search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
23.18k stars 3.71k forks source link

What is the reason of opening UDP listen port by xray? #3022

Closed resiliencer closed 5 months ago

resiliencer commented 5 months ago

Discussed in https://github.com/XTLS/Xray-core/discussions/3019

Originally posted by **resiliencer** February 12, 2024 I am running xray 1.8.7 on my newly created vps. What is the reason of opening UDP listen port by xray? Is it backdoor? I don't need weird listen ports. Looks strange. Can anyone explain this please? ``` root@xxx# ss -pnul State Recv-Q Send-Q Local Address:Port Peer Address:Port Process UNCONN 0 0 *:51242 *:* users:(("xray",pid=1998,fd=12)) ``` My config here: ``` { "log": { "loglevel": "warning" }, "routing": { "rules": [ {"type": "field", "protocol":["icmp"], "outboundTag": "block"}, {"type": "field", "protocol":["dns"], "outboundTag": "warp"}, {"type": "field", "port":53, "outboundTag": "warp"}, {"inboundTag": ["in_vless", "in_dns"],"outboundTag": "warp"} ], "domainStrategy": "UseIPv4" }, "inbounds": [ { "listen": "XXX", "port": XXX, "protocol": "vless", "tag": "in_vless", "settings": { "clients": [ { "id": "XXX", "flow": "xtls-rprx-vision" }, { "id": "XXX", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": false, "dest": "www.microsoft.com:443", "xver": 0, "serverNames": [ "www.microsoft.com" ], "privateKey": "XXX", "shortIds": [ "XXX", "XXX" ] } }, "sniffing": { "enabled": false, "destOverride": ["http", "tls"] } } ], "outbounds": [ { "protocol": "freedom", "proxySettings": { "tag": "warp" }, "settings": { "domainStrategy": "UseIPv4" }, "tag": "warp-IPv4" }, { "protocol": "freedom", "proxySettings": { "tag": "blocked" }, "settings": { "domainStrategy": "UseIPv6" }, "tag": "warp-IPv6" }, { "protocol": "wireguard", "settings": { "secretKey": "XXX", "address": [ "XXX" ], "peers": [ { "endpoint": "XXX", "publicKey": "XXX" } ], "kernelmode": false, "reserved": [0, 0, 0] ,"domainStrategy": "ForceIPv4" }, "tag": "warp" }, { "protocol": "blackhole", "tag": "blocked" } ] } ```
resiliencer commented 5 months ago

Looks like If I remove the "sniffing" line from the config, the UDP listen port will no longer being opened.

us254 commented 5 months ago

UDP port by Xray is not inherently a backdoor; it's a standard behavior for certain protocols that Xray supports. For example, protocols like DNS, QUIC, and some tunneling protocols use UDP. Xray may open a UDP port to handle such traffic if it's configured to do so.