Feature: add xtls support for VLESS

2021-07-06 23:55:34 +08:00
parent 56dff65149
commit b4d93c4438
11 changed files with 567 additions and 193 deletions
--- a/transport/gun/gun_xtls.go
+++ b/transport/gun/gun_xtls.go
@ -0,0 +1,56 @@
+// Modified from: https://github.com/Qv2ray/gun-lite
+// License: MIT
+
+package gun
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+
+	xtls "github.com/xtls/go"
+	"golang.org/x/net/http2"
+)
+
+func NewHTTP2XTLSClient(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
+	dialFunc := func(network, addr string, cfg *tls.Config) (net.Conn, error) {
+		pconn, err := dialFn(network, addr)
+		if err != nil {
+			return nil, err
+		}
+
+		xtlsConfig := &xtls.Config{
+			InsecureSkipVerify: cfg.InsecureSkipVerify,
+			ServerName:         cfg.ServerName,
+		}
+
+		cn := xtls.Client(pconn, xtlsConfig)
+		if err := cn.Handshake(); err != nil {
+			pconn.Close()
+			return nil, err
+		}
+		state := cn.ConnectionState()
+		if p := state.NegotiatedProtocol; p != http2.NextProtoTLS {
+			cn.Close()
+			return nil, fmt.Errorf("http2: unexpected ALPN protocol %s, want %s", p, http2.NextProtoTLS)
+		}
+		return cn, nil
+	}
+
+	return &http2.Transport{
+		DialTLS:            dialFunc,
+		TLSClientConfig:    tlsConfig,
+		AllowHTTP:          false,
+		DisableCompression: true,
+		PingTimeout:        0,
+	}
+}
+
+func StreamGunWithXTLSConn(conn net.Conn, tlsConfig *tls.Config, cfg *Config) (net.Conn, error) {
+	dialFn := func(network, addr string) (net.Conn, error) {
+		return conn, nil
+	}
+
+	transport := NewHTTP2XTLSClient(dialFn, tlsConfig)
+	return StreamGunWithTransport(transport, cfg)
+}
--- a/transport/vless/config.pb.go
+++ b/transport/vless/config.pb.go
@ -0,0 +1,158 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.17.3
+// source: transport/vless/config.proto
+
+package vless
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Addons struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Flow string `protobuf:"bytes,1,opt,name=Flow,proto3" json:"Flow,omitempty"`
+	Seed []byte `protobuf:"bytes,2,opt,name=Seed,proto3" json:"Seed,omitempty"`
+}
+
+func (x *Addons) Reset() {
+	*x = Addons{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_transport_vless_config_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Addons) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Addons) ProtoMessage() {}
+
+func (x *Addons) ProtoReflect() protoreflect.Message {
+	mi := &file_transport_vless_config_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Addons.ProtoReflect.Descriptor instead.
+func (*Addons) Descriptor() ([]byte, []int) {
+	return file_transport_vless_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Addons) GetFlow() string {
+	if x != nil {
+		return x.Flow
+	}
+	return ""
+}
+
+func (x *Addons) GetSeed() []byte {
+	if x != nil {
+		return x.Seed
+	}
+	return nil
+}
+
+var File_transport_vless_config_proto protoreflect.FileDescriptor
+
+var file_transport_vless_config_proto_rawDesc = []byte{
+	0x0a, 0x1c, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x76, 0x6c, 0x65, 0x73,
+	0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15,
+	0x63, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e,
+	0x76, 0x6c, 0x65, 0x73, 0x73, 0x22, 0x30, 0x0a, 0x06, 0x41, 0x64, 0x64, 0x6f, 0x6e, 0x73, 0x12,
+	0x12, 0x0a, 0x04, 0x46, 0x6c, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x46,
+	0x6c, 0x6f, 0x77, 0x12, 0x12, 0x0a, 0x04, 0x53, 0x65, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x04, 0x53, 0x65, 0x65, 0x64, 0x42, 0x61, 0x0a, 0x19, 0x63, 0x6f, 0x6d, 0x2e, 0x63,
+	0x6c, 0x61, 0x73, 0x68, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x76,
+	0x6c, 0x65, 0x73, 0x73, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x44, 0x72, 0x65, 0x61, 0x6d, 0x61, 0x63, 0x72, 0x6f, 0x2f, 0x63, 0x6c, 0x61,
+	0x73, 0x68, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x76, 0x6c, 0x65,
+	0x73, 0x73, 0xaa, 0x02, 0x15, 0x43, 0x6c, 0x61, 0x73, 0x68, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73,
+	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_transport_vless_config_proto_rawDescOnce sync.Once
+	file_transport_vless_config_proto_rawDescData = file_transport_vless_config_proto_rawDesc
+)
+
+func file_transport_vless_config_proto_rawDescGZIP() []byte {
+	file_transport_vless_config_proto_rawDescOnce.Do(func() {
+		file_transport_vless_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_vless_config_proto_rawDescData)
+	})
+	return file_transport_vless_config_proto_rawDescData
+}
+
+var file_transport_vless_config_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_transport_vless_config_proto_goTypes = []interface{}{
+	(*Addons)(nil), // 0: clash.transport.vless.Addons
+}
+var file_transport_vless_config_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_transport_vless_config_proto_init() }
+func file_transport_vless_config_proto_init() {
+	if File_transport_vless_config_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_transport_vless_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Addons); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_transport_vless_config_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_transport_vless_config_proto_goTypes,
+		DependencyIndexes: file_transport_vless_config_proto_depIdxs,
+		MessageInfos:      file_transport_vless_config_proto_msgTypes,
+	}.Build()
+	File_transport_vless_config_proto = out.File
+	file_transport_vless_config_proto_rawDesc = nil
+	file_transport_vless_config_proto_goTypes = nil
+	file_transport_vless_config_proto_depIdxs = nil
+}
--- a/transport/vless/config.proto
+++ b/transport/vless/config.proto
@ -0,0 +1,12 @@
+syntax = "proto3";
+
+package clash.transport.vless;
+option csharp_namespace = "Clash.Transport.Vless";
+option go_package = "github.com/Dreamacro/clash/transport/vless";
+option java_package = "com.clash.transport.vless";
+option java_multiple_files = true;
+
+message Addons {
+  string Flow = 1;
+  bytes Seed = 2;
+}
--- a/transport/vless/conn.go
+++ b/transport/vless/conn.go
@ -4,29 +4,21 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"net"

