如果面板没返回 server_name,但还保留了 Vision flow,也会打警告。
This commit is contained in:
CN-JS-HuiBai
@@ -194,12 +194,6 @@ func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata a
|
||||
}
|
||||
conn = tlsConn
|
||||
}
|
||||
h.ssmMutex.RLock()
|
||||
tracker := h.tracker
|
||||
h.ssmMutex.RUnlock()
|
||||
if tracker != nil {
|
||||
conn = tracker.TrackConnection(conn, metadata)
|
||||
}
|
||||
err := h.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, metadata.Source, onClose)
|
||||
if err != nil {
|
||||
N.CloseOnHandshakeFailure(conn, onClose, err)
|
||||
@@ -222,6 +216,12 @@ func (h *Inbound) newConnectionEx(ctx context.Context, conn net.Conn, metadata a
|
||||
metadata.User = user
|
||||
}
|
||||
h.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination)
|
||||
h.ssmMutex.RLock()
|
||||
tracker := h.tracker
|
||||
h.ssmMutex.RUnlock()
|
||||
if tracker != nil {
|
||||
conn = tracker.TrackConnection(conn, metadata)
|
||||
}
|
||||
h.router.RouteConnectionEx(ctx, conn, metadata, onClose)
|
||||
}
|
||||
|
||||
|
||||
@@ -76,6 +76,7 @@ type Service struct {
|
||||
inboundManager adapter.InboundManager
|
||||
protocol string
|
||||
vlessFlow string
|
||||
vlessServerName string
|
||||
ssCipher string // stored for user key derivation in syncUsers
|
||||
ssServerKey string // stored for SS2022 per-user key extraction
|
||||
}
|
||||
@@ -658,7 +659,8 @@ func (s *Service) setupNode() error {
|
||||
|
||||
s.logger.Info("Xboard protocol identified: ", protocol)
|
||||
s.protocol = protocol
|
||||
s.vlessFlow = inner.Flow
|
||||
s.vlessFlow = ""
|
||||
s.vlessServerName = ""
|
||||
|
||||
var listenAddr badoption.Addr
|
||||
if addr, err := netip.ParseAddr(inner.ListenIP); err == nil {
|
||||
@@ -677,6 +679,9 @@ func (s *Service) setupNode() error {
|
||||
var tlsOptions option.InboundTLSOptions
|
||||
securityType := inner.TLS
|
||||
tlsSettings := mergedTLSSettings(inner, config)
|
||||
if tlsSettings != nil && tlsSettings.ServerName != "" {
|
||||
s.vlessServerName = tlsSettings.ServerName
|
||||
}
|
||||
hasCertificate := applyCertConfig(&tlsOptions, config.CertConfig)
|
||||
if config.CertConfig != nil && !hasCertificate && config.CertConfig.CertMode != "" && config.CertConfig.CertMode != "none" {
|
||||
s.logger.Warn("Xboard cert_config present but unsupported or incomplete for local TLS. cert_mode=", config.CertConfig.CertMode)
|
||||
@@ -792,6 +797,17 @@ func (s *Service) setupNode() error {
|
||||
}
|
||||
|
||||
if protocol == "vless" {
|
||||
if tlsSettings != nil && tlsSettings.ServerName != "" {
|
||||
s.logger.Info("Xboard VLESS server_name from panel: ", tlsSettings.ServerName)
|
||||
}
|
||||
resolvedFlow := inner.Flow
|
||||
if resolvedFlow == "xtls-rprx-vision" {
|
||||
if !tlsOptions.Enabled || (transport != nil && transport.Type != "") {
|
||||
s.logger.Warn("Xboard VLESS flow xtls-rprx-vision ignored because inbound is not raw TLS/REALITY over TCP")
|
||||
resolvedFlow = ""
|
||||
}
|
||||
}
|
||||
s.vlessFlow = resolvedFlow
|
||||
opts := &option.VLESSInboundOptions{
|
||||
ListenOptions: listen,
|
||||
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
|
||||
@@ -1219,6 +1235,9 @@ func (s *Service) syncUsers() {
|
||||
if s.protocol == "vless" && flow == "" {
|
||||
flow = s.vlessFlow
|
||||
}
|
||||
if s.protocol == "vless" && flow == "xtls-rprx-vision" && s.vlessServerName == "" {
|
||||
s.logger.Warn("Xboard VLESS flow xtls-rprx-vision kept but panel did not provide server_name")
|
||||
}
|
||||
|
||||
newUsers[userName] = userData{
|
||||
ID: u.ID,
|
||||
|
||||
Reference in New Issue
Block a user