如果面板没返回 server_name,但还保留了 Vision flow,也会打警告。
This commit is contained in:
CN-JS-HuiBai
@@ -194,12 +194,6 @@ func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata a
|
|||||||
}
|
}
|
||||||
conn = tlsConn
|
conn = tlsConn
|
||||||
}
|
}
|
||||||
h.ssmMutex.RLock()
|
|
||||||
tracker := h.tracker
|
|
||||||
h.ssmMutex.RUnlock()
|
|
||||||
if tracker != nil {
|
|
||||||
conn = tracker.TrackConnection(conn, metadata)
|
|
||||||
}
|
|
||||||
err := h.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, metadata.Source, onClose)
|
err := h.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, metadata.Source, onClose)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
N.CloseOnHandshakeFailure(conn, onClose, err)
|
N.CloseOnHandshakeFailure(conn, onClose, err)
|
||||||
@@ -222,6 +216,12 @@ func (h *Inbound) newConnectionEx(ctx context.Context, conn net.Conn, metadata a
|
|||||||
metadata.User = user
|
metadata.User = user
|
||||||
}
|
}
|
||||||
h.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination)
|
h.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination)
|
||||||
|
h.ssmMutex.RLock()
|
||||||
|
tracker := h.tracker
|
||||||
|
h.ssmMutex.RUnlock()
|
||||||
|
if tracker != nil {
|
||||||
|
conn = tracker.TrackConnection(conn, metadata)
|
||||||
|
}
|
||||||
h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
|
h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -76,6 +76,7 @@ type Service struct {
|
|||||||
inboundManager adapter.InboundManager
|
inboundManager adapter.InboundManager
|
||||||
protocol string
|
protocol string
|
||||||
vlessFlow string
|
vlessFlow string
|
||||||
|
vlessServerName string
|
||||||
ssCipher string // stored for user key derivation in syncUsers
|
ssCipher string // stored for user key derivation in syncUsers
|
||||||
ssServerKey string // stored for SS2022 per-user key extraction
|
ssServerKey string // stored for SS2022 per-user key extraction
|
||||||
}
|
}
|
||||||
@@ -658,7 +659,8 @@ func (s *Service) setupNode() error {
|
|||||||
|
|
||||||
s.logger.Info("Xboard protocol identified: ", protocol)
|
s.logger.Info("Xboard protocol identified: ", protocol)
|
||||||
s.protocol = protocol
|
s.protocol = protocol
|
||||||
s.vlessFlow = inner.Flow
|
s.vlessFlow = ""
|
||||||
|
s.vlessServerName = ""
|
||||||
|
|
||||||
var listenAddr badoption.Addr
|
var listenAddr badoption.Addr
|
||||||
if addr, err := netip.ParseAddr(inner.ListenIP); err == nil {
|
if addr, err := netip.ParseAddr(inner.ListenIP); err == nil {
|
||||||
@@ -677,6 +679,9 @@ func (s *Service) setupNode() error {
|
|||||||
var tlsOptions option.InboundTLSOptions
|
var tlsOptions option.InboundTLSOptions
|
||||||
securityType := inner.TLS
|
securityType := inner.TLS
|
||||||
tlsSettings := mergedTLSSettings(inner, config)
|
tlsSettings := mergedTLSSettings(inner, config)
|
||||||
|
if tlsSettings != nil && tlsSettings.ServerName != "" {
|
||||||
|
s.vlessServerName = tlsSettings.ServerName
|
||||||
|
}
|
||||||
hasCertificate := applyCertConfig(&tlsOptions, config.CertConfig)
|
hasCertificate := applyCertConfig(&tlsOptions, config.CertConfig)
|
||||||
if config.CertConfig != nil && !hasCertificate && config.CertConfig.CertMode != "" && config.CertConfig.CertMode != "none" {
|
if config.CertConfig != nil && !hasCertificate && config.CertConfig.CertMode != "" && config.CertConfig.CertMode != "none" {
|
||||||
s.logger.Warn("Xboard cert_config present but unsupported or incomplete for local TLS. cert_mode=", config.CertConfig.CertMode)
|
s.logger.Warn("Xboard cert_config present but unsupported or incomplete for local TLS. cert_mode=", config.CertConfig.CertMode)
|
||||||
@@ -792,6 +797,17 @@ func (s *Service) setupNode() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if protocol == "vless" {
|
if protocol == "vless" {
|
||||||
|
if tlsSettings != nil && tlsSettings.ServerName != "" {
|
||||||
|
s.logger.Info("Xboard VLESS server_name from panel: ", tlsSettings.ServerName)
|
||||||
|
}
|
||||||
|
resolvedFlow := inner.Flow
|
||||||
|
if resolvedFlow == "xtls-rprx-vision" {
|
||||||
|
if !tlsOptions.Enabled || (transport != nil && transport.Type != "") {
|
||||||
|
s.logger.Warn("Xboard VLESS flow xtls-rprx-vision ignored because inbound is not raw TLS/REALITY over TCP")
|
||||||
|
resolvedFlow = ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
s.vlessFlow = resolvedFlow
|
||||||
opts := &option.VLESSInboundOptions{
|
opts := &option.VLESSInboundOptions{
|
||||||
ListenOptions: listen,
|
ListenOptions: listen,
|
||||||
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
|
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
|
||||||
@@ -1219,6 +1235,9 @@ func (s *Service) syncUsers() {
|
|||||||
if s.protocol == "vless" && flow == "" {
|
if s.protocol == "vless" && flow == "" {
|
||||||
flow = s.vlessFlow
|
flow = s.vlessFlow
|
||||||
}
|
}
|
||||||
|
if s.protocol == "vless" && flow == "xtls-rprx-vision" && s.vlessServerName == "" {
|
||||||
|
s.logger.Warn("Xboard VLESS flow xtls-rprx-vision kept but panel did not provide server_name")
|
||||||
|
}
|
||||||
|
|
||||||
newUsers[userName] = userData{
|
newUsers[userName] = userData{
|
||||||
ID: u.ID,
|
ID: u.ID,
|
||||||
|
|||||||
Reference in New Issue
Block a user