github.com/xmplusdev/xray-core@v1.8.10/infra/conf/transport_internet.go (about) 1 package conf 2 3 import ( 4 "encoding/base64" 5 "encoding/hex" 6 "encoding/json" 7 "math" 8 "net/url" 9 "runtime" 10 "strconv" 11 "strings" 12 "syscall" 13 14 "github.com/xmplusdev/xray-core/common/net" 15 "github.com/xmplusdev/xray-core/common/platform/filesystem" 16 "github.com/xmplusdev/xray-core/common/protocol" 17 "github.com/xmplusdev/xray-core/common/serial" 18 "github.com/xmplusdev/xray-core/transport/internet" 19 "github.com/xmplusdev/xray-core/transport/internet/domainsocket" 20 httpheader "github.com/xmplusdev/xray-core/transport/internet/headers/http" 21 "github.com/xmplusdev/xray-core/transport/internet/http" 22 "github.com/xmplusdev/xray-core/transport/internet/httpupgrade" 23 "github.com/xmplusdev/xray-core/transport/internet/kcp" 24 "github.com/xmplusdev/xray-core/transport/internet/quic" 25 "github.com/xmplusdev/xray-core/transport/internet/reality" 26 "github.com/xmplusdev/xray-core/transport/internet/tcp" 27 "github.com/xmplusdev/xray-core/transport/internet/tls" 28 "github.com/xmplusdev/xray-core/transport/internet/websocket" 29 "google.golang.org/protobuf/proto" 30 ) 31 32 var ( 33 kcpHeaderLoader = NewJSONConfigLoader(ConfigCreatorCache{ 34 "none": func() interface{} { return new(NoOpAuthenticator) }, 35 "srtp": func() interface{} { return new(SRTPAuthenticator) }, 36 "utp": func() interface{} { return new(UTPAuthenticator) }, 37 "wechat-video": func() interface{} { return new(WechatVideoAuthenticator) }, 38 "dtls": func() interface{} { return new(DTLSAuthenticator) }, 39 "wireguard": func() interface{} { return new(WireguardAuthenticator) }, 40 "dns": func() interface{} { return new(DNSAuthenticator) }, 41 }, "type", "") 42 43 tcpHeaderLoader = NewJSONConfigLoader(ConfigCreatorCache{ 44 "none": func() interface{} { return new(NoOpConnectionAuthenticator) }, 45 "http": func() interface{} { return new(Authenticator) }, 46 }, "type", "") 47 ) 48 49 type KCPConfig struct { 50 Mtu *uint32 `json:"mtu"` 51 Tti *uint32 `json:"tti"` 52 UpCap *uint32 `json:"uplinkCapacity"` 53 DownCap *uint32 `json:"downlinkCapacity"` 54 Congestion *bool `json:"congestion"` 55 ReadBufferSize *uint32 `json:"readBufferSize"` 56 WriteBufferSize *uint32 `json:"writeBufferSize"` 57 HeaderConfig json.RawMessage `json:"header"` 58 Seed *string `json:"seed"` 59 } 60 61 // Build implements Buildable. 62 func (c *KCPConfig) Build() (proto.Message, error) { 63 config := new(kcp.Config) 64 65 if c.Mtu != nil { 66 mtu := *c.Mtu 67 if mtu < 576 || mtu > 1460 { 68 return nil, newError("invalid mKCP MTU size: ", mtu).AtError() 69 } 70 config.Mtu = &kcp.MTU{Value: mtu} 71 } 72 if c.Tti != nil { 73 tti := *c.Tti 74 if tti < 10 || tti > 100 { 75 return nil, newError("invalid mKCP TTI: ", tti).AtError() 76 } 77 config.Tti = &kcp.TTI{Value: tti} 78 } 79 if c.UpCap != nil { 80 config.UplinkCapacity = &kcp.UplinkCapacity{Value: *c.UpCap} 81 } 82 if c.DownCap != nil { 83 config.DownlinkCapacity = &kcp.DownlinkCapacity{Value: *c.DownCap} 84 } 85 if c.Congestion != nil { 86 config.Congestion = *c.Congestion 87 } 88 if c.ReadBufferSize != nil { 89 size := *c.ReadBufferSize 90 if size > 0 { 91 config.ReadBuffer = &kcp.ReadBuffer{Size: size * 1024 * 1024} 92 } else { 93 config.ReadBuffer = &kcp.ReadBuffer{Size: 512 * 1024} 94 } 95 } 96 if c.WriteBufferSize != nil { 97 size := *c.WriteBufferSize 98 if size > 0 { 99 config.WriteBuffer = &kcp.WriteBuffer{Size: size * 1024 * 1024} 100 } else { 101 config.WriteBuffer = &kcp.WriteBuffer{Size: 512 * 1024} 102 } 103 } 104 if len(c.HeaderConfig) > 0 { 105 headerConfig, _, err := kcpHeaderLoader.Load(c.HeaderConfig) 106 if err != nil { 107 return nil, newError("invalid mKCP header config.").Base(err).AtError() 108 } 109 ts, err := headerConfig.