Closed liushengqi000 closed 2 months ago
原来问题在这么 断言会失败(¿)
@yuhan6665
日志显示开了 splice 这个特殊用法需要用环境变量关掉 splice
would it be reasonable to just disable splice automatically? or are there too many cases to check for?
would it be reasonable to just disable splice automatically? or are there too many cases to check for?
I still think splice greatly outweigh these side-effects so should be on by default. It is possible to add more checks in code..
忘记自己修改过源码,测试没有问题就关闭了。 今天起床重测,关闭splice后问题依旧。 不是splice的问题。
@yuhan6665
1.8.6-1.8.21
curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
* Added www.baidu.com:2081:127.0.0.1 to DNS cache
* Hostname www.baidu.com was found in DNS cache
* Trying 127.0.0.1:2081...
* Connected to www.baidu.com (127.0.0.1) port 2081
> GET / HTTP/1.1
> Host: www.baidu.com:2081
> User-Agent: curl/8.5.0
> Accept: */*
>
* Received HTTP/0.9 when not allowed
* Closing connection
curl: (1) Received HTTP/0.9 when not allowed
明文数据中混杂tls握手包
![image](https://github.com/user-attachments/assets/12887acc-83a0-4a39-8a66-bbb613854a9e)
git checkout main make > /dev/null
export XRAY_BUF_SPLICE="disable" './xray' -c './test1.json' curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
{
"log":{
"access": "./log/access.log",
"error": "./log/error.log",
"loglevel": "debug"
},
"inbounds": [{
"port": 2081,
"listen": "127.0.0.1",
"tag": "in",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"address": "127.0.0.1",
"port": 80,
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}],
"outbounds": [{
"tag": "out-tls",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4",
"redirect": ":443"
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"allowInsecure": true
}
}
}]
}
error.log
2024/07/23 14:41:27 [Debug] app/log: Logger started
2024/07/23 14:41:27 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2081
2024/07/23 14:41:27 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted
2024/07/23 14:41:27 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2081
2024/07/23 14:41:27 [Warning] core: Xray 1.8.21 started
2024/07/23 14:41:30 [Debug] [4047869330] proxy/dokodemo: processing connection from: 127.0.0.1:42044
2024/07/23 14:41:30 [Info] [4047869330] proxy/dokodemo: received request for 127.0.0.1:42044
2024/07/23 14:41:30 [Info] [4047869330] app/dispatcher: sniffed domain: www.baidu.com
2024/07/23 14:41:30 [Info] [4047869330] app/dispatcher: default route for tcp:www.baidu.com:2081
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: dialing to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] transport/internet/tcp: dialing TCP to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Debug] [4047869330] transport/internet: dialing to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35434, remote endpoint 180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] proxy: CopyRawConn readv
2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > proxy/freedom: failed to process request > tls: first record does not look like a TLS handshake
2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe
access.log
2024/07/23 14:41:30 127.0.0.1:42044 accepted tcp:127.0.0.1:2081 [in >> out-tls]
。。 我来把问题说清楚点吧 这个问题分两个部分 使用dokodemo-door进行SSL卸载 使用freedom将流量重新打包进TLS
关掉splice可以解决前者(本质问题的回包未被加密 直接明文返回) 后者是那个提交导致的问题
@yuhan6665 关了splice后问题依旧
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35434, remote endpoint 180.101.50.188:443 2024/07/23 14:41:30 [Info] [4047869330] proxy: CopyRawConn readv 2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > proxy/freedom: failed to process request > tls: first record does not look like a TLS handshake 2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe
可能可以修 我有空看下
@liushengqi000 麻烦试一下 https://github.com/XTLS/Xray-core/actions/runs/10124336885 应该不用指定环境变量了
@liushengqi000 麻烦试一下 https://github.com/XTLS/Xray-core/actions/runs/10124336885 应该不用指定环境变量了
curl -vvl https://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1 * Added www.baidu.com:2081:127.0.0.1 to DNS cache * Hostname www.baidu.com was found in DNS cache * Trying 127.0.0.1:2081... * Connected to www.baidu.com (127.0.0.1) port 2081 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number * Closing connection curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
2024/07/27 23:40:17 [Debug] app/log: Logger started 2024/07/27 23:40:17 [Info] app/dns: DNS: created localhost client 2024/07/27 23:40:17 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2080 2024/07/27 23:40:17 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2081 2024/07/27 23:40:17 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted 2024/07/27 23:40:17 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2080 2024/07/27 23:40:17 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted 2024/07/27 23:40:17 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2081 2024/07/27 23:40:17 [Warning] core: Xray 1.8.21 started 2024/07/27 23:40:25 [Debug] [3427022108] proxy/dokodemo: processing connection from: 127.0.0.1:51542 2024/07/27 23:40:25 [Info] [3427022108] proxy/dokodemo: received request for 127.0.0.1:51542 2024/07/27 23:40:25 [Info] [3427022108] app/dispatcher: sniffed domain: www.baidu.com 2024/07/27 23:40:25 [Info] [3427022108] app/dispatcher: taking detour [out-tls] for [tcp:www.baidu.com:2081] 2024/07/27 23:40:25 [Info] app/dns: returning 1 IP(s) for domain www.baidu.com -> [103.235.46.96] 2024/07/27 23:40:25 [Info] [3427022108] proxy/freedom: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:25 [Info] [3427022108] transport/internet/tcp: dialing TCP to tcp:103.235.46.96:443 2024/07/27 23:40:25 [Debug] [3427022108] transport/internet: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Info] app/dns: returning 1 IP(s) for domain www.baidu.com -> [103.235.46.96] 2024/07/27 23:40:41 [Info] [3427022108] proxy/freedom: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Info] [3427022108] transport/internet/tcp: dialing TCP to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Debug] [3427022108] transport/internet: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:43 [Info] [3427022108] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35494, remote endpoint 103.235.46.96:443 2024/07/27 23:40:44 [Info] [3427022108] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport request > read tcp 127.0.0.1:2081->127.0.0.1:51542: read: connection reset by peer
@liushengqi000 in your use case, you should curl http right? curl -vvl http://www.baidu.com:2081/ --resolve www.baidu.com:2081:127.0.0.1
@liushengqi000 in your use case, you should curl http right? curl -vvl http://www.baidu.com:2081/ --resolve www.baidu.com:2081:127.0.0.1
curl -k -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1 * Added www.baidu.com:2081:127.0.0.1 to DNS cache * Hostname www.baidu.com was found in DNS cache * Trying 127.0.0.1:2081... * Connected to www.baidu.com (127.0.0.1) port 2081 > GET / HTTP/1.1 > Host: www.baidu.com:2081 > User-Agent: curl/8.5.0 > Accept: */* > < HTTP/1.1 302 Found < Connection: keep-alive < Content-Length: 17931 < Content-Type: text/html < Date: Sat, 27 Jul 2024 15:51:31 GMT < Etag: "54d9748e-460b" < Server: bfe/1.0.8.18 .......
正常
@liushengqi000 感谢测试 原问题已经修复 如果你要 curl https 需要在入站解开 TLS 才能在 freedom 加 TLS(也就是 MITM)这个应该也修了(不用指定环境变量)
@liushengqi000 感谢测试 原问题已经修复 如果你要 curl https 需要在入站解开 TLS 才能在 freedom 加 TLS(也就是 MITM)这个应该也修了(不用指定环境变量)
是我测试了http端口的问题。现在正常了,非常感谢
我想了一下 刚才的入站 conn 还是不应该检查 所以我强推了一下 :sweat_smile: https://github.com/XTLS/Xray-core/actions/runs/10124804220
完整性要求
版本
1.8.6-1.8.17
描述
commit 36321b8 正常返回http数据
commit cf575be 无法获取http数据
明文数据中混杂tls握手包
重现方式
curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
客户端配置
服务端配置
客户端日志
服务端日志