fix websocket alpn correctly on utls #590

sJJdGG · 2023-05-04T12:34:28Z

based on PR XTLS/Xray-core#1256

please read the origin PR for complete description.

credits: @HirbodBehnam

Fixes utls not setting alpn correctly when using utls.

Could be a major filtering hazard.

Also without this fix connection is not established when using CDN (as alpn is not set correctly).

Logs are based on using CF as CDN.

client config:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "route": {
    "geoip": {
      "path": "geoip.db",
      "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db"
    },
    "geosite": {
      "path": "geosite.db",
      "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db"
    },
    "rules": [
      {
        "geosite": ["cn", "private"],
        "outbound": "direct"
      },
      {
        "geoip": ["cn", "private"],
        "outbound": "direct"
      }
    ]
  },
  "inbounds": [
    {
      "type": "mixed",
      "tag": "mixed-in",
      "listen": "::",
      "listen_port": 10000,
      "domain_strategy": "ipv4_only",
      "tcp_fast_open": true,
      "sniff": true,
      "sniff_override_destination": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "proxy",
      "server": "sudbdomain.domain.tld",
      "server_port": 443,
      "uuid": "c74ffa38-ea77-11ed-9c46-d7588d9ee022",
      "flow": "",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "sudbdomain.domain.tld",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      },
      "packet_encoding": "xudp",
      "transport": {
        "type": "ws",
        "path": "/testing",
        "early_data_header_name": "Sec-WebSocket-Protocol",
        "headers": {
          "Host": "sudbdomain.domain.tld"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    }
  ]
}

without setting utls object in client config:

sjjd@GG:~/code/sing/sing-box/cmd/sing-box$ ./sing-box run -c config_client.json 
+0330 2023-05-04 15:53:07 INFO router: using vless[proxy] as default outbound for connection
+0330 2023-05-04 15:53:07 INFO router: using direct[direct] as default outbound for packet connection
+0330 2023-05-04 15:53:07 WARN router: geoip database not exists: geoip.db
+0330 2023-05-04 15:53:07 INFO router: downloading geoip database
+0330 2023-05-04 15:53:07 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:53:08 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:53:09 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:53:10 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:53:23 INFO router: loaded geoip database: 259 codes
+0330 2023-05-04 15:53:23 WARN router: geosite database not exists: geosite.db
+0330 2023-05-04 15:53:23 INFO router: downloading geosite database
+0330 2023-05-04 15:53:23 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:53:24 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:53:25 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:53:25 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:53:30 INFO router: loaded geosite database: 1385 codes
+0330 2023-05-04 15:53:31 INFO inbound/mixed[mixed-in]: tcp server started at [::]:10000
+0330 2023-05-04 15:53:31 INFO sing-box started (23.422s)

With utls, without this fix:

sjjd@GG:~/code/sing/sing-box/cmd/sing-box$ ./sing-box run -c config_client.json 
+0330 2023-05-04 15:19:25 INFO router: using vless[proxy] as default outbound for connection
+0330 2023-05-04 15:19:25 INFO router: using direct[direct] as default outbound for packet connection
+0330 2023-05-04 15:19:25 WARN router: geoip database not exists: geoip.db
+0330 2023-05-04 15:19:25 INFO router: downloading geoip database
+0330 2023-05-04 15:19:25 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:19:26 ERROR router: download geoip database: Get "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db": malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x01\x00\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+0330 2023-05-04 15:19:26 INFO router: downloading geoip database
+0330 2023-05-04 15:19:26 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:19:27 ERROR router: download geoip database: Get "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db": malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x01\x00\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+0330 2023-05-04 15:19:27 INFO router: downloading geoip database
+0330 2023-05-04 15:19:27 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:19:28 ERROR router: download geoip database: Get "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db": malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x01\x00\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
FATAL[0002] start service: Get "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db": malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x01\x00\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
sjjd@GG:~/code/sing/sing-box/cmd/sing-box$