(Buildable).Build() 110 if err != nil { 111 return nil, newError("invalid mKCP header config").Base(err).AtError() 112 } 113 config.HeaderConfig = serial.ToTypedMessage(ts) 114 } 115 116 if c.Seed != nil { 117 config.Seed = &kcp.EncryptionSeed{Seed: *c.Seed} 118 } 119 120 return config, nil 121 } 122 123 type TCPConfig struct { 124 HeaderConfig json.RawMessage `json:"header"` 125 AcceptProxyProtocol bool `json:"acceptProxyProtocol"` 126 } 127 128 // Build implements Buildable. 129 func (c *TCPConfig) Build() (proto.Message, error) { 130 config := new(tcp.Config) 131 if len(c.HeaderConfig) > 0 { 132 headerConfig, _, err := tcpHeaderLoader.Load(c.HeaderConfig) 133 if err != nil { 134 return nil, newError("invalid TCP header config").Base(err).AtError() 135 } 136 ts, err := headerConfig.(Buildable).Build() 137 if err != nil { 138 return nil, newError("invalid TCP header config").Base(err).AtError() 139 } 140 config.HeaderSettings = serial.ToTypedMessage(ts) 141 } 142 if c.AcceptProxyProtocol { 143 config.AcceptProxyProtocol = c.AcceptProxyProtocol 144 } 145 return config, nil 146 } 147 148 type WebSocketConfig struct { 149 Host string `json:"host"` 150 Path string `json:"path"` 151 Headers map[string]string `json:"headers"` 152 AcceptProxyProtocol bool `json:"acceptProxyProtocol"` 153 } 154 155 // Build implements Buildable. 156 func (c *WebSocketConfig) Build() (proto.Message, error) { 157 path := c.Path 158 var ed uint32 159 if u, err := url.Parse(path); err == nil { 160 if q := u.Query(); q.Get("ed") != "" { 161 Ed, _ := strconv.Atoi(q.Get("ed")) 162 ed = uint32(Ed) 163 q.Del("ed") 164 u.RawQuery = q.Encode() 165 path = u.String() 166 } 167 } 168 // If http host is not set in the Host field, but in headers field, we add it to Host Field here. 169 // If we don't do that, http host will be overwritten as address. 170 // Host priority: Host field > headers field > address. 171 if c.Host == "" && c.Headers["host"] != "" { 172 c.Host = c.Headers["host"] 173 } else if c.Host == "" && c.Headers["Host"] != "" { 174 c.Host = c.Headers["Host"] 175 } 176 config := &websocket.Config{ 177 Path: path, 178 Host: c.Host, 179 Header: c.Headers, 180 AcceptProxyProtocol: c.AcceptProxyProtocol, 181 Ed: ed, 182 } 183 return config, nil 184 } 185 186 type HttpUpgradeConfig struct { 187 Host string `json:"host"` 188 Path string `json:"path"` 189 Headers map[string]string `json:"headers"` 190 AcceptProxyProtocol bool `json:"acceptProxyProtocol"` 191 } 192 193 // Build implements Buildable. 194 func (c *HttpUpgradeConfig) Build() (proto.Message, error) { 195 path := c.Path 196 var ed uint32 197 if u, err := url.Parse(path); err == nil { 198 if q := u.Query(); q.Get("ed") != "" { 199 Ed, _ := strconv.Atoi(q.Get("ed")) 200 ed = uint32(Ed) 201 q.Del("ed") 202 u.RawQuery = q.Encode() 203 path = u.String() 204 } 205 } 206 // If http host is not set in the Host field, but in headers field, we add it to Host Field here. 207 // If we don't do that, http host will be overwritten as address. 208 // Host priority: Host field > headers field > address. 209 if c.Host == "" && c.Headers["host"] != "" { 210 c.Host = c.Headers["host"] 211 } else if c.Host == "" && c.Headers["Host"] != "" { 212 c.Host = c.Headers["Host"] 213 } 214 config := &httpupgrade.Config{ 215 Path: path, 216 Host: c.Host, 217 Header: c.Headers, 218 AcceptProxyProtocol: c.AcceptProxyProtocol, 219 Ed: ed, 220 } 221 return config, nil 222 } 223 224 type HTTPConfig struct { 225 Host *StringList `json:"host"` 226 Path string `json:"path"` 227 ReadIdleTimeout int32 `json:"read_idle_timeout"` 228 HealthCheckTimeout int32 `json:"health_check_timeout"` 229 Method string `json:"method"` 230 Headers map[string]*StringList `json:"headers"` 231 } 232 233 // Build implements Buildable. 234 func (c *HTTPConfig) Build() (proto.Message, error) { 235 if c.ReadIdleTimeout <= 0 { 236 c.ReadIdleTimeout = 0 237 } 238 if c.HealthCheckTimeout <= 0 { 239 c.HealthCheckTimeout = 0 240 } 241 config := &http.Config{ 242 Path: c.Path, 243 IdleTimeout: c.ReadIdleTimeout, 244 HealthCheckTimeout: c.HealthCheckTimeout, 245 } 246 if c.Host != nil { 247 config.Host = []string(*c.Host) 248 } 249 if c.Method != "" { 250 config.Method = c.Method 251 } 252 if len(c.Headers) > 0 { 253 config.Header = make([]*httpheader.Header, 0, len(c.Headers)) 254 headerNames := sortMapKeys(c.Headers) 255 for _, key := range headerNames { 256 value := c.Headers[key] 257 if value == nil { 258 return nil, newError("empty HTTP header value: " + key).AtError() 259 } 260 config.Header = append(config.Header, &httpheader.Header{ 261 Name: key, 262 Value: append([]string(nil), (*value)...), 263 }) 264 } 265 } 266 return config, nil 267 } 268 269 type QUICConfig struct { 270 Header json.RawMessage `json:"header"` 271 Security string `json:"security"` 272 Key string `json:"key"` 273 } 274 275 // Build implements Buildable. 276 func (c *QUICConfig) Build() (proto.Message, error) { 277 config := &quic.Config{ 278 Key: c.Key, 279 } 280 281 if len(c.Header) > 0 { 282 headerConfig, _, err := kcpHeaderLoader.Load(c.Header) 283 if err != nil { 284 return nil, newError("invalid QUIC header config.").Base(err).AtError() 285 } 286 ts, err := headerConfig.(Buildable).Build() 287 if err != nil { 288 return nil, newError("invalid QUIC header config").Base(err).AtError() 289 } 290 config.Header = serial.ToTypedMessage(ts) 291 } 292 293 var st protocol.SecurityType 294 switch strings.ToLower(c.Security) { 295 case "aes-128-gcm": 296 st = protocol.SecurityType_AES128_GCM 297 case "chacha20-poly1305": 298 st = protocol.SecurityType_CHACHA20_POLY1305 299 default: 300 st = protocol.SecurityType_NONE 301 } 302 303 config.Security = &protocol.SecurityConfig{ 304 Type: st, 305 } 306 307 return config, nil 308 } 309 310 type DomainSocketConfig struct { 311 Path string `json:"path"` 312 Abstract bool `json:"abstract"` 313 Padding bool `json:"padding"` 314 } 315 316 // Build implements Buildable. 317 func (c *DomainSocketConfig) Build() (proto.Message, error) { 318 return &domainsocket.Config{ 319 Path: c.Path, 320 Abstract: c.Abstract, 321 Padding: c.Padding, 322 }, nil 323 } 324 325 func readFileOrString(f string, s []string) ([]byte, error) { 326 if len(f) > 0 { 327 return filesystem.ReadFile(f) 328 } 329 if len(s) > 0 { 330 return []byte(strings.Join(s, "\n")), nil 331 } 332 return nil, newError("both file and bytes are empty.") 333 } 334 335 type TLSCertConfig struct { 336 CertFile string `json:"certificateFile"` 337 CertStr []string `json:"certificate"` 338 KeyFile string `json:"keyFile"` 339 KeyStr []string `json:"key"` 340 Usage string `json:"usage"` 341 OcspStapling uint64 `json:"ocspStapling"` 342 OneTimeLoading bool `json:"oneTimeLoading"` 343 } 344 345 // Build implements Buildable. 