From 33a262bc5d06ccacbeb4af93014bcb24fb43c1bd Mon Sep 17 00:00:00 2001 From: Loren Eteval Date: Mon, 29 Apr 2024 16:47:17 +0800 Subject: [PATCH] Bump go Xray-core to v1.8.11 Signed-off-by: Loren Eteval --- xray-go/.github/ISSUE_TEMPLATE/bug_report.yml | 44 ++++++ .../.github/ISSUE_TEMPLATE/bug_report_zh.yml | 44 ++++++ xray-go/Makefile | 11 +- xray-go/app/proxyman/outbound/handler.go | 33 +++-- xray-go/app/router/config.pb.go | 2 +- xray-go/app/router/config.proto | 2 +- xray-go/common/session/session.go | 2 +- xray-go/core/config.go | 2 +- xray-go/core/core.go | 2 +- xray-go/go.mod | 22 +-- xray-go/go.sum | 42 +++--- xray-go/infra/conf/router_strategy.go | 2 +- xray-go/infra/conf/transport_internet.go | 2 - xray-go/main/commands/all/api/api.go | 1 + .../main/commands/all/api/source_ip_block.go | 132 ++++++++++++++++++ xray-go/main/commands/all/tls/ech.go | 69 +++++++++ xray-go/main/commands/all/tls/tls.go | 1 + xray-go/proxy/freedom/freedom.go | 3 + xray-go/transport/internet/config.go | 2 + xray-go/transport/internet/http/dialer.go | 5 +- .../transport/internet/httpupgrade/config.go | 11 ++ xray-go/transport/internet/reality/reality.go | 4 + xray-go/transport/internet/tls/config.go | 7 +- xray-go/transport/internet/tls/config.pb.go | 64 +++++---- xray-go/transport/internet/tls/config.proto | 3 +- xray-go/transport/internet/tls/tls.go | 13 +- .../transport/internet/websocket/dialer.go | 15 +- .../transport/internet/websocket/dialer.html | 2 +- xray-go/transport/internet/websocket/hub.go | 2 + 29 files changed, 442 insertions(+), 102 deletions(-) create mode 100644 xray-go/.github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 xray-go/.github/ISSUE_TEMPLATE/bug_report_zh.yml create mode 100644 xray-go/main/commands/all/api/source_ip_block.go create mode 100644 xray-go/main/commands/all/tls/ech.go diff --git a/xray-go/.github/ISSUE_TEMPLATE/bug_report.yml b/xray-go/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..c8e04a3 --- /dev/null +++ b/xray-go/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,44 @@ +name: Bug report +description: "Submit Xray-core bug" +body: + - type: checkboxes + attributes: + label: Integrity requirements + description: |- + Please check all of the following options to prove that you have read and understood the requirements, otherwise this issue will be closed. + options: + - label: I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values. + required: true + - label: I searched issues and did not find any similar issues. + required: true + - type: textarea + attributes: + label: Version + description: Xray-core version + render: shell + - type: textarea + attributes: + label: Description + description: Please provide a detailed description of the bug. And information that you consider valuable. + validations: + required: true + - type: textarea + attributes: + label: Reproduction + description: |- + Provide method to reproduce the bug. + Please provide config that can reproduce the problem, including both the server and client. + Do not paste a large exported config here. Removing unnecessary inbounds, outbounds, route rules, and options. This cloud help us locate the problem if you really want to get help. + Even if you are using a GUI/script/panel, please follow the above requirements. + DO NOT just write "I'm using xxx GUI/ xxx panel" instead of providing config. We do not have the energy or obligation to find the software and spend time reproducing according to the description. + validations: + required: true + - type: textarea + attributes: + label: log + description: |- + Set the log level to debug. + Please Restart Xray-core, and then follow the reproduction method to reduce irrelevant parts in log. + Remember to remove personal information such as UUID, IP. + Provid complete log, DO NOT just paste the the parts that you think necessary based on your own judgment. + render: shell \ No newline at end of file diff --git a/xray-go/.github/ISSUE_TEMPLATE/bug_report_zh.yml b/xray-go/.github/ISSUE_TEMPLATE/bug_report_zh.yml new file mode 100644 index 0000000..81e262e --- /dev/null +++ b/xray-go/.github/ISSUE_TEMPLATE/bug_report_zh.yml @@ -0,0 +1,44 @@ +name: bug反馈 +description: "提交 Xray-core bug" +body: + - type: checkboxes + attributes: + label: 完整性要求 + description: |- + 请勾选以下所有选项以证明您已经阅读并理解了以下要求,否则该 issue 将被关闭。 + options: + - label: 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。 + required: true + - label: 我搜索了issues,没有发现已提出的类似问题。 + required: true + - type: textarea + attributes: + label: 版本 + description: 使用的Xray-core版本 + render: shell + - type: textarea + attributes: + label: 描述 + description: 请提供错误的详细描述。以及你认为有价值的信息。 + validations: + required: true + - type: textarea + attributes: + label: 重现方式 + description: |- + 提供重现BUG方法。 + 请提供可以重现问题的配置文件,包括服务端和客户端 + 不要直接在这里黏贴一大段导出的 config 文件。去掉无用的出入站、规则、选项,这可以帮助确定问题,如果你真的想得到帮助。 + 即使你在使用图形客户端/脚本/面板,也请遵照上述要求。 + 不要直接用“我使用xxx客户端/xxx面板”替代config,我们没有精力也没有义务去找到项目再花时间按描述重新问题。 + validations: + required: true + - type: textarea + attributes: + label: 日志 + description: |- + 请先将日志等级设置为 debug. + 重启 Xray-core ,再按复现方式操作,尽量减少日志中的无关部分。 + 记得删除有关个人信息(如UUID与IP)的部分。 + 提供完整的日志,不要仅提供你自己觉得有用的部分。 + render: shell \ No newline at end of file diff --git a/xray-go/Makefile b/xray-go/Makefile index f69a9b2..0578fe6 100644 --- a/xray-go/Makefile +++ b/xray-go/Makefile @@ -2,6 +2,15 @@ NAME = xray VERSION=$(shell git describe --always --dirty) +export GOARCH ?= +export GOOS ?= + +ifdef GOARCH + ifeq ($(GOOS),darwin) + NAME:=$(NAME)-$(GOARCH) + endif +endif + LDFLAGS = -X github.com/xtls/xray-core/core.build=$(VERSION) -s -w -buildid= PARAMS = -trimpath -ldflags "$(LDFLAGS)" -v MAIN = ./main @@ -26,4 +35,4 @@ install: clean: go clean -v -i $(PWD) - rm -f xray xray.exe wxray.exe xray_softfloat \ No newline at end of file + rm -f xray xray.exe wxray.exe xray_softfloat diff --git a/xray-go/app/proxyman/outbound/handler.go b/xray-go/app/proxyman/outbound/handler.go index 41713d0..792ac24 100644 --- a/xray-go/app/proxyman/outbound/handler.go +++ b/xray-go/app/proxyman/outbound/handler.go @@ -2,12 +2,8 @@ package outbound import ( "context" + "crypto/rand" "errors" - "io" - "math/rand" - gonet "net" - "os" - "github.com/xtls/xray-core/app/proxyman" "github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common/buf" @@ -25,6 +21,10 @@ import ( "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" "github.com/xtls/xray-core/transport/pipe" + "io" + "math/big" + gonet "net" + "os" ) func getStatCounter(v *core.Instance, tag string) (stats.Counter, stats.Counter) { @@ -319,16 +319,21 @@ func (h *Handler) Close() error { return nil } -// Return random IPv6 in a CIDR block + func ParseRandomIPv6(address net.Address, prefix string) net.Address { - addr := address.IP().String() - _, network, _ := gonet.ParseCIDR(addr + "/" + prefix) + _, network, _ := gonet.ParseCIDR(address.IP().String() + "/" + prefix) - ipv6 := network.IP.To16() - prefixLen, _ := network.Mask.Size() - for i := prefixLen / 8; i < 16; i++ { - ipv6[i] = byte(rand.Intn(256)) - } + maskSize, totalBits := network.Mask.Size() + subnetSize := big.NewInt(1).Lsh(big.NewInt(1), uint(totalBits-maskSize)) + + // random + randomBigInt, _ := rand.Int(rand.Reader, subnetSize) + + startIPBigInt := big.NewInt(0).SetBytes(network.IP.To16()) + randomIPBigInt := big.NewInt(0).Add(startIPBigInt, randomBigInt) + + randomIPBytes := randomIPBigInt.Bytes() + randomIPBytes = append(make([]byte, 16-len(randomIPBytes)), randomIPBytes...) - return net.ParseAddress(gonet.IP(ipv6).String()) + return net.ParseAddress(gonet.IP(randomIPBytes).String()) } diff --git a/xray-go/app/router/config.pb.go b/xray-go/app/router/config.pb.go index 23aba91..d0da6d1 100644 --- a/xray-go/app/router/config.pb.go +++ b/xray-go/app/router/config.pb.go @@ -864,7 +864,7 @@ type StrategyLeastLoadConfig struct { Baselines []int64 `protobuf:"varint,3,rep,packed,name=baselines,proto3" json:"baselines,omitempty"` // expected nodes count to select Expected int32 `protobuf:"varint,4,opt,name=expected,proto3" json:"expected,omitempty"` - // max acceptable rtt, filter away high delay nodes. defalut 0 + // max acceptable rtt, filter away high delay nodes. default 0 MaxRTT int64 `protobuf:"varint,5,opt,name=maxRTT,proto3" json:"maxRTT,omitempty"` // acceptable failure rate Tolerance float32 `protobuf:"fixed32,6,opt,name=tolerance,proto3" json:"tolerance,omitempty"` diff --git a/xray-go/app/router/config.proto b/xray-go/app/router/config.proto index cff00fa..fdd2e61 100644 --- a/xray-go/app/router/config.proto +++ b/xray-go/app/router/config.proto @@ -147,7 +147,7 @@ message StrategyLeastLoadConfig { repeated int64 baselines = 3; // expected nodes count to select int32 expected = 4; - // max acceptable rtt, filter away high delay nodes. defalut 0 + // max acceptable rtt, filter away high delay nodes. default 0 int64 maxRTT = 5; // acceptable failure rate float tolerance = 6; diff --git a/xray-go/common/session/session.go