Feature: Trojan XTLS

transport/trojan/trojan.go

@@ -7,6 +7,7 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"net/http"
@@ -15,7 +16,10 @@ import (
 	"github.com/Dreamacro/clash/common/pool"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
+	"github.com/Dreamacro/clash/transport/vless"
 	"github.com/Dreamacro/clash/transport/vmess"
+
+	xtls "github.com/xtls/go"
 )
 
 const (
@@ -32,9 +36,13 @@ var (
 
 type Command = byte
 
-var (
+const (
 	CommandTCP byte = 1
 	CommandUDP byte = 3
+
+	// for XTLS
+	commandXRD byte = 0xf0 // XTLS direct mode
+	commandXRO byte = 0xf1 // XTLS origin mode
 )
 
 type Option struct {
@@ -42,6 +50,8 @@ type Option struct {
 	ALPN           []string
 	ServerName     string
 	SkipCertVerify bool
+	Flow           string
+	FlowShow       bool
 }
 
 type WebsocketOption struct {
@@ -62,23 +72,42 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
 		alpn = t.option.ALPN
 	}
 
-	tlsConfig := &tls.Config{
-		NextProtos:         alpn,
-		MinVersion:         tls.VersionTLS12,
-		InsecureSkipVerify: t.option.SkipCertVerify,
-		ServerName:         t.option.ServerName,
+	if t.option.Flow != "" {
+		xtlsConfig := &xtls.Config{
+			NextProtos:         alpn,
+			MinVersion:         xtls.VersionTLS12,
+			InsecureSkipVerify: t.option.SkipCertVerify,
+			ServerName:         t.option.ServerName,
+		}
+
+		xtlsConn := xtls.Client(conn, xtlsConfig)
+
+		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		defer cancel()
+		if err := xtlsConn.HandshakeContext(ctx); err != nil {
+			return nil, err
+		}
+
+		return xtlsConn, nil
+	} else {
+		tlsConfig := &tls.Config{
+			NextProtos:         alpn,
+			MinVersion:         tls.VersionTLS12,
+			InsecureSkipVerify: t.option.SkipCertVerify,
+			ServerName:         t.option.ServerName,
+		}
+
+		tlsConn := tls.Client(conn, tlsConfig)
+
+		// fix tls handshake not timeout
+		ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
+		defer cancel()
+		if err := tlsConn.HandshakeContext(ctx); err != nil {
+			return nil, err
+		}
+
+		return tlsConn, nil
 	}
-
-	tlsConn := tls.Client(conn, tlsConfig)
-
-	// fix tls handshake not timeout
-	ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
-	defer cancel()
-	if err := tlsConn.HandshakeContext(ctx); err != nil {
-		return nil, err
-	}
-
-	return tlsConn, nil
 }
 
 func (t *Trojan) StreamWebsocketConn(conn net.Conn, wsOptions *WebsocketOption) (net.Conn, error) {
@@ -104,7 +133,37 @@ func (t *Trojan) StreamWebsocketConn(conn net.Conn, wsOptions *WebsocketOption)
 	})
 }
 
+func (t *Trojan) PresetXTLSConn(conn net.Conn) (net.Conn, error) {
+	switch t.option.Flow {
+	case vless.XRO, vless.XRD, vless.XRS:
+		if xtlsConn, ok := conn.(*xtls.Conn); ok {
+			xtlsConn.RPRX = true
+			xtlsConn.SHOW = t.option.FlowShow
+			xtlsConn.MARK = "XTLS"
+			if t.option.Flow == vless.XRS {
+				t.option.Flow = vless.XRD
+			}
+
+			if t.option.Flow == vless.XRD {
+				xtlsConn.DirectMode = true
+			}
+		} else {
+			return nil, fmt.Errorf("failed to use %s, maybe \"security\" is not \"xtls\"", t.option.Flow)
+		}
+	}
+
+	return conn, nil
+}
+
 func (t *Trojan) WriteHeader(w io.Writer, command Command, socks5Addr []byte) error {
+	if command == CommandTCP {
+		if t.option.Flow == vless.XRD {
+			command = commandXRD
+		} else if t.option.Flow == vless.XRO {
+			command = commandXRO
+		}
+	}
+
 	buf := pool.GetBuffer()
 	defer pool.PutBuffer(buf)