346 func (c *TLSCertConfig) Build() (*tls.Certificate, error) { 347 certificate := new(tls.Certificate) 348 349 cert, err := readFileOrString(c.CertFile, c.CertStr) 350 if err != nil { 351 return nil, newError("failed to parse certificate").Base(err) 352 } 353 certificate.Certificate = cert 354 certificate.CertificatePath = c.CertFile 355 356 if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 { 357 key, err := readFileOrString(c.KeyFile, c.KeyStr) 358 if err != nil { 359 return nil, newError("failed to parse key").Base(err) 360 } 361 certificate.Key = key 362 certificate.KeyPath = c.KeyFile 363 } 364 365 switch strings.ToLower(c.Usage) { 366 case "encipherment": 367 certificate.Usage = tls.Certificate_ENCIPHERMENT 368 case "verify": 369 certificate.Usage = tls.Certificate_AUTHORITY_VERIFY 370 case "issue": 371 certificate.Usage = tls.Certificate_AUTHORITY_ISSUE 372 default: 373 certificate.Usage = tls.Certificate_ENCIPHERMENT 374 } 375 if certificate.KeyPath == "" && certificate.CertificatePath == "" { 376 certificate.OneTimeLoading = true 377 } else { 378 certificate.OneTimeLoading = c.OneTimeLoading 379 } 380 certificate.OcspStapling = c.OcspStapling 381 382 return certificate, nil 383 } 384 385 type TLSConfig struct { 386 Insecure bool `json:"allowInsecure"` 387 Certs []*TLSCertConfig `json:"certificates"` 388 ServerName string `json:"serverName"` 389 ALPN *StringList `json:"alpn"` 390 EnableSessionResumption bool `json:"enableSessionResumption"` 391 DisableSystemRoot bool `json:"disableSystemRoot"` 392 MinVersion string `json:"minVersion"` 393 MaxVersion string `json:"maxVersion"` 394 CipherSuites string `json:"cipherSuites"` 395 PreferServerCipherSuites bool `json:"preferServerCipherSuites"` 396 Fingerprint string `json:"fingerprint"` 397 RejectUnknownSNI bool `json:"rejectUnknownSni"` 398 PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` 399 PinnedPeerCertificatePublicKeySha256 *[]string `json:"pinnedPeerCertificatePublicKeySha256"` 400 MasterKeyLog string `json:"masterKeyLog"` 401 } 402 403 // Build implements Buildable. 404 func (c *TLSConfig) Build() (proto.Message, error) { 405 config := new(tls.Config) 406 config.Certificate = make([]*tls.Certificate, len(c.Certs)) 407 for idx, certConf := range c.Certs { 408 cert, err := certConf.Build() 409 if err != nil { 410 return nil, err 411 } 412 config.Certificate[idx] = cert 413 } 414 serverName := c.ServerName 415 config.AllowInsecure = c.Insecure 416 if len(c.ServerName) > 0 { 417 config.ServerName = serverName 418 } 419 if c.ALPN != nil && len(*c.ALPN) > 0 { 420 config.NextProtocol = []string(*c.ALPN) 421 } 422 config.EnableSessionResumption = c.EnableSessionResumption 423 config.DisableSystemRoot = c.DisableSystemRoot 424 config.MinVersion = c.MinVersion 425 config.MaxVersion = c.MaxVersion 426 config.CipherSuites = c.CipherSuites 427 config.PreferServerCipherSuites = c.PreferServerCipherSuites 428 config.Fingerprint = strings.ToLower(c.Fingerprint) 429 if config.Fingerprint != "" && tls.GetFingerprint(config.Fingerprint) == nil { 430 return nil, newError(`unknown fingerprint: `, config.Fingerprint) 431 } 432 config.RejectUnknownSni = c.RejectUnknownSNI 433 434 if c.PinnedPeerCertificateChainSha256 != nil { 435 config.PinnedPeerCertificateChainSha256 = [][]byte{} 436 for _, v := range *c.PinnedPeerCertificateChainSha256 { 437 hashValue, err := base64.StdEncoding.DecodeString(v) 438 if err != nil { 439 return nil, err 440 } 441 config.PinnedPeerCertificateChainSha256 = append(config.PinnedPeerCertificateChainSha256, hashValue) 442 } 443 } 444 445 if c.PinnedPeerCertificatePublicKeySha256 != nil { 446 config.PinnedPeerCertificatePublicKeySha256 = [][]byte{} 447 for _, v := range *c.PinnedPeerCertificatePublicKeySha256 { 448 hashValue, err := base64.StdEncoding.DecodeString(v) 449 if err != nil { 450 return nil, err 451 } 452 config.PinnedPeerCertificatePublicKeySha256 = append(config.PinnedPeerCertificatePublicKeySha256, hashValue) 453 } 454 } 455 456 config.MasterKeyLog = c.MasterKeyLog 457 458 return config, nil 459 } 460 461 type REALITYConfig struct { 462 Show bool `json:"show"` 463 MasterKeyLog string `json:"masterKeyLog"` 464 Dest json.RawMessage `json:"dest"` 465 Type string `json:"type"` 466 Xver uint64 `json:"xver"` 467 ServerNames []string `json:"serverNames"` 468 PrivateKey string `json:"privateKey"` 469 MinClientVer string `json:"minClientVer"` 470 MaxClientVer string `json:"maxClientVer"` 471 MaxTimeDiff uint64 `json:"maxTimeDiff"` 472 ShortIds []string `json:"shortIds"` 473 474 Fingerprint string `json:"fingerprint"` 475 ServerName string `json:"serverName"` 476 PublicKey string `json:"publicKey"` 477 ShortId string `json:"shortId"` 478 SpiderX string `json:"spiderX"` 479 } 480 481 func (c *REALITYConfig) Build() (proto.Message, error) { 482 config := new(reality.Config) 483 config.Show = c.Show 484 config.MasterKeyLog = c.MasterKeyLog 485 var err error 486 if c.Dest != nil { 487 var i uint16 488 var s string 489 if err = json.Unmarshal(c.Dest, &i); err == nil { 490 s = strconv.Itoa(int(i)) 491 } else { 492 _ = json.Unmarshal(c.Dest, &s) 493 } 494 if c.Type == "" && s != "" { 495 switch s[0] { 496 case '@', '/': 497 c.Type = "unix" 498 if s[0] == '@' && len(s) > 1 && s[1] == '@' && (runtime.GOOS == "linux" || runtime.GOOS == "android") { 499 fullAddr := make([]byte, len(syscall.RawSockaddrUnix{}.Path)) // may need padding to work with haproxy 500 copy(fullAddr, s[1:]) 501 s = string(fullAddr) 502 } 503 default: 504 if _, err = strconv.Atoi(s); err == nil { 505 s = "127.0.0.1:" + s 506 } 507 if _, _, err = net.SplitHostPort(s); err == nil { 508 c.Type = "tcp" 509 } 510 } 511 } 512 if c.Type == "" { 513 return nil, newError(`please fill in a valid value for "dest"`) 514 } 515 if c.Xver > 2 { 516 return nil, newError(`invalid PROXY protocol version, "xver" only accepts 0, 1, 2`) 517 } 518 if len(c.ServerNames) == 0 { 519 return nil, newError(`empty "serverNames"`) 520 } 521 if c.PrivateKey == "" { 522 return nil, newError(`empty "privateKey"`) 523 } 524 if config.PrivateKey, err = base64.RawURLEncoding.DecodeString(c.PrivateKey); err != nil || len(config.PrivateKey) != 32 { 525 return nil, newError(`invalid "privateKey": `, c.PrivateKey) 526 } 527 if c.MinClientVer != "" { 528 config.MinClientVer = make([]byte, 3) 529 var u uint64 530 for i, s := range strings.Split(c.MinClientVer, ".") { 531 if i == 3 { 532 return nil, newError(`invalid "minClientVer": `, c.MinClientVer) 533 } 534 if u, err = strconv.ParseUint(s, 10, 8); err != nil { 535 return nil, newError(`"minClientVer[`, i, `]" should be lesser than 256`) 536 } else { 537 config.MinClientVer[i] = byte(u) 538 } 539 } 540 } 541 if c.MaxClientVer != "" { 542 config.MaxClientVer = make([]byte, 3) 543 var u uint64 544 for i, s := range strings.Split(c.MaxClientVer, ".") { 545 if i == 3 { 546 return nil, newError(`invalid "maxClientVer": `, c.MaxClientVer) 547 } 548 if u, err = strconv.ParseUint(s, 10, 8); err != nil { 549 return nil, newError(`"maxClientVer[`, i, `]" should be lesser than 256`) 550 } else { 551 config.MaxClientVer[i] = byte(u) 552 } 553 } 554 } 555 if len(c.ShortIds) == 0 { 556 return nil, newError(`empty "shortIds"`) 557 } 558 config.ShortIds = make([][]byte, len(c.ShortIds)) 559 for i, s := range c.ShortIds { 560 config.ShortIds[i] = make([]byte, 8) 561 if _, err = hex.Decode(config.ShortIds[i], []byte(s)); err != nil { 562 return nil, newError(`invalid "shortIds[`, i, `]": `, s) 563 } 564 } 565 config.Dest = s 566 config.Type = c.Type 567 config.Xver = c.Xver 568 config.ServerNames = c.ServerNames 569 config.MaxTimeDiff = c.MaxTimeDiff 570 } else { 571 if c.Fingerprint == "" { 572 return nil, newError(`empty "fingerprint"`) 573 } 574 if config.Fingerprint = strings.ToLower(c.Fingerprint); tls.GetFingerprint(config.Fingerprint) == nil { 575 return nil, newError(`unknown "fingerprint": `, config.Fingerprint) 576 } 577 if config.Fingerprint == "hellogolang" { 578 return nil, newError(`invalid "fingerprint": `, config.Fingerprint) 579 } 580 if len(c.ServerNames) != 0 { 581 return nil, newError(`non-empty "serverNames", please use "serverName" instead`) 582 } 583 if c.PublicKey == "" { 584 return nil, newError(`empty "publicKey"`) 585 } 586 if config.PublicKey, err = base64.RawURLEncoding.DecodeString(c.PublicKey); err != nil || len(config.PublicKey) != 32 { 587 return nil, newError(`invalid "publicKey": `, c.PublicKey) 588 } 589 if len(c.ShortIds) != 0 { 590 return nil, newError(`non-empty "shortIds", please use "shortId" instead`) 591 } 592 config.ShortId = make([]byte, 8) 593 if _, err = hex.Decode(config.ShortId, []byte(c.ShortId)); err != nil { 594 return nil, newError(`invalid "shortId": `, c.ShortId) 595 } 596 if c.SpiderX == "" { 597 c.SpiderX = "/" 598 } 599 if c.SpiderX[0] != '/' { 600 return nil, newError(`invalid "spiderX": `, c.SpiderX) 601 } 602 config.SpiderY = make([]int64, 10) 603 u, _ := url.Parse(c.SpiderX) 604 q := u.Query() 605 parse := func(param string, index int) { 606 if q.Get(param) != "" { 607 s := strings.Split(q.Get(param), "-") 608 if len(s) == 1 { 609 config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) 610 config.SpiderY[index+1], _ = strconv.ParseInt(s[0], 10, 64) 611 } else { 612 config.SpiderY[index], _ = strconv.ParseInt(s[0], 10, 64) 613 config.SpiderY[index+1], _ = strconv.ParseInt(s[1], 10, 64) 614 } 615 } 616 q.Del(param) 617 } 618 parse("p", 0) // padding 619 parse("c", 2) // concurrency 620 parse("t", 4) // times 621 parse("i", 6) // interval 622 parse("r", 8) // return 623 u.RawQuery = q.Encode() 624 config.SpiderX = u.String() 625 config.ServerName = c.ServerName 626 } 627 return config, nil 628 } 629 630 type TransportProtocol string 631 632 // Build implements Buildable. 633 func (p TransportProtocol) Build() (string, error) { 634 switch strings.ToLower(string(p)) { 635 case "tcp": 636 return "tcp", nil 637 case "kcp", "mkcp": 638 return "mkcp", nil 639 case "ws", "websocket": 640 return "websocket", nil 641 case "h2", "http": 642 return "http", nil 643 case "ds", "domainsocket": 644 return "domainsocket", nil 645 case "quic": 646 return "quic", nil 647 case "grpc", "gun": 648 return "grpc", nil 649 case "httpupgrade": 650 return "httpupgrade", nil 651 default: 652 return "", newError("Config: unknown transport protocol: ", p) 653 } 654 } 655 656 type SocketConfig struct { 657 Mark int32 `json:"mark"` 658 TFO interface{} `json:"tcpFastOpen"` 659 TProxy string `json:"tproxy"` 660 AcceptProxyProtocol bool `json:"acceptProxyProtocol"` 661 DomainStrategy string `json:"domainStrategy"` 662 DialerProxy string `json:"dialerProxy"` 663 TCPKeepAliveInterval int32 `json:"tcpKeepAliveInterval"` 664 TCPKeepAliveIdle int32 `json:"tcpKeepAliveIdle"` 665 TCPCongestion string `json:"tcpCongestion"` 666 TCPWindowClamp int32 `json:"tcpWindowClamp"` 667 TCPMaxSeg int32 `json:"tcpMaxSeg"` 668 TcpNoDelay bool `json:"tcpNoDelay"` 669 TCPUserTimeout int32 `json:"tcpUserTimeout"` 670 V6only bool `json:"v6only"` 671 Interface string `json:"interface"` 672 TcpMptcp bool `json:"tcpMptcp"` 673 } 674 675 // Build implements Buildable. 676 func (c *SocketConfig) Build() (*internet.SocketConfig, error) { 677 tfo := int32(0) // don't invoke setsockopt() for TFO 678 if c.TFO != nil { 679 switch v := c.TFO.