enoch/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-08-22 01:26:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add Close() for ServerInstance; Fix server's nonce overflow

Browse Source 
https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3180075690
5c61142048 (r163855798)
This commit is contained in:
RPRX
2025-08-12 17:07:57 +00:00
committed by GitHub
parent 5c61142048
commit 23d7aad461
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
proxy/vless/encryption/server.go
View File

@@ -28,6 +28,7 @@ type ServerInstance struct {
xor uint32 xor uint32
minutes time.Duration minutes time.Duration
sessions map[[21]byte]*ServerSession sessions map[[21]byte]*ServerSession
closed bool
} }
type ServerConn struct { type ServerConn struct {
@@ -57,6 +58,10 @@ func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Durat
time.Sleep(time.Minute) time.Sleep(time.Minute)
now := time.Now() now := time.Now()
i.Lock() i.Lock()
if i.closed {
i.Unlock()
return
}
for ticket, session := range i.sessions { for ticket, session := range i.sessions {
if now.After(session.expire) { if now.After(session.expire) {
delete(i.sessions, ticket) delete(i.sessions, ticket)
@@ -69,6 +74,13 @@ func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Durat
return return
} }
func (i *ServerInstance) Close() (err error) {
i.Lock()
i.closed = true
i.Unlock()
return
}
func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) { func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
if i.nfsDKey == nil { if i.nfsDKey == nil {
return nil, errors.New("uninitialized") return nil, errors.New("uninitialized")
@@ -215,7 +227,7 @@ func (c *ServerConn) Read(b []byte) (int, error) {
} }
var peerAead cipher.AEAD var peerAead cipher.AEAD
if bytes.Equal(c.peerNonce, MaxNonce) { if bytes.Equal(c.peerNonce, MaxNonce) {
peerAead = NewAead(ClientCipher, c.baseKey, peerData, peerHeader) peerAead = NewAead(c.cipher, c.baseKey, peerData, peerHeader)
} }
_, err = c.peerAead.Open(dst[:0], c.peerNonce, peerData, peerHeader) _, err = c.peerAead.Open(dst[:0], c.peerNonce, peerData, peerHeader)
if peerAead != nil { if peerAead != nil {
@@ -258,7 +270,7 @@ func (c *ServerConn) Write(b []byte) (int, error) {
EncodeHeader(data, len(b)+16) EncodeHeader(data, len(b)+16)
c.aead.Seal(data[:5], c.nonce, b, data[:5]) c.aead.Seal(data[:5], c.nonce, b, data[:5])
if bytes.Equal(c.nonce, MaxNonce) { if bytes.Equal(c.nonce, MaxNonce) {
c.aead = NewAead(ClientCipher, c.baseKey, data[5:], data[:5]) c.aead = NewAead(c.cipher, c.baseKey, data[5:], data[:5])
} }
} }
IncreaseNonce(c.nonce) IncreaseNonce(c.nonce)

3
proxy/vless/inbound/inbound.go
View File

@@ -170,6 +170,9 @@ func isMuxAndNotXUDP(request *protocol.RequestHeader, first *buf.Buffer) bool {
// Close implements common.Closable.Close(). // Close implements common.Closable.Close().
func (h *Handler) Close() error { func (h *Handler) Close() error {
if h.decryption != nil {
h.decryption.Close()
}
return errors.Combine(common.Close(h.validator)) return errors.Combine(common.Close(h.validator))
} }