v25.7.25

Announcement of NFTs by Project X: https://github.com/XTLS/Xray-core/discussions/3633 Project X NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1 XHTTP: Beyond REALITY: https://github.com/XTLS/Xray-core/discussions/4113 REALITY NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2
Inbounds & Outbounds: TCP KeepAlive better default value (#4931 )
2025-08-23 01:56:48 +08:00 · 2025-07-25 12:08:00 +00:00 · 2025-07-25 12:06:05 +00:00 · 2025-07-25 10:18:26 +00:00 · 2025-07-25 07:11:35 +00:00
6 changed files with 60 additions and 35 deletions
--- a/core/core.go
+++ b/core/core.go
@@ -19,7 +19,7 @@ import (
 var (
 	Version_x byte = 25
 	Version_y byte = 7
-	Version_z byte = 24
+	Version_z byte = 25
 )
 var (
--- a/main/commands/all/tls/ping.go
+++ b/main/commands/all/tls/ping.go
@@ -122,13 +122,19 @@ func executePing(cmd *base.Command, args []string) {
 }
 func printCertificates(certs []*x509.Certificate) {
 	var leaf *x509.Certificate
 	var length int
 	for _, cert := range certs {
-		if len(cert.DNSNames) == 0 {
+		length += len(cert.Raw)
-			continue
+		if len(cert.DNSNames) != 0 {
 			leaf = cert
 		}
-		fmt.Println("Cert's signature algorithm: ", cert.SignatureAlgorithm.String())
+	}
-		fmt.Println("Cert's publicKey algorithm: ", cert.PublicKeyAlgorithm.String())
+	fmt.Println("Certificate chain's total length: ", length, "(certs count: "+strconv.Itoa(len(certs))+")")
-		fmt.Println("Cert's allowed domains: ", cert.DNSNames)
+	if leaf != nil {
 		fmt.Println("Cert's signature algorithm: ", leaf.SignatureAlgorithm.String())
 		fmt.Println("Cert's publicKey algorithm: ", leaf.PublicKeyAlgorithm.String())
 		fmt.Println("Cert's allowed domains: ", leaf.DNSNames)
 	}
 }
--- a/transport/internet/reality/reality.go
+++ b/transport/internet/reality/reality.go
@@ -77,7 +77,8 @@ func (c *UConn) HandshakeAddress() net.Address {
 func (c *UConn) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 	if c.Config.Show {
 		localAddr := c.LocalAddr().String()
-		fmt.Printf("REALITY localAddr: %v\tis using X25519MLKEM768 for TLS' communication: %v\n", localAddr, c.HandshakeState.ServerHello.SelectedGroup == utls.X25519MLKEM768)
+		curveID := *(*utls.CurveID)(unsafe.Pointer(reflect.ValueOf(c).Elem().FieldByName("curveID").UnsafeAddr()))
 		fmt.Printf("REALITY localAddr: %v\tis using X25519MLKEM768 for TLS' communication: %v\n", localAddr, curveID == utls.X25519MLKEM768)
 		fmt.Printf("REALITY localAddr: %v\tis using ML-DSA-65 for cert's extra verification: %v\n", localAddr, len(c.Config.Mldsa65Verify) > 0)
 	}
 	p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates")
--- a/transport/internet/sockopt_linux.go
+++ b/transport/internet/sockopt_linux.go
@@ -64,26 +64,6 @@ func applyOutboundSocketOptions(network string, address string, fd uintptr, conf
 			}
 		}
 		if config.TcpKeepAliveInterval > 0 || config.TcpKeepAliveIdle > 0 {
 			if config.TcpKeepAliveInterval > 0 {
 				if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_KEEPINTVL, int(config.TcpKeepAliveInterval)); err != nil {
 					return errors.New("failed to set TCP_KEEPINTVL", err)
 				}
 			}
 			if config.TcpKeepAliveIdle > 0 {
 				if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_KEEPIDLE, int(config.TcpKeepAliveIdle)); err != nil {
 					return errors.New("failed to set TCP_KEEPIDLE", err)