(type) { 680 case bool: 681 if v { 682 tfo = 256 683 } else { 684 tfo = -1 // TFO need to be disabled 685 } 686 case float64: 687 tfo = int32(math.Min(v, math.MaxInt32)) 688 default: 689 return nil, newError("tcpFastOpen: only boolean and integer value is acceptable") 690 } 691 } 692 var tproxy internet.SocketConfig_TProxyMode 693 switch strings.ToLower(c.TProxy) { 694 case "tproxy": 695 tproxy = internet.SocketConfig_TProxy 696 case "redirect": 697 tproxy = internet.SocketConfig_Redirect 698 default: 699 tproxy = internet.SocketConfig_Off 700 } 701 702 dStrategy := internet.DomainStrategy_AS_IS 703 switch strings.ToLower(c.DomainStrategy) { 704 case "asis", "": 705 dStrategy = internet.DomainStrategy_AS_IS 706 case "useip": 707 dStrategy = internet.DomainStrategy_USE_IP 708 case "useipv4": 709 dStrategy = internet.DomainStrategy_USE_IP4 710 case "useipv6": 711 dStrategy = internet.DomainStrategy_USE_IP6 712 case "useipv4v6": 713 dStrategy = internet.DomainStrategy_USE_IP46 714 case "useipv6v4": 715 dStrategy = internet.DomainStrategy_USE_IP64 716 case "forceip": 717 dStrategy = internet.DomainStrategy_FORCE_IP 718 case "forceipv4": 719 dStrategy = internet.DomainStrategy_FORCE_IP4 720 case "forceipv6": 721 dStrategy = internet.DomainStrategy_FORCE_IP6 722 case "forceipv4v6": 723 dStrategy = internet.DomainStrategy_FORCE_IP46 724 case "forceipv6v4": 725 dStrategy = internet.DomainStrategy_FORCE_IP64 726 default: 727 return nil, newError("unsupported domain strategy: ", c.DomainStrategy) 728 } 729 730 return &internet.SocketConfig{ 731 Mark: c.Mark, 732 Tfo: tfo, 733 Tproxy: tproxy, 734 DomainStrategy: dStrategy, 735 AcceptProxyProtocol: c.AcceptProxyProtocol, 736 DialerProxy: c.DialerProxy, 737 TcpKeepAliveInterval: c.TCPKeepAliveInterval, 738 TcpKeepAliveIdle: c.TCPKeepAliveIdle, 739 TcpCongestion: c.TCPCongestion, 740 TcpWindowClamp: c.TCPWindowClamp, 741 TcpMaxSeg: c.TCPMaxSeg, 742 TcpNoDelay: c.TcpNoDelay, 743 TcpUserTimeout: c.TCPUserTimeout, 744 V6Only: c.V6only, 745 Interface: c.Interface, 746 TcpMptcp: c.TcpMptcp, 747 }, nil 748 } 749 750 type StreamConfig struct { 751 Network *TransportProtocol `json:"network"` 752 Security string `json:"security"` 753 TLSSettings *TLSConfig `json:"tlsSettings"` 754 REALITYSettings *REALITYConfig `json:"realitySettings"` 755 TCPSettings *TCPConfig `json:"tcpSettings"` 756 KCPSettings *KCPConfig `json:"kcpSettings"` 757 WSSettings *WebSocketConfig `json:"wsSettings"` 758 HTTPSettings *HTTPConfig `json:"httpSettings"` 759 DSSettings *DomainSocketConfig `json:"dsSettings"` 760 QUICSettings *QUICConfig `json:"quicSettings"` 761 SocketSettings *SocketConfig `json:"sockopt"` 762 GRPCConfig *GRPCConfig `json:"grpcSettings"` 763 GUNConfig *GRPCConfig `json:"gunSettings"` 764 HTTPUPGRADESettings *HttpUpgradeConfig `json:"httpupgradeSettings"` 765 } 766 767 // Build implements Buildable. 768 func (c *StreamConfig) Build() (*internet.StreamConfig, error) { 769 config := &internet.StreamConfig{ 770 ProtocolName: "tcp", 771 } 772 if c.Network != nil { 773 protocol, err := c.Network.Build() 774 if err != nil { 775 return nil, err 776 } 777 config.ProtocolName = protocol 778 } 779 switch strings.ToLower(c.Security) { 780 case "", "none": 781 case "tls": 782 tlsSettings := c.TLSSettings 783 if tlsSettings == nil { 784 tlsSettings = &TLSConfig{} 785 } 786 ts, err := tlsSettings.Build() 787 if err != nil { 788 return nil, newError("Failed to build TLS config.").Base(err) 789 } 790 tm := serial.ToTypedMessage(ts) 791 config.SecuritySettings = append(config.SecuritySettings, tm) 792 config.SecurityType = tm.Type 793 case "reality": 794 if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" { 795 return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.") 796 } 797 if c.REALITYSettings == nil { 798 return nil, newError(`REALITY: Empty "realitySettings".