0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-06-11 19:09:36 +03:00
Commit Graph

149 Commits

Author SHA1 Message Date
c7358a32f5 Allow empty "spiderX" (client side) 2023-02-17 21:07:27 +08:00
e1cd1fd33e Allow empty "shortId" (client side) 2023-02-17 12:39:18 +00:00
4d2e2b24d3 THE NEXT FUTURE becomes THE REALITY NOW
Thank @yuhan6665 for testing
2023-02-15 16:07:12 +00:00
fa7300e910 Add warning on using old version of XTLS
And checks param `fingerprint` also
2023-02-03 23:29:46 +08:00
dc72cf2c78 Refine fingerprints
Fixes https://github.com/XTLS/Xray-core/issues/1577
2023-02-01 12:58:17 +00:00
620eb63c1b Add sockopt interface setting for binding outbound to a particular device like "eth0" (#1494)
* Update sockopt_linux.go

add Interface Name

* Update config.pb.go

add Interface Name

* Update transport_internet.go

add Interface Name

* Update config.pb.go

* update config.proto add interface

* Update config.pb.go
2023-01-09 09:45:30 -05:00
ff5ce767df Revert "add file soft link path resolve support (#1482)" (#1495)
This reverts commit eaf401eda9.
2023-01-07 15:11:23 +00:00
eaf401eda9 add file soft link path resolve support (#1482)
* add file soft link path resolve

* add configuration file soft link path resolve support
2023-01-03 10:52:11 -05:00
c4fbdf1b78 Run core/format.go 2022-12-25 19:47:53 -05:00
c9b6fc0104 Add custom header support for HTTP proxy 2022-12-18 21:48:23 -05:00
2e30093ffd Enforce specific none flow for xtls vision
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now  server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
2022-12-04 23:15:36 -05:00
e18b52a5df Implement WireGuard protocol as outbound (client) (#1344)
* implement WireGuard protocol for Outbound

* upload license

* fix build for openbsd & dragonfly os

* updated wireguard-go

* fix up

* switch to another wireguard fork

* fix

* switch to upstream

* open connection through internet.Dialer (#1)

* use internet.Dialer

* maybe better code

* fix

* real fix

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>

* fix bugs & add ability to recover during connection reset on UDP over TCP parent protocols

* improve performance

improve performance

* dns lookup endpoint && remove unused code

* interface address fallback

* better code && add config test case

Co-authored-by: nanoda0523 <nanoda0523@users.noreply.github.com>
2022-11-21 20:05:54 -05:00
5e695327b1 Add XTLS RPRX's Vision (#1235)
* Add XTLS RPRX's Vision

* Add helpful warning when security is wrong

* Add XTLS padding (draft)

* Fix  number of packet to filter

* Xtls padding version 1.0 and unpadding logic
2022-10-29 00:51:59 -04:00
8cf23f1947 add tcpcongestion (#1234)
* add `tcpcongestion`

* Update sockopt_linux.go

* Update config.pb.go

* Update transport_internet.go

* Update config.pb.go

* Update transport_internet.go

* Update config.proto
2022-10-10 13:13:50 -04:00
debd2e3ba8 Remove compatibility code
The minimum support go version is already 1.18
2022-09-16 20:39:07 -04:00
4140bcd11a Enhancement of "redirect" function, adding support for MacOS
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1122,
"protocol": "dokodemo-door",
"tag": "dokodemo",
"settings": {
"network": "tcp",
"followRedirect": true,
"userLevel": 0
},
"streamSettings": {
"sockopt": {
"tproxy": "Redirect"
}
}
}
]

还原#1189 提交
2022-08-22 10:33:58 -04:00
59602db02d Add "tproxy" option (#1189)
* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

* Add "tproxy" option
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address
example:
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 1122,
      "protocol": "dokodemo-door",
      "tag": "dokodemo",
      "settings": {
        "network": "tcp",
        "followRedirect": true,
        "userLevel": 0
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "pf"
        }
      }
    }
  ]

Co-authored-by: Mocking <fanhaiwang0817@gmail.com>
2022-08-20 09:02:18 -04:00
b67314796f Add shadowsocks 2022 relay config 2022-08-09 10:37:21 -04:00
340234166b Add TCPKeepAliveIdle in Sockopt option (#1166)
* Add TCP keep alive idle setting

* Add TCP keep alive idle setting: auto generated

* Add TCP keep alive support in Linux

* Add TCP keep alive support in MacOS, FreeBSD

* Add TCP keep alive support in Windows

* fix bug introduced in adding tcp keep alive adjustment

* embed macOS const to avoid platform inconsistency

* embed macOS const to avoid platform inconsistency(again)

* add TCP Keep Alive support in config

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* use sys/unix instead of syscall

Suggestion from:
https://github.com/v2fly/v2ray-core/pull/1395#issuecomment-974761647

