teddysun / xray-plugin Goto Github PK
View Code? Open in Web Editor NEWA SIP003 plugin based on Xray-core
License: MIT License
A SIP003 plugin based on Xray-core
License: MIT License
从V2fly的文档上来看,gRPC模式下可以设置serviceName进行分流,但是插件里没有这个选项。请问能否将serviceName的选项添加回去,另外v2ray-plugin那边也没有。
Thanks for this project firstly! And, is it possible to support XTLS? as it's the key point of xray.
我的v2ray-plugin是放在caddy后面,也就是用WS转发SS.
如果xray-plugin也只是这样用,两个插件就没什么区别吧?
启动参数
ssserver \
--server-addr 0.0.0.0:443 \
--password password \
--encrypt-method chacha20-ietf-poly1305 \
--timeout 3600 \
--udp-timeout 300 \
--udp-max-associations 1024 \
--nofile 1048576 \
--tcp-keep-alive 300 \
--tcp-fast-open \
--tcp-no-delay \
-U \
--plugin "xray-plugin" \
--plugin-opts "server;tls;fast-open;host=example.com;loglevel=warning;path=/ws"
虽然设置了 loglevel=warning
, 但是仍然在日志里见到有大量这样的输出
2022/01/19 17:17:24 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:27 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:36 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
2022/01/19 17:17:43 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:45 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:50 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:51 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:52 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
2022/01/19 17:17:57 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0
2022/01/19 17:17:59 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0
this package requre a go module "[email protected]" which can't be built with Go 1.21
see log below
2023-08-24T05:40:43.2454535Z github.com/quic-go/quic-go/internal/qtls
2023-08-24T05:40:43.2655194Z # github.com/quic-go/quic-go/internal/qtls
2023-08-24T05:40:43.2656480Z ../../../../../dl/go-mod-cache/github.com/quic-go/[email protected]/internal/qtls/go121.go:5:13
: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. <--- !!!! here !!!!
For more details, please see https://github.com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet. F...) as int value in variable declaration
2023-08-24T05:40:43.2878820Z
2023-08-24T05:40:43.7770665Z make[3]: *** [Makefile:41: /workdir/openwrt/build_dir/target-aarch64_generic_musl/xray-plugin-1.8.3/.built] Error 1
2023-08-24T05:40:43.7771538Z make[3]: Leaving directory '/workdir/openwrt/feeds/packages/net/xray-plugin'
2023-08-24T05:40:43.7778522Z time: package/feeds/packages/xray-plugin/compile#0.72#0.50#1.80
2023-08-24T05:40:43.7782530Z ERROR: package/feeds/packages/xray-plugin failed to build.
2023-08-24T05:40:43.7787072Z make[2]: *** [package/Makefile:120: package/feeds/packages/xray-plugin/compile] Error 1
2023-08-24T05:40:43.7799388Z make[2]: Leaving directory '/workdir/openwrt'
2023-08-24T05:40:43.7801142Z make[1]: *** [package/Makefile:114: /workdir/openwrt/staging_dir/target-aarch64_generic_musl/stamp/.package_compile] Error 2
2023-08-24T05:40:43.7808543Z make[1]: Leaving directory '/workdir/openwrt'
2023-08-24T05:40:43.7814073Z make: *** [/workdir/openwrt/include/toplevel.mk:232: world] Error 2
2023-08-24T05:40:43.7865710Z ##[error]Process completed with exit code 2.
Please add uTLS feature ASAP due to internet censorship based on TLS fingerprint in some countries.
#net4people/bbs#139
检测到 teddysun/xray-plugin 一共引入了158个开源组件,存在4个漏洞
漏洞标题:David Kitchen bluemonday 安全漏洞
缺陷组件:github.com/microcosm-cc/[email protected]
漏洞编号:CVE-2021-42576
漏洞描述:David Kitchen bluemonday是 (David Kitchen)开源的一个应用程序。用于在Go中实现的HTML清理程序。
bluemonday sanitizer 存在安全漏洞,该漏洞源于Go中1.0.16之前的bluemonday和Python中 0.0.8之前的bluemonday(在pybluemonday中),不能正确地强制与SELECT、STYLE和OPTION元素关联的策略。
影响范围:(∞, 1.0.16)
最小修复版本:1.0.16
缺陷组件引入路径:github.com/teddysun/xray-plugin@->github.com/microcosm-cc/[email protected]
另外还有4个漏洞,详细报告:https://mofeisec.com/jr?p=a6c46a
功能详情:XTLS/Xray-core#375
xray-plugin作为客户端没有进行xray作为客户端的path转header,变量也不提供用户自定义header,导致无法配置0-rtt。
因为xray作为服务端本身就不需配置,xray-plugin作为服务端可以成功被xray作为客户端激活0-rtt。
xray client + xray-plugin server working/-1 RTT
xray plugin client + xray plugin server failed/same RTT
xray plugin client + xray server failed/same RTT
解决方案:进行xray的path转header,或允许用户自定义header。
一、基本情况:
手机为Nexus 4,Shadowsocks-android 5.2.1,xray-plugin 1.3.0。系统为LineageOS 14.1-20180302, Android 7.1.2
二、配置如下:
1. Transport mode: websocket-tls
2. Hostname: mydomain.io
3. Path: / (默认)
4. Concurrent connections: 1 (默认)
5. Certificate for TLS verification: (空)
三、问题情况:
无法联网。如上配置是在正常使用其他插件情况下的基础上进行的,所以问题不会出在插件之外的配置。经adb logcat分析可能是证书问题,但点开5. Certificate for TLS verification: (空),在Documents找到上传的购买的域名证书,发现文件名呈灰色不能正常读取,而且通过插件打开的各个文件夹下的所有文件都呈灰色无法读取。
这是否是插件本身的bug呢,自己知识有限,仰作者大人和各位大神帮忙解决,谢谢。
docker地址:https://hub.docker.com/r/teddysun/xray
请添加iptables工具,以便做旁路由透明代理
看来新版本支持了grpc, 希望能尽快释出。。。
1.8.0版本没有这个问题,加不加都可以正常运行
1.8.9版本加了这个参数就会报错,不加不报错
ss-redir -s aa.bb.cc -p 443 -l 1090 -b 0.0.0.0 -k aaaaaaa -m rc4-md5 --mtu 1200 --fast-open --plugin xray-plugin --plugin-opts "path=/?ed=2056;tls;mux=2;host=aa.bb.cc"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0xc0943e]
goroutine 6 [running]:
github.com/xtls/xray-core/transport/internet/websocket.(*delayDialConn).LocalAddr(0xc00014ee68?)