`) 799 } 800 ts, err := c.REALITYSettings.Build() 801 if err != nil { 802 return nil, newError("Failed to build REALITY config.").Base(err) 803 } 804 tm := serial.ToTypedMessage(ts) 805 config.SecuritySettings = append(config.SecuritySettings, tm) 806 config.SecurityType = tm.Type 807 case "xtls": 808 return nil, newError(`Please use VLESS flow "xtls-rprx-vision" with TLS or REALITY.`) 809 default: 810 return nil, newError(`Unknown security "` + c.Security + `".`) 811 } 812 if c.TCPSettings != nil { 813 ts, err := c.TCPSettings.Build() 814 if err != nil { 815 return nil, newError("Failed to build TCP config.").Base(err) 816 } 817 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 818 ProtocolName: "tcp", 819 Settings: serial.ToTypedMessage(ts), 820 }) 821 } 822 if c.KCPSettings != nil { 823 ts, err := c.KCPSettings.Build() 824 if err != nil { 825 return nil, newError("Failed to build mKCP config.").Base(err) 826 } 827 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 828 ProtocolName: "mkcp", 829 Settings: serial.ToTypedMessage(ts), 830 }) 831 } 832 if c.WSSettings != nil { 833 ts, err := c.WSSettings.Build() 834 if err != nil { 835 return nil, newError("Failed to build WebSocket config.").Base(err) 836 } 837 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 838 ProtocolName: "websocket", 839 Settings: serial.ToTypedMessage(ts), 840 }) 841 } 842 if c.HTTPSettings != nil { 843 ts, err := c.HTTPSettings.Build() 844 if err != nil { 845 return nil, newError("Failed to build HTTP config.").Base(err) 846 } 847 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 848 ProtocolName: "http", 849 Settings: serial.ToTypedMessage(ts), 850 }) 851 } 852 if c.DSSettings != nil { 853 ds, err := c.DSSettings.Build() 854 if err != nil { 855 return nil, newError("Failed to build DomainSocket config.").Base(err) 856 } 857 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 858 ProtocolName: "domainsocket", 859 Settings: serial.ToTypedMessage(ds), 860 }) 861 } 862 if c.QUICSettings != nil { 863 qs, err := c.QUICSettings.Build() 864 if err != nil { 865 return nil, newError("Failed to build QUIC config").Base(err) 866 } 867 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 868 ProtocolName: "quic", 869 Settings: serial.ToTypedMessage(qs), 870 }) 871 } 872 if c.GRPCConfig == nil { 873 c.GRPCConfig = c.GUNConfig 874 } 875 if c.GRPCConfig != nil { 876 gs, err := c.GRPCConfig.Build() 877 if err != nil { 878 return nil, newError("Failed to build gRPC config.").Base(err) 879 } 880 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 881 ProtocolName: "grpc", 882 Settings: serial.ToTypedMessage(gs), 883 }) 884 } 885 if c.HTTPUPGRADESettings != nil { 886 hs, err := c.HTTPUPGRADESettings.Build() 887 if err != nil { 888 return nil, newError("Failed to build HttpUpgrade config.").Base(err) 889 } 890 config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{ 891 ProtocolName: "httpupgrade", 892 Settings: serial.ToTypedMessage(hs), 893 }) 894 } 895 if c.SocketSettings != nil { 896 ss, err := c.SocketSettings.Build() 897 if err != nil { 898 return nil, newError("Failed to build sockopt").Base(err) 899 } 900 config.SocketSettings = ss 901 } 902 return config, nil 903 } 904 905 type ProxyConfig struct { 906 Tag string `json:"tag"` 907 908 // TransportLayerProxy: For compatibility. 909 TransportLayerProxy bool `json:"transportLayer"` 910 } 911 912 // Build implements Buildable. 913 func (v *ProxyConfig) Build() (*internet.ProxyConfig, error) { 914 if v.Tag == "" { 915 return nil, newError("Proxy tag is not set.") 916 } 917 return &internet.ProxyConfig{ 918 Tag: v.Tag, 919 TransportLayerProxy: v.TransportLayerProxy, 920 }, nil 921 }