* Separate TcpKeepAliveIdle and TcpKeepAliveInterval check logic

* Disable tcp keepAlive when TcpKeepAliveIdle < 0 and  TcpKeepAliveInterval <= 0

Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>

Co-authored-by: ValdikSS <iam@valdikss.org.ru>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: xqzr <34030394+xqzr@users.noreply.github.com>
2022-07-31 09:55:40 -04:00
9480bc0379 Fix ss2022 user stat for single user 2022-07-02 11:27:26 -04:00
c3505632fd Add udp over tcp support for shadowsocks-2022 2022-06-01 11:49:02 +08:00
f1d753f069 Fix build in legacy golang version 2022-05-31 15:55:38 +08:00
79f3057687 Migrate shadowsocks-2022 to protocol library 2022-05-26 07:35:17 +08:00
cf7e675c45 Add shadowsocks 2022 multi-user inbound 2022-05-24 07:37:14 +08:00
b6391cbbe1 Fix shadowsocks config 2022-05-24 07:01:47 +08:00
3b77e26fa7 Merge shadowsocks 2022 config 2022-05-23 22:18:33 +08:00
087f0d1240 Add shadowsocks-2022 inbound/outbound (#1061) 2022-05-22 23:55:48 -04:00
3f64f3206c Quic sniffer (#1074)
* Add quic sniffer

* Fix quic sniffer

* Add uTP sniffer

* rename buf pool membership status to unmanaged

* rename buf type adaptor into FromBytes

Co-authored-by: 世界 <i@sekai.icu>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2022-05-22 23:48:10 -04:00
f046feb9ca Reformat code 2022-05-18 15:29:01 +08:00
2f86c7c795 fix: read port from environment variable 2022-04-26 10:27:42 -04:00
b413066012 Fakedns fix xUDP destination override (#1011)
* Fix UDP destination override

* Fix code style

* Fix fakedns object init

Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)

* Amend logic for handing fakedns client

A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.

Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
2022-04-23 19:24:46 -04:00
35eb165f63 feat: metrics including pprof, expvars 2022-03-29 00:01:14 -04:00
63da3a5481 grpc: add initial_windows_size option 2021-12-19 21:14:14 -05:00
c8e2a99e68 fix unsupported cipher method: xChaCha20-IETF-Poly1305 2021-12-16 18:57:06 -05:00
e93da4bd02 Fix some tests and format code (#830)
* Increase some tls test timeout

* Fix TestUserValidator

* Change all tests to VMessAEAD

Old VMess MD5 tests will be rejected and fail in 2022

* Chore: auto format code
2021-12-14 19:28:47 -05:00
d6ae4e9ba2 Make it easier to configure multiple listening ports 2021-11-17 23:13:15 -05:00
28b17b529d Add concurrency option for outbound observation
Add `enableConcurrency` option, false by default.

If it's set as `true`, start probing outbounds concurrently in every
circle of observation. Wait `probeInterval` between observation circles.
2021-10-26 13:09:03 +08:00
abb8ba8b0e Observatory related fixes (#788)
* fix:observatory not supported by multi-json

* Fix: observatory starts with empty config & fails to close (#957)

* Update strategy_leastping.go (#1019)

* add custom probe URL support for observatory

* add custom probe interval for observer

* apply coding style

* Fix: observatory log & JSON config(#1211)

Co-authored-by: ihotte <ihotte@yeah.net>

* Change default probe url from api.v2fly.org to www.google.com

* Cherry-pick missing code from branch 'dev-advloadblancer-2'

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
Co-authored-by: fanyiguan <52657276+fanyiguang@users.noreply.github.com>
Co-authored-by: ihotte <3087168217@qq.com>
Co-authored-by: ihotte <ihotte@yeah.net>
2021-10-26 13:00:31 +08:00
ff35118af5 VMess AEAD based packet length
(cherry picked from commit 08221600082a79376bdc262f2ffec1a3129ae98d)
2021-10-22 18:34:57 +08:00
707efd6d12 Add loopback outound 2021-10-22 17:58:37 +08:00
5c366db847 Add observatory / latestPing balancing strategy
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 17:16:20 +08:00
77d0419aca Add socks4/4a support 2021-10-22 13:27:31 +08:00
238bd5d050 Add xchacha20-ietf-poly1305 for Shadowsocks 2021-10-22 13:24:29 +08:00
3fe61ed4a2 Feat: add reverse match for GeoIP
(cherry picked from commit 3a50affa0a7316a9ad249f1b2b2996cb88948551)
2021-10-22 13:06:57 +08:00
acb81ebe3d Verify peer cert function for better man in the middle prevention (#746)
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
2021-10-22 12:38:40 +08:00
45dc97e2b6 Use shadowsocket's bloomring for shadowsocket's replay protection (#764)
* use shadowsocket's bloomring for shadowsocket's replay protection

* added shadowsockets iv check for tcp socket

* Rename to shadowsockets iv check

* shadowsocks iv check config file

* iv check should proceed after decryption

* use shadowsocket's bloomring for shadowsocket's replay protection

* Chore: format code (#842)

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
3bf3d96472 Fix: JSON tag case (#1212) (#778)
JSON unmarshal is case insensitive in Golang

Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-22 12:38:40 +08:00
a3023e43ef Add routeOnly sniffing option 2021-10-22 11:57:23 +08:00
6b6974c804 Fakedns improvements (#731)
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: sixg0000d <sixg0000d@gmail.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
2021-10-20 13:15:49 +08:00
e286cdcaa8 Style: format code by gofumpt (#761) 2021-10-20 00:57:14 +08:00