"usage,omitempty"` -} - -func (x *Certificate) Reset() { - *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Certificate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Certificate) ProtoMessage() {} - -func (x *Certificate) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. -func (*Certificate) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0} -} - -func (x *Certificate) GetCertificate() []byte { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Certificate) GetKey() []byte { - if x != nil { - return x.Key - } - return nil -} - -func (x *Certificate) GetUsage() Certificate_Usage { - if x != nil { - return x.Usage - } - return Certificate_ENCIPHERMENT -} - -type Config struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether or not to allow self-signed certificates. - AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` - // Whether or not to allow insecure cipher suites. - AllowInsecureCiphers bool `protobuf:"varint,5,opt,name=allow_insecure_ciphers,json=allowInsecureCiphers,proto3" json:"allow_insecure_ciphers,omitempty"` - // List of certificates to be served on server. - Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"` - // Override server name. - ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` - // Lists of string as ALPN values. - NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"` - // Whether or not to disable session (ticket) resumption. - DisableSessionResumption bool `protobuf:"varint,6,opt,name=disable_session_resumption,json=disableSessionResumption,proto3" json:"disable_session_resumption,omitempty"` - // If true, root certificates on the system will not be loaded for - // verification. - DisableSystemRoot bool `protobuf:"varint,7,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"` -} - -func (x *Config) Reset() { - *x = Config{} - if protoimpl.UnsafeEnabled { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Config) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Config) ProtoMessage() {} - -func (x *Config) ProtoReflect() protoreflect.Message { - mi := &file_transport_internet_xtls_config_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Config.ProtoReflect.Descriptor instead. -func (*Config) Descriptor() ([]byte, []int) { - return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{1} -} - -func (x *Config) GetAllowInsecure() bool { - if x != nil { - return x.AllowInsecure - } - return false -} - -func (x *Config) GetAllowInsecureCiphers() bool { - if x != nil { - return x.AllowInsecureCiphers - } - return false -} - -func (x *Config) GetCertificate() []*Certificate { - if x != nil { - return x.Certificate - } - return nil -} - -func (x *Config) GetServerName() string { - if x != nil { - return x.ServerName - } - return "" -} - -func (x *Config) GetNextProtocol() []string { - if x != nil { - return x.NextProtocol - } - return nil -} - -func (x *Config) GetDisableSessionResumption() bool { - if x != nil { - return x.DisableSessionResumption - } - return false -} - -func (x *Config) GetDisableSystemRoot() bool { - if x != nil { - return x.DisableSystemRoot - } - return false -} - -var File_transport_internet_xtls_config_proto protoreflect.FileDescriptor - -var file_transport_internet_xtls_config_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x22, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x0b, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, - 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x4b, - 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, - 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, - 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x55, - 0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x22, 0x44, 0x0a, 0x05, 0x55, - 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, - 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, - 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, - 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, - 0x02, 0x22, 0xec, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0b, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, - 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, - 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, - 0x74, 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, - 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, - 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x3c, 0x0a, 0x1a, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, - 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x2e, 0x0a, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x6f, 0x6f, 0x74, - 0x42, 0x77, 0x0a, 0x26, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x26, 0x76, 0x32, - 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, - 0x78, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x22, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72, - 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x58, 0x74, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_transport_internet_xtls_config_proto_rawDescOnce sync.Once - file_transport_internet_xtls_config_proto_rawDescData = file_transport_internet_xtls_config_proto_rawDesc -) - -func file_transport_internet_xtls_config_proto_rawDescGZIP() []byte { - file_transport_internet_xtls_config_proto_rawDescOnce.Do(func() { - file_transport_internet_xtls_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_xtls_config_proto_rawDescData) - }) - return file_transport_internet_xtls_config_proto_rawDescData -} - -var file_transport_internet_xtls_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_transport_internet_xtls_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_transport_internet_xtls_config_proto_goTypes = []interface{}{ - (Certificate_Usage)(0), // 0: v2ray.core.transport.internet.xtls.Certificate.Usage - (*Certificate)(nil), // 1: v2ray.core.transport.internet.xtls.Certificate - (*Config)(nil), // 2: v2ray.core.transport.internet.xtls.Config -} -var file_transport_internet_xtls_config_proto_depIdxs = []int32{ - 0, // 0: v2ray.core.transport.internet.xtls.Certificate.usage:type_name -> v2ray.core.transport.internet.xtls.Certificate.Usage - 1, // 1: v2ray.core.transport.internet.xtls.Config.certificate:type_name -> v2ray.core.transport.internet.xtls.Certificate - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_transport_internet_xtls_config_proto_init() } -func file_transport_internet_xtls_config_proto_init() { - if File_transport_internet_xtls_config_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_transport_internet_xtls_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_transport_internet_xtls_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Config); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_transport_internet_xtls_config_proto_rawDesc, - NumEnums: 1, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_transport_internet_xtls_config_proto_goTypes, - DependencyIndexes: file_transport_internet_xtls_config_proto_depIdxs, - EnumInfos: file_transport_internet_xtls_config_proto_enumTypes, - MessageInfos: file_transport_internet_xtls_config_proto_msgTypes, - }.Build() - File_transport_internet_xtls_config_proto = out.File - file_transport_internet_xtls_config_proto_rawDesc = nil - file_transport_internet_xtls_config_proto_goTypes = nil - file_transport_internet_xtls_config_proto_depIdxs = nil -} diff --git a/transport/internet/xtls/config.proto b/transport/internet/xtls/config.proto deleted file mode 100644 index 490ae6e95..000000000 --- a/transport/internet/xtls/config.proto +++ /dev/null @@ -1,47 +0,0 @@ -syntax = "proto3"; - -package v2ray.core.transport.internet.xtls; -option csharp_namespace = "V2Ray.Core.Transport.Internet.Xtls"; -option go_package = "v2ray.com/core/transport/internet/xtls"; -option java_package = "com.v2ray.core.transport.internet.xtls"; -option java_multiple_files = true; - -message Certificate { - // XTLS certificate in x509 format. - bytes Certificate = 1; - - // XTLS key in x509 format. - bytes Key = 2; - - enum Usage { - ENCIPHERMENT = 0; - AUTHORITY_VERIFY = 1; - AUTHORITY_ISSUE = 2; - } - - Usage usage = 3; -} - -message Config { - // Whether or not to allow self-signed certificates. - bool allow_insecure = 1; - - // Whether or not to allow insecure cipher suites. - bool allow_insecure_ciphers = 5; - - // List of certificates to be served on server. - repeated Certificate certificate = 2; - - // Override server name. - string server_name = 3; - - // Lists of string as ALPN values. - repeated string next_protocol = 4; - - // Whether or not to disable session (ticket) resumption. - bool disable_session_resumption = 6; - - // If true, root certificates on the system will not be loaded for - // verification. - bool disable_system_root = 7; -} diff --git a/transport/internet/xtls/config_other.go b/transport/internet/xtls/config_other.go deleted file mode 100644 index a1dda046c..000000000 --- a/transport/internet/xtls/config_other.go +++ /dev/null @@ -1,53 +0,0 @@ -// +build !windows -// +build !confonly - -package xtls - -import ( - "crypto/x509" - "sync" -) - -type rootCertsCache struct { - sync.Mutex - pool *x509.CertPool -} - -func (c *rootCertsCache) load() (*x509.CertPool, error) { - c.Lock() - defer c.Unlock() - - if c.pool != nil { - return c.pool, nil - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - c.pool = pool - return pool, nil -} - -var rootCerts rootCertsCache - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - if len(c.Certificate) == 0 { - return rootCerts.load() - } - - pool, err := x509.SystemCertPool() - if err != nil { - return nil, newError("system root").AtWarning().Base(err) - } - for _, cert := range c.Certificate { - if !pool.AppendCertsFromPEM(cert.Certificate) { - return nil, newError("append cert to root").AtWarning().Base(err) - } - } - return pool, err -} diff --git a/transport/internet/xtls/config_test.go b/transport/internet/xtls/config_test.go deleted file mode 100644 index 9e7227c9c..000000000 --- a/transport/internet/xtls/config_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package xtls_test - -import ( - "crypto/x509" - "testing" - "time" - - xtls "github.com/xtls/go" - - "v2ray.com/core/common" - "v2ray.com/core/common/protocol/tls/cert" - . "v2ray.com/core/transport/internet/xtls" -) - -func TestCertificateIssuing(t *testing.T) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.v2fly.org", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestExpiredCertificate(t *testing.T) { - caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)) - expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org")) - - certificate := ParseCertificate(caCert) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - certificate2 := ParseCertificate(expiredCert) - - c := &Config{ - Certificate: []*Certificate{ - certificate, - certificate2, - }, - } - - xtlsConfig := c.GetXTLSConfig() - v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.v2fly.org", - }) - common.Must(err) - - x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0]) - common.Must(err) - if !x509Cert.NotAfter.After(time.Now()) { - t.Error("NotAfter: ", x509Cert.NotAfter) - } -} - -func TestInsecureCertificates(t *testing.T) { - c := &Config{ - AllowInsecureCiphers: true, - } - - xtlsConfig := c.GetXTLSConfig() - if len(xtlsConfig.CipherSuites) > 0 { - t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites) - } -} - -func BenchmarkCertificateIssuing(b *testing.B) { - certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) - certificate.Usage = Certificate_AUTHORITY_ISSUE - - c := &Config{ - Certificate: []*Certificate{ - certificate, - }, - } - - xtlsConfig := c.GetXTLSConfig() - lenCerts := len(xtlsConfig.Certificates) - - b.ResetTimer() - - for i := 0; i < b.N; i++ { - _, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{ - ServerName: "www.v2fly.org", - }) - delete(xtlsConfig.NameToCertificate, "www.v2fly.org") - xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts] - } -} diff --git a/transport/internet/xtls/config_windows.go b/transport/internet/xtls/config_windows.go deleted file mode 100644 index 8c5bf01d7..000000000 --- a/transport/internet/xtls/config_windows.go +++ /dev/null @@ -1,14 +0,0 @@ -// +build windows -// +build !confonly - -package xtls - -import "crypto/x509" - -func (c *Config) getCertPool() (*x509.CertPool, error) { - if c.DisableSystemRoot { - return c.loadSelfCertPool() - } - - return nil, nil -} diff --git a/transport/internet/xtls/errors.generated.go b/transport/internet/xtls/errors.generated.go deleted file mode 100644 index 9269f5584..000000000 --- a/transport/internet/xtls/errors.generated.go +++ /dev/null @@ -1,9 +0,0 @@ -package xtls - -import "v2ray.com/core/common/errors" - -type errPathObjHolder struct{} - -func newError(values ...interface{}) *errors.Error { - return errors.New(values...).WithPathObj(errPathObjHolder{}) -} diff --git a/transport/internet/xtls/xtls.go b/transport/internet/xtls/xtls.go deleted file mode 100644 index 5d65355cf..000000000 --- a/transport/internet/xtls/xtls.go +++ /dev/null @@ -1,38 +0,0 @@ -// +build !confonly - -package xtls - -import ( - xtls "github.com/xtls/go" - - "v2ray.com/core/common/net" -) - -//go:generate go run v2ray.com/core/common/errors/errorgen - -type Conn struct { - *xtls.Conn -} - -func (c *Conn) HandshakeAddress() net.Address { - if err := c.Handshake(); err != nil { - return nil - } - state := c.ConnectionState() - if state.ServerName == "" { - return nil - } - return net.ParseAddress(state.ServerName) -} - -// Client initiates a XTLS client handshake on the given connection. -func Client(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Client(c, config) - return &Conn{Conn: xtlsConn} -} - -// Server initiates a XTLS server handshake on the given connection. -func Server(c net.Conn, config *xtls.Config) net.Conn { - xtlsConn := xtls.Server(c, config) - return &Conn{Conn: xtlsConn} -}