 	"github.com/gofrs/uuid"
+	xtls "github.com/xtls/go"
+	"google.golang.org/protobuf/proto"
 )

-/*var (
-
-	//proto.Marshal(addons) bytes for Flow: "xtls-rprx-direct"
-	addOnBytes, _ = hex.DecodeString("120a1078746c732d727072782d646972656374")
-	addOnBytesLen = len(addOnBytes)
-
-	//proto.Marshal(addons) bytes for Flow: ""
-	//addOnEmptyBytes, _ = hex.DecodeString("00")
-	//addOnEmptyBytesLen  = len(addOnEmptyBytes)
-)*/
-
 type Conn struct {
 	net.Conn
-	dst *DstAddr
-	id  *uuid.UUID
-
+	dst      *DstAddr
+	id       *uuid.UUID
+	addons   *Addons
 	received bool
 }

@ -48,16 +40,22 @@ func (vc *Conn) sendRequest() error {
 	buf.WriteByte(Version)   // protocol version
 	buf.Write(vc.id.Bytes()) // 16 bytes of uuid

-	// command
-	if vc.dst.UDP {
-		buf.WriteByte(0) // addon data length. 0 means no addon data
-		//buf.WriteByte(byte(addOnEmptyBytesLen))
-		//buf.Write(addOnEmptyBytes)
-		buf.WriteByte(CommandUDP)
+	if vc.addons != nil {
+		bytes, err := proto.Marshal(vc.addons)
+		if err != nil {
+			return err
+		}
+
+		buf.WriteByte(byte(len(bytes)))
+		buf.Write(bytes)
 	} else {
 		buf.WriteByte(0) // addon data length. 0 means no addon data
-		//buf.WriteByte(byte(addOnBytesLen))
-		//buf.Write(addOnBytes)
+	}
+
+	// command
+	if vc.dst.UDP {
+		buf.WriteByte(CommandUDP)
+	} else {
 		buf.WriteByte(CommandTCP)
 	}

