From 995aa7a8fc641fa00b44ad290ac59c3e4c2a565f Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Sat, 3 Jul 2021 20:34:44 +0800 Subject: [PATCH 1/2] Fix: remove ClientSessionCache and add NextProtos for vmess to fix #1468 --- adapter/outbound/http.go | 1 - adapter/outbound/shadowsocks.go | 1 - adapter/outbound/socks5.go | 1 - adapter/outbound/trojan.go | 10 ++++------ adapter/outbound/util.go | 14 -------------- adapter/outbound/vmess.go | 4 ---- dns/doh.go | 2 -- dns/resolver.go | 5 ----- dns/util.go | 1 - transport/trojan/trojan.go | 10 ++++------ transport/v2ray-plugin/websocket.go | 3 --- transport/vmess/tls.go | 2 -- transport/vmess/websocket.go | 3 +-- 13 files changed, 9 insertions(+), 48 deletions(-) diff --git a/adapter/outbound/http.go b/adapter/outbound/http.go index 43ca1204..b4dffdf7 100644 --- a/adapter/outbound/http.go +++ b/adapter/outbound/http.go @@ -125,7 +125,6 @@ func NewHttp(option HttpOption) *Http { } tlsConfig = &tls.Config{ InsecureSkipVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), ServerName: sni, } } diff --git a/adapter/outbound/shadowsocks.go b/adapter/outbound/shadowsocks.go index 0fb3ab9a..39d1e36d 100644 --- a/adapter/outbound/shadowsocks.go +++ b/adapter/outbound/shadowsocks.go @@ -149,7 +149,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) { if opts.TLS { v2rayOption.TLS = true v2rayOption.SkipCertVerify = opts.SkipCertVerify - v2rayOption.SessionCache = getClientSessionCache() } } diff --git a/adapter/outbound/socks5.go b/adapter/outbound/socks5.go index 26c7c06a..8106e0e2 100644 --- a/adapter/outbound/socks5.go +++ b/adapter/outbound/socks5.go @@ -145,7 +145,6 @@ func NewSocks5(option Socks5Option) *Socks5 { if option.TLS { tlsConfig = &tls.Config{ InsecureSkipVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), ServerName: option.Server, } } diff --git a/adapter/outbound/trojan.go b/adapter/outbound/trojan.go index 5d852735..afed410f 100644 --- a/adapter/outbound/trojan.go +++ b/adapter/outbound/trojan.go @@ -127,11 +127,10 @@ func NewTrojan(option TrojanOption) (*Trojan, error) { addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port)) tOption := &trojan.Option{ - Password: option.Password, - ALPN: option.ALPN, - ServerName: option.Server, - SkipCertVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), + Password: option.Password, + ALPN: option.ALPN, + ServerName: option.Server, + SkipCertVerify: option.SkipCertVerify, } if option.SNI != "" { @@ -163,7 +162,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) { MinVersion: tls.VersionTLS12, InsecureSkipVerify: tOption.SkipCertVerify, ServerName: tOption.ServerName, - ClientSessionCache: getClientSessionCache(), } t.transport = gun.NewHTTP2Client(dialFn, tlsConfig) diff --git a/adapter/outbound/util.go b/adapter/outbound/util.go index 4b81eb5d..0e1d4c8e 100644 --- a/adapter/outbound/util.go +++ b/adapter/outbound/util.go @@ -2,10 +2,8 @@ package outbound import ( "bytes" - "crypto/tls" "net" "strconv" - "sync" "time" "github.com/Dreamacro/clash/component/resolver" @@ -13,11 +11,6 @@ import ( "github.com/Dreamacro/clash/transport/socks5" ) -var ( - globalClientSessionCache tls.ClientSessionCache - once sync.Once -) - func tcpKeepAlive(c net.Conn) { if tcp, ok := c.