fix: Vision filter TLS 1.2

This commit is contained in:
gVisor bot 2023-02-26 11:11:55 +08:00
parent 5e4dd2ab01
commit c1d7d4be13
2 changed files with 18 additions and 10 deletions

View file

@ -133,15 +133,16 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
vc.readProcess = false
return vc.ReadBuffer(buffer)
case commandPaddingDirect:
needReturn := false
if vc.input != nil {
_, err := buffer.ReadFrom(vc.input)
if err != nil {
return err
}
if vc.input.Len() == 0 {
needReturn = true
vc.input = nil
}
if buffer.IsFull() {
} else { // buffer is full
return nil
}
}
@ -150,6 +151,7 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
if err != nil {
return err
}
needReturn = true
if vc.rawInput.Len() == 0 {
vc.rawInput = nil
}
@ -159,6 +161,9 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
vc.ExtendedReader = N.NewExtendedReader(vc.Conn)
log.Debugln("XTLS Vision direct read start")
}
if needReturn {
return nil
}
default:
err := fmt.Errorf("XTLS Vision read unknown command: %d", vc.readLastCommand)
log.Debugln(err.Error())
@ -489,9 +494,9 @@ func newConn(conn net.Conn, client *Client, dst *DstAddr) (*Conn, error) {
r, _ := t.FieldByName("rawInput")
c.input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset))
c.rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset))
if _, ok := c.Conn.(*net.TCPConn); !ok {
log.Debugln("XTLS underlying conn is not *net.TCPConn, got %s", reflect.TypeOf(conn).Name())
}
// if _, ok := c.Conn.(*net.TCPConn); !ok {
// log.Debugln("XTLS underlying conn is not *net.TCPConn, got %T", c.Conn)
// }
}
}

View file

@ -50,10 +50,13 @@ func (vc *Conn) FilterTLS(p []byte) (index int) {
}
if vc.remainingServerHello > 0 {
end := vc.remainingServerHello
vc.remainingServerHello -= end
if end > uint16(lenP) {
end = uint16(lenP)
end := int(vc.remainingServerHello)
if index+end > lenP {
end = lenP
vc.remainingServerHello -= uint16(end - index)
} else {
vc.remainingServerHello -= uint16(end)
end += index
}
if bytes.Contains(p[index:end], tls13SupportedVersions) {
// TLS 1.3 Client Hello
@ -64,7 +67,7 @@ func (vc *Conn) FilterTLS(p []byte) (index int) {
log.Debugln("XTLS Vision found TLS 1.3, packetLength=", lenP, ", CipherSuite=", cs)
vc.packetsToFilter = 0
return
} else if vc.remainingServerHello < 0 {
} else if vc.remainingServerHello <= 0 {
log.Debugln("XTLS Vision found TLS 1.2, packetLength=", lenP)
vc.packetsToFilter = 0
return