* maxUploadSize -> scMaxEachPostBytes, default is 1MB on both sides (was 2MB on the server)
* minUploadIntervalMs -> scMinPostsIntervalMs, default is 30ms on the client (no server support for now)
* maxConcurrentUploads -> scMaxConcurrentPosts, default is 100 on both sides (was 200 on the server)
* maxUploadSize and maxConcurrentUploads can now be ranges on the client
* maxUploadSize is now enforced on the server
* the default of maxUploadSize is 2MB on the server, and 1MB on the client
* the default of maxConcurrentUploads is 200 on the server, and 100 on the client
* ranges on the server are treated as a single number. if server is configured as `"1-2"`, server will enforce `2`
* querystrings in `path` are now handled correctly
* Refactor log
* Add new log methods
* Fix logger test
* Change all logging code
* Clean up pathObj
* Rebase to latest main
* Remove invoking method name after the dot
* v5: Health Check & LeastLoad Strategy (rebased from 2c5a71490368500a982018a74a6d519c7e121816)
Some changes will be necessary to integrate it into V2Ray
* Update proto
* parse duration conf with time.Parse()
* moving health ping to observatory as a standalone component
* moving health ping to observatory as a standalone component: auto generated file
* add initialization for health ping
* incorporate changes in router implementation
* support principle target output
* add v4 json support for BurstObservatory & fix balancer reference
* update API command
* remove cancelled API
* return zero length value when observer is not found
* remove duplicated targeted dispatch
* adjust test with updated structure
* bug fix for observer
* fix strategy selector
* fix strategy least load
* Fix ticker usage
ticker.Close does not close ticker.C
* feat: Replace default Health Ping URL to HTTPS (#1991)
* fix selectLeastLoad() returns wrong number of nodes (#2083)
* Test: fix leastload strategy unit test
* fix(router): panic caused by concurrent map read and write (#2678)
* Clean up code
---------
Co-authored-by: Jebbs <qjebbs@gmail.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 世界 <i@sekai.icu>
Co-authored-by: Bernd Eichelberger <46166740+4-FLOSS-Free-Libre-Open-Source-Software@users.noreply.github.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: Rinka <kujourinka@gmail.com>
* feat: wireguard inbound
* feat(command): generate wireguard compatible keypair
* feat(wireguard): connection idle timeout
* fix(wireguard): close endpoint after connection closed
* fix(wireguard): resolve conflicts
* feat(wireguard): set cubic as default cc algorithm in gVisor TUN
* chore(wireguard): resolve conflict
* chore(wireguard): remove redurant code
* chore(wireguard): remove redurant code
* feat: rework server for gvisor tun
* feat: keep user-space tun as an option
* fix: exclude android from native tun build
* feat: auto kernel tun
* fix: build
* fix: regulate function name & fix test
* 增加 wireguard 出站选项 `resolveStrategy`.
* They become a part of you.
* 移除不必要的选项别名.
* aliases NG.
* 微调.
---------
Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
In the past, we use Starlark script, it is over engineered and barely used.
By switching to simple key value string contains logic we can reduce core size about 0.7MB
* Added tcp fragmentation for freedom outbound
* Added TCP_NODELAY to outbound sockopt
* Changed fragment parameters to accept ranges and changed strategy to use length
* Changed packetNumber to packets, supporting range.
* Refactored the freedom fragment logic
* Refine Write()
---------
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
In the past, when user open xtls vision on the server side, plain vless+tls can connect.
Pure tls is known to have certain tls in tls characters.
Now server need to specify "xtls-rprx-vision,none" for it be able usable on the same port.
* Add XTLS RPRX's Vision
* Add helpful warning when security is wrong
* Add XTLS padding (draft)
* Fix number of packet to filter
* Xtls padding version 1.0 and unpadding logic
* Fix UDP destination override
* Fix code style
* Fix fakedns object init
Do type convertion at runtime in case if user don't use fakedns in config.
Since dispatcher now depend on fakedns object, move the injection order of
fakedns to top (As a temporary solution)
* Amend logic for handing fakedns client
A map is used by server side when client turn on fakedns
Client will send domain address in the buffer.UDP.Address, server record all possible target IP addrs.
When target replies, server will restore the domain and send back to client.
Co-authored-by: hmol233 <82594500+hmol233@users.noreply.github.com>
* Increase some tls test timeout
* Fix TestUserValidator
* Change all tests to VMessAEAD
Old VMess MD5 tests will be rejected and fail in 2022
* Chore: auto format code
Add `enableConcurrency` option, false by default.
If it's set as `true`, start probing outbounds concurrently in every
circle of observation. Wait `probeInterval` between observation circles.
* verify peer cert function for better man in the middle prevention
* publish cert chain hash generation algorithm
* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb
* apply coding style
* added test case for pinned certificates
* refactored cert pin
* pinned cert test
* added json loading of the PinnedPeerCertificateChainSha256
* removed tool to prepare for v5
* Add server cert pinning for Xtls
Change command "xray tls certChainHash" to xray style
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
* use shadowsocket's bloomring for shadowsocket's replay protection
* added shadowsockets iv check for tcp socket
* Rename to shadowsockets iv check
* shadowsocks iv check config file
* iv check should proceed after decryption
* use shadowsocket's bloomring for shadowsocket's replay protection
* Chore: format code (#842)
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
* DNS: add clientip for specific nameserver
* Refactoring: DNS App
* DNS: add DNS over QUIC support
* Feat: add disableCache option for DNS
* Feat: add queryStrategy option for DNS
* Feat: add disableFallback & skipFallback option for DNS
* Feat: DNS hosts support multiple addresses
* Feat: DNS transport over TCP
* DNS: fix typo & refine code
* DNS: refine code
* Add disableFallbackIfMatch dns option
* Feat: routing and freedom outbound ignore Fake DNS
Turn off fake DNS for request sent from Routing and Freedom outbound.
Fake DNS now only apply to DNS outbound.
This is important for Android, where VPN service take over all system DNS
traffic and pass it to core. "UseIp" option can be used in Freedom outbound
to avoid getting fake IP and fail connection.
* Fix test
* Fix dns return
* Fix local dns return empty
* Apply timeout to dns outbound
* Update app/dns/config.go
Co-authored-by: Loyalsoldier <10487845+loyalsoldier@users.noreply.github.com>
Co-authored-by: Ye Zhihao <vigilans@foxmail.com>
Co-authored-by: maskedeken <52683904+maskedeken@users.noreply.github.com>
Co-authored-by: V2Fly Team <51714622+vcptr@users.noreply.github.com>
Co-authored-by: CalmLong <37164399+calmlong@users.noreply.github.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: 朱聖黎 <digglife@gmail.com>
Co-authored-by: rurirei <72071920+rurirei@users.noreply.github.com>
Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Co-authored-by: Arthur Morgan <4637240+badO1a5A90@users.noreply.github.com>
* Update all proto files with existing vprotogen
* Chore: remove protoc-gen-gofast
* Feat: vprotogen adds version detector to block generation code from old protobuf version
* Feat: vprotogen refine logic
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