@ -96,12 +94,34 @@ func (vc *Conn) recvResponse() error {
 }

 // newConn return a Conn instance
-func newConn(conn net.Conn, id *uuid.UUID, dst *DstAddr) (*Conn, error) {
+func newConn(conn net.Conn, client *Client, dst *DstAddr) (*Conn, error) {
 	c := &Conn{
 		Conn: conn,
-		id:   id,
+		id:   client.uuid,
 		dst:  dst,
 	}
+
+	if !dst.UDP && client.Addons != nil {
+		switch client.Addons.Flow {
+		case XRO, XRD, XRS:
+			if xtlsConn, ok := conn.(*xtls.Conn); ok {
+				xtlsConn.RPRX = true
+				xtlsConn.SHOW = client.XTLSShow
+				xtlsConn.MARK = "XTLS"
+				if client.Addons.Flow == XRS {
+					client.Addons.Flow = XRD
+				}
+
+				if client.Addons.Flow == XRD {
+					xtlsConn.DirectMode = true
+				}
+				c.addons = client.Addons
+			} else {
+				return nil, fmt.Errorf("failed to use %s, maybe \"security\" is not \"xtls\"", client.Addons.Flow)
+			}
+		}
+	}
+
 	if err := c.sendRequest(); err != nil {
 		return nil, err
 	}
--- a/transport/vless/vless.go
+++ b/transport/vless/vless.go
@ -6,7 +6,13 @@ import (
 	"github.com/gofrs/uuid"
 )

-const Version byte = 0 // protocol version. preview version is 0
+const (
+	XRO = "xtls-rprx-origin"
+	XRD = "xtls-rprx-direct"
+	XRS = "xtls-rprx-splice"
+
+	Version byte = 0 // protocol version. preview version is 0
+)

 // Command types
 const (
@ -40,22 +46,26 @@ type Config struct {

 // Client is vless connection generator
 type Client struct {
-	uuid *uuid.UUID
+	uuid     *uuid.UUID
+	Addons   *Addons
+	XTLSShow bool
 }

 // StreamConn return a Conn with net.Conn and DstAddr
 func (c *Client) StreamConn(conn net.Conn, dst *DstAddr) (net.Conn, error) {
-	return newConn(conn, c.uuid, dst)
+	return newConn(conn, c, dst)
 }

 // NewClient return Client instance
-func NewClient(uuidStr string) (*Client, error) {
+func NewClient(uuidStr string, addons *Addons, xtlsShow bool) (*Client, error) {
 	uid, err := uuid.FromString(uuidStr)
 	if err != nil {
 		return nil, err
 	}

 	return &Client{
-		uuid: &uid,
+		uuid:     &uid,
+		Addons:   addons,
+		XTLSShow: xtlsShow,
 	}, nil
 }
--- a/transport/vless/xtls.go
+++ b/transport/vless/xtls.go
@ -0,0 +1,25 @@
+package vless
+
+import (
+	"net"
+
+	xtls "github.com/xtls/go"
+)
+
+type XTLSConfig struct {
+	Host           string
+	SkipCertVerify bool
+	NextProtos     []string
+}
+
+func StreamXTLSConn(conn net.Conn, cfg *XTLSConfig) (net.Conn, error) {
+	xtlsConfig := &xtls.Config{
+		ServerName:         cfg.Host,
+		InsecureSkipVerify: cfg.SkipCertVerify,
+		NextProtos:         cfg.NextProtos,
+	}
+
+	xtlsConn := xtls.Client(conn, xtlsConfig)
+	err := xtlsConn.Handshake()
+	return xtlsConn, err
+}