VLESS XTLS 2

infra/conf/vless.go

@@ -48,9 +48,13 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
 			return nil, newError(`VLESS clients: invalid user`).Base(err)
 		}
 
-		if account.Flow != "" {
-			return nil, newError(`VLESS clients: "flow" is not available in this version`)
+		switch account.Flow {
+		case "":
+		case "xtls-rprx-origin":
+		default:
+			return nil, newError(`VLESS clients: "flow" only accepts "" or "xtls-rprx-origin" in this version`)
 		}
+
 		if account.Encryption != "" {
 			return nil, newError(`VLESS clients: "encryption" should not in inbound settings`)
 		}
@@ -161,9 +165,13 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
 				return nil, newError(`VLESS users: invalid user`).Base(err)
 			}
 
-			if account.Flow != "" {
-				return nil, newError(`VLESS users: "flow" is not available in this version`)
+			switch account.Flow {
+			case "":
+			case "xtls-rprx-origin":
+			default:
+				return nil, newError(`VLESS users: "flow" only accepts "" or "xtls-rprx-origin" in this version`)
 			}
+
 			if account.Encryption != "none" {
 				return nil, newError(`VLESS users: please add/set "encryption":"none" for every user`)
 			}

infra/conf/vless_test.go

@@ -26,6 +26,7 @@ func TestVLessOutbound(t *testing.T) {
 					"users": [
 						{
 							"id": "27848739-7e62-4138-9fd3-098a63964b6b",
+							"flow": "xtls-rprx-origin",
 							"encryption": "none",
 							"level": 0
 						}
@@ -46,6 +47,7 @@ func TestVLessOutbound(t *testing.T) {
 							{
 								Account: serial.ToTypedMessage(&vless.Account{
 									Id:         "27848739-7e62-4138-9fd3-098a63964b6b",
+									Flow:       "xtls-rprx-origin",
 									Encryption: "none",
 								}),
 								Level: 0,
@@ -69,6 +71,7 @@ func TestVLessInbound(t *testing.T) {
 				"clients": [
 					{
 						"id": "27848739-7e62-4138-9fd3-098a63964b6b",
+						"flow": "xtls-rprx-origin",
 						"level": 0,
 						"email": "[email protected]"
 					}
@@ -94,7 +97,8 @@ func TestVLessInbound(t *testing.T) {
 				Clients: []*protocol.User{
 					{
 						Account: serial.ToTypedMessage(&vless.Account{
-							Id: "27848739-7e62-4138-9fd3-098a63964b6b",
+							Id:   "27848739-7e62-4138-9fd3-098a63964b6b",
+							Flow: "xtls-rprx-origin",
 						}),
 						Level: 0,
 						Email: "[email protected]",

proxy/vless/encoding/addons.go

@@ -7,13 +7,20 @@ import (
 
 	"github.com/golang/protobuf/proto"
 
+	"v2ray.com/core/common"
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/protocol"
 )
 
 func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error {
 
 	switch addons.Flow {
+	case "xtls-rprx-origin":
+
+		bytes := common.Must2(proto.Marshal(addons)).([]byte)
+		common.Must(buffer.WriteByte(byte(len(bytes))))
+		common.Must2(buffer.Write(bytes))
+
 	default:
 
 		if err := buffer.WriteByte(0); err != nil {

proxy/vless/inbound/inbound.go

@@ -376,6 +376,38 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 	}
 	inbound.User = request.User
 
+	account := request.User.Account.(*vless.MemoryAccount)
+
+	responseAddons := &encoding.Addons{
+		//Flow: requestAddons.Flow,
+	}
+
+	if requestAddons.Flow == "xtls-rprx-origin" {
+		if account.Flow == requestAddons.Flow {
+			switch request.Command {
+			case protocol.RequestCommandMux:
+				return newError("xtls-rprx-origin doesn't support Mux").AtWarning()
+			case protocol.RequestCommandUDP:
+				if request.Port == 443 {
+					return newError("xtls-rprx-origin stopped 443 UDP").AtWarning()
+				}
+			case protocol.RequestCommandTCP:
+				iConn := connection
+				if statConn, ok := iConn.(*internet.StatCouterConnection); ok {
+					iConn = statConn.Connection
+				}
+				if tlsConn, ok := iConn.(*tls.Conn); ok {
+					tlsConn.RPRX = true
+					//tlsConn.SHOW = true
+				} else {
+					return newError("failed to use xtls-rprx-origin").AtWarning()
+				}
+			}
+		} else {
+			return newError(account.ID.String(), " is not able to use xtls-rprx-origin").AtWarning()
+		}
+	}
+
 	if request.Command != protocol.RequestCommandMux {
 		ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
 			From:   connection.RemoteAddr(),
@@ -416,10 +448,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 	getResponse := func() error {
 		defer timer.SetTimeout(sessionPolicy.Timeouts.UplinkOnly)
 
-		responseAddons := &encoding.Addons{
-			Flow: requestAddons.Flow,
-		}
-
 		bufferWriter := buf.NewBufferedWriter(buf.NewWriter(connection))
 		if err := encoding.EncodeResponseHeader(bufferWriter, request, responseAddons); err != nil {
 			return newError("failed to encode response header").Base(err).AtWarning()

proxy/vless/outbound/outbound.go

@@ -22,6 +22,7 @@ import (
 	"v2ray.com/core/proxy/vless/encoding"
 	"v2ray.com/core/transport"
 	"v2ray.com/core/transport/internet"
+	"v2ray.com/core/transport/internet/tls"
 )
 
 func init() {
@@ -108,6 +109,28 @@ func (v *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		Flow: account.Flow,
 	}
 
+	if requestAddons.Flow == "xtls-rprx-origin" {
+		switch request.Command {
+		case protocol.RequestCommandMux:
+			return newError("xtls-rprx-origin doesn't support Mux").AtWarning()
+		case protocol.RequestCommandUDP:
+			if request.Port == 443 {
+				return newError("xtls-rprx-origin stopped 443 UDP").AtWarning()
+			}
+		case protocol.RequestCommandTCP:
+			iConn := conn
+			if statConn, ok := iConn.(*internet.StatCouterConnection); ok {
+				iConn = statConn.Connection
+			}
+			if tlsConn, ok := iConn.(*tls.Conn); ok {
+				tlsConn.RPRX = true
+				//tlsConn.SHOW = true
+			} else {
+				return newError("failed to use xtls-rprx-origin").AtWarning()
+			}
+		}
+	}
+
 	sessionPolicy := v.policyManager.ForLevel(request.User.Level)
 	ctx, cancel := context.WithCancel(ctx)
 	timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)