(*net.TCPConn); ok { tcp.SetKeepAlive(true) @@ -25,13 +18,6 @@ func tcpKeepAlive(c net.Conn) { } } -func getClientSessionCache() tls.ClientSessionCache { - once.Do(func() { - globalClientSessionCache = tls.NewLRUClientSessionCache(128) - }) - return globalClientSessionCache -} - func serializesSocksAddr(metadata *C.Metadata) []byte { var buf [][]byte aType := uint8(metadata.AddrType) diff --git a/adapter/outbound/vmess.go b/adapter/outbound/vmess.go index 672f767b..5ee4abbc 100644 --- a/adapter/outbound/vmess.go +++ b/adapter/outbound/vmess.go @@ -86,7 +86,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { if v.option.TLS { wsOpts.TLS = true - wsOpts.SessionCache = getClientSessionCache() wsOpts.SkipCertVerify = v.option.SkipCertVerify wsOpts.ServerName = v.option.ServerName } @@ -98,7 +97,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := &vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), } if v.option.ServerName != "" { @@ -125,7 +123,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), NextProtos: []string{"h2"}, } @@ -153,7 +150,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := &vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), } if v.option.ServerName != "" { diff --git a/dns/doh.go b/dns/doh.go index 247e0704..34375017 100644 --- a/dns/doh.go +++ b/dns/doh.go @@ -3,7 +3,6 @@ package dns import ( "bytes" "context" - "crypto/tls" "io/ioutil" "net" "net/http" @@ -76,7 +75,6 @@ func newDoHClient(url string, r *Resolver) *dohClient { return &dohClient{ url: url, transport: &http.Transport{ - TLSClientConfig: &tls.Config{ClientSessionCache: globalSessionCache}, ForceAttemptHTTP2: true, DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { host, port, err := net.SplitHostPort(addr) diff --git a/dns/resolver.go b/dns/resolver.go index f57fec52..1ca0293e 100644 --- a/dns/resolver.go +++ b/dns/resolver.go @@ -2,7 +2,6 @@ package dns import ( "context" - "crypto/tls" "errors" "fmt" "math/rand" @@ -20,10 +19,6 @@ import ( "golang.org/x/sync/singleflight" ) -var ( - globalSessionCache = tls.NewLRUClientSessionCache(64) -) - type dnsClient interface { Exchange(m *D.Msg) (msg *D.Msg, err error) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error) diff --git a/dns/util.go b/dns/util.go index c2bb11d8..e56aaeb5 100644 --- a/dns/util.go +++ b/dns/util.go @@ -127,7 +127,6 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient { Client: &D.Client{ Net: s.Net, TLSConfig: &tls.Config{ - ClientSessionCache: globalSessionCache, // alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6 NextProtos: []string{"dns"}, ServerName: host, diff --git a/transport/trojan/trojan.go b/transport/trojan/trojan.go index 88cc95fb..d62e3f80 100644 --- a/transport/trojan/trojan.go +++ b/transport/trojan/trojan.go @@ -34,11 +34,10 @@ var ( ) type Option struct { - Password string - ALPN []string - ServerName string - SkipCertVerify bool - ClientSessionCache tls.ClientSessionCache + Password string + ALPN []string + ServerName string + SkipCertVerify bool } type Trojan struct { @@ -57,7 +56,6 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) { MinVersion: tls.VersionTLS12, InsecureSkipVerify: t.option.SkipCertVerify, ServerName: t.option.ServerName, - ClientSessionCache: t.option.ClientSessionCache, } tlsConn := tls.Client(conn, tlsConfig) diff --git a/transport/v2ray-plugin/websocket.go b/transport/v2ray-plugin/websocket.go index 9feaf2c2..317c172f 100644 --- a/transport/v2ray-plugin/websocket.go +++ b/transport/v2ray-plugin/websocket.go @@ -1,7 +1,6 @@ package obfs import ( - "crypto/tls" "net" "net/http" @@ -16,7 +15,6 @@ type Option struct { Headers map[string]string TLS bool SkipCertVerify bool - SessionCache tls.ClientSessionCache Mux bool } @@ -34,7 +32,6 @@ func NewV2rayObfs(conn net.Conn, option *Option) (net.Conn, error) { TLS: option.TLS, Headers: header, SkipCertVerify: option.SkipCertVerify, - SessionCache: option.SessionCache, } var err error diff --git a/transport/vmess/tls.go b/transport/vmess/tls.go index b003a753..234c3147 100644 --- a/transport/vmess/tls.go +++ b/transport/vmess/tls.go @@ -8,7 +8,6 @@ import ( type TLSConfig struct { Host string SkipCertVerify bool - SessionCache tls.ClientSessionCache NextProtos []string } @@ -16,7 +15,6 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) { tlsConfig := &tls.Config{ ServerName: cfg.Host, InsecureSkipVerify: cfg.SkipCertVerify, - ClientSessionCache: cfg.SessionCache, NextProtos: cfg.NextProtos, } diff --git a/transport/vmess/websocket.go b/transport/vmess/websocket.go index 980add13..6ed353e7 100644 --- a/transport/vmess/websocket.go +++ b/transport/vmess/websocket.go @@ -32,7 +32,6 @@ type WebsocketConfig struct { TLS bool SkipCertVerify bool ServerName string - SessionCache tls.ClientSessionCache } // Read implements net.Conn.Read() @@ -130,7 +129,7 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) { dialer.TLSClientConfig = &tls.Config{ ServerName: c.Host, InsecureSkipVerify: c.SkipCertVerify, - ClientSessionCache: c.SessionCache, + NextProtos: []string{"http/1.1"}, } if c.ServerName != "" { From dff1e8f1ce0c6ed9d8a070c513a6b3478f701e2b Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Sat, 3 Jul 2021 21:01:41 +0800 Subject: [PATCH 2/2] Chore: update dependencies --- go.mod | 10 +++++----- go.sum | 21 +++++++++++---------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 17056c62..28e4d44b 100644 --- a/go.mod +++ b/go.mod @@ -9,14 +9,14 @@ require ( github.com/go-chi/render v1.0.1 github.com/gofrs/uuid v4.0.0+incompatible github.com/gorilla/websocket v1.4.2 - github.com/miekg/dns v1.1.42 + github.com/miekg/dns v1.1.43 github.com/oschwald/geoip2-golang v1.5.0 github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.0 - go.uber.org/atomic v1.7.0 - golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf - golang.org/x/net v0.0.0-20210508051633-16afe75a6701 + go.uber.org/atomic v1.8.0 + golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e + golang.org/x/net v0.0.0-20210614182718-04defd469f4e golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096 + golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 58dcc672..fa37dc3b 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPh github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY= -github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= +github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= +github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/oschwald/geoip2-golang v1.5.0 h1:igg2yQIrrcRccB1ytFXqBfOHCjXWIoMv85lVJ1ONZzw= github.com/oschwald/geoip2-golang v1.5.0/go.mod h1:xdvYt5xQzB8ORWFqPnqMwZpCpgNagttWdoZLlJQzg7s= github.com/oschwald/maxminddb-golang v1.8.0 h1:Uh/DSnGoxsyp/KYbY1AuP0tYEwfs0sCph9p/UMXK/Hk= @@ -29,14 +29,14 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.8.0 h1:CUhrE4N1rqSE6FM9ecihEjRkLQu8cDfgDyoOs83mEY4= +go.uber.org/atomic v1.8.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= golang.org/x/crypto v0.0.0-20210317152858-513c2a44f670/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf h1:B2n+Zi5QeYRDAEodEu72OS36gmTWjgpXr2+cWcBW90o= -golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210508051633-16afe75a6701 h1:lQVgcB3+FoAXOb20Dp6zTzAIrpj1k/yOOBN7s+Zv1rA= -golang.org/x/net v0.0.0-20210508051633-16afe75a6701/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -44,8 +44,9 @@ golang.org/x/sys v0.0.0-20191224085550-c709ea063b76/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096 h1:5PbJGn5Sp3GEUjJ61aYbUP6RIo3Z3r2E4Tv9y2z8UHo= -golang.org/x/sys v0.0.0-20210507161434-a76c4d0a0096/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=