The latest developement of XTLS has moved to Xray-core v1.7.0 and https://github.com/XTLS/Xray-core/commit/6f61021f7a7337b2997c442495cb8654d145cf8f
THE FUTURE
Go implementation of XTLS protocol.
Home Page: https://t.me/projectXray
License: Mozilla Public License 2.0
THE FUTURE
目前,我使用了 Nginx 綁紮了 443 通訊埠,通過 ngx_stream_ssl_preread_module 檢查 SNI 並轉發到 VLESS 的通訊埠,我希望使 V2Ray 取得真實的用戶 IP,我嘗試在 xtlsSettings 中加入了
"acceptProxyProtocol": true
並在 Nginx 中設定
proxy_protocol on;
但這樣並不能正常工作。
請問目前能夠支援或有計劃支援 Proxy Protocol 嗎
..\github.com\xtls\go\key_schedule.go:46:12: undefined: hkdf.Expand
..\github.com\xtls\go\key_schedule.go:66:9: undefined: hkdf.Extract
..\github.com\xtls\go\key_schedule.go:114:30: undefined: curve25519.ScalarSize
..\github.com\xtls\go\key_schedule.go:118:21: undefined: curve25519.X25519
..\github.com\xtls\go\key_schedule.go:118:51: undefined: curve25519.Basepoint
..\github.com\xtls\go\key_schedule.go:194:20: undefined: curve25519.X25519
具体论证请参考
https://github.com/e1732a364fed/xtls-/blob/main/README.md
不一定对,只是希望大家都研究一下。
As stated in #6, I'm trying to package this library to debian/ubuntu, as this is a new dependency for v2ray.
However, the license is not compatible with other open ones.
While most files are BSD, file conn.go has a different license header attached, pointing to the LICENSE file.
And that one simply says "All rights reserved" and "Only for compiling executables usage for now.", which is clearly not BSD-style.
Could you kindly removing those statement, or working with us to think out a better plan for current one?
Thank you!
Dear developers,
As of the design of XTLS direct mode, the close_notify
alert should not be sent to the server, this is done by checking if the record type is alert and the record length equals 31, this includes a 5-bytes record header and an inner content whose length is assumed to be 26 bytes.
However, the length of this inner content may vary, causing the record length to unequal to 31. Consequently, this record is sent to the server accidentally.
This makes the detection of XTLS unambiguously accurate since it's rare that some correctly implemented client sends an alert record before closing a TLS 1.3 stream.
Lines 1323 to 1334 in 3632bf3
Thanks for your work.
Your,
AkinoKaede
This attack is beyond the original threat model of XTLS. This issue is to discuss XTLS usage against more aggressive local adversaries like corporate firewalls.
There is an intrusive way to detect whether an encrypted TLS alert is close_notify
: injecting binary garbage into the TCP connection. If an endpoint ignores the binary garbage, then it must have received a close_notify
alert. XTLS parses the record but is not aware of the encrypted close_notify
, so an active attacker can tell apart XTLS from other TLS stacks.
The user starts a huge download over HTTPS. Both Firefox and curl sends close_notify
early during a download, so the attacker can begin after seeing the first 19-byte encrypted data.
The attacker forges TLS records and sends them to the XTLS server. XTLS forwards them to the actual server, who ignores them silently.
The attacker forges malformed TLS records. XTLS closes the connection immediately.
The attacker can now be sure of the existence of XTLS.
This attack is unlikely to be adopted by the GFW due to its potentially destructive effects. However, corporate networks might occasionally be aggressive enough to disrupt all TLS traffic. Direct mode is not a permanent solution: the mismatch between Client Hello extensions and the actual behavior easily spots a XTLS user.
XTLS only supports TCP and DomainSocket for now. mkcp no supports?
Could you kindly provide a short description of this library?
I need it to package into Debian/Ubuntu. Thank you!
I was trying to build v2ray-core and caught some bugs:
~/go_projects/v2ray-core$ go test ./...
github.com/xtls/go/cpu
vendor/github.com/xtls/go/cpu/cpu_x86.s: Assembler messages:
vendor/github.com/xtls/go/cpu/cpu_x86.s:10: Error: no such instruction:text ·cpuid(SB),NOSPLIT,$0-24' vendor/github.com/xtls/go/cpu/cpu_x86.s:11: Error: junk
(FP)' after expression
vendor/github.com/xtls/go/cpu/cpu_x86.s:11: Error: too many memory references formov' vendor/github.com/xtls/go/cpu/cpu_x86.s:12: Error: junk
(FP)' after expression
vendor/github.com/xtls/go/cpu/cpu_x86.s:12: Error: too many memory references formov' vendor/github.com/xtls/go/cpu/cpu_x86.s:14: Error: too many memory references for
mov'
vendor/github.com/xtls/go/cpu/cpu_x86.s:15: Error: too many memory references formov' vendor/github.com/xtls/go/cpu/cpu_x86.s:16: Error: too many memory references for
mov'
vendor/github.com/xtls/go/cpu/cpu_x86.s:17: Error: too many memory references formov' vendor/github.com/xtls/go/cpu/cpu_x86.s:21: Error: no such instruction:
text ·xgetbv(SB),NOSPLIT,$0-8'
vendor/github.com/xtls/go/cpu/cpu_x86.s:24: Error: too many memory references formov' vendor/github.com/xtls/go/cpu/cpu_x86.s:25: Error: too many memory references for
mov'v2ray.com/core/external/github.com/cloudflare/sidh/internal/utils
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s: Assembler messages:
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:5: Error: no such instruction:text ·cpuid(SB),NOSPLIT,$0-4' external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:6: Error: junk
(FP)' after expression
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:6: Error: too many memory references formov' external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:7: Error: junk
(FP)' after expression
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:7: Error: too many memory references formov' external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:9: Error: too many memory references for
mov'
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:10: Error: too many memory references formov' external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:11: Error: too many memory references for
mov'
external/github.com/cloudflare/sidh/internal/utils/cpuid_amd64.s:12: Error: too many memory references for `mov'
gollvm is used.
My release build.
CC @thanm @cherrymui
我使用了支持XTLS功能的v2ray-core(VLESS+TCP+TLS方式),在使用Chocolatey时,无法连接默认源。错误信息如下:
Error retrieving packages from source 'https://chocolatey.org/api/v2/':
解密操作失败,请参见内部异常。
测试命令为choco install nodejs
。
除此之外,暂未发现其他解密失败的情况。尝试过浏览器打开上述URL,没有问题。由于Chocolatey基于powershell,我又使用了powershell命令Invoke-WebRequest随便下载了一个文件,也没有问题。
看样子像是一个使用特定客户端或者访问特定网站才会发生的bug?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.