teddysun / xray-plugin Goto Github PK

Please add uTLS feature ASAP due to internet censorship based on TLS fingerprint in some countries.
#net4people/bbs#139

this package requre a go module "[email protected]" which can't be built with Go 1.21

see log below

2023-08-24T05:40:43.2454535Z github.com/quic-go/quic-go/internal/qtls
2023-08-24T05:40:43.2655194Z # github.com/quic-go/quic-go/internal/qtls


2023-08-24T05:40:43.2656480Z ../../../../../dl/go-mod-cache/github.com/quic-go/[email protected]/internal/qtls/go121.go:5:13
: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet.  <--- !!!! here !!!!
For more details, please see https://github.com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet. F...) as int value in variable declaration


2023-08-24T05:40:43.2878820Z 
2023-08-24T05:40:43.7770665Z make[3]: *** [Makefile:41: /workdir/openwrt/build_dir/target-aarch64_generic_musl/xray-plugin-1.8.3/.built] Error 1
2023-08-24T05:40:43.7771538Z make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/xray-plugin'
2023-08-24T05:40:43.7778522Z time: package/feeds/packages/xray-plugin/compile#0.72#0.50#1.80
2023-08-24T05:40:43.7782530Z     ERROR: package/feeds/packages/xray-plugin failed to build.
2023-08-24T05:40:43.7787072Z make[2]: *** [package/Makefile:120: package/feeds/packages/xray-plugin/compile] Error 1
2023-08-24T05:40:43.7799388Z make[2]: Leaving directory '/workdir/openwrt'
2023-08-24T05:40:43.7801142Z make[1]: *** [package/Makefile:114: /workdir/openwrt/staging_dir/target-aarch64_generic_musl/stamp/.package_compile] Error 2
2023-08-24T05:40:43.7808543Z make[1]: Leaving directory '/workdir/openwrt'
2023-08-24T05:40:43.7814073Z make: *** [/workdir/openwrt/include/toplevel.mk:232: world] Error 2
2023-08-24T05:40:43.7865710Z ##[error]Process completed with exit code 2.

https://github.com/Dreamacro/clash/wiki/configuration

clash now supports v2ray-plugin。

如果可以这条参数格式是什么？
是：path=/example?ed=2048
还是： path=/example?ed反斜杠=2048
我看android版本貌似自动添加上反斜杠了，windows版需要反斜杠吗？

as tittle,
i tried mux=false but it showed "failed to parse mux, use default value"

检测到 teddysun/xray-plugin 一共引入了158个开源组件，存在4个漏洞

漏洞标题：David Kitchen bluemonday 安全漏洞
缺陷组件：github.com/microcosm-cc/[email protected]
漏洞编号：CVE-2021-42576
漏洞描述：David Kitchen bluemonday是  （David Kitchen）开源的一个应用程序。用于在Go中实现的HTML清理程序。
bluemonday sanitizer 存在安全漏洞，该漏洞源于Go中1.0.16之前的bluemonday和Python中 0.0.8之前的bluemonday(在pybluemonday中)，不能正确地强制与SELECT、STYLE和OPTION元素关联的策略。
影响范围：(∞, 1.0.16)
最小修复版本：1.0.16
缺陷组件引入路径：github.com/teddysun/xray-plugin@->github.com/microcosm-cc/[email protected]

另外还有4个漏洞，详细报告：https://mofeisec.com/jr?p=a6c46a

v2ray plugin那边的windows x64版本，在配合ss windows使用时，即使添加了 serviceName=MYSERVICENAME 参数后，还是向mydomain.me/GunService/Tun 这个URL发起请求。。。

由于v2ray plugin那边没法提交issue就到这里提交了。。

先说问题
下面是xray-plugin报错：
2021/03/15 19:21:31 [Info] failed to handler mux client connection > proxy/freedom: failed to open connection to tcp:baidu.mydomain.top:443 > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://baidu.mydomain.top/r6of920f5b): > x509: certificate is valid for baidu.mydomain.top, not cloudfront.com] > common/retry: all retry attempts failed
这个报错和v2ray-plugin一模一样

我的VPS上使用的是openresty，tail -f access.log，都没有访问记录。
我猜是域名解析问题，因为第一次启动shadowsocks-libev-redir时域名解析使用cloudflare的代理，但是后来我把代理改成“仅限DNS”，还是不行。我本地主机是网关服务器，上面使用了dnsmasq，我怀疑是dns缓存，就把dnsmasq重启了，同时添加了hosts，把域名直接hosts到VPS，可是报错依旧相同。猜hosts没生效，tail -f dnsmasq.log，发现reply是我的VPS主机ip，报错还是一样，不知道该怎么解决，请高人指点，我的配置如下：

VPS：
ip：123.123.123.123
OS: Debian 10 buster
443 port: openresty提供
shadowsocks-libev-3.2.5+ds-1
xray-plugin-v1.4.0或v2ray-plugin-v1.3.1
域名证书是使用acme.sh签发的

openresty配置文件：
http {
省略
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
ssl_certificate ssl/baidu.mydomain.top.cer;
ssl_certificate_key ssl/baidu.mydomain.top.key;
server_name baidu.mydomain.top;
root html;
index index.html index.htm;

	location = /r6of920f5b {
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_set_header Host $host;
		proxy_pass http://127.0.0.1:8388;
	}
}
省略

}

shadowsocks-libev-server配置文件如下：
{
"server_host":"127.0.0.1",
"server_port":8388,
"password":"mima",
"timeout":300,
"method":"chacha20-ietf-poly1305",
"mode":"tcp_only",
"plugin":"/etc/shadowsocks-libev/v2ray-plugin",
"plugin_opts":"server;path=/r6of920f5b;loglevel=debug",
"use_syslog": false
}

客户端/网关服务器
OS: Debian 10 buster
shadowsocks-libev-3.2.5+ds-1
xray-plugin-v1.4.0或v2ray-plugin-v1.3.1

shadowsocks-libev-redir配置文件如下：
{
"server": "baidu.mydomain.top",
"server_port": 443,
"ipv6_first": false,
"fast_open": true,
"reuse_port": true,
"local_address": "0.0.0.0",
"local_port": 1080,
"mode": "tcp_only",
"timeout": 60,
"method": "chacha20-ietf-poly1305",
"password": "mima",
"plugin":"/etc/shadowsocks-libev/xray-plugin",
"plugin_opts":"tls;path=/r6of920f5b;loglevel=debug",
"use_syslog": true
}

/etc/hosts配置如下：
123.123.123.123 baidu.mydomain.top

谢谢了！

1.8.0版本没有这个问题，加不加都可以正常运行
1.8.9版本加了这个参数就会报错，不加不报错
ss-redir -s aa.bb.cc -p 443 -l 1090 -b 0.0.0.0 -k aaaaaaa -m rc4-md5 --mtu 1200 --fast-open --plugin xray-plugin --plugin-opts "path=/?ed=2056;tls;mux=2;host=aa.bb.cc"

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0xc0943e]

goroutine 6 [running]:
github.com/xtls/xray-core/transport/internet/websocket.(*delayDialConn).LocalAddr(0xc00014ee68?)
	<autogenerated>:1 +0x1e
github.com/xtls/xray-core/proxy/freedom.(*Handler).Process(0xc0002e5ad0, {0xf28098, 0xc00011c280}, 0xc000118100, {0xf268f0, 0xc0002f6a80})
	github.com/xtls/[email protected]/proxy/freedom/freedom.go:175 +0x637
github.com/xtls/xray-core/common/mux.(*DialingWorkerFactory).Create.func1({0x7f6177275dc8, 0xc0002e5ad0}, {0xf268f0, 0xc0002f6a80}, {0xf208c0, 0xc0000100c0})
	github.com/xtls/[email protected]/common/mux/client.go:156 +0x18e
created by github.com/xtls/xray-core/common/mux.(*DialingWorkerFactory).Create in goroutine 40
	github.com/xtls/[email protected]/common/mux/client.go:150 +0x1fd
 2024-03-28 17:29:12 ERROR: plugin service exit unexpectedly
 2024-03-28 17:29:12 INFO: error on terminating the plugin.

看来新版本支持了grpc, 希望能尽快释出。。。

一、基本情况：
手机为Nexus 4,Shadowsocks-android 5.2.1,xray-plugin 1.3.0。系统为LineageOS 14.1-20180302, Android 7.1.2
二、配置如下：
1. Transport mode: websocket-tls
2. Hostname: mydomain.io
3. Path: / (默认)
4. Concurrent connections: 1 (默认)
5. Certificate for TLS verification: (空)
三、问题情况：
无法联网。如上配置是在正常使用其他插件情况下的基础上进行的，所以问题不会出在插件之外的配置。经adb logcat分析可能是证书问题，但点开5. Certificate for TLS verification: (空)，在Documents找到上传的购买的域名证书，发现文件名呈灰色不能正常读取，而且通过插件打开的各个文件夹下的所有文件都呈灰色无法读取。
这是否是插件本身的bug呢，自己知识有限，仰作者大人和各位大神帮忙解决，谢谢。

移动使用xray-plugin会被QOS，与使用 simple-obfs 时情况相同，都是限速到2M

从V2fly的文档上来看，gRPC模式下可以设置serviceName进行分流，但是插件里没有这个选项。请问能否将serviceName的选项添加回去，另外v2ray-plugin那边也没有。

docker地址：https://hub.docker.com/r/teddysun/xray
请添加iptables工具，以便做旁路由透明代理

Thanks for this project firstly! And, is it possible to support XTLS? as it's the key point of xray.

启动参数

ssserver \
  --server-addr 0.0.0.0:443 \
  --password password \
  --encrypt-method chacha20-ietf-poly1305 \
  --timeout 3600 \
  --udp-timeout 300 \
  --udp-max-associations 1024 \
  --nofile 1048576 \
  --tcp-keep-alive 300 \
  --tcp-fast-open \
  --tcp-no-delay \
  -U \
  --plugin "xray-plugin" \
  --plugin-opts "server;tls;fast-open;host=example.com;loglevel=warning;path=/ws"

虽然设置了 loglevel=warning, 但是仍然在日志里见到有大量这样的输出

2022/01/19 17:17:24 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:27 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:36 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:43 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:45 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:50 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:51 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:52 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:57 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0
2022/01/19 17:17:59 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0

as title, thanks

我的v2ray-plugin是放在caddy后面，也就是用WS转发SS.
如果xray-plugin也只是这样用，两个插件就没什么区别吧？

xray-core v1.8.9官方支持了HTTPUpgrade传输方式，可以用来套CDN

大佬的插件也更新到v1.8.9了，那xray-plugin支持HTTPUpgrade吗？写法是什么呢？

功能详情：XTLS/Xray-core#375

xray-plugin作为客户端没有进行xray作为客户端的path转header，变量也不提供用户自定义header，导致无法配置0-rtt。
因为xray作为服务端本身就不需配置，xray-plugin作为服务端可以成功被xray作为客户端激活0-rtt。

xray client + xray-plugin server working/-1 RTT
xray plugin client + xray plugin server failed/same RTT
xray plugin client + xray server failed/same RTT

解决方案：进行xray的path转header，或允许用户自定义header。