Skip to content

Socks/HTTP inbound: Fix unexpected rawConn copy#5041

Merged
RPRX merged 3 commits intomainfrom
socks-splice
Aug 28, 2025
Merged

Socks/HTTP inbound: Fix unexpected rawConn copy#5041
RPRX merged 3 commits intomainfrom
socks-splice

Conversation

@Fangliding
Copy link
Member

@Fangliding Fangliding commented Aug 20, 2025
edited
Loading

close #5040
rt 防止socks5或者http在over tls或者ws之类的东西的时候被意外splice 不过我测试返回的错误不是bad record 是别的乱七八糟的
see eef74b2#diff-7e4a3669d1f89cd5bf18b4387841cabd1fcb156a8a632b8892ee3267359a1828
@yuhan6665

@RPRX
Copy link
Member

RPRX commented Aug 20, 2025

如果遇到了 PROXY protocol 也应当认为不是 transport conn,虽然有点抽象

还有 UDS,我给 proxy.go 加个公共函数,等合并 VLESS 加密后你 rebase 然后调用它吧

@Fangliding Fangliding marked this pull request as draft August 20, 2025 14:21
@Fangliding
Copy link
Member Author

Fangliding commented Aug 20, 2025

有proxy protocol也不影响对连接进行splice吧
uds应该也没问题
反正只要写到底层socket去的东西和直接往conn写是一样的那就可以正常copy raw conn 只要检查是否存在底层传输或者raw+tls就行了

@RPRX
Copy link
Member

RPRX commented Aug 20, 2025

意思就是这个 PR 现在遇到 PROXY protocol 会认为不是 RAW

@Fangliding
Copy link
Member Author

Fangliding commented Aug 20, 2025

吃不到就吃不到吧 懒得管

yuhan6665
yuhan6665 reviewed Aug 24, 2025
View reviewed changes
proxy/http/server.go Outdated
if ok {
conn = statConn.Connection
}
if _, ok := conn.(*net.TCPConn); ok {
Copy link
Member

@yuhan6665 yuhan6665 Aug 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

应该不需要管其他 transport conn (splice不会unwrap)
只看 tls.Conn reality.Conn
类似当时 freedom.isTLSConn() 处理MITM的用法就可以兼容 proxy protocol

Copy link
Member Author

@Fangliding Fangliding Aug 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

应该不需要管其他 transport conn (splice不会unwrap) 只看 tls.Conn reality.Conn 类似当时 freedom.isTLSConn() 处理MITM的用法就可以兼容 proxy protocol

这样有一个问题是原po的socks5 over ws什么的无法解决 所以我觉得判断transport conn可能更好

Copy link
Member

@yuhan6665 yuhan6665 Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

socks5 over ws 是啥问题?类型不对应该不会 raw 拷贝

@RPRX
Copy link
Member

RPRX commented Aug 28, 2025

@Fangliding rebase 一下

@Fangliding
Copy link
Member Author

Fangliding commented Aug 28, 2025

好了 不过yuhan说ws啥的不会又是 还真是 不知道是这样好还是判定tls.Conn好

@RPRX
Copy link
Member

RPRX commented Aug 28, 2025

VLESS Encryption 那个 PR 我改了个标题,再 rebase 一下

WS 啥的是啥问题,这个 PR 的代码逻辑我感觉没问题啊

@Fangliding
Copy link
Member Author

Fangliding commented Aug 28, 2025

VLESS Encryption 那个 PR 我改了个标题,再 rebase 一下

WS 啥的是啥问题,这个 PR 的代码逻辑我感觉没问题啊

之前是判断是不是tls conn 我怕不够 因为可能有不带tls的ws才这么弄的 但是yuhan说只会误判raw+tls这样的组合 ws之类的会在其他地方判断 所以就判个tls就够了 不过两个应该都没啥问题

@Fangliding Fangliding closed this Aug 28, 2025
@Fangliding Fangliding reopened this Aug 28, 2025
@Fangliding
Copy link
Member Author

Fangliding commented Aug 28, 2025

rebase不小心敲成reset了直接把main分支强推上来了 头一次知道这样会自动关闭pr

@Fangliding Fangliding marked this pull request as ready for review August 28, 2025 12:59
@RPRX
Copy link
Member

RPRX commented Aug 28, 2025

但是yuhan说只会误判raw+tls这样的组合 ws之类的会在其他地方判断 所以就判个tls就够了 不过两个应该都没啥问题

有很大问题,这就是我说的 *ray 内各种隐式的东西乱飞,只有写的人才记得

直接判断是否为 RAW 传输层更通用

@RPRX RPRX changed the title Socks/https: Fix unexpected rawConn copy Socks/HTTP inbound: Fix unexpected rawConn copy Aug 28, 2025
@RPRX RPRX merged commit 4976085 into main Aug 28, 2025
117 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Aug 31, 2025
Merged
1 task
@RPRX RPRX deleted the socks-splice branch September 4, 2025 22:12
@BrewTestBot BrewTestBot mentioned this pull request Sep 5, 2025
Merged
1 task
it2konst pushed a commit to it2konst/gametunnel-core that referenced this pull request Mar 1, 2026
@Fangliding
Socks/HTTP inbound: Fix unexpected rawConn copy (XTLS#5041)
7e0fa4b 
Fixes XTLS#5040
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yuhan6665 yuhan6665 yuhan6665 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Socks5-TLS 在 v25.1.30以后的版本,均无法连接

3 participants

@Fangliding @RPRX @yuhan6665