Fangliding
commented
3 months ago 原来问题在这么 断言会失败(¿)
Closed liushengqi000 closed 2 months ago
Fangliding
commented
3 months ago 原来问题在这么 断言会失败(¿)
RPRX
commented
2 months ago @yuhan6665
yuhan6665
commented
2 months ago 日志显示开了 splice 这个特殊用法需要用环境变量关掉 splice
mmmray
commented
2 months ago would it be reasonable to just disable splice automatically? or are there too many cases to check for?
yuhan6665
commented
2 months ago would it be reasonable to just disable splice automatically? or are there too many cases to check for?
I still think splice greatly outweigh these side-effects so should be on by default. It is possible to add more checks in code..
liushengqi000
commented
2 months ago 忘记自己修改过源码,测试没有问题就关闭了。 今天起床重测,关闭splice后问题依旧。 不是splice的问题。
@yuhan6665
1.8.6-1.8.21
curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
* Added www.baidu.com:2081:127.0.0.1 to DNS cache
* Hostname www.baidu.com was found in DNS cache
* Trying 127.0.0.1:2081...
* Connected to www.baidu.com (127.0.0.1) port 2081
> GET / HTTP/1.1
> Host: www.baidu.com:2081
> User-Agent: curl/8.5.0
> Accept: */*
>
* Received HTTP/0.9 when not allowed
* Closing connection
curl: (1) Received HTTP/0.9 when not allowed
git checkout main make > /dev/null
export XRAY_BUF_SPLICE="disable" './xray' -c './test1.json' curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
{
"log":{
"access": "./log/access.log",
"error": "./log/error.log",
"loglevel": "debug"
},
"inbounds": [{
"port": 2081,
"listen": "127.0.0.1",
"tag": "in",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"address": "127.0.0.1",
"port": 80,
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}],
"outbounds": [{
"tag": "out-tls",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4",
"redirect": ":443"
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"allowInsecure": true
}
}
}]
}
error.log
2024/07/23 14:41:27 [Debug] app/log: Logger started
2024/07/23 14:41:27 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2081
2024/07/23 14:41:27 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted
2024/07/23 14:41:27 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2081
2024/07/23 14:41:27 [Warning] core: Xray 1.8.21 started
2024/07/23 14:41:30 [Debug] [4047869330] proxy/dokodemo: processing connection from: 127.0.0.1:42044
2024/07/23 14:41:30 [Info] [4047869330] proxy/dokodemo: received request for 127.0.0.1:42044
2024/07/23 14:41:30 [Info] [4047869330] app/dispatcher: sniffed domain: www.baidu.com
2024/07/23 14:41:30 [Info] [4047869330] app/dispatcher: default route for tcp:www.baidu.com:2081
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: dialing to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] transport/internet/tcp: dialing TCP to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Debug] [4047869330] transport/internet: dialing to tcp:180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35434, remote endpoint 180.101.50.188:443
2024/07/23 14:41:30 [Info] [4047869330] proxy: CopyRawConn readv
2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > proxy/freedom: failed to process request > tls: first record does not look like a TLS handshake
2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe
access.log
2024/07/23 14:41:30 127.0.0.1:42044 accepted tcp:127.0.0.1:2081 [in >> out-tls]
。。 我来把问题说清楚点吧 这个问题分两个部分 使用dokodemo-door进行SSL卸载 使用freedom将流量重新打包进TLS
关掉splice可以解决前者(本质问题的回包未被加密 直接明文返回) 后者是那个提交导致的问题
liushengqi000
commented
2 months ago @yuhan6665 关了splice后问题依旧
2024/07/23 14:41:30 [Info] [4047869330] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35434, remote endpoint 180.101.50.188:443 2024/07/23 14:41:30 [Info] [4047869330] proxy: CopyRawConn readv 2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > proxy/freedom: failed to process request > tls: first record does not look like a TLS handshake 2024/07/23 14:41:30 [Info] [4047869330] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe
yuhan6665
commented
2 months ago 可能可以修 我有空看下
yuhan6665
commented
2 months ago @liushengqi000 麻烦试一下 https://github.com/XTLS/Xray-core/actions/runs/10124336885 应该不用指定环境变量了
liushengqi000
commented
2 months ago @liushengqi000 麻烦试一下 https://github.com/XTLS/Xray-core/actions/runs/10124336885 应该不用指定环境变量了