with utls, with this fix:

sjjd@GG:~/code/sing/sing-box/cmd/sing-box$ ./sing-box run -c config_client.json 
+0330 2023-05-04 15:46:58 INFO router: using vless[proxy] as default outbound for connection
+0330 2023-05-04 15:46:58 INFO router: using direct[direct] as default outbound for packet connection
+0330 2023-05-04 15:46:58 WARN router: geoip database not exists: geoip.db
+0330 2023-05-04 15:46:58 INFO router: downloading geoip database
+0330 2023-05-04 15:46:58 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:46:59 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:47:00 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:47:00 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:47:04 INFO router: loaded geoip database: 259 codes
+0330 2023-05-04 15:47:04 WARN router: geosite database not exists: geosite.db
+0330 2023-05-04 15:47:04 INFO router: downloading geosite database
+0330 2023-05-04 15:47:04 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:47:05 INFO outbound/vless[proxy]: outbound connection to github.com:443
+0330 2023-05-04 15:47:06 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:47:06 INFO outbound/vless[proxy]: outbound connection to objects.githubusercontent.com:443
+0330 2023-05-04 15:47:09 INFO router: loaded geosite database: 1385 codes
+0330 2023-05-04 15:47:11 INFO inbound/mixed[mixed-in]: tcp server started at [::]:10000
+0330 2023-05-04 15:47:11 INFO sing-box started (12.322s)

Signed-off-by: wwqgtxx <wwqgtxx@gmail.com>

nekohasekai added 30 commits April 22, 2023 19:51

Add dns reverse mapping

b5d2062

Add L3 routing support

a86afa0

Add fakeip support

cbf0099

Add multi-peer support for wireguard outbound

f98cfdf

clash api: download clash-dashboard if external-ui directory is empty

eb57cbc

clash-api: Add Clash.Meta APIs

be00e19

Use HTTPS URLTest source

c6fc411

Fix wireguard reconnect

cc94dfa

URLTest improvements

81c4312

Add headers option for HTTP outbound

4dbf958

shadowsocks: Multi-user support for legacy AEAD inbound

c0d6dde

Signed-off-by: wwqgtxx <wwqgtxx@gmail.com>

Add deadline interface

988d733

Update badtls

922acce

Improve VLESS request

73e72e9

Ignore system tun stack bind interface error

2e98777

Update wireguard-go

f61c560

Improve multiplex

9c28709

Add filemanager api

ccb872a

Add debug http server

f568bb9

Update gVisor to 20230417.0

d8810b6

Improve multiplex

8545e41

documentation: Update changelog

bec606e

Migrate multiplex to library

6b64ebd

Add multiplexer for VLESS outbound

50827bc

clash-api: Reset outbounds in DELETE /connections

26bfcbd

Improve direct copy

3765785

Fix h2mux buffer to large

e3286d6

Fix documentation

2a76b8f

Improve DNS caching

7050011

Fix cached packets order

955028d

nekohasekai force-pushed the dev-next branch 7 times, most recently from 44e78fe to 83c3454 Compare June 15, 2023 06:52

nekohasekai force-pushed the dev-next branch 3 times, most recently from cbf6133 to 9d75385 Compare July 8, 2023 08:21

nekohasekai force-pushed the dev-next branch 3 times, most recently from d2e2372 to 6879def Compare July 11, 2023 07:44

nekohasekai force-pushed the dev-next branch from 796e451 to e0058ca Compare July 20, 2023 11:59

nekohasekai force-pushed the dev-next branch 15 times, most recently from ec11e99 to 404f8d9 Compare August 4, 2023 13:19

sJJdGG closed this Aug 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix websocket alpn correctly on utls #590

fix websocket alpn correctly on utls #590

sJJdGG commented May 4, 2023

fix websocket alpn correctly on utls #590

fix websocket alpn correctly on utls #590

Conversation

sJJdGG commented May 4, 2023