<autogenerated>:1 +0x1e
github.com/xtls/xray-core/proxy/freedom.(*Handler).Process(0xc0002e5ad0, {0xf28098, 0xc00011c280}, 0xc000118100, {0xf268f0, 0xc0002f6a80})
github.com/xtls/[email protected]/proxy/freedom/freedom.go:175 +0x637
github.com/xtls/xray-core/common/mux.(*DialingWorkerFactory).Create.func1({0x7f6177275dc8, 0xc0002e5ad0}, {0xf268f0, 0xc0002f6a80}, {0xf208c0, 0xc0000100c0})
github.com/xtls/[email protected]/common/mux/client.go:156 +0x18e
created by github.com/xtls/xray-core/common/mux.(*DialingWorkerFactory).Create in goroutine 40
github.com/xtls/[email protected]/common/mux/client.go:150 +0x1fd
2024-03-28 17:29:12 ERROR: plugin service exit unexpectedly
2024-03-28 17:29:12 INFO: error on terminating the plugin.
as tittle,
i tried mux=false but it showed "failed to parse mux, use default value"
xray-core v1.8.9官方支持了HTTPUpgrade传输方式,可以用来套CDN
大佬的插件也更新到v1.8.9了,那xray-plugin支持HTTPUpgrade吗?写法是什么呢?
as title, thanks
移动使用xray-plugin会被QOS,与使用 simple-obfs 时情况相同,都是限速到2M
先说问题
下面是xray-plugin报错:
2021/03/15 19:21:31 [Info] failed to handler mux client connection > proxy/freedom: failed to open connection to tcp:baidu.mydomain.top:443 > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://baidu.mydomain.top/r6of920f5b): > x509: certificate is valid for baidu.mydomain.top, not cloudfront.com] > common/retry: all retry attempts failed
这个报错和v2ray-plugin一模一样
我的VPS上使用的是openresty,tail -f access.log,都没有访问记录。
我猜是域名解析问题,因为第一次启动shadowsocks-libev-redir时域名解析使用cloudflare的代理,但是后来我把代理改成“仅限DNS”,还是不行。我本地主机是网关服务器,上面使用了dnsmasq,我怀疑是dns缓存,就把dnsmasq重启了,同时添加了hosts,把域名直接hosts到VPS,可是报错依旧相同。猜hosts没生效,tail -f dnsmasq.log,发现reply是我的VPS主机ip,报错还是一样,不知道该怎么解决,请高人指点,我的配置如下:
VPS:
ip:123.123.123.123
OS: Debian 10 buster
443 port: openresty提供
shadowsocks-libev-3.2.5+ds-1
xray-plugin-v1.4.0或v2ray-plugin-v1.3.1
域名证书是使用acme.sh签发的
openresty配置文件:
http {
省略
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
ssl_certificate ssl/baidu.mydomain.top.cer;
ssl_certificate_key ssl/baidu.mydomain.top.key;
server_name baidu.mydomain.top;
root html;
index index.html index.htm;
location = /r6of920f5b {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8388;
}
}
省略
}
shadowsocks-libev-server配置文件如下:
{
"server_host":"127.0.0.1",
"server_port":8388,
"password":"mima",
"timeout":300,
"method":"chacha20-ietf-poly1305",
"mode":"tcp_only",
"plugin":"/etc/shadowsocks-libev/v2ray-plugin",
"plugin_opts":"server;path=/r6of920f5b;loglevel=debug",
"use_syslog": false
}
客户端/网关服务器
OS: Debian 10 buster
shadowsocks-libev-3.2.5+ds-1
xray-plugin-v1.4.0或v2ray-plugin-v1.3.1
shadowsocks-libev-redir配置文件如下:
{
"server": "baidu.mydomain.top",
"server_port": 443,
"ipv6_first": false,
"fast_open": true,
"reuse_port": true,
"local_address": "0.0.0.0",
"local_port": 1080,
"mode": "tcp_only",
"timeout": 60,
"method": "chacha20-ietf-poly1305",
"password": "mima",
"plugin":"/etc/shadowsocks-libev/xray-plugin",
"plugin_opts":"tls;path=/r6of920f5b;loglevel=debug",
"use_syslog": true
}
/etc/hosts配置如下:
123.123.123.123 baidu.mydomain.top
谢谢了!
https://github.com/Dreamacro/clash/wiki/configuration
clash now supports v2ray-plugin。
如果可以这条参数格式是什么?
是:path=/example?ed=2048
还是: path=/example?ed反斜杠=2048
我看android版本貌似自动添加上反斜杠了,windows版需要反斜杠吗?
v2ray plugin那边的windows x64版本,在配合ss windows使用时,即使添加了 serviceName=MYSERVICENAME 参数后,还是向mydomain.me/GunService/Tun 这个URL发起请求。。。
由于v2ray plugin那边没法提交issue就到这里提交了。。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.