2 years ago · c04c333afc
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@@ -700,7 +700,9 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 
				 		}
			
 
				 		config.ProtocolName = protocol
			
 
				 	}
			
 
				-	if strings.EqualFold(c.Security, "tls") {
			
 
				+	switch strings.ToLower(c.Security) {
			
 
				+	case "", "none":
			
 
				+	case "tls":
			
 
				 		tlsSettings := c.TLSSettings
			
 
				 		if tlsSettings == nil {
			
 
				 			tlsSettings = &TLSConfig{}
			
@@ -712,8 +714,7 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 
				 		tm := serial.ToTypedMessage(ts)
			
 
				 		config.SecuritySettings = append(config.SecuritySettings, tm)
			
 
				 		config.SecurityType = tm.Type
			
 
				-	}
			
 
				-	if strings.EqualFold(c.Security, "reality") {
			
 
				+	case "reality":
			
 
				 		if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" {
			
 
				 			return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.")
			
 
				 		}
			
@@ -727,6 +728,10 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 
				 		tm := serial.ToTypedMessage(ts)
			
 
				 		config.SecuritySettings = append(config.SecuritySettings, tm)
			
 
				 		config.SecurityType = tm.Type
			
 
				+	case "xtls":
			
 
				+		return nil, newError(`Please use VLESS flow "xtls-rprx-vision" with TLS or REALITY.`)
			
 
				+	default:
			
 
				+		return nil, newError(`Unknown security "` + c.Security + `".`)
			
 
				 	}
			
 
				 	if c.TCPSettings != nil {
			
 
				 		ts, err := c.TCPSettings.Build()
			
--- a/infra/conf/vless.go
+++ b/infra/conf/vless.go
@@ -4,7 +4,6 @@ import (
 
				 	"encoding/json"
			
 
				 	"runtime"
			
 
				 	"strconv"
			
 
				-	"strings"
			
 
				 	"syscall"
			
 
				 
			
 
				 	"github.com/golang/protobuf/proto"
			
@@ -53,15 +52,7 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
 
				 		}
			
 
				 		account.Id = u.String()
			
 
				 
			
 
				-		accountFlow := account.Flow
			
 
				-		flows := strings.Split(account.Flow, ",")
			
 
				-		for _, f := range flows {
			
 
				-			t := strings.TrimSpace(f)
			
 
				-			if t != "none" {
			
 
				-				accountFlow = t
			
 
				-			}
			
 
				-		}
			
 
				-		switch accountFlow {
			
 
				+		switch account.Flow {
			
 
				 		case "", vless.XRV:
			
 
				 		default:
			
 
				 			return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`)
			
--- a/proxy/vless/inbound/inbound.go
+++ b/proxy/vless/inbound/inbound.go
@@ -450,20 +450,10 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 
				 	var rawConn syscall.RawConn
			
 
				 	var input *bytes.Reader
			
 
				 	var rawInput *bytes.Buffer
			
 
				-	allowNoneFlow := false
			
 
				-	accountFlow := account.Flow
			
 
				-	flows := strings.Split(account.Flow, ",")
			
 
				-	for _, f := range flows {
			
 
				-		t := strings.TrimSpace(f)
			
 
				-		if t == "none" {
			
 
				-			allowNoneFlow = true
			
 
				-		} else {
			
 
				-			accountFlow = t
			
 
				-		}
			
 
				-	}
			
 
				+
			
 
				 	switch requestAddons.Flow {
			
 
				 	case vless.XRV:
			
 
				-		if accountFlow == requestAddons.Flow {
			
 
				+		if account.Flow == requestAddons.Flow {
			
 
				 			switch request.Command {
			
 
				 			case protocol.RequestCommandMux:
			
 
				 				return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
			
@@ -503,10 +493,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 
				 		} else {
			
 
				 			return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
			
 
				 		}
			
 
				-	case "", "none":
			
 
				-		if accountFlow == vless.XRV && !allowNoneFlow && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) {
			
 
				-			return newError(account.ID.String() + " is not able to use " + vless.XRV +
			
 
				-				". Note the pure tls proxy has certain tls in tls characters. Append \",none\" in flow to suppress").AtWarning()
			
 
				+	case "":
			
 
				+		if account.Flow == vless.XRV && (request.Command == protocol.RequestCommandTCP || isMuxAndNotXUDP(request, first)) {
			
 
				+			return newError(account.ID.String() + " is not able to use \"\". Note that the pure TLS proxy has certain TLS in TLS characters.").AtWarning()
			
 
				 		}
			
 
				 	default:
			
 
				 		return newError("unknown request flow " + requestAddons.Flow).AtWarning()
			
@@ -557,7 +546,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
 
				 			// TODO enable splice
			
 
				 			ctx = session.ContextWithInbound(ctx, nil)
			
 
				 			err = encoding.XtlsRead(clientReader, serverWriter, timer, netConn, rawConn, input, rawInput, counter, ctx, account.ID.Bytes(),
			
 
				-			&numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello)
			
 
				+				&numberOfPacketToFilter, &enableXtls, &isTLS12orAbove, &isTLS, &cipher, &remainingServerHello)
			
 
				 		} else {
			
 
				 			// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
			
 
				 			err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer))