mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-09-28 06:46:14 -04:00
Remove XTLS (#431)
* remove xtls * generate pb * Update protoc * Clean up go.mod & go.sum * format code * restore vless flow * fix codacy * do NOT interfere with pb.go files Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
This commit is contained in:
parent
9a03cc5c98
commit
623cb24644
1
go.mod
1
go.mod
@ -14,7 +14,6 @@ require (
|
|||||||
github.com/seiflotfy/cuckoofilter v0.0.0-20201009151232-afb285a456ab
|
github.com/seiflotfy/cuckoofilter v0.0.0-20201009151232-afb285a456ab
|
||||||
github.com/stretchr/testify v1.6.1
|
github.com/stretchr/testify v1.6.1
|
||||||
github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885
|
github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885
|
||||||
github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0
|
|
||||||
go.starlark.net v0.0.0-20201014215153-dff0ae5b4820
|
go.starlark.net v0.0.0-20201014215153-dff0ae5b4820
|
||||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
|
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
|
||||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102
|
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102
|
||||||
|
2
go.sum
2
go.sum
@ -173,8 +173,6 @@ github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885 h1:nbFN1ZhtcffOD3ZWx0L
|
|||||||
github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M=
|
github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M=
|
||||||
github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
|
github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
|
||||||
github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
|
github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
|
||||||
github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0 h1:Q0OSaIJ+wOy38+g5KYVP9slhbznXwsYGkzscpUrVsak=
|
|
||||||
github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0/go.mod h1:5TB2+k58gx4A4g2Nf5miSHNDF6CuAzHKpWBooLAshTs=
|
|
||||||
go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
|
go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
|
||||||
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||||
go.starlark.net v0.0.0-20201014215153-dff0ae5b4820 h1:GsJfRMJ3pXl+Pa5CkSQKIA1hNIo1u0M7I2+ff3RCCME=
|
go.starlark.net v0.0.0-20201014215153-dff0ae5b4820 h1:GsJfRMJ3pXl+Pa5CkSQKIA1hNIo1u0M7I2+ff3RCCME=
|
||||||
|
@ -16,7 +16,6 @@ import (
|
|||||||
"v2ray.com/core/transport/internet/tcp"
|
"v2ray.com/core/transport/internet/tcp"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/websocket"
|
"v2ray.com/core/transport/internet/websocket"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -321,81 +320,6 @@ func (c *TLSConfig) Build() (proto.Message, error) {
|
|||||||
return config, nil
|
return config, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type XTLSCertConfig struct {
|
|
||||||
CertFile string `json:"certificateFile"`
|
|
||||||
CertStr []string `json:"certificate"`
|
|
||||||
KeyFile string `json:"keyFile"`
|
|
||||||
KeyStr []string `json:"key"`
|
|
||||||
Usage string `json:"usage"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Build implements Buildable.
|
|
||||||
func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) {
|
|
||||||
certificate := new(xtls.Certificate)
|
|
||||||
|
|
||||||
cert, err := readFileOrString(c.CertFile, c.CertStr)
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("failed to parse certificate").Base(err)
|
|
||||||
}
|
|
||||||
certificate.Certificate = cert
|
|
||||||
|
|
||||||
if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 {
|
|
||||||
key, err := readFileOrString(c.KeyFile, c.KeyStr)
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("failed to parse key").Base(err)
|
|
||||||
}
|
|
||||||
certificate.Key = key
|
|
||||||
}
|
|
||||||
|
|
||||||
switch strings.ToLower(c.Usage) {
|
|
||||||
case "encipherment":
|
|
||||||
certificate.Usage = xtls.Certificate_ENCIPHERMENT
|
|
||||||
case "verify":
|
|
||||||
certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY
|
|
||||||
case "issue":
|
|
||||||
certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE
|
|
||||||
default:
|
|
||||||
certificate.Usage = xtls.Certificate_ENCIPHERMENT
|
|
||||||
}
|
|
||||||
|
|
||||||
return certificate, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type XTLSConfig struct {
|
|
||||||
Insecure bool `json:"allowInsecure"`
|
|
||||||
InsecureCiphers bool `json:"allowInsecureCiphers"`
|
|
||||||
Certs []*XTLSCertConfig `json:"certificates"`
|
|
||||||
ServerName string `json:"serverName"`
|
|
||||||
ALPN *StringList `json:"alpn"`
|
|
||||||
DisableSessionResumption bool `json:"disableSessionResumption"`
|
|
||||||
DisableSystemRoot bool `json:"disableSystemRoot"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Build implements Buildable.
|
|
||||||
func (c *XTLSConfig) Build() (proto.Message, error) {
|
|
||||||
config := new(xtls.Config)
|
|
||||||
config.Certificate = make([]*xtls.Certificate, len(c.Certs))
|
|
||||||
for idx, certConf := range c.Certs {
|
|
||||||
cert, err := certConf.Build()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
config.Certificate[idx] = cert
|
|
||||||
}
|
|
||||||
serverName := c.ServerName
|
|
||||||
config.AllowInsecure = c.Insecure
|
|
||||||
config.AllowInsecureCiphers = c.InsecureCiphers
|
|
||||||
if len(c.ServerName) > 0 {
|
|
||||||
config.ServerName = serverName
|
|
||||||
}
|
|
||||||
if c.ALPN != nil && len(*c.ALPN) > 0 {
|
|
||||||
config.NextProtocol = []string(*c.ALPN)
|
|
||||||
}
|
|
||||||
config.DisableSessionResumption = c.DisableSessionResumption
|
|
||||||
config.DisableSystemRoot = c.DisableSystemRoot
|
|
||||||
return config, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type TransportProtocol string
|
type TransportProtocol string
|
||||||
|
|
||||||
// Build implements Buildable.
|
// Build implements Buildable.
|
||||||
@ -457,7 +381,6 @@ type StreamConfig struct {
|
|||||||
Network *TransportProtocol `json:"network"`
|
Network *TransportProtocol `json:"network"`
|
||||||
Security string `json:"security"`
|
Security string `json:"security"`
|
||||||
TLSSettings *TLSConfig `json:"tlsSettings"`
|
TLSSettings *TLSConfig `json:"tlsSettings"`
|
||||||
XTLSSettings *XTLSConfig `json:"xtlsSettings"`
|
|
||||||
TCPSettings *TCPConfig `json:"tcpSettings"`
|
TCPSettings *TCPConfig `json:"tcpSettings"`
|
||||||
KCPSettings *KCPConfig `json:"kcpSettings"`
|
KCPSettings *KCPConfig `json:"kcpSettings"`
|
||||||
WSSettings *WebSocketConfig `json:"wsSettings"`
|
WSSettings *WebSocketConfig `json:"wsSettings"`
|
||||||
@ -482,9 +405,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
|
|||||||
if strings.EqualFold(c.Security, "tls") {
|
if strings.EqualFold(c.Security, "tls") {
|
||||||
tlsSettings := c.TLSSettings
|
tlsSettings := c.TLSSettings
|
||||||
if tlsSettings == nil {
|
if tlsSettings == nil {
|
||||||
if c.XTLSSettings != nil {
|
|
||||||
return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`)
|
|
||||||
}
|
|
||||||
tlsSettings = &TLSConfig{}
|
tlsSettings = &TLSConfig{}
|
||||||
}
|
}
|
||||||
ts, err := tlsSettings.Build()
|
ts, err := tlsSettings.Build()
|
||||||
@ -495,25 +415,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
|
|||||||
config.SecuritySettings = append(config.SecuritySettings, tm)
|
config.SecuritySettings = append(config.SecuritySettings, tm)
|
||||||
config.SecurityType = tm.Type
|
config.SecurityType = tm.Type
|
||||||
}
|
}
|
||||||
if strings.EqualFold(c.Security, "xtls") {
|
|
||||||
if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" {
|
|
||||||
return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.")
|
|
||||||
}
|
|
||||||
xtlsSettings := c.XTLSSettings
|
|
||||||
if xtlsSettings == nil {
|
|
||||||
if c.TLSSettings != nil {
|
|
||||||
return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`)
|
|
||||||
}
|
|
||||||
xtlsSettings = &XTLSConfig{}
|
|
||||||
}
|
|
||||||
ts, err := xtlsSettings.Build()
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("Failed to build XTLS config.").Base(err)
|
|
||||||
}
|
|
||||||
tm := serial.ToTypedMessage(ts)
|
|
||||||
config.SecuritySettings = append(config.SecuritySettings, tm)
|
|
||||||
config.SecurityType = tm.Type
|
|
||||||
}
|
|
||||||
if c.TCPSettings != nil {
|
if c.TCPSettings != nil {
|
||||||
ts, err := c.TCPSettings.Build()
|
ts, err := c.TCPSettings.Build()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -21,7 +21,6 @@ type TrojanServerTarget struct {
|
|||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Level byte `json:"level"`
|
Level byte `json:"level"`
|
||||||
Flow string `json:"flow"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TrojanClientConfig is configuration of trojan servers
|
// TrojanClientConfig is configuration of trojan servers
|
||||||
@ -50,7 +49,6 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) {
|
|||||||
}
|
}
|
||||||
account := &trojan.Account{
|
account := &trojan.Account{
|
||||||
Password: rec.Password,
|
Password: rec.Password,
|
||||||
Flow: rec.Flow,
|
|
||||||
}
|
}
|
||||||
trojan := &protocol.ServerEndpoint{
|
trojan := &protocol.ServerEndpoint{
|
||||||
Address: rec.Address.Build(),
|
Address: rec.Address.Build(),
|
||||||
@ -86,7 +84,6 @@ type TrojanUserConfig struct {
|
|||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
Level byte `json:"level"`
|
Level byte `json:"level"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Flow string `json:"flow"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TrojanServerConfig is Inbound configuration
|
// TrojanServerConfig is Inbound configuration
|
||||||
@ -104,7 +101,6 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) {
|
|||||||
user := new(protocol.User)
|
user := new(protocol.User)
|
||||||
account := &trojan.Account{
|
account := &trojan.Account{
|
||||||
Password: rawUser.Password,
|
Password: rawUser.Password,
|
||||||
Flow: rawUser.Flow,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
user.Email = rawUser.Email
|
user.Email = rawUser.Email
|
||||||
|
@ -11,7 +11,6 @@ import (
|
|||||||
"v2ray.com/core/app/proxyman"
|
"v2ray.com/core/app/proxyman"
|
||||||
"v2ray.com/core/app/stats"
|
"v2ray.com/core/app/stats"
|
||||||
"v2ray.com/core/common/serial"
|
"v2ray.com/core/common/serial"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -205,9 +204,6 @@ func (c *InboundDetourConfig) Build() (*core.InboundHandlerConfig, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") {
|
|
||||||
return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.")
|
|
||||||
}
|
|
||||||
receiverSettings.StreamSettings = ss
|
receiverSettings.StreamSettings = ss
|
||||||
}
|
}
|
||||||
if c.SniffingConfig != nil {
|
if c.SniffingConfig != nil {
|
||||||
@ -275,9 +271,6 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") {
|
|
||||||
return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.")
|
|
||||||
}
|
|
||||||
senderSettings.StreamSettings = ss
|
senderSettings.StreamSettings = ss
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -290,15 +283,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if c.MuxSettings != nil {
|
if c.MuxSettings != nil {
|
||||||
ms := c.MuxSettings.Build()
|
senderSettings.MultiplexSettings = c.MuxSettings.Build()
|
||||||
if ms != nil && ms.Enabled {
|
|
||||||
if ss := senderSettings.StreamSettings; ss != nil {
|
|
||||||
if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) {
|
|
||||||
return nil, newError("XTLS doesn't support Mux for now.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
senderSettings.MultiplexSettings = ms
|
|
||||||
}
|
}
|
||||||
|
|
||||||
settings := []byte("{}")
|
settings := []byte("{}")
|
||||||
|
@ -45,12 +45,6 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
|
|||||||
return nil, newError(`VLESS clients: invalid user`).Base(err)
|
return nil, newError(`VLESS clients: invalid user`).Base(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
switch account.Flow {
|
|
||||||
case "", "xtls-rprx-origin", "xtls-rprx-direct":
|
|
||||||
default:
|
|
||||||
return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`)
|
|
||||||
}
|
|
||||||
|
|
||||||
if account.Encryption != "" {
|
if account.Encryption != "" {
|
||||||
return nil, newError(`VLESS clients: "encryption" should not in inbound settings`)
|
return nil, newError(`VLESS clients: "encryption" should not in inbound settings`)
|
||||||
}
|
}
|
||||||
@ -165,12 +159,6 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
|
|||||||
return nil, newError(`VLESS users: invalid user`).Base(err)
|
return nil, newError(`VLESS users: invalid user`).Base(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
switch account.Flow {
|
|
||||||
case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443":
|
|
||||||
default:
|
|
||||||
return nil, newError(`VLESS users: "flow" doesn't support "` + account.Flow + `" in this version`)
|
|
||||||
}
|
|
||||||
|
|
||||||
if account.Encryption != "none" {
|
if account.Encryption != "none" {
|
||||||
return nil, newError(`VLESS users: please add/set "encryption":"none" for every user`)
|
return nil, newError(`VLESS users: please add/set "encryption":"none" for every user`)
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,6 @@ func TestVLessOutbound(t *testing.T) {
|
|||||||
"users": [
|
"users": [
|
||||||
{
|
{
|
||||||
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
|
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
|
||||||
"flow": "xtls-rprx-origin-udp443",
|
|
||||||
"encryption": "none",
|
"encryption": "none",
|
||||||
"level": 0
|
"level": 0
|
||||||
}
|
}
|
||||||
@ -47,7 +46,6 @@ func TestVLessOutbound(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Account: serial.ToTypedMessage(&vless.Account{
|
Account: serial.ToTypedMessage(&vless.Account{
|
||||||
Id: "27848739-7e62-4138-9fd3-098a63964b6b",
|
Id: "27848739-7e62-4138-9fd3-098a63964b6b",
|
||||||
Flow: "xtls-rprx-origin-udp443",
|
|
||||||
Encryption: "none",
|
Encryption: "none",
|
||||||
}),
|
}),
|
||||||
Level: 0,
|
Level: 0,
|
||||||
@ -71,7 +69,6 @@ func TestVLessInbound(t *testing.T) {
|
|||||||
"clients": [
|
"clients": [
|
||||||
{
|
{
|
||||||
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
|
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
|
||||||
"flow": "xtls-rprx-origin",
|
|
||||||
"level": 0,
|
"level": 0,
|
||||||
"email": "love@v2fly.org"
|
"email": "love@v2fly.org"
|
||||||
}
|
}
|
||||||
@ -97,8 +94,7 @@ func TestVLessInbound(t *testing.T) {
|
|||||||
Clients: []*protocol.User{
|
Clients: []*protocol.User{
|
||||||
{
|
{
|
||||||
Account: serial.ToTypedMessage(&vless.Account{
|
Account: serial.ToTypedMessage(&vless.Account{
|
||||||
Id: "27848739-7e62-4138-9fd3-098a63964b6b",
|
Id: "27848739-7e62-4138-9fd3-098a63964b6b",
|
||||||
Flow: "xtls-rprx-origin",
|
|
||||||
}),
|
}),
|
||||||
Level: 0,
|
Level: 0,
|
||||||
Email: "love@v2fly.org",
|
Email: "love@v2fly.org",
|
||||||
|
@ -46,7 +46,6 @@ import (
|
|||||||
_ "v2ray.com/core/transport/internet/tls"
|
_ "v2ray.com/core/transport/internet/tls"
|
||||||
_ "v2ray.com/core/transport/internet/udp"
|
_ "v2ray.com/core/transport/internet/udp"
|
||||||
_ "v2ray.com/core/transport/internet/websocket"
|
_ "v2ray.com/core/transport/internet/websocket"
|
||||||
_ "v2ray.com/core/transport/internet/xtls"
|
|
||||||
|
|
||||||
// Transport headers
|
// Transport headers
|
||||||
_ "v2ray.com/core/transport/internet/headers/http"
|
_ "v2ray.com/core/transport/internet/headers/http"
|
||||||
|
@ -10,7 +10,6 @@ import (
|
|||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/buf"
|
"v2ray.com/core/common/buf"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/platform"
|
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
"v2ray.com/core/common/retry"
|
"v2ray.com/core/common/retry"
|
||||||
"v2ray.com/core/common/session"
|
"v2ray.com/core/common/session"
|
||||||
@ -19,7 +18,6 @@ import (
|
|||||||
"v2ray.com/core/features/policy"
|
"v2ray.com/core/features/policy"
|
||||||
"v2ray.com/core/transport"
|
"v2ray.com/core/transport"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Client is a inbound handler for trojan protocol
|
// Client is a inbound handler for trojan protocol
|
||||||
@ -85,46 +83,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
|
|||||||
return newError("user account is not valid")
|
return newError("user account is not valid")
|
||||||
}
|
}
|
||||||
|
|
||||||
iConn := conn
|
|
||||||
if statConn, ok := iConn.(*internet.StatCouterConnection); ok {
|
|
||||||
iConn = statConn.Connection
|
|
||||||
}
|
|
||||||
|
|
||||||
connWriter := &ConnWriter{}
|
|
||||||
allowUDP443 := false
|
|
||||||
switch account.Flow {
|
|
||||||
case XRO + "-udp443", XRD + "-udp443":
|
|
||||||
allowUDP443 = true
|
|
||||||
account.Flow = account.Flow[:16]
|
|
||||||
fallthrough
|
|
||||||
case XRO, XRD:
|
|
||||||
if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
|
|
||||||
return newError(account.Flow + " doesn't support Mux").AtWarning()
|
|
||||||
}
|
|
||||||
if destination.Network == net.Network_UDP {
|
|
||||||
if !allowUDP443 && destination.Port == 443 {
|
|
||||||
return newError(account.Flow + " stopped UDP/443").AtInfo()
|
|
||||||
}
|
|
||||||
} else { // enable XTLS only if making TCP request
|
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
xtlsConn.RPRX = true
|
|
||||||
xtlsConn.SHOW = trojanXTLSShow
|
|
||||||
connWriter.Flow = account.Flow
|
|
||||||
if account.Flow == XRD {
|
|
||||||
xtlsConn.DirectMode = true
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
case "":
|
|
||||||
if _, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`)
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
return newError("unsupported flow " + account.Flow).AtWarning()
|
|
||||||
}
|
|
||||||
|
|
||||||
sessionPolicy := c.policyManager.ForLevel(user.Level)
|
sessionPolicy := c.policyManager.ForLevel(user.Level)
|
||||||
ctx, cancel := context.WithCancel(ctx)
|
ctx, cancel := context.WithCancel(ctx)
|
||||||
timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
|
timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
|
||||||
@ -134,9 +92,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
|
|||||||
|
|
||||||
var bodyWriter buf.Writer
|
var bodyWriter buf.Writer
|
||||||
bufferWriter := buf.NewBufferedWriter(buf.NewWriter(conn))
|
bufferWriter := buf.NewBufferedWriter(buf.NewWriter(conn))
|
||||||
connWriter.Writer = bufferWriter
|
connWriter := &ConnWriter{Writer: bufferWriter, Target: destination, Account: account}
|
||||||
connWriter.Target = destination
|
|
||||||
connWriter.Account = account
|
|
||||||
|
|
||||||
if destination.Network == net.Network_UDP {
|
if destination.Network == net.Network_UDP {
|
||||||
bodyWriter = &PacketWriter{Writer: connWriter, Target: destination}
|
bodyWriter = &PacketWriter{Writer: connWriter, Target: destination}
|
||||||
@ -146,7 +102,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
|
|||||||
|
|
||||||
// write some request payload to buffer
|
// write some request payload to buffer
|
||||||
if err = buf.CopyOnceTimeout(link.Reader, bodyWriter, time.Millisecond*100); err != nil && err != buf.ErrNotTimeoutReader && err != buf.ErrReadTimeout {
|
if err = buf.CopyOnceTimeout(link.Reader, bodyWriter, time.Millisecond*100); err != nil && err != buf.ErrNotTimeoutReader && err != buf.ErrReadTimeout {
|
||||||
return newError("failed to write A reqeust payload").Base(err).AtWarning()
|
return newError("failed to write A request payload").Base(err).AtWarning()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Flush; bufferWriter.WriteMultiBufer now is bufferWriter.writer.WriteMultiBuffer
|
// Flush; bufferWriter.WriteMultiBufer now is bufferWriter.writer.WriteMultiBuffer
|
||||||
@ -187,11 +143,4 @@ func init() {
|
|||||||
common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
||||||
return NewClient(ctx, config.(*ClientConfig))
|
return NewClient(ctx, config.(*ClientConfig))
|
||||||
}))
|
}))
|
||||||
|
|
||||||
const defaultFlagValue = "NOT_DEFINED_AT_ALL"
|
|
||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
|
||||||
if xtlsShow == "true" {
|
|
||||||
trojanXTLSShow = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@ package trojan
|
|||||||
import (
|
import (
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
fmt "fmt"
|
"fmt"
|
||||||
|
|
||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
@ -13,7 +13,6 @@ import (
|
|||||||
type MemoryAccount struct {
|
type MemoryAccount struct {
|
||||||
Password string
|
Password string
|
||||||
Key []byte
|
Key []byte
|
||||||
Flow string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// AsAccount implements protocol.AsAccount.
|
// AsAccount implements protocol.AsAccount.
|
||||||
@ -23,7 +22,6 @@ func (a *Account) AsAccount() (protocol.Account, error) {
|
|||||||
return &MemoryAccount{
|
return &MemoryAccount{
|
||||||
Password: password,
|
Password: password,
|
||||||
Key: key,
|
Key: key,
|
||||||
Flow: a.Flow,
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,7 +32,6 @@ type Account struct {
|
|||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
|
|
||||||
Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
|
Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
|
||||||
Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *Account) Reset() {
|
func (x *Account) Reset() {
|
||||||
@ -74,13 +73,6 @@ func (x *Account) GetPassword() string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *Account) GetFlow() string {
|
|
||||||
if x != nil {
|
|
||||||
return x.Flow
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
type Fallback struct {
|
type Fallback struct {
|
||||||
state protoimpl.MessageState
|
state protoimpl.MessageState
|
||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
@ -272,37 +264,36 @@ var file_proxy_trojan_config_proto_rawDesc = []byte{
|
|||||||
0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
||||||
0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
|
0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
|
||||||
0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72,
|
0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72,
|
||||||
0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a,
|
0x6f, 0x74, 0x6f, 0x22, 0x25, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a,
|
||||||
0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
|
0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
|
||||||
0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c,
|
0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x6e, 0x0a, 0x08, 0x46, 0x61,
|
||||||
0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x22, 0x6e,
|
0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x18, 0x01,
|
||||||
0x0a, 0x08, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c,
|
0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61,
|
||||||
0x70, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12,
|
0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12,
|
||||||
0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61,
|
0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79,
|
||||||
0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
|
0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
|
||||||
0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04,
|
0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x05,
|
||||||
0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76,
|
0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52, 0x0a, 0x0c, 0x43, 0x6c,
|
||||||
0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52,
|
0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x06, 0x73, 0x65,
|
||||||
0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42,
|
0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x76, 0x32, 0x72,
|
||||||
0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a,
|
0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70,
|
||||||
|
0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e,
|
||||||
|
0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x87,
|
||||||
|
0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
|
||||||
|
0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20,
|
||||||
0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
|
0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
|
||||||
0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76,
|
0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72,
|
||||||
0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76,
|
0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62,
|
||||||
0x65, 0x72, 0x22, 0x87, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e,
|
0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x76, 0x32, 0x72,
|
||||||
0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03,
|
0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72,
|
||||||
0x28, 0x0b, 0x32, 0x20, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
|
0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66,
|
||||||
0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e,
|
0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e,
|
||||||
0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66,
|
0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79,
|
||||||
0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21,
|
0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76, 0x32, 0x72, 0x61, 0x79,
|
||||||
0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78,
|
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f,
|
||||||
0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63,
|
0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43,
|
||||||
0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b,
|
0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, 0x6f, 0x6a, 0x61, 0x6e,
|
||||||
0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70,
|
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||||
0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76,
|
|
||||||
0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72,
|
|
||||||
0x6f, 0x78, 0x79, 0x2f, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52,
|
|
||||||
0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72,
|
|
||||||
0x6f, 0x6a, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -11,7 +11,6 @@ import "common/protocol/server_spec.proto";
|
|||||||
|
|
||||||
message Account {
|
message Account {
|
||||||
string password = 1;
|
string password = 1;
|
||||||
string flow = 2;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
message Fallback {
|
message Fallback {
|
||||||
|
@ -17,23 +17,12 @@ var (
|
|||||||
protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
|
protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
|
||||||
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
|
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
|
||||||
)
|
)
|
||||||
|
|
||||||
trojanXTLSShow = false
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
maxLength = 8192
|
maxLength = 8192
|
||||||
// XRD is constant for XTLS direct mode
|
|
||||||
XRD = "xtls-rprx-direct"
|
|
||||||
// XRO is constant for XTLS origin mode
|
|
||||||
XRO = "xtls-rprx-origin"
|
|
||||||
|
|
||||||
commandTCP byte = 1
|
commandTCP byte = 1
|
||||||
commandUDP byte = 3
|
commandUDP byte = 3
|
||||||
|
|
||||||
// for XTLS
|
|
||||||
commandXRD byte = 0xf0 // XTLS direct mode
|
|
||||||
commandXRO byte = 0xf1 // XTLS origin mode
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// ConnWriter is TCP Connection Writer Wrapper for trojan protocol
|
// ConnWriter is TCP Connection Writer Wrapper for trojan protocol
|
||||||
@ -41,7 +30,6 @@ type ConnWriter struct {
|
|||||||
io.Writer
|
io.Writer
|
||||||
Target net.Destination
|
Target net.Destination
|
||||||
Account *MemoryAccount
|
Account *MemoryAccount
|
||||||
Flow string
|
|
||||||
headerSent bool
|
headerSent bool
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,10 +66,6 @@ func (c *ConnWriter) writeHeader() error {
|
|||||||
command := commandTCP
|
command := commandTCP
|
||||||
if c.Target.Network == net.Network_UDP {
|
if c.Target.Network == net.Network_UDP {
|
||||||
command = commandUDP
|
command = commandUDP
|
||||||
} else if c.Flow == XRO {
|
|
||||||
command = commandXRO
|
|
||||||
} else if c.Flow == XRD {
|
|
||||||
command = commandXRD
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := buffer.Write(c.Account.Key); err != nil {
|
if _, err := buffer.Write(c.Account.Key); err != nil {
|
||||||
@ -175,7 +159,6 @@ func (w *PacketWriter) writePacket(payload []byte, dest net.Destination) (int, e
|
|||||||
type ConnReader struct {
|
type ConnReader struct {
|
||||||
io.Reader
|
io.Reader
|
||||||
Target net.Destination
|
Target net.Destination
|
||||||
Flow string
|
|
||||||
headerParsed bool
|
headerParsed bool
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -199,10 +182,6 @@ func (c *ConnReader) ParseHeader() error {
|
|||||||
network := net.Network_TCP
|
network := net.Network_TCP
|
||||||
if command[0] == commandUDP {
|
if command[0] == commandUDP {
|
||||||
network = net.Network_UDP
|
network = net.Network_UDP
|
||||||
} else if command[0] == commandXRO {
|
|
||||||
c.Flow = XRO
|
|
||||||
} else if command[0] == commandXRD {
|
|
||||||
c.Flow = XRD
|
|
||||||
}
|
}
|
||||||
|
|
||||||
addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)
|
addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)
|
||||||
|
@ -15,7 +15,6 @@ import (
|
|||||||
"v2ray.com/core/common/errors"
|
"v2ray.com/core/common/errors"
|
||||||
"v2ray.com/core/common/log"
|
"v2ray.com/core/common/log"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/platform"
|
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
udp_proto "v2ray.com/core/common/protocol/udp"
|
udp_proto "v2ray.com/core/common/protocol/udp"
|
||||||
"v2ray.com/core/common/retry"
|
"v2ray.com/core/common/retry"
|
||||||
@ -26,20 +25,12 @@ import (
|
|||||||
"v2ray.com/core/features/routing"
|
"v2ray.com/core/features/routing"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/udp"
|
"v2ray.com/core/transport/internet/udp"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
||||||
return NewServer(ctx, config.(*ServerConfig))
|
return NewServer(ctx, config.(*ServerConfig))
|
||||||
}))
|
}))
|
||||||
|
|
||||||
const defaultFlagValue = "NOT_DEFINED_AT_ALL"
|
|
||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
|
|
||||||
if xtlsShow == "true" {
|
|
||||||
trojanXTLSShow = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Server is an inbound connection handler that handles messages in trojan protocol.
|
// Server is an inbound connection handler that handles messages in trojan protocol.
|
||||||
@ -202,35 +193,6 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
|
|||||||
return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher)
|
return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher)
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle tcp request
|
|
||||||
account, ok := user.Account.(*MemoryAccount)
|
|
||||||
if !ok {
|
|
||||||
return newError("user account is not valid")
|
|
||||||
}
|
|
||||||
|
|
||||||
switch clientReader.Flow {
|
|
||||||
case XRO, XRD:
|
|
||||||
if account.Flow == clientReader.Flow {
|
|
||||||
if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
|
|
||||||
return newError(clientReader.Flow + " doesn't support Mux").AtWarning()
|
|
||||||
}
|
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
xtlsConn.RPRX = true
|
|
||||||
xtlsConn.SHOW = trojanXTLSShow
|
|
||||||
if clientReader.Flow == XRD {
|
|
||||||
xtlsConn.DirectMode = true
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError("unable to use ", clientReader.Flow).AtWarning()
|
|
||||||
}
|
|
||||||
case "":
|
|
||||||
default:
|
|
||||||
return newError("unsupported flow " + account.Flow).AtWarning()
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
||||||
From: conn.RemoteAddr(),
|
From: conn.RemoteAddr(),
|
||||||
To: destination,
|
To: destination,
|
||||||
@ -332,9 +294,6 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro
|
|||||||
if tlsConn, ok := iConn.(*tls.Conn); ok {
|
if tlsConn, ok := iConn.(*tls.Conn); ok {
|
||||||
alpn = tlsConn.ConnectionState().NegotiatedProtocol
|
alpn = tlsConn.ConnectionState().NegotiatedProtocol
|
||||||
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
||||||
} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
alpn = xtlsConn.ConnectionState().NegotiatedProtocol
|
|
||||||
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
|
||||||
}
|
}
|
||||||
if apfb[alpn] == nil {
|
if apfb[alpn] == nil {
|
||||||
alpn = ""
|
alpn = ""
|
||||||
|
@ -24,7 +24,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
|
|||||||
type MemoryAccount struct {
|
type MemoryAccount struct {
|
||||||
// ID of the account.
|
// ID of the account.
|
||||||
ID *protocol.ID
|
ID *protocol.ID
|
||||||
// Flow of the account. May be "xtls-rprx-origin".
|
// Flow of the account.
|
||||||
Flow string
|
Flow string
|
||||||
// Encryption of the account. Used for client connections, and only accepts "none" for now.
|
// Encryption of the account. Used for client connections, and only accepts "none" for now.
|
||||||
Encryption string
|
Encryption string
|
||||||
|
@ -32,7 +32,7 @@ type Account struct {
|
|||||||
|
|
||||||
// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
|
// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
|
||||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||||
// Flow settings. May be "xtls-rprx-origin".
|
// Flow settings.
|
||||||
Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
|
Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
|
||||||
// Encryption settings. Only applies to client side, and only accepts "none" for now.
|
// Encryption settings. Only applies to client side, and only accepts "none" for now.
|
||||||
Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
|
Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
|
||||||
|
@ -9,7 +9,7 @@ option java_multiple_files = true;
|
|||||||
message Account {
|
message Account {
|
||||||
// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
|
// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
|
||||||
string id = 1;
|
string id = 1;
|
||||||
// Flow settings. May be "xtls-rprx-origin".
|
// Flow settings.
|
||||||
string flow = 2;
|
string flow = 2;
|
||||||
// Encryption settings. Only applies to client side, and only accepts "none" for now.
|
// Encryption settings. Only applies to client side, and only accepts "none" for now.
|
||||||
string encryption = 3;
|
string encryption = 3;
|
||||||
|
@ -9,22 +9,11 @@ import (
|
|||||||
|
|
||||||
"v2ray.com/core/common/buf"
|
"v2ray.com/core/common/buf"
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
"v2ray.com/core/proxy/vless"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// EncodeHeaderAddons Add addons byte to the header
|
||||||
func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error {
|
func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error {
|
||||||
switch addons.Flow {
|
switch addons.Flow {
|
||||||
case vless.XRO, vless.XRD:
|
|
||||||
bytes, err := proto.Marshal(addons)
|
|
||||||
if err != nil {
|
|
||||||
return newError("failed to marshal addons protobuf value").Base(err)
|
|
||||||
}
|
|
||||||
if err := buffer.WriteByte(byte(len(bytes))); err != nil {
|
|
||||||
return newError("failed to write addons protobuf length").Base(err)
|
|
||||||
}
|
|
||||||
if _, err := buffer.Write(bytes); err != nil {
|
|
||||||
return newError("failed to write addons protobuf value").Base(err)
|
|
||||||
}
|
|
||||||
default:
|
default:
|
||||||
if err := buffer.WriteByte(0); err != nil {
|
if err := buffer.WriteByte(0); err != nil {
|
||||||
return newError("failed to write addons protobuf length").Base(err)
|
return newError("failed to write addons protobuf length").Base(err)
|
||||||
@ -121,13 +110,6 @@ func (w *MultiLengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
|||||||
return w.Writer.WriteMultiBuffer(mb2Write)
|
return w.Writer.WriteMultiBuffer(mb2Write)
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewLengthPacketWriter(writer io.Writer) *LengthPacketWriter {
|
|
||||||
return &LengthPacketWriter{
|
|
||||||
Writer: writer,
|
|
||||||
cache: make([]byte, 0, 65536),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type LengthPacketWriter struct {
|
type LengthPacketWriter struct {
|
||||||
io.Writer
|
io.Writer
|
||||||
cache []byte
|
cache []byte
|
||||||
@ -135,7 +117,6 @@ type LengthPacketWriter struct {
|
|||||||
|
|
||||||
func (w *LengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
func (w *LengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
||||||
length := mb.Len() // none of mb is nil
|
length := mb.Len() // none of mb is nil
|
||||||
// fmt.Println("Write", length)
|
|
||||||
if length == 0 {
|
if length == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -171,7 +152,6 @@ func (r *LengthPacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
|
|||||||
return nil, newError("failed to read packet length").Base(err)
|
return nil, newError("failed to read packet length").Base(err)
|
||||||
}
|
}
|
||||||
length := int32(r.cache[0])<<8 | int32(r.cache[1])
|
length := int32(r.cache[0])<<8 | int32(r.cache[1])
|
||||||
// fmt.Println("Read", length)
|
|
||||||
mb := make(buf.MultiBuffer, 0, length/buf.Size+1)
|
mb := make(buf.MultiBuffer, 0, length/buf.Size+1)
|
||||||
for length > 0 {
|
for length > 0 {
|
||||||
size := length
|
size := length
|
||||||
|
@ -5,18 +5,11 @@ package encoding
|
|||||||
//go:generate go run v2ray.com/core/common/errors/errorgen
|
//go:generate go run v2ray.com/core/common/errors/errorgen
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"syscall"
|
|
||||||
|
|
||||||
"v2ray.com/core/common/buf"
|
"v2ray.com/core/common/buf"
|
||||||
"v2ray.com/core/common/errors"
|
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
"v2ray.com/core/common/signal"
|
|
||||||
"v2ray.com/core/features/stats"
|
|
||||||
"v2ray.com/core/proxy/vless"
|
"v2ray.com/core/proxy/vless"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -173,36 +166,3 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A
|
|||||||
|
|
||||||
return responseAddons, nil
|
return responseAddons, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter) error {
|
|
||||||
err := func() error {
|
|
||||||
var ct stats.Counter
|
|
||||||
for {
|
|
||||||
if conn.DirectIn {
|
|
||||||
conn.DirectIn = false
|
|
||||||
reader = buf.NewReadVReader(conn.Connection, rawConn)
|
|
||||||
ct = counter
|
|
||||||
if conn.SHOW {
|
|
||||||
fmt.Println(conn.MARK, "ReadV")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
buffer, err := reader.ReadMultiBuffer()
|
|
||||||
if !buffer.IsEmpty() {
|
|
||||||
if ct != nil {
|
|
||||||
ct.Add(int64(buffer.Len()))
|
|
||||||
}
|
|
||||||
timer.Update()
|
|
||||||
if werr := writer.WriteMultiBuffer(buffer); werr != nil {
|
|
||||||
return werr
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
if err != nil && errors.Cause(err) != io.EOF {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
@ -8,7 +8,6 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"io"
|
"io"
|
||||||
"strconv"
|
"strconv"
|
||||||
"syscall"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"v2ray.com/core"
|
"v2ray.com/core"
|
||||||
@ -17,7 +16,6 @@ import (
|
|||||||
"v2ray.com/core/common/errors"
|
"v2ray.com/core/common/errors"
|
||||||
"v2ray.com/core/common/log"
|
"v2ray.com/core/common/log"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/platform"
|
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
"v2ray.com/core/common/retry"
|
"v2ray.com/core/common/retry"
|
||||||
"v2ray.com/core/common/session"
|
"v2ray.com/core/common/session"
|
||||||
@ -27,16 +25,10 @@ import (
|
|||||||
feature_inbound "v2ray.com/core/features/inbound"
|
feature_inbound "v2ray.com/core/features/inbound"
|
||||||
"v2ray.com/core/features/policy"
|
"v2ray.com/core/features/policy"
|
||||||
"v2ray.com/core/features/routing"
|
"v2ray.com/core/features/routing"
|
||||||
"v2ray.com/core/features/stats"
|
|
||||||
"v2ray.com/core/proxy/vless"
|
"v2ray.com/core/proxy/vless"
|
||||||
"v2ray.com/core/proxy/vless/encoding"
|
"v2ray.com/core/proxy/vless/encoding"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
xtls_show = false
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -50,13 +42,6 @@ func init() {
|
|||||||
}
|
}
|
||||||
return New(ctx, config.(*Config), dc)
|
return New(ctx, config.(*Config), dc)
|
||||||
}))
|
}))
|
||||||
|
|
||||||
const defaultFlagValue = "NOT_DEFINED_AT_ALL"
|
|
||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue })
|
|
||||||
if xtlsShow == "true" {
|
|
||||||
xtls_show = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handler is an inbound connection handler that handles messages in VLess protocol.
|
// Handler is an inbound connection handler that handles messages in VLess protocol.
|
||||||
@ -194,9 +179,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
|
|||||||
if tlsConn, ok := iConn.(*tls.Conn); ok {
|
if tlsConn, ok := iConn.(*tls.Conn); ok {
|
||||||
alpn = tlsConn.ConnectionState().NegotiatedProtocol
|
alpn = tlsConn.ConnectionState().NegotiatedProtocol
|
||||||
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
||||||
} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
alpn = xtlsConn.ConnectionState().NegotiatedProtocol
|
|
||||||
newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
|
|
||||||
}
|
}
|
||||||
if apfb[alpn] == nil {
|
if apfb[alpn] == nil {
|
||||||
alpn = ""
|
alpn = ""
|
||||||
@ -370,44 +352,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
|
|||||||
}
|
}
|
||||||
inbound.User = request.User
|
inbound.User = request.User
|
||||||
|
|
||||||
account := request.User.Account.(*vless.MemoryAccount)
|
responseAddons := &encoding.Addons{}
|
||||||
|
|
||||||
responseAddons := &encoding.Addons{
|
|
||||||
// Flow: requestAddons.Flow,
|
|
||||||
}
|
|
||||||
|
|
||||||
var rawConn syscall.RawConn
|
|
||||||
|
|
||||||
switch requestAddons.Flow {
|
|
||||||
case vless.XRO, vless.XRD:
|
|
||||||
if account.Flow == requestAddons.Flow {
|
|
||||||
switch request.Command {
|
|
||||||
case protocol.RequestCommandMux:
|
|
||||||
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
|
||||||
case protocol.RequestCommandUDP:
|
|
||||||
return newError(requestAddons.Flow + " doesn't support UDP").AtWarning()
|
|
||||||
case protocol.RequestCommandTCP:
|
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
xtlsConn.RPRX = true
|
|
||||||
xtlsConn.SHOW = xtls_show
|
|
||||||
xtlsConn.MARK = "XTLS"
|
|
||||||
if requestAddons.Flow == vless.XRD {
|
|
||||||
xtlsConn.DirectMode = true
|
|
||||||
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
|
||||||
rawConn, _ = sc.SyscallConn()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
|
|
||||||
}
|
|
||||||
case "":
|
|
||||||
default:
|
|
||||||
return newError("unknown request flow " + requestAddons.Flow).AtWarning()
|
|
||||||
}
|
|
||||||
|
|
||||||
if request.Command != protocol.RequestCommandMux {
|
if request.Command != protocol.RequestCommandMux {
|
||||||
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
||||||
@ -438,20 +383,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
|
|||||||
// default: clientReader := reader
|
// default: clientReader := reader
|
||||||
clientReader := encoding.DecodeBodyAddons(reader, request, requestAddons)
|
clientReader := encoding.DecodeBodyAddons(reader, request, requestAddons)
|
||||||
|
|
||||||
var err error
|
// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
|
||||||
|
if err := buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)); err != nil {
|
||||||
if rawConn != nil {
|
|
||||||
var counter stats.Counter
|
|
||||||
if statConn != nil {
|
|
||||||
counter = statConn.ReadCounter
|
|
||||||
}
|
|
||||||
err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter)
|
|
||||||
} else {
|
|
||||||
// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
|
|
||||||
err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer))
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return newError("failed to transfer request payload").Base(err).AtInfo()
|
return newError("failed to transfer request payload").Base(err).AtInfo()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,43 +6,28 @@ package outbound
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"syscall"
|
|
||||||
"time"
|
"time"
|
||||||
|
"v2ray.com/core/proxy/vless"
|
||||||
|
|
||||||
"v2ray.com/core"
|
"v2ray.com/core"
|
||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/buf"
|
"v2ray.com/core/common/buf"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/platform"
|
|
||||||
"v2ray.com/core/common/protocol"
|
"v2ray.com/core/common/protocol"
|
||||||
"v2ray.com/core/common/retry"
|
"v2ray.com/core/common/retry"
|
||||||
"v2ray.com/core/common/session"
|
"v2ray.com/core/common/session"
|
||||||
"v2ray.com/core/common/signal"
|
"v2ray.com/core/common/signal"
|
||||||
"v2ray.com/core/common/task"
|
"v2ray.com/core/common/task"
|
||||||
"v2ray.com/core/features/policy"
|
"v2ray.com/core/features/policy"
|
||||||
"v2ray.com/core/features/stats"
|
|
||||||
"v2ray.com/core/proxy/vless"
|
|
||||||
"v2ray.com/core/proxy/vless/encoding"
|
"v2ray.com/core/proxy/vless/encoding"
|
||||||
"v2ray.com/core/transport"
|
"v2ray.com/core/transport"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
xtls_show = false
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
||||||
return New(ctx, config.(*Config))
|
return New(ctx, config.(*Config))
|
||||||
}))
|
}))
|
||||||
|
|
||||||
const defaultFlagValue = "NOT_DEFINED_AT_ALL"
|
|
||||||
|
|
||||||
xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue })
|
|
||||||
if xtlsShow == "true" {
|
|
||||||
xtls_show = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handler is an outbound connection handler for VLess protocol.
|
// Handler is an outbound connection handler for VLess protocol.
|
||||||
@ -127,44 +112,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
Flow: account.Flow,
|
Flow: account.Flow,
|
||||||
}
|
}
|
||||||
|
|
||||||
var rawConn syscall.RawConn
|
|
||||||
|
|
||||||
allowUDP443 := false
|
|
||||||
switch requestAddons.Flow {
|
|
||||||
case vless.XRO + "-udp443", vless.XRD + "-udp443":
|
|
||||||
allowUDP443 = true
|
|
||||||
requestAddons.Flow = requestAddons.Flow[:16]
|
|
||||||
fallthrough
|
|
||||||
case vless.XRO, vless.XRD:
|
|
||||||
switch request.Command {
|
|
||||||
case protocol.RequestCommandMux:
|
|
||||||
return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
|
|
||||||
case protocol.RequestCommandUDP:
|
|
||||||
if !allowUDP443 && request.Port == 443 {
|
|
||||||
return newError(requestAddons.Flow + " stopped UDP/443").AtInfo()
|
|
||||||
}
|
|
||||||
requestAddons.Flow = ""
|
|
||||||
case protocol.RequestCommandTCP:
|
|
||||||
if xtlsConn, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
xtlsConn.RPRX = true
|
|
||||||
xtlsConn.SHOW = xtls_show
|
|
||||||
xtlsConn.MARK = "XTLS"
|
|
||||||
if requestAddons.Flow == vless.XRD {
|
|
||||||
xtlsConn.DirectMode = true
|
|
||||||
if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
|
|
||||||
rawConn, _ = sc.SyscallConn()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
if _, ok := iConn.(*xtls.Conn); ok {
|
|
||||||
panic(`To avoid misunderstanding, you must fill in VLESS "flow" when using XTLS.`)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sessionPolicy := h.policyManager.ForLevel(request.User.Level)
|
sessionPolicy := h.policyManager.ForLevel(request.User.Level)
|
||||||
ctx, cancel := context.WithCancel(ctx)
|
ctx, cancel := context.WithCancel(ctx)
|
||||||
timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
|
timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
|
||||||
@ -200,6 +147,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
switch requestAddons.Flow {
|
switch requestAddons.Flow {
|
||||||
default:
|
default:
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -214,18 +162,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
// default: serverReader := buf.NewReader(conn)
|
// default: serverReader := buf.NewReader(conn)
|
||||||
serverReader := encoding.DecodeBodyAddons(conn, request, responseAddons)
|
serverReader := encoding.DecodeBodyAddons(conn, request, responseAddons)
|
||||||
|
|
||||||
if rawConn != nil {
|
// from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer
|
||||||
var counter stats.Counter
|
if err := buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)); err != nil {
|
||||||
if statConn != nil {
|
|
||||||
counter = statConn.ReadCounter
|
|
||||||
}
|
|
||||||
err = encoding.ReadV(serverReader, clientWriter, timer, iConn.(*xtls.Conn), rawConn, counter)
|
|
||||||
} else {
|
|
||||||
// from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer
|
|
||||||
err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer))
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return newError("failed to transfer response payload").Base(err).AtInfo()
|
return newError("failed to transfer response payload").Base(err).AtInfo()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,8 +6,3 @@
|
|||||||
package vless
|
package vless
|
||||||
|
|
||||||
//go:generate go run v2ray.com/core/common/errors/errorgen
|
//go:generate go run v2ray.com/core/common/errors/errorgen
|
||||||
|
|
||||||
const (
|
|
||||||
XRO = "xtls-rprx-origin"
|
|
||||||
XRD = "xtls-rprx-direct"
|
|
||||||
)
|
|
||||||
|
@ -11,7 +11,6 @@ import (
|
|||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (internet.Connection, error) {
|
func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (internet.Connection, error) {
|
||||||
@ -28,8 +27,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
|
|||||||
|
|
||||||
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
||||||
return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil
|
return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil
|
||||||
} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return conn, nil
|
return conn, nil
|
||||||
|
@ -10,24 +10,21 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
goxtls "github.com/xtls/go"
|
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
|
|
||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type Listener struct {
|
type Listener struct {
|
||||||
addr *net.UnixAddr
|
addr *net.UnixAddr
|
||||||
ln net.Listener
|
ln net.Listener
|
||||||
tlsConfig *gotls.Config
|
tlsConfig *gotls.Config
|
||||||
xtlsConfig *goxtls.Config
|
config *Config
|
||||||
config *Config
|
addConn internet.ConnHandler
|
||||||
addConn internet.ConnHandler
|
locker *fileLocker
|
||||||
locker *fileLocker
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) {
|
func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) {
|
||||||
@ -62,9 +59,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti
|
|||||||
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
||||||
ln.tlsConfig = config.GetTLSConfig()
|
ln.tlsConfig = config.GetTLSConfig()
|
||||||
}
|
}
|
||||||
if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
ln.xtlsConfig = config.GetXTLSConfig()
|
|
||||||
}
|
|
||||||
|
|
||||||
go ln.run()
|
go ln.run()
|
||||||
|
|
||||||
@ -95,8 +89,6 @@ func (ln *Listener) run() {
|
|||||||
|
|
||||||
if ln.tlsConfig != nil {
|
if ln.tlsConfig != nil {
|
||||||
conn = tls.Server(conn, ln.tlsConfig)
|
conn = tls.Server(conn, ln.tlsConfig)
|
||||||
} else if ln.xtlsConfig != nil {
|
|
||||||
conn = xtls.Server(conn, ln.xtlsConfig)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ln.addConn(internet.Connection(conn))
|
ln.addConn(internet.Connection(conn))
|
||||||
|
@ -13,7 +13,6 @@ import (
|
|||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -90,8 +89,6 @@ func DialKCP(ctx context.Context, dest net.Destination, streamSettings *internet
|
|||||||
|
|
||||||
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
||||||
iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest)))
|
iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest)))
|
||||||
} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
iConn = xtls.Client(iConn, config.GetXTLSConfig(xtls.WithDestination(dest)))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return iConn, nil
|
return iConn, nil
|
||||||
|
@ -8,15 +8,12 @@ import (
|
|||||||
gotls "crypto/tls"
|
gotls "crypto/tls"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
goxtls "github.com/xtls/go"
|
|
||||||
|
|
||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/buf"
|
"v2ray.com/core/common/buf"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/udp"
|
"v2ray.com/core/transport/internet/udp"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type ConnectionID struct {
|
type ConnectionID struct {
|
||||||
@ -28,15 +25,14 @@ type ConnectionID struct {
|
|||||||
// Listener defines a server listening for connections
|
// Listener defines a server listening for connections
|
||||||
type Listener struct {
|
type Listener struct {
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
sessions map[ConnectionID]*Connection
|
sessions map[ConnectionID]*Connection
|
||||||
hub *udp.Hub
|
hub *udp.Hub
|
||||||
tlsConfig *gotls.Config
|
tlsConfig *gotls.Config
|
||||||
xtlsConfig *goxtls.Config
|
config *Config
|
||||||
config *Config
|
reader PacketReader
|
||||||
reader PacketReader
|
header internet.PacketHeader
|
||||||
header internet.PacketHeader
|
security cipher.AEAD
|
||||||
security cipher.AEAD
|
addConn internet.ConnHandler
|
||||||
addConn internet.ConnHandler
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewListener(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (*Listener, error) {
|
func NewListener(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (*Listener, error) {
|
||||||
@ -64,9 +60,6 @@ func NewListener(ctx context.Context, address net.Address, port net.Port, stream
|
|||||||
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
||||||
l.tlsConfig = config.GetTLSConfig()
|
l.tlsConfig = config.GetTLSConfig()
|
||||||
}
|
}
|
||||||
if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
l.xtlsConfig = config.GetXTLSConfig()
|
|
||||||
}
|
|
||||||
|
|
||||||
hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024))
|
hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -139,8 +132,6 @@ func (l *Listener) OnReceive(payload *buf.Buffer, src net.Destination) {
|
|||||||
var netConn internet.Connection = conn
|
var netConn internet.Connection = conn
|
||||||
if l.tlsConfig != nil {
|
if l.tlsConfig != nil {
|
||||||
netConn = tls.Server(conn, l.tlsConfig)
|
netConn = tls.Server(conn, l.tlsConfig)
|
||||||
} else if l.xtlsConfig != nil {
|
|
||||||
netConn = xtls.Server(conn, l.xtlsConfig)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
l.addConn(netConn)
|
l.addConn(netConn)
|
||||||
|
@ -10,7 +10,6 @@ import (
|
|||||||
"v2ray.com/core/common/session"
|
"v2ray.com/core/common/session"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Dial dials a new TCP connection to the given destination.
|
// Dial dials a new TCP connection to the given destination.
|
||||||
@ -31,9 +30,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
conn = tls.Client(conn, tlsConfig)
|
conn = tls.Client(conn, tlsConfig)
|
||||||
} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest))
|
|
||||||
conn = xtls.Client(conn, xtlsConfig)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
tcpSettings := streamSettings.ProtocolSettings.(*Config)
|
tcpSettings := streamSettings.ProtocolSettings.(*Config)
|
||||||
|
@ -8,21 +8,17 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
goxtls "github.com/xtls/go"
|
|
||||||
|
|
||||||
"v2ray.com/core/common"
|
"v2ray.com/core/common"
|
||||||
"v2ray.com/core/common/net"
|
"v2ray.com/core/common/net"
|
||||||
"v2ray.com/core/common/session"
|
"v2ray.com/core/common/session"
|
||||||
"v2ray.com/core/transport/internet"
|
"v2ray.com/core/transport/internet"
|
||||||
"v2ray.com/core/transport/internet/tls"
|
"v2ray.com/core/transport/internet/tls"
|
||||||
"v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Listener is an internet.Listener that listens for TCP connections.
|
// Listener is an internet.Listener that listens for TCP connections.
|
||||||
type Listener struct {
|
type Listener struct {
|
||||||
listener net.Listener
|
listener net.Listener
|
||||||
tlsConfig *gotls.Config
|
tlsConfig *gotls.Config
|
||||||
xtlsConfig *goxtls.Config
|
|
||||||
authConfig internet.ConnectionAuthenticator
|
authConfig internet.ConnectionAuthenticator
|
||||||
config *Config
|
config *Config
|
||||||
addConn internet.ConnHandler
|
addConn internet.ConnHandler
|
||||||
@ -77,9 +73,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe
|
|||||||
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
|
||||||
l.tlsConfig = config.GetTLSConfig(tls.WithNextProto("h2"))
|
l.tlsConfig = config.GetTLSConfig(tls.WithNextProto("h2"))
|
||||||
}
|
}
|
||||||
if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
|
|
||||||
l.xtlsConfig = config.GetXTLSConfig(xtls.WithNextProto("h2"))
|
|
||||||
}
|
|
||||||
|
|
||||||
if tcpSettings.HeaderSettings != nil {
|
if tcpSettings.HeaderSettings != nil {
|
||||||
headerConfig, err := tcpSettings.HeaderSettings.GetInstance()
|
headerConfig, err := tcpSettings.HeaderSettings.GetInstance()
|
||||||
@ -114,8 +107,6 @@ func (v *Listener) keepAccepting() {
|
|||||||
|
|
||||||
if v.tlsConfig != nil {
|
if v.tlsConfig != nil {
|
||||||
conn = tls.Server(conn, v.tlsConfig)
|
conn = tls.Server(conn, v.tlsConfig)
|
||||||
} else if v.xtlsConfig != nil {
|
|
||||||
conn = xtls.Server(conn, v.xtlsConfig)
|
|
||||||
}
|
}
|
||||||
if v.authConfig != nil {
|
if v.authConfig != nil {
|
||||||
conn = v.authConfig.Server(conn)
|
conn = v.authConfig.Server(conn)
|
||||||
|
@ -1,241 +0,0 @@
|
|||||||
// +build !confonly
|
|
||||||
|
|
||||||
package xtls
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
xtls "github.com/xtls/go"
|
|
||||||
|
|
||||||
"v2ray.com/core/common/net"
|
|
||||||
"v2ray.com/core/common/protocol/tls/cert"
|
|
||||||
"v2ray.com/core/transport/internet"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
globalSessionCache = xtls.NewLRUClientSessionCache(128)
|
|
||||||
)
|
|
||||||
|
|
||||||
// ParseCertificate converts a cert.Certificate to Certificate.
|
|
||||||
func ParseCertificate(c *cert.Certificate) *Certificate {
|
|
||||||
if c != nil {
|
|
||||||
certPEM, keyPEM := c.ToPEM()
|
|
||||||
return &Certificate{
|
|
||||||
Certificate: certPEM,
|
|
||||||
Key: keyPEM,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
|
|
||||||
root := x509.NewCertPool()
|
|
||||||
for _, cert := range c.Certificate {
|
|
||||||
if !root.AppendCertsFromPEM(cert.Certificate) {
|
|
||||||
return nil, newError("failed to append cert").AtWarning()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return root, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// BuildCertificates builds a list of TLS certificates from proto definition.
|
|
||||||
func (c *Config) BuildCertificates() []xtls.Certificate {
|
|
||||||
certs := make([]xtls.Certificate, 0, len(c.Certificate))
|
|
||||||
for _, entry := range c.Certificate {
|
|
||||||
if entry.Usage != Certificate_ENCIPHERMENT {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
keyPair, err := xtls.X509KeyPair(entry.Certificate, entry.Key)
|
|
||||||
if err != nil {
|
|
||||||
newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog()
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
certs = append(certs, keyPair)
|
|
||||||
}
|
|
||||||
return certs
|
|
||||||
}
|
|
||||||
|
|
||||||
func isCertificateExpired(c *xtls.Certificate) bool {
|
|
||||||
if c.Leaf == nil && len(c.Certificate) > 0 {
|
|
||||||
if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil {
|
|
||||||
c.Leaf = pc
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
|
|
||||||
return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute))
|
|
||||||
}
|
|
||||||
|
|
||||||
func issueCertificate(rawCA *Certificate, domain string) (*xtls.Certificate, error) {
|
|
||||||
parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key)
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("failed to parse raw certificate").Base(err)
|
|
||||||
}
|
|
||||||
newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain))
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("failed to generate new certificate for ", domain).Base(err)
|
|
||||||
}
|
|
||||||
newCertPEM, newKeyPEM := newCert.ToPEM()
|
|
||||||
cert, err := xtls.X509KeyPair(newCertPEM, newKeyPEM)
|
|
||||||
return &cert, err
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Config) getCustomCA() []*Certificate {
|
|
||||||
certs := make([]*Certificate, 0, len(c.Certificate))
|
|
||||||
for _, certificate := range c.Certificate {
|
|
||||||
if certificate.Usage == Certificate_AUTHORITY_ISSUE {
|
|
||||||
certs = append(certs, certificate)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return certs
|
|
||||||
}
|
|
||||||
|
|
||||||
func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
|
||||||
var access sync.RWMutex
|
|
||||||
|
|
||||||
return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
|
||||||
domain := hello.ServerName
|
|
||||||
certExpired := false
|
|
||||||
|
|
||||||
access.RLock()
|
|
||||||
certificate, found := c.NameToCertificate[domain]
|
|
||||||
access.RUnlock()
|
|
||||||
|
|
||||||
if found {
|
|
||||||
if !isCertificateExpired(certificate) {
|
|
||||||
return certificate, nil
|
|
||||||
}
|
|
||||||
certExpired = true
|
|
||||||
}
|
|
||||||
|
|
||||||
if certExpired {
|
|
||||||
newCerts := make([]xtls.Certificate, 0, len(c.Certificates))
|
|
||||||
|
|
||||||
access.Lock()
|
|
||||||
for _, certificate := range c.Certificates {
|
|
||||||
if !isCertificateExpired(&certificate) {
|
|
||||||
newCerts = append(newCerts, certificate)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Certificates = newCerts
|
|
||||||
access.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
var issuedCertificate *xtls.Certificate
|
|
||||||
|
|
||||||
// Create a new certificate from existing CA if possible
|
|
||||||
for _, rawCert := range ca {
|
|
||||||
if rawCert.Usage == Certificate_AUTHORITY_ISSUE {
|
|
||||||
newCert, err := issueCertificate(rawCert, domain)
|
|
||||||
if err != nil {
|
|
||||||
newError("failed to issue new certificate for ", domain).Base(err).WriteToLog()
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
access.Lock()
|
|
||||||
c.Certificates = append(c.Certificates, *newCert)
|
|
||||||
issuedCertificate = &c.Certificates[len(c.Certificates)-1]
|
|
||||||
access.Unlock()
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if issuedCertificate == nil {
|
|
||||||
return nil, newError("failed to create a new certificate for ", domain)
|
|
||||||
}
|
|
||||||
|
|
||||||
access.Lock()
|
|
||||||
c.BuildNameToCertificate()
|
|
||||||
access.Unlock()
|
|
||||||
|
|
||||||
return issuedCertificate, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Config) parseServerName() string {
|
|
||||||
return c.ServerName
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetXTLSConfig converts this Config into xtls.Config.
|
|
||||||
func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
|
|
||||||
root, err := c.getCertPool()
|
|
||||||
if err != nil {
|
|
||||||
newError("failed to load system root certificate").AtError().Base(err).WriteToLog()
|
|
||||||
}
|
|
||||||
|
|
||||||
if c == nil {
|
|
||||||
return &xtls.Config{
|
|
||||||
ClientSessionCache: globalSessionCache,
|
|
||||||
RootCAs: root,
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
NextProtos: nil,
|
|
||||||
SessionTicketsDisabled: false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
config := &xtls.Config{
|
|
||||||
ClientSessionCache: globalSessionCache,
|
|
||||||
RootCAs: root,
|
|
||||||
InsecureSkipVerify: c.AllowInsecure,
|
|
||||||
NextProtos: c.NextProtocol,
|
|
||||||
SessionTicketsDisabled: c.DisableSessionResumption,
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, opt := range opts {
|
|
||||||
opt(config)
|
|
||||||
}
|
|
||||||
|
|
||||||
config.Certificates = c.BuildCertificates()
|
|
||||||
config.BuildNameToCertificate()
|
|
||||||
|
|
||||||
caCerts := c.getCustomCA()
|
|
||||||
if len(caCerts) > 0 {
|
|
||||||
config.GetCertificate = getGetCertificateFunc(config, caCerts)
|
|
||||||
}
|
|
||||||
|
|
||||||
if sn := c.parseServerName(); len(sn) > 0 {
|
|
||||||
config.ServerName = sn
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(config.NextProtos) == 0 {
|
|
||||||
config.NextProtos = []string{"h2", "http/1.1"}
|
|
||||||
}
|
|
||||||
|
|
||||||
return config
|
|
||||||
}
|
|
||||||
|
|
||||||
// Option for building XTLS config.
|
|
||||||
type Option func(*xtls.Config)
|
|
||||||
|
|
||||||
// WithDestination sets the server name in XTLS config.
|
|
||||||
func WithDestination(dest net.Destination) Option {
|
|
||||||
return func(config *xtls.Config) {
|
|
||||||
if dest.Address.Family().IsDomain() && config.ServerName == "" {
|
|
||||||
config.ServerName = dest.Address.Domain()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// WithNextProto sets the ALPN values in XTLS config.
|
|
||||||
func WithNextProto(protocol ...string) Option {
|
|
||||||
return func(config *xtls.Config) {
|
|
||||||
if len(config.NextProtos) == 0 {
|
|
||||||
config.NextProtos = protocol
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.
|
|
||||||
func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config {
|
|
||||||
if settings == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
config, ok := settings.SecuritySettings.(*Config)
|
|
||||||
if !ok {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return config
|
|
||||||
}
|
|
@ -1,379 +0,0 @@
|
|||||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
|
||||||
// versions:
|
|
||||||
// protoc-gen-go v1.25.0
|
|
||||||
// protoc v3.13.0
|
|
||||||
// source: transport/internet/xtls/config.proto
|
|
||||||
|
|
||||||
package xtls
|
|
||||||
|
|
||||||
import (
|
|
||||||
proto "github.com/golang/protobuf/proto"
|
|
||||||
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
||||||
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
||||||
reflect "reflect"
|
|
||||||
sync "sync"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
// Verify that this generated code is sufficiently up-to-date.
|
|
||||||
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
||||||
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
||||||
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
||||||
)
|
|
||||||
|
|
||||||
// This is a compile-time assertion that a sufficiently up-to-date version
|
|
||||||
// of the legacy proto package is being used.
|
|
||||||
const _ = proto.ProtoPackageIsVersion4
|
|
||||||
|
|
||||||
type Certificate_Usage int32
|
|
||||||
|
|
||||||
const (
|
|
||||||
Certificate_ENCIPHERMENT Certificate_Usage = 0
|
|
||||||
Certificate_AUTHORITY_VERIFY Certificate_Usage = 1
|
|
||||||
Certificate_AUTHORITY_ISSUE Certificate_Usage = 2
|
|
||||||
)
|
|
||||||
|
|
||||||
// Enum value maps for Certificate_Usage.
|
|
||||||
var (
|
|
||||||
Certificate_Usage_name = map[int32]string{
|
|
||||||
0: "ENCIPHERMENT",
|
|
||||||
1: "AUTHORITY_VERIFY",
|
|
||||||
2: "AUTHORITY_ISSUE",
|
|
||||||
}
|
|
||||||
Certificate_Usage_value = map[string]int32{
|
|
||||||
"ENCIPHERMENT": 0,
|
|
||||||
"AUTHORITY_VERIFY": 1,
|
|
||||||
"AUTHORITY_ISSUE": 2,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
func (x Certificate_Usage) Enum() *Certificate_Usage {
|
|
||||||
p := new(Certificate_Usage)
|
|
||||||
*p = x
|
|
||||||
return p
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x Certificate_Usage) String() string {
|
|
||||||
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
|
||||||
}
|
|
||||||
|
|
||||||
func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor {
|
|
||||||
return file_transport_internet_xtls_config_proto_enumTypes[0].Descriptor()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (Certificate_Usage) Type() protoreflect.EnumType {
|
|
||||||
return &file_transport_internet_xtls_config_proto_enumTypes[0]
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x Certificate_Usage) Number() protoreflect.EnumNumber {
|
|
||||||
return protoreflect.EnumNumber(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use Certificate_Usage.Descriptor instead.
|
|
||||||
func (Certificate_Usage) EnumDescriptor() ([]byte, []int) {
|
|
||||||
return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0, 0}
|
|
||||||
}
|
|
||||||
|
|
||||||
type Certificate struct {
|
|
||||||
state protoimpl.MessageState
|
|
||||||
sizeCache protoimpl.SizeCache
|
|
||||||
unknownFields protoimpl.UnknownFields
|
|
||||||
|
|
||||||
// XTLS certificate in x509 format.
|
|
||||||
Certificate []byte `protobuf:"bytes,1,opt,name=Certificate,proto3" json:"Certificate,omitempty"`
|
|
||||||
// XTLS key in x509 format.
|
|
||||||
Key []byte `protobuf:"bytes,2,opt,name=Key,proto3" json:"Key,omitempty"`
|
|
||||||
Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=v2ray.core.transport.internet.xtls.Certificate_Usage" json:"usage,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Certificate) Reset() {
|
|
||||||
*x = Certificate{}
|
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_transport_internet_xtls_config_proto_msgTypes[0]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Certificate) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*Certificate) ProtoMessage() {}
|
|
||||||
|
|
||||||
func (x *Certificate) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_transport_internet_xtls_config_proto_msgTypes[0]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
|
|
||||||
func (*Certificate) Descriptor() ([]byte, []int) {
|
|
||||||
return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Certificate) GetCertificate() []byte {
|
|
||||||
if x != nil {
|
|
||||||
return x.Certificate
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Certificate) GetKey() []byte {
|
|
||||||
if x != nil {
|
|
||||||
return x.Key
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Certificate) GetUsage() Certificate_Usage {
|
|
||||||
if x != nil {
|
|
||||||
return x.Usage
|
|
||||||
}
|
|
||||||
return Certificate_ENCIPHERMENT
|
|
||||||
}
|
|
||||||
|
|
||||||
type Config struct {
|
|
||||||
state protoimpl.MessageState
|
|
||||||
sizeCache protoimpl.SizeCache
|
|
||||||
unknownFields protoimpl.UnknownFields
|
|
||||||
|
|
||||||
// Whether or not to allow self-signed certificates.
|
|
||||||
AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
|
|
||||||
// Whether or not to allow insecure cipher suites.
|
|
||||||
AllowInsecureCiphers bool `protobuf:"varint,5,opt,name=allow_insecure_ciphers,json=allowInsecureCiphers,proto3" json:"allow_insecure_ciphers,omitempty"`
|
|
||||||
// List of certificates to be served on server.
|
|
||||||
Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
|
|
||||||
// Override server name.
|
|
||||||
ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
|
|
||||||
// Lists of string as ALPN values.
|
|
||||||
NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
|
|
||||||
// Whether or not to disable session (ticket) resumption.
|
|
||||||
DisableSessionResumption bool `protobuf:"varint,6,opt,name=disable_session_resumption,json=disableSessionResumption,proto3" json:"disable_session_resumption,omitempty"`
|
|
||||||
// If true, root certificates on the system will not be loaded for
|
|
||||||
// verification.
|
|
||||||
DisableSystemRoot bool `protobuf:"varint,7,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) Reset() {
|
|
||||||
*x = Config{}
|
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_transport_internet_xtls_config_proto_msgTypes[1]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*Config) ProtoMessage() {}
|
|
||||||
|
|
||||||
func (x *Config) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_transport_internet_xtls_config_proto_msgTypes[1]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use Config.ProtoReflect.Descriptor instead.
|
|
||||||
func (*Config) Descriptor() ([]byte, []int) {
|
|
||||||
return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{1}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetAllowInsecure() bool {
|
|
||||||
if x != nil {
|
|
||||||
return x.AllowInsecure
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetAllowInsecureCiphers() bool {
|
|
||||||
if x != nil {
|
|
||||||
return x.AllowInsecureCiphers
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetCertificate() []*Certificate {
|
|
||||||
if x != nil {
|
|
||||||
return x.Certificate
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetServerName() string {
|
|
||||||
if x != nil {
|
|
||||||
return x.ServerName
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetNextProtocol() []string {
|
|
||||||
if x != nil {
|
|
||||||
return x.NextProtocol
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetDisableSessionResumption() bool {
|
|
||||||
if x != nil {
|
|
||||||
return x.DisableSessionResumption
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *Config) GetDisableSystemRoot() bool {
|
|
||||||
if x != nil {
|
|
||||||
return x.DisableSystemRoot
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
var File_transport_internet_xtls_config_proto protoreflect.FileDescriptor
|
|
||||||
|
|
||||||
var file_transport_internet_xtls_config_proto_rawDesc = []byte{
|
|
||||||
0x0a, 0x24, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65,
|
|
||||||
0x72, 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
|
|
||||||
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x22, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f,
|
|
||||||
0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74,
|
|
||||||
0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x0b, 0x43,
|
|
||||||
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65,
|
|
||||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
|
|
||||||
0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03,
|
|
||||||
0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x4b,
|
|
||||||
0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e,
|
|
||||||
0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73,
|
|
||||||
0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74,
|
|
||||||
0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x55,
|
|
||||||
0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x22, 0x44, 0x0a, 0x05, 0x55,
|
|
||||||
0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
|
|
||||||
0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52,
|
|
||||||
0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f,
|
|
||||||
0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10,
|
|
||||||
0x02, 0x22, 0xec, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e,
|
|
||||||
0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01,
|
|
||||||
0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63,
|
|
||||||
0x75, 0x72, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73,
|
|
||||||
0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20,
|
|
||||||
0x01, 0x28, 0x08, 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75,
|
|
||||||
0x72, 0x65, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0b, 0x63, 0x65, 0x72,
|
|
||||||
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f,
|
|
||||||
0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e,
|
|
||||||
0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78,
|
|
||||||
0x74, 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
|
|
||||||
0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
|
|
||||||
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
|
|
||||||
0x09, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a,
|
|
||||||
0x0d, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04,
|
|
||||||
0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
|
|
||||||
0x6f, 0x6c, 0x12, 0x3c, 0x0a, 0x1a, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65,
|
|
||||||
0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
|
|
||||||
0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53,
|
|
||||||
0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
|
|
||||||
0x12, 0x2e, 0x0a, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x79, 0x73, 0x74,
|
|
||||||
0x65, 0x6d, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x64,
|
|
||||||
0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x6f, 0x6f, 0x74,
|
|
||||||
0x42, 0x77, 0x0a, 0x26, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f,
|
|
||||||
0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74,
|
|
||||||
0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x26, 0x76, 0x32,
|
|
||||||
0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61,
|
|
||||||
0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f,
|
|
||||||
0x78, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x22, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72,
|
|
||||||
0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65,
|
|
||||||
0x72, 0x6e, 0x65, 0x74, 0x2e, 0x58, 0x74, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
|
||||||
0x33,
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
|
||||||
file_transport_internet_xtls_config_proto_rawDescOnce sync.Once
|
|
||||||
file_transport_internet_xtls_config_proto_rawDescData = file_transport_internet_xtls_config_proto_rawDesc
|
|
||||||
)
|
|
||||||
|
|
||||||
func file_transport_internet_xtls_config_proto_rawDescGZIP() []byte {
|
|
||||||
file_transport_internet_xtls_config_proto_rawDescOnce.Do(func() {
|
|
||||||
file_transport_internet_xtls_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_xtls_config_proto_rawDescData)
|
|
||||||
})
|
|
||||||
return file_transport_internet_xtls_config_proto_rawDescData
|
|
||||||
}
|
|
||||||
|
|
||||||
var file_transport_internet_xtls_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
|
|
||||||
var file_transport_internet_xtls_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
|
|
||||||
var file_transport_internet_xtls_config_proto_goTypes = []interface{}{
|
|
||||||
(Certificate_Usage)(0), // 0: v2ray.core.transport.internet.xtls.Certificate.Usage
|
|
||||||
(*Certificate)(nil), // 1: v2ray.core.transport.internet.xtls.Certificate
|
|
||||||
(*Config)(nil), // 2: v2ray.core.transport.internet.xtls.Config
|
|
||||||
}
|
|
||||||
var file_transport_internet_xtls_config_proto_depIdxs = []int32{
|
|
||||||
0, // 0: v2ray.core.transport.internet.xtls.Certificate.usage:type_name -> v2ray.core.transport.internet.xtls.Certificate.Usage
|
|
||||||
1, // 1: v2ray.core.transport.internet.xtls.Config.certificate:type_name -> v2ray.core.transport.internet.xtls.Certificate
|
|
||||||
2, // [2:2] is the sub-list for method output_type
|
|
||||||
2, // [2:2] is the sub-list for method input_type
|
|
||||||
2, // [2:2] is the sub-list for extension type_name
|
|
||||||
2, // [2:2] is the sub-list for extension extendee
|
|
||||||
0, // [0:2] is the sub-list for field type_name
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() { file_transport_internet_xtls_config_proto_init() }
|
|
||||||
func file_transport_internet_xtls_config_proto_init() {
|
|
||||||
if File_transport_internet_xtls_config_proto != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if !protoimpl.UnsafeEnabled {
|
|
||||||
file_transport_internet_xtls_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
|
||||||
switch v := v.(*Certificate); i {
|
|
||||||
case 0:
|
|
||||||
return &v.state
|
|
||||||
case 1:
|
|
||||||
return &v.sizeCache
|
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
file_transport_internet_xtls_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
|
||||||
switch v := v.(*Config); i {
|
|
||||||
case 0:
|
|
||||||
return &v.state
|
|
||||||
case 1:
|
|
||||||
return &v.sizeCache
|
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
type x struct{}
|
|
||||||
out := protoimpl.TypeBuilder{
|
|
||||||
File: protoimpl.DescBuilder{
|
|
||||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
||||||
RawDescriptor: file_transport_internet_xtls_config_proto_rawDesc,
|
|
||||||
NumEnums: 1,
|
|
||||||
NumMessages: 2,
|
|
||||||
NumExtensions: 0,
|
|
||||||
NumServices: 0,
|
|
||||||
},
|
|
||||||
GoTypes: file_transport_internet_xtls_config_proto_goTypes,
|
|
||||||
DependencyIndexes: file_transport_internet_xtls_config_proto_depIdxs,
|
|
||||||
EnumInfos: file_transport_internet_xtls_config_proto_enumTypes,
|
|
||||||
MessageInfos: file_transport_internet_xtls_config_proto_msgTypes,
|
|
||||||
}.Build()
|
|
||||||
File_transport_internet_xtls_config_proto = out.File
|
|
||||||
file_transport_internet_xtls_config_proto_rawDesc = nil
|
|
||||||
file_transport_internet_xtls_config_proto_goTypes = nil
|
|
||||||
file_transport_internet_xtls_config_proto_depIdxs = nil
|
|
||||||
}
|
|
@ -1,47 +0,0 @@
|
|||||||
syntax = "proto3";
|
|
||||||
|
|
||||||
package v2ray.core.transport.internet.xtls;
|
|
||||||
option csharp_namespace = "V2Ray.Core.Transport.Internet.Xtls";
|
|
||||||
option go_package = "v2ray.com/core/transport/internet/xtls";
|
|
||||||
option java_package = "com.v2ray.core.transport.internet.xtls";
|
|
||||||
option java_multiple_files = true;
|
|
||||||
|
|
||||||
message Certificate {
|
|
||||||
// XTLS certificate in x509 format.
|
|
||||||
bytes Certificate = 1;
|
|
||||||
|
|
||||||
// XTLS key in x509 format.
|
|
||||||
bytes Key = 2;
|
|
||||||
|
|
||||||
enum Usage {
|
|
||||||
ENCIPHERMENT = 0;
|
|
||||||
AUTHORITY_VERIFY = 1;
|
|
||||||
AUTHORITY_ISSUE = 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
Usage usage = 3;
|
|
||||||
}
|
|
||||||
|
|
||||||
message Config {
|
|
||||||
// Whether or not to allow self-signed certificates.
|
|
||||||
bool allow_insecure = 1;
|
|
||||||
|
|
||||||
// Whether or not to allow insecure cipher suites.
|
|
||||||
bool allow_insecure_ciphers = 5;
|
|
||||||
|
|
||||||
// List of certificates to be served on server.
|
|
||||||
repeated Certificate certificate = 2;
|
|
||||||
|
|
||||||
// Override server name.
|
|
||||||
string server_name = 3;
|
|
||||||
|
|
||||||
// Lists of string as ALPN values.
|
|
||||||
repeated string next_protocol = 4;
|
|
||||||
|
|
||||||
// Whether or not to disable session (ticket) resumption.
|
|
||||||
bool disable_session_resumption = 6;
|
|
||||||
|
|
||||||
// If true, root certificates on the system will not be loaded for
|
|
||||||
// verification.
|
|
||||||
bool disable_system_root = 7;
|
|
||||||
}
|
|
@ -1,53 +0,0 @@
|
|||||||
// +build !windows
|
|
||||||
// +build !confonly
|
|
||||||
|
|
||||||
package xtls
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"sync"
|
|
||||||
)
|
|
||||||
|
|
||||||
type rootCertsCache struct {
|
|
||||||
sync.Mutex
|
|
||||||
pool *x509.CertPool
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *rootCertsCache) load() (*x509.CertPool, error) {
|
|
||||||
c.Lock()
|
|
||||||
defer c.Unlock()
|
|
||||||
|
|
||||||
if c.pool != nil {
|
|
||||||
return c.pool, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
pool, err := x509.SystemCertPool()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
c.pool = pool
|
|
||||||
return pool, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
var rootCerts rootCertsCache
|
|
||||||
|
|
||||||
func (c *Config) getCertPool() (*x509.CertPool, error) {
|
|
||||||
if c.DisableSystemRoot {
|
|
||||||
return c.loadSelfCertPool()
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(c.Certificate) == 0 {
|
|
||||||
return rootCerts.load()
|
|
||||||
}
|
|
||||||
|
|
||||||
pool, err := x509.SystemCertPool()
|
|
||||||
if err != nil {
|
|
||||||
return nil, newError("system root").AtWarning().Base(err)
|
|
||||||
}
|
|
||||||
for _, cert := range c.Certificate {
|
|
||||||
if !pool.AppendCertsFromPEM(cert.Certificate) {
|
|
||||||
return nil, newError("append cert to root").AtWarning().Base(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return pool, err
|
|
||||||
}
|
|
@ -1,100 +0,0 @@
|
|||||||
package xtls_test
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"testing"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
xtls "github.com/xtls/go"
|
|
||||||
|
|
||||||
"v2ray.com/core/common"
|
|
||||||
"v2ray.com/core/common/protocol/tls/cert"
|
|
||||||
. "v2ray.com/core/transport/internet/xtls"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestCertificateIssuing(t *testing.T) {
|
|
||||||
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
|
||||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
||||||
|
|
||||||
c := &Config{
|
|
||||||
Certificate: []*Certificate{
|
|
||||||
certificate,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
xtlsConfig := c.GetXTLSConfig()
|
|
||||||
v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
|
|
||||||
ServerName: "www.v2fly.org",
|
|
||||||
})
|
|
||||||
common.Must(err)
|
|
||||||
|
|
||||||
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
|
|
||||||
common.Must(err)
|
|
||||||
if !x509Cert.NotAfter.After(time.Now()) {
|
|
||||||
t.Error("NotAfter: ", x509Cert.NotAfter)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestExpiredCertificate(t *testing.T) {
|
|
||||||
caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
|
|
||||||
expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org"))
|
|
||||||
|
|
||||||
certificate := ParseCertificate(caCert)
|
|
||||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
||||||
|
|
||||||
certificate2 := ParseCertificate(expiredCert)
|
|
||||||
|
|
||||||
c := &Config{
|
|
||||||
Certificate: []*Certificate{
|
|
||||||
certificate,
|
|
||||||
certificate2,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
xtlsConfig := c.GetXTLSConfig()
|
|
||||||
v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
|
|
||||||
ServerName: "www.v2fly.org",
|
|
||||||
})
|
|
||||||
common.Must(err)
|
|
||||||
|
|
||||||
x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
|
|
||||||
common.Must(err)
|
|
||||||
if !x509Cert.NotAfter.After(time.Now()) {
|
|
||||||
t.Error("NotAfter: ", x509Cert.NotAfter)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestInsecureCertificates(t *testing.T) {
|
|
||||||
c := &Config{
|
|
||||||
AllowInsecureCiphers: true,
|
|
||||||
}
|
|
||||||
|
|
||||||
xtlsConfig := c.GetXTLSConfig()
|
|
||||||
if len(xtlsConfig.CipherSuites) > 0 {
|
|
||||||
t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkCertificateIssuing(b *testing.B) {
|
|
||||||
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
|
||||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
|
||||||
|
|
||||||
c := &Config{
|
|
||||||
Certificate: []*Certificate{
|
|
||||||
certificate,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
xtlsConfig := c.GetXTLSConfig()
|
|
||||||
lenCerts := len(xtlsConfig.Certificates)
|
|
||||||
|
|
||||||
b.ResetTimer()
|
|
||||||
|
|
||||||
for i := 0; i < b.N; i++ {
|
|
||||||
_, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
|
|
||||||
ServerName: "www.v2fly.org",
|
|
||||||
})
|
|
||||||
delete(xtlsConfig.NameToCertificate, "www.v2fly.org")
|
|
||||||
xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts]
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,14 +0,0 @@
|
|||||||
// +build windows
|
|
||||||
// +build !confonly
|
|
||||||
|
|
||||||
package xtls
|
|
||||||
|
|
||||||
import "crypto/x509"
|
|
||||||
|
|
||||||
func (c *Config) getCertPool() (*x509.CertPool, error) {
|
|
||||||
if c.DisableSystemRoot {
|
|
||||||
return c.loadSelfCertPool()
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
@ -1,9 +0,0 @@
|
|||||||
package xtls
|
|
||||||
|
|
||||||
import "v2ray.com/core/common/errors"
|
|
||||||
|
|
||||||
type errPathObjHolder struct{}
|
|
||||||
|
|
||||||
func newError(values ...interface{}) *errors.Error {
|
|
||||||
return errors.New(values...).WithPathObj(errPathObjHolder{})
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
// +build !confonly
|
|
||||||
|
|
||||||
package xtls
|
|
||||||
|
|
||||||
import (
|
|
||||||
xtls "github.com/xtls/go"
|
|
||||||
|
|
||||||
"v2ray.com/core/common/net"
|
|
||||||
)
|
|
||||||
|
|
||||||
//go:generate go run v2ray.com/core/common/errors/errorgen
|
|
||||||
|
|
||||||
type Conn struct {
|
|
||||||
*xtls.Conn
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Conn) HandshakeAddress() net.Address {
|
|
||||||
if err := c.Handshake(); err != nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
state := c.ConnectionState()
|
|
||||||
if state.ServerName == "" {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return net.ParseAddress(state.ServerName)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Client initiates a XTLS client handshake on the given connection.
|
|
||||||
func Client(c net.Conn, config *xtls.Config) net.Conn {
|
|
||||||
xtlsConn := xtls.Client(c, config)
|
|
||||||
return &Conn{Conn: xtlsConn}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Server initiates a XTLS server handshake on the given connection.
|
|
||||||
func Server(c net.Conn, config *xtls.Config) net.Conn {
|
|
||||||
xtlsConn := xtls.Server(c, config)
|
|
||||||
return &Conn{Conn: xtlsConn}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user