b/xray-go/common/session/session.go index 4af6101..38ffa7b 100644 --- a/xray-go/common/session/session.go +++ b/xray-go/common/session/session.go @@ -44,7 +44,7 @@ type Inbound struct { Tag string // Name of the inbound proxy that handles the connection. Name string - // User is the user that authencates for the inbound. May be nil if the protocol allows anounymous traffic. + // User is the user that authenticates for the inbound. May be nil if the protocol allows anonymous traffic. User *protocol.MemoryUser // Conn is actually internet.Connection. May be nil. Conn net.Conn diff --git a/xray-go/core/config.go b/xray-go/core/config.go index ed049a4..2cdead1 100644 --- a/xray-go/core/config.go +++ b/xray-go/core/config.go @@ -26,7 +26,7 @@ type ConfigBuilder func(files []string, formats []string) (*Config, error) type ConfigBuilderJson func(jsonStrings string) (*Config, error) -// ConfigMerger merge multiple json configs into on config +// ConfigsMerger merge multiple json configs into on config type ConfigsMerger func(files []string, formats []string) (string, error) var ( diff --git a/xray-go/core/core.go b/xray-go/core/core.go index c331d34..a4f0f16 100644 --- a/xray-go/core/core.go +++ b/xray-go/core/core.go @@ -21,7 +21,7 @@ import ( var ( Version_x byte = 1 Version_y byte = 8 - Version_z byte = 10 + Version_z byte = 11 ) var ( diff --git a/xray-go/go.mod b/xray-go/go.mod index 1e13ef5..91c1ef0 100644 --- a/xray-go/go.mod +++ b/xray-go/go.mod @@ -3,15 +3,17 @@ module github.com/xtls/xray-core go 1.22 require ( + github.com/OmarTariq612/goech v0.0.0-20240405204721-8e2e1dafd3a0 + github.com/cloudflare/circl v1.3.8 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/golang/mock v1.7.0-rc.1 github.com/google/go-cmp v0.6.0 github.com/gorilla/websocket v1.5.1 - github.com/miekg/dns v1.1.58 + github.com/miekg/dns v1.1.59 github.com/pelletier/go-toml v1.9.5 github.com/pires/go-proxyproto v0.7.0 github.com/quic-go/quic-go v0.42.0 - github.com/refraction-networking/utls v1.6.3 + github.com/refraction-networking/utls v1.6.4 github.com/sagernet/sing v0.3.8 github.com/sagernet/sing-shadowsocks v0.2.6 github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb @@ -20,26 +22,24 @@ require ( github.com/vishvananda/netlink v1.2.1-beta.2.0.20230316163032-ced5aaba43e3 github.com/xtls/reality v0.0.0-20231112171332-de1173cf2b19 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba - golang.org/x/crypto v0.21.0 - golang.org/x/net v0.22.0 - golang.org/x/sync v0.6.0 - golang.org/x/sys v0.18.0 + golang.org/x/crypto v0.22.0 + golang.org/x/net v0.24.0 + golang.org/x/sync v0.7.0 + golang.org/x/sys v0.19.0 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 - google.golang.org/grpc v1.62.1 + google.golang.org/grpc v1.63.2 google.golang.org/protobuf v1.33.0 - gvisor.dev/gvisor v0.0.0-20231104011432-48a6d7d5bd0b + gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489 h12.io/socks v1.0.3 - lukechampine.com/blake3 v1.2.1 + lukechampine.com/blake3 v1.2.2 ) require ( github.com/andybalholm/brotli v1.1.0 // indirect - github.com/cloudflare/circl v1.3.7 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect github.com/klauspost/compress v1.17.7 // indirect diff --git a/xray-go/go.sum b/xray-go/go.sum index 9da6b4a..6d793b1 100644 --- a/xray-go/go.sum +++ b/xray-go/go.sum @@ -8,6 +8,8 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/OmarTariq612/goech v0.0.0-20240405204721-8e2e1dafd3a0 h1:Wo41lDOevRJSGpevP+8Pk5bANX7fJacO2w04aqLiC5I= +github.com/OmarTariq612/goech v0.0.0-20240405204721-8e2e1dafd3a0/go.mod h1:FVGavL/QEBQDcBpr3fAojoK17xX5k9bicBphrOpP7uM= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= @@ -15,8 +17,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= +github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -88,8 +90,8 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= @@ -114,8 +116,8 @@ github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7q github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM= github.com/quic-go/quic-go v0.42.