 				}
 			}
 			if err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_KEEPALIVE, 1); err != nil {
 				return errors.New("failed to set SO_KEEPALIVE", err)
 			}
 		} else if config.TcpKeepAliveInterval < 0 || config.TcpKeepAliveIdle < 0 {
 			if err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_KEEPALIVE, 0); err != nil {
 				return errors.New("failed to unset SO_KEEPALIVE", err)
 			}
 		}
 		if config.TcpCongestion != "" {
 			if err := syscall.SetsockoptString(int(fd), syscall.SOL_TCP, syscall.TCP_CONGESTION, config.TcpCongestion); err != nil {
 				return errors.New("failed to set TCP_CONGESTION", err)
--- a/transport/internet/system_dialer.go
+++ b/transport/internet/system_dialer.go
@@ -3,6 +3,7 @@ package internet
 import (
 	"context"
 	"math/rand"
 	gonet "net"
 	"syscall"
 	"time"
@@ -87,14 +88,34 @@ func (d *DefaultSystemDialer) Dial(ctx context.Context, src net.Address, dest ne
 			Dest: destAddr,
 		}, nil
 	}
-	goStdKeepAlive := time.Duration(0)
+	// Chrome defaults
-	if sockopt != nil && (sockopt.TcpKeepAliveInterval != 0 || sockopt.TcpKeepAliveIdle != 0) {
+	keepAliveConfig := gonet.KeepAliveConfig{
-		goStdKeepAlive = time.Duration(-1)
+		Enable:   true,
 		Idle:     45 * time.Second,
 		Interval: 45 * time.Second,
 		Count:    -1,
 	}
 	keepAlive := time.Duration(0)
 	if sockopt != nil {
 		if sockopt.TcpKeepAliveIdle*sockopt.TcpKeepAliveInterval < 0 {
 			return nil, errors.New("invalid TcpKeepAliveIdle or TcpKeepAliveInterval value: ", sockopt.TcpKeepAliveIdle, " ", sockopt.TcpKeepAliveInterval)
 		}
 		if sockopt.TcpKeepAliveIdle < 0 || sockopt.TcpKeepAliveInterval < 0 {
 			keepAlive = -1
 			keepAliveConfig.Enable = false
 		}
 		if sockopt.TcpKeepAliveIdle > 0 {
 			keepAliveConfig.Idle = time.Duration(sockopt.TcpKeepAliveIdle) * time.Second
 		}
 		if sockopt.TcpKeepAliveInterval > 0 {
 			keepAliveConfig.Interval = time.Duration(sockopt.TcpKeepAliveInterval) * time.Second
 		}
 	}
 	dialer := &net.Dialer{
-		Timeout:   time.Second * 16,
+		Timeout:         time.Second * 16,
-		LocalAddr: resolveSrcAddr(dest.Network, src),
+		LocalAddr:       resolveSrcAddr(dest.Network, src),
-		KeepAlive: goStdKeepAlive,
+		KeepAlive:       keepAlive,
 		KeepAliveConfig: keepAliveConfig,
 	}
 	if sockopt != nil || len(d.controllers) > 0 {
--- a/transport/internet/system_listener.go
+++ b/transport/internet/system_listener.go
@@ -2,6 +2,7 @@ package internet
 import (
 	"context"
 	gonet "net"
 	"os"
 	"runtime"
 	"strconv"
@@ -88,9 +89,25 @@ func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *S
 		network = addr.Network()
 		address = addr.String()
 		lc.Control = getControlFunc(ctx, sockopt, dl.controllers)
 		// default disable keepalive
 		lc.KeepAlive = -1
 		if sockopt != nil {
-			if sockopt.TcpKeepAliveInterval != 0 || sockopt.TcpKeepAliveIdle != 0 {
+			if sockopt.TcpKeepAliveIdle*sockopt.TcpKeepAliveInterval < 0 {
-				lc.KeepAlive = time.Duration(-1)
+				return nil, errors.New("invalid TcpKeepAliveIdle or TcpKeepAliveInterval value: ", sockopt.TcpKeepAliveIdle, " ", sockopt.TcpKeepAliveInterval)
 			}
 			lc.KeepAliveConfig = gonet.KeepAliveConfig{
 				Enable:   false,
 				Idle:     -1,
 				Interval: -1,
 				Count:    -1,
 			}
 			if sockopt.TcpKeepAliveIdle > 0 {
 				lc.KeepAliveConfig.Enable = true
 				lc.KeepAliveConfig.Idