fix: Vision filter TLS 1.2

This commit is contained in:
gVisor bot 2023-02-26 11:11:55 +08:00
parent 5e4dd2ab01
commit c1d7d4be13
2 changed files with 18 additions and 10 deletions

View file

@ -133,15 +133,16 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
vc.readProcess = false vc.readProcess = false
return vc.ReadBuffer(buffer) return vc.ReadBuffer(buffer)
case commandPaddingDirect: case commandPaddingDirect:
needReturn := false
if vc.input != nil { if vc.input != nil {
_, err := buffer.ReadFrom(vc.input) _, err := buffer.ReadFrom(vc.input)
if err != nil { if err != nil {
return err return err
} }
if vc.input.Len() == 0 { if vc.input.Len() == 0 {
needReturn = true
vc.input = nil vc.input = nil
} } else { // buffer is full
if buffer.IsFull() {
return nil return nil
} }
} }
@ -150,6 +151,7 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
if err != nil { if err != nil {
return err return err
} }
needReturn = true
if vc.rawInput.Len() == 0 { if vc.rawInput.Len() == 0 {
vc.rawInput = nil vc.rawInput = nil
} }
@ -159,6 +161,9 @@ func (vc *Conn) ReadBuffer(buffer *buf.Buffer) error {
vc.ExtendedReader = N.NewExtendedReader(vc.Conn) vc.ExtendedReader = N.NewExtendedReader(vc.Conn)
log.Debugln("XTLS Vision direct read start") log.Debugln("XTLS Vision direct read start")
} }
if needReturn {
return nil
}
default: default:
err := fmt.Errorf("XTLS Vision read unknown command: %d", vc.readLastCommand) err := fmt.Errorf("XTLS Vision read unknown command: %d", vc.readLastCommand)
log.Debugln(err.Error()) log.Debugln(err.Error())
@ -489,9 +494,9 @@ func newConn(conn net.Conn, client *Client, dst *DstAddr) (*Conn, error) {
r, _ := t.FieldByName("rawInput") r, _ := t.FieldByName("rawInput")
c.input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset)) c.input = (*bytes.Reader)(unsafe.Pointer(p + i.Offset))
c.rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset)) c.rawInput = (*bytes.Buffer)(unsafe.Pointer(p + r.Offset))
if _, ok := c.Conn.(*net.TCPConn); !ok { // if _, ok := c.Conn.(*net.TCPConn); !ok {
log.Debugln("XTLS underlying conn is not *net.TCPConn, got %s", reflect.TypeOf(conn).Name()) // log.Debugln("XTLS underlying conn is not *net.TCPConn, got %T", c.Conn)
} // }
} }
} }

View file

@ -50,10 +50,13 @@ func (vc *Conn) FilterTLS(p []byte) (index int) {
} }
if vc.remainingServerHello > 0 { if vc.remainingServerHello > 0 {
end := vc.remainingServerHello end := int(vc.remainingServerHello)
vc.remainingServerHello -= end if index+end > lenP {
if end > uint16(lenP) { end = lenP
end = uint16(lenP) vc.remainingServerHello -= uint16(end - index)
} else {
vc.remainingServerHello -= uint16(end)
end += index
} }
if bytes.Contains(p[index:end], tls13SupportedVersions) { if bytes.Contains(p[index:end], tls13SupportedVersions) {
// TLS 1.3 Client Hello // TLS 1.3 Client Hello
@ -64,7 +67,7 @@ func (vc *Conn) FilterTLS(p []byte) (index int) {
log.Debugln("XTLS Vision found TLS 1.3, packetLength=", lenP, ", CipherSuite=", cs) log.Debugln("XTLS Vision found TLS 1.3, packetLength=", lenP, ", CipherSuite=", cs)
vc.packetsToFilter = 0 vc.packetsToFilter = 0
return return
} else if vc.remainingServerHello < 0 { } else if vc.remainingServerHello <= 0 {
log.Debugln("XTLS Vision found TLS 1.2, packetLength=", lenP) log.Debugln("XTLS Vision found TLS 1.2, packetLength=", lenP)
vc.packetsToFilter = 0 vc.packetsToFilter = 0
return return