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M= -github.com/refraction-networking/utls v1.6.3 h1:MFOfRN35sSx6K5AZNIoESsBuBxS2LCgRilRIdHb6fDc= -github.com/refraction-networking/utls v1.6.3/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs= +github.com/refraction-networking/utls v1.6.4 h1:aeynTroaYn7y+mFtqv8D0bQ4bw0y9nJHneGxJ7lvRDM= +github.com/refraction-networking/utls v1.6.4/go.mod h1:2VL2xfiqgFAZtJKeUTlf+PSYFs3Eu7km0gCtXJ3m8zs= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -179,8 +181,8 @@ golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= @@ -201,8 +203,8 @@ golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -214,8 +216,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -228,8 +230,8 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -275,8 +277,8 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= -google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -292,14 +294,14 @@ gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= -gvisor.dev/gvisor v0.0.0-20231104011432-48a6d7d5bd0b h1:yqkg3pTifuKukuWanp8spDsL4irJkHF5WI0J47hU87o= -gvisor.dev/gvisor v0.0.0-20231104011432-48a6d7d5bd0b/go.mod h1:10sU+Uh5KKNv1+2x2A0Gvzt8FjD3ASIhorV3YsauXhk= +gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489 h1:ze1vwAdliUAr68RQ5NtufWaXaOg8WUO2OACzEV+TNdE= +gvisor.dev/gvisor v0.0.0-20231202080848-1f7806d17489/go.mod h1:10sU+Uh5KKNv1+2x2A0Gvzt8FjD3ASIhorV3YsauXhk= h12.io/socks v1.0.3 h1:Ka3qaQewws4j4/eDQnOdpr4wXsC//dXtWvftlIcCQUo= h12.io/socks v1.0.3/go.mod h1:AIhxy1jOId/XCz9BO+EIgNL2rQiPTBNnOfnVnQ+3Eck= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI= -lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= +lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w= +lukechampine.com/blake3 v1.2.2/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/xray-go/infra/conf/router_strategy.go b/xray-go/infra/conf/router_strategy.go index 58367b4..4d0f647 100644 --- a/xray-go/infra/conf/router_strategy.go +++ b/xray-go/infra/conf/router_strategy.go @@ -38,7 +38,7 @@ type strategyLeastLoadConfig struct { Baselines []duration.Duration `json:"baselines,omitempty"` // expected nodes count to select Expected int32 `json:"expected,omitempty"` - // max acceptable rtt, filter away high delay nodes. defalut 0 + // max acceptable rtt, filter away high delay nodes. default 0 MaxRTT duration.Duration `json:"maxRTT,omitempty"` // acceptable failure rate Tolerance float64 `json:"tolerance,omitempty"` diff --git a/xray-go/infra/conf/transport_internet.go b/xray-go/infra/conf/transport_internet.go index 805a674..908a95d 100644 --- a/xray-go/infra/conf/transport_internet.go +++ b/xray-go/infra/conf/transport_internet.go @@ -392,7 +392,6 @@ type TLSConfig struct { MinVersion string `json:"minVersion"` MaxVersion string `json:"maxVersion"` CipherSuites string `json:"cipherSuites"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites"` Fingerprint string `json:"fingerprint"` RejectUnknownSNI bool `json:"rejectUnknownSni"` PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` @@ -424,7 +423,6 @@ func (c *TLSConfig) Build() (proto.Message, error) { config.MinVersion = c.MinVersion config.MaxVersion = c.MaxVersion config.CipherSuites = c.CipherSuites - config.PreferServerCipherSuites = c.PreferServerCipherSuites config.Fingerprint = strings.ToLower(c.Fingerprint) if config.Fingerprint != "" && tls.GetFingerprint(config.Fingerprint) == nil { return nil, newError(`unknown fingerprint: `, config.Fingerprint) diff --git a/xray-go/main/commands/all/api/api.go b/xray-go/main/commands/all/api/api.go index f408fd9..ea43d10 100644 --- a/xray-go/main/commands/all/api/api.go +++ b/xray-go/main/commands/all/api/api.go @@ -23,5 +23,6 @@ var CmdAPI = &base.Command{ cmdRemoveOutbounds, cmdAddRules, cmdRemoveRules, + cmdSourceIpBlock, }, } diff --git a/xray-go/main/commands/all/api/source_ip_block.go b/xray-go/main/commands/all/api/source_ip_block.go new file mode 100644 index 0000000..1f77318 --- /dev/null +++ b/xray-go/main/commands/all/api/source_ip_block.go @@ -0,0 +1,132 @@ +package api + +import ( + "encoding/json" + "fmt" + "strings" + + routerService "github.com/xtls/xray-core/app/router/command" + cserial "github.com/xtls/xray-core/common/serial" + "github.com/xtls/xray-core/infra/conf/serial" + "github.com/xtls/xray-core/main/commands/base" +) + +var cmdSourceIpBlock = &base.Command{ + CustomFlags: true, + UsageLine: "{{.Exec}} api sib [--server=127.0.0.1:8080] -outbound=blocked -inbound=socks 1.2.3.4", + Short: "Drop connections by source ip", + Long: ` +Drop connections by source ip. +Arguments: + -s, -server + The API server address. Default 127.0.0.1:8080 + -t, -timeout + Timeout seconds to call API. Default 3 + -outbound + route traffic to specific outbound. + -inbound + target traffig from specific inbound. + -ruletag + set ruleTag. Default sourceIpBlock + -reset + remove ruletag and apply new source IPs. Default false + + Example: + {{.Exec}} {{.LongName}} --server=127.0.0.1:8080 c1.json c2.json +`, + Run: executeSourceIpBlock, +} + +func executeSourceIpBlock(cmd *base.Command, args []string) { + var ( + inbound string + outbound string + ruletag string + reset bool + ) + setSharedFlags(cmd) + cmd.Flag.StringVar(&inbound, "inbound", "", "") + cmd.Flag.StringVar(&outbound, "outbound", "", "") + cmd.Flag.StringVar(&ruletag, "ruletag", "sourceIpBlock", "") + cmd.Flag.BoolVar(&reset, "reset", false, "") + + cmd.Flag.Parse(args) + + unnamedArgs := cmd.Flag.Args() + if len(unnamedArgs) == 0 { + fmt.Println("reading from stdin:") + unnamedArgs = []string{"stdin:"} + } + conn, ctx, close := dialAPIServer() + defer close() + + client := routerService.NewRoutingServiceClient(conn) + + jsonIps, err := json.Marshal(unnamedArgs) + if err != nil { + fmt.Println("Error marshaling JSON:", err) + return + } + + jsonInbound, err := json.Marshal([]string{inbound}) + if inbound == "" { + jsonInbound, err = json.Marshal([]string{}) + } + if err != nil { + fmt.Println("Error marshaling JSON:", err) + return + } + stringConfig := fmt.Sprintf(` + { + "routing": { + "rules": [ + { + "ruleTag" : "%s", + "inboundTag": %s, + "outboundTag": "%s", + "type": "field", + "source": %s + } + ] + } + } + + `, ruletag, string(jsonInbound), outbound, string(jsonIps)) + + conf, err := serial.DecodeJSONConfig(strings.NewReader(stringConfig)) + if err != nil { + base.Fatalf("failed to decode : %s", err) + } + rc := *conf.RouterConfig + + config, err := rc.Build() + if err != nil { + base.Fatalf("failed to build conf: %s", err) + } + tmsg := cserial.ToTypedMessage(config) + if tmsg == nil { + base.Fatalf("failed to format config to TypedMessage.") + } + + if reset { + rr := &routerService.RemoveRuleRequest{ + RuleTag: ruletag, + } + resp, err := client.RemoveRule(ctx, rr) + if err != nil { + base.Fatalf("failed to perform RemoveRule: %s", err) + } + showJSONResponse(resp) + + } + ra := &routerService.AddRuleRequest{ + Config: tmsg, + ShouldAppend: true, + } + resp, err := client.AddRule(ctx, ra) + if err != nil { + base.Fatalf("failed to perform AddRule: %s", err) + } + showJSONResponse(resp) + +} diff --git a/xray-go/main/commands/all/tls/ech.go b/xray-go/main/commands/all/tls/ech.go new file mode 100644 index 0000000..d4e17f9 --- /dev/null +++ b/xray-go/main/commands/all/tls/ech.go @@ -0,0 +1,69 @@ +package tls + +import ( + "encoding/json" + "encoding/pem" + "os" + "strings" + + "github.com/OmarTariq612/goech" + "github.com/cloudflare/circl/hpke" + "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/main/commands/base" +) + +var cmdECH = &base.Command{ + UsageLine: `{{.Exec}} tls ech [--serverName (string)] [--json]`, + Short: `Generate TLS-ECH certificates`, + Long: ` +Generate TLS-ECH certificates. + +Set serverName to your custom string: {{.Exec}} tls ech --serverName (string) +Generate into json format: {{.Exec}} tls ech --json +`, // Enable PQ signature schemes: {{.Exec}} tls ech --pq-signature-schemes-enabled +} + +func init() { + cmdECH.Run = executeECH +} + +var input_pqSignatureSchemesEnabled = cmdECH.Flag.Bool("pqSignatureSchemesEnabled", false, "") +var input_serverName = cmdECH.Flag.String("serverName", "cloudflare-ech.com", "") +var input_json = cmdECH.Flag.Bool("json", false, "True == turn on json output") + +func executeECH(cmd *base.Command, args []string) { + var kem hpke.KEM + + if *input_pqSignatureSchemesEnabled { + kem = hpke.KEM_X25519_KYBER768_DRAFT00 + } else { + kem = hpke.KEM_X25519_HKDF_SHA256 + } + + echKeySet, err := goech.GenerateECHKeySet(0, *input_serverName, kem) + common.Must(err) + + configBuffer, _ := echKeySet.ECHConfig.MarshalBinary() + keyBuffer, _ := echKeySet.MarshalBinary() + + configPEM := string(pem.EncodeToMemory(&pem.Block{Type: "ECH CONFIGS", Bytes: configBuffer})) + keyPEM := string(pem.EncodeToMemory(&pem.Block{Type: "ECH KEYS", Bytes: keyBuffer})) + if *input_json { + jECHConfigs := map[string]interface{}{ + "configs": strings.Split(strings.TrimSpace(string(configPEM)), "\n"), + } + jECHKey := map[string]interface{}{ + "key": strings.Split(strings.TrimSpace(string(keyPEM)), "\n"), + } + + for _, i := range []map[string]interface{}{jECHConfigs, jECHKey} { + content, err := json.MarshalIndent(i, "", " ") + common.Must(err) + os.Stdout.Write(content) + os.Stdout.WriteString("\n") + } + } else { + os.Stdout.WriteString(configPEM) + os.Stdout.WriteString(keyPEM) + } +} diff --git a/xray-go/main/commands/all/tls/tls.go