splithttp client with http3 connectivity issue

[dyhkwong]

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
• I searched issues and did not find any similar issues.

Version

498d8eb

Description

This issue is raised per request of #3570.

Since 22535d8, splithttp (with alpn h3 so it's http3) client does not work with trojan, vless, http, and vmess with zero security.

Symptom: Client only works on the first few connections. After a few seconds the log will be filled with app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled, and new connections can't be established anymore. Connections can recover after a long time.

Additinal infomation: VMess with non-zero security does not have this issue. Splithttp with non-http3 also does not have this issue. Temporarily reverting 22535d8 can fix this.

Reproduction Method

Run both the following server and client configurations locally.
Configure browser to use the socks inbound and visit some websites.
After a few seconds no website can be opened anymore.

Client config

Details

{
	"log": {
		"loglevel": "debug"
	},
	"inbounds": [
		{
			"listen": "127.0.0.1",
			"port": 1080,
			"protocol": "socks",
			"settings": {
				"udp": true
			}
		}
	],
	"outbounds": [
		{
			"protocol": "vless",
			"settings": {
				"vnext": [
					{
						"address": "127.0.0.1",
						"port": 443,
						"users": [
							{
								"id": "00000000-0000-0000-0000-000000000000",
								"encryption": "none"
							}
						]
					}
				]
			},
			"streamSettings": {
				"security": "tls",
				"network": "splithttp",
				"tlsSettings": {
					"serverName": "example.com", 
					"allowInsecure": true,
					"alpn": [
						"h3"
					]
				}
			}
		}
	]
}

Server config

Details

{
	"log": {
		"loglevel": "debug"
	},
	"inbounds": [
		{
			"listen": "127.0.0.1",
			"port": 443,
			"protocol": "vless",
			"settings": {
				"clients": [
					{
						"id": "00000000-0000-0000-0000-000000000000"
					}
				],
				"decryption": "none"
			},
			"streamSettings": {
				"security": "tls",
				"network": "splithttp",
				"tlsSettings": {
					"certificates": [
						{
							"certificateFile": "certificate.crt",
							"keyFile": "key.key"
						}
					],
					"alpn": [
						"h3"
					]
				}
			}
		}
	],
	"outbounds": [
		{
			"protocol": "freedom"
		}
	]
}
certificate.crt and key.key.zip

Client log

client.log

Server log

server.log

server log should be not related

[mmmray]

I also can't reproduce this with the provided configs on Ubuntu 24 and within an Arch docker container. it's really strange. Maybe #3613 can serve as a workaround for this issue.

[RPRX]

如果这个问题确实存在，之前类似的问题都是 ctx 的问题，但看起来这里的 ctx 没问题，虽然没有命名为 ctxInner

VMess with non-zero security does not have this issue

这是比较奇怪的，为啥跑在上面的代理协议有加密就没问题，按理来说不应该有区别？

[RPRX]

想到了 VMess 可能双端都有无限 drain 机制，但我依稀记得我把非 TCP or DS 时的 drain 给关了，难道 drain 了所以没 cancel ctx？

还有我用 VLESS+SplitHTTP 目前没能复现 issue 所述情况，@ll11l1lIllIl1lll @Fangliding @yuhan6665 看看

[RPRX]

这是比较奇怪的，为啥跑在上面的代理协议有加密就没问题，按理来说不应该有区别？

@mmmray any ideas?

[mmmray]

i already tested ubuntu, arch, v2rayng, i am going to try windows next since that's what the logs are from (or maybe somebody else can test it there, since I accidentally destroyed my VM)

[mmmray]

I forgot to post, I couldn't repro this on Windows 10 either :(

Something is really strange here. Maybe #3710 makes a difference? (after all, it is a connection leak, so maybe that locks up the client after a while)

[dyhkwong]

Although I have no idea why others people can't reproduce this, with #3710 merged, I can't reproduce this anymore. It should be case 2 in #3710 because I can get it work with a new server and an old client.

[mmmray]

awesome lol. thanks for the thorough bugreport