curl -vvl https://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1 * Added www.baidu.com:2081:127.0.0.1 to DNS cache * Hostname www.baidu.com was found in DNS cache * Trying 127.0.0.1:2081... * Connected to www.baidu.com (127.0.0.1) port 2081 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number * Closing connection curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
2024/07/27 23:40:17 [Debug] app/log: Logger started 2024/07/27 23:40:17 [Info] app/dns: DNS: created localhost client 2024/07/27 23:40:17 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2080 2024/07/27 23:40:17 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:2081 2024/07/27 23:40:17 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted 2024/07/27 23:40:17 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2080 2024/07/27 23:40:17 [Info] transport/internet: failed to apply socket options to incoming connection > transport/internet: failed to set IP_TRANSPARENT > operation not permitted 2024/07/27 23:40:17 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:2081 2024/07/27 23:40:17 [Warning] core: Xray 1.8.21 started 2024/07/27 23:40:25 [Debug] [3427022108] proxy/dokodemo: processing connection from: 127.0.0.1:51542 2024/07/27 23:40:25 [Info] [3427022108] proxy/dokodemo: received request for 127.0.0.1:51542 2024/07/27 23:40:25 [Info] [3427022108] app/dispatcher: sniffed domain: www.baidu.com 2024/07/27 23:40:25 [Info] [3427022108] app/dispatcher: taking detour [out-tls] for [tcp:www.baidu.com:2081] 2024/07/27 23:40:25 [Info] app/dns: returning 1 IP(s) for domain www.baidu.com -> [103.235.46.96] 2024/07/27 23:40:25 [Info] [3427022108] proxy/freedom: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:25 [Info] [3427022108] transport/internet/tcp: dialing TCP to tcp:103.235.46.96:443 2024/07/27 23:40:25 [Debug] [3427022108] transport/internet: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Info] app/dns: returning 1 IP(s) for domain www.baidu.com -> [103.235.46.96] 2024/07/27 23:40:41 [Info] [3427022108] proxy/freedom: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Info] [3427022108] transport/internet/tcp: dialing TCP to tcp:103.235.46.96:443 2024/07/27 23:40:41 [Debug] [3427022108] transport/internet: dialing to tcp:103.235.46.96:443 2024/07/27 23:40:43 [Info] [3427022108] proxy/freedom: connection opened to tcp:www.baidu.com:443, local endpoint 192.168.71.25:35494, remote endpoint 103.235.46.96:443 2024/07/27 23:40:44 [Info] [3427022108] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport request > read tcp 127.0.0.1:2081->127.0.0.1:51542: read: connection reset by peer
yuhan6665
commented
2 months ago @liushengqi000 in your use case, you should curl http right? curl -vvl http://www.baidu.com:2081/ --resolve www.baidu.com:2081:127.0.0.1
liushengqi000
commented
2 months ago liushengqi000
commented
2 months ago @liushengqi000 in your use case, you should curl http right? curl -vvl http://www.baidu.com:2081/ --resolve www.baidu.com:2081:127.0.0.1
curl -k -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1 * Added www.baidu.com:2081:127.0.0.1 to DNS cache * Hostname www.baidu.com was found in DNS cache * Trying 127.0.0.1:2081... * Connected to www.baidu.com (127.0.0.1) port 2081 > GET / HTTP/1.1 > Host: www.baidu.com:2081 > User-Agent: curl/8.5.0 > Accept: */* > < HTTP/1.1 302 Found < Connection: keep-alive < Content-Length: 17931 < Content-Type: text/html < Date: Sat, 27 Jul 2024 15:51:31 GMT < Etag: "54d9748e-460b" < Server: bfe/1.0.8.18 .......
正常
yuhan6665
commented
2 months ago @liushengqi000 感谢测试 原问题已经修复 如果你要 curl https 需要在入站解开 TLS 才能在 freedom 加 TLS(也就是 MITM)这个应该也修了(不用指定环境变量)
liushengqi000
commented
2 months ago @liushengqi000 感谢测试 原问题已经修复 如果你要 curl https 需要在入站解开 TLS 才能在 freedom 加 TLS(也就是 MITM)这个应该也修了(不用指定环境变量)
是我测试了http端口的问题。现在正常了,非常感谢
yuhan6665
commented
2 months ago 我想了一下 刚才的入站 conn 还是不应该检查 所以我强推了一下 :sweat_smile: https://github.com/XTLS/Xray-core/actions/runs/10124804220
完整性要求
版本
1.8.6-1.8.17
描述
commit 36321b8 正常返回http数据
commit cf575be 无法获取http数据
明文数据中混杂tls握手包
重现方式
curl -vvl http://www.baidu.com:2081 --resolve www.baidu.com:2081:127.0.0.1
客户端配置
服务端配置
客户端日志
服务端日志