b/xray-go/main/commands/all/tls/tls.go index bf65330..a93da1c 100644 --- a/xray-go/main/commands/all/tls/tls.go +++ b/xray-go/main/commands/all/tls/tls.go @@ -14,5 +14,6 @@ var CmdTLS = &base.Command{ cmdCert, cmdPing, cmdCertChainHash, + cmdECH, }, } diff --git a/xray-go/proxy/freedom/freedom.go b/xray-go/proxy/freedom/freedom.go index 5585364..0176929 100644 --- a/xray-go/proxy/freedom/freedom.go +++ b/xray-go/proxy/freedom/freedom.go @@ -373,6 +373,9 @@ func (f *FragmentWriter) Write(b []byte) (int, error) { return f.writer.Write(b) } recordLen := 5 + ((int(b[3]) << 8) | int(b[4])) + if len(b) < recordLen { // maybe already fragmented somehow + return f.writer.Write(b) + } data := b[5:recordLen] buf := make([]byte, 1024) for from := 0; ; { diff --git a/xray-go/transport/internet/config.go b/xray-go/transport/internet/config.go index a2091f5..dc0b95e 100644 --- a/xray-go/transport/internet/config.go +++ b/xray-go/transport/internet/config.go @@ -58,6 +58,8 @@ func RegisterProtocolConfigCreator(name string, creator ConfigCreator) error { return nil } +// Note: Each new transport needs to add init() func in transport/internet/xxx/config.go +// Otherwise, it will cause #3244 func CreateTransportConfig(name string) (interface{}, error) { creator, ok := globalTransportConfigCreatorCache[name] if !ok { diff --git a/xray-go/transport/internet/http/dialer.go b/xray-go/transport/internet/http/dialer.go index 513962d..acccd0b 100644 --- a/xray-go/transport/internet/http/dialer.go +++ b/xray-go/transport/internet/http/dialer.go @@ -97,13 +97,10 @@ func getHTTPClient(ctx context.Context, dest net.Destination, streamSettings *in return nil, err } } - negotiatedProtocol, negotiatedProtocolIsMutual := cn.NegotiatedProtocol() + negotiatedProtocol := cn.NegotiatedProtocol() if negotiatedProtocol != http2.NextProtoTLS { return nil, newError("http2: unexpected ALPN protocol " + negotiatedProtocol + "; want q" + http2.NextProtoTLS).AtError() } - if !negotiatedProtocolIsMutual { - return nil, newError("http2: could not negotiate protocol mutually").AtError() - } return cn, nil }, } diff --git a/xray-go/transport/internet/httpupgrade/config.go b/xray-go/transport/internet/httpupgrade/config.go index 21841bf..3404930 100644 --- a/xray-go/transport/internet/httpupgrade/config.go +++ b/xray-go/transport/internet/httpupgrade/config.go @@ -1,5 +1,10 @@ package httpupgrade +import ( + "github.com/xtls/xray-core/common" + "github.com/xtls/xray-core/transport/internet" +) + func (c *Config) GetNormalizedPath() string { path := c.Path if path == "" { @@ -10,3 +15,9 @@ func (c *Config) GetNormalizedPath() string { } return path } + +func init() { + common.Must(internet.RegisterProtocolConfigCreator(protocolName, func() interface{} { + return new(Config) + })) +} diff --git a/xray-go/transport/internet/reality/reality.go b/xray-go/transport/internet/reality/reality.go index 136a075..011bb90 100644 --- a/xray-go/transport/internet/reality/reality.go +++ b/xray-go/transport/internet/reality/reality.go @@ -204,6 +204,9 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati req, _ = http.NewRequest("GET", string(prefix)+getPathLocked(paths), nil) maps.Unlock() } + if req == nil { + return + } req.Header.Set("User-Agent", fingerprint.Client) // TODO: User-Agent map if first && config.Show { newError(fmt.Sprintf("REALITY localAddr: %v\treq.UserAgent(): %v\n", localAddr, req.UserAgent())).WriteToLog(session.ExportIDToError(ctx)) @@ -220,6 +223,7 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati if resp, err = client.Do(req); err != nil { break } + defer resp.Body.Close() req.Header.Set("Referer", req.URL.String()) if body, err = io.ReadAll(resp.Body); err != nil { break diff --git a/xray-go/transport/internet/tls/config.go b/xray-go/transport/internet/tls/config.go index 325909e..9d9289c 100644 --- a/xray-go/transport/internet/tls/config.go +++ b/xray-go/transport/internet/tls/config.go @@ -363,9 +363,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { } } - config.PreferServerCipherSuites = c.PreferServerCipherSuites - - if (len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none") { + if len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none" { writer, err := os.OpenFile(c.MasterKeyLog, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0644) if err != nil { newError("failed to open ", c.MasterKeyLog, " as master key log").AtError().Base(err).WriteToLog() @@ -381,6 +379,9 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { type Option func(*tls.Config) // WithDestination sets the server name in TLS config. +// Due to the incorrect structure of GetTLSConfig(), the config.ServerName will always be empty. +// So the real logic for SNI is: +// set it to dest -> overwrite it with servername(if it's len>0). func WithDestination(dest net.Destination) Option { return func(config *tls.Config) { if config.ServerName == "" { diff --git a/xray-go/transport/internet/tls/config.pb.go b/xray-go/transport/internet/tls/config.pb.go index 0e616ae..d8c9a42 100644 --- a/xray-go/transport/internet/tls/config.pb.go +++ b/xray-go/transport/internet/tls/config.pb.go @@ -194,6 +194,9 @@ type Config struct { // Specify cipher suites, except for TLS 1.3. CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` // Whether the server selects its most preferred ciphersuite. + // Deprecated: crypto/tls has ignored this field. + // + // Deprecated: Marked as deprecated in transport/internet/tls/config.proto. PreferServerCipherSuites bool `protobuf:"varint,10,opt,name=prefer_server_cipher_suites,json=preferServerCipherSuites,proto3" json:"prefer_server_cipher_suites,omitempty"` // TLS Client Hello fingerprint (uTLS). Fingerprint string `protobuf:"bytes,11,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` @@ -306,6 +309,7 @@ func (x *Config) GetCipherSuites() string { return "" } +// Deprecated: Marked as deprecated in transport/internet/tls/config.proto. func (x *Config) GetPreferServerCipherSuites() bool { if x != nil { return x.PreferServerCipherSuites @@ -377,7 +381,7 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, - 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xf2, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, + 0x49, 0x53, 0x53, 0x55, 0x45, 0x10, 0x02, 0x22, 0xf6, 0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x12, 0x4a, 0x0a, 0x0b, 0x63, 0x65, 0x72, @@ -402,37 +406,37 @@ var file_transport_internet_tls_config_proto_rawDesc = []byte{ 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x3d, + 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x41, 0x0a, 0x1b, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x0a, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x18, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x20, 0x0a, - 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, - 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, - 0x6e, 0x5f, 0x73, 0x6e, 0x69, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, 0x65, 0x6a, - 0x65, 0x63, 0x74, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x6e, 0x69, 0x12, 0x4e, 0x0a, - 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x73, - 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x20, 0x70, 0x69, 0x6e, - 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x57, 0x0a, - 0x29, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, - 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0c, - 0x52, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, - 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, - 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x4c, 0x6f, 0x67, 0x42, 0x73, 0x0a, 0x1f, - 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x74, 0x6c, 0x73, 0x50, - 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, - 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f, - 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x54, 0x6c, - 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x18, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, + 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x6e, + 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x5f, 0x73, 0x6e, 0x69, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x10, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x6e, + 0x69, 0x12, 0x4e, 0x0a, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, + 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, + 0x69, 0x6e, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0c, 0x52, + 0x20, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x53, 0x68, 0x61, 0x32, 0x35, + 0x36, 0x12, 0x57, 0x0a, 0x29, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, + 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x0e, + 0x20, 0x03, 0x28, 0x0c, 0x52, 0x24, 0x70, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x50, 0x65, 0x65, 0x72, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x4b, 0x65, 0x79, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, + 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x0f, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0c, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x4c, 0x6f, 0x67, + 0x42, 0x73, 0x0a, 0x1f, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, + 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, + 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x65, 0x74, 0x2f, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x1b, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, + 0x74, 0x2e, 0x54, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/xray-go/transport/internet/tls/config.proto b/xray-go/transport/internet/tls/config.proto index b1c26a4..12c7b7c 100644 --- a/xray-go/transport/internet/tls/config.proto +++ b/xray-go/transport/internet/tls/config.proto @@ -63,7 +63,8 @@ message Config { string cipher_suites = 9; // Whether the server selects its most preferred ciphersuite. - bool prefer_server_cipher_suites = 10; + // Deprecated: crypto/tls has ignored this field. + bool prefer_server_cipher_suites = 10 [deprecated = true]; // TLS Client Hello fingerprint (uTLS). string fingerprint = 11; diff --git a/xray-go/transport/internet/tls/tls.go b/xray-go/transport/internet/tls/tls.go index 73631ef..25889cb 100644 --- a/xray-go/transport/internet/tls/tls.go +++ b/xray-go/transport/internet/tls/tls.go @@ -18,10 +18,11 @@ type Interface interface { net.Conn HandshakeContext(ctx context.Context) error VerifyHostname(host string) error - NegotiatedProtocol() (name string, mutual bool) + NegotiatedProtocol() string } var _ buf.Writer = (*Conn)(nil) +var _ Interface = (*Conn)(nil) type Conn struct { *tls.Conn @@ -55,9 +56,9 @@ func (c *Conn) HandshakeAddressContext(ctx context.Context) net.Address { return net.ParseAddress(state.ServerName) } -func (c *Conn) NegotiatedProtocol() (name string, mutual bool) { +func (c *Conn) NegotiatedProtocol() string { state := c.ConnectionState() - return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual + return state.NegotiatedProtocol } // Client initiates a TLS client handshake on the given connection. @@ -76,6 +77,8 @@ type UConn struct { *utls.UConn } +var _ Interface = (*UConn)(nil) + func (c *UConn) Close() error { timer := time.AfterFunc(tlsCloseTimeout, func() { c.Conn.NetConn().Close() @@ -122,9 +125,9 @@ func (c *UConn) WebsocketHandshakeContext(ctx context.Context) error { return c.HandshakeContext(ctx) } -func (c *UConn) NegotiatedProtocol() (name string, mutual bool) { +func (c *UConn) NegotiatedProtocol() string { state := c.ConnectionState() - return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual + return state.NegotiatedProtocol } func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn { diff --git a/xray-go/transport/internet/websocket/dialer.go b/xray-go/transport/internet/websocket/dialer.go index 4ef2783..2016168 100644 --- a/xray-go/transport/internet/websocket/dialer.go +++ b/xray-go/transport/internet/websocket/dialer.go @@ -1,6 +1,7 @@ package websocket import ( + "bytes" "context" _ "embed" "encoding/base64" @@ -14,6 +15,7 @@ import ( "github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/platform" "github.com/xtls/xray-core/common/session" + "github.com/xtls/xray-core/common/uuid" "github.com/xtls/xray-core/transport/internet" "github.com/xtls/xray-core/transport/internet/stat" "github.com/xtls/xray-core/transport/internet/tls" @@ -27,13 +29,18 @@ var conns chan *websocket.Conn func init() { addr := platform.NewEnvFlag(platform.BrowserDialerAddress).GetValue(func() string { return "" }) if addr != "" { + token := uuid.New() + csrfToken := token.String() + webpage = bytes.ReplaceAll(webpage, []byte("csrfToken"), []byte(csrfToken)) conns = make(chan *websocket.Conn, 256) go http.ListenAndServe(addr, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/websocket" { - if conn, err := upgrader.Upgrade(w, r, nil); err == nil { - conns <- conn - } else { - newError("Browser dialer http upgrade unexpected error").AtError().WriteToLog() + if r.URL.Query().Get("token") == csrfToken { + if conn, err := upgrader.Upgrade(w, r, nil); err == nil { + conns <- conn + } else { + newError("Browser dialer http upgrade unexpected error").AtError().WriteToLog() + } } } else { w.Write(webpage) diff --git a/xray-go/transport/internet/websocket/dialer.html b/xray-go/transport/internet/websocket/dialer.html index c141379..7831225 100644 --- a/xray-go/transport/internet/websocket/dialer.html +++ b/xray-go/transport/internet/websocket/dialer.html @@ -6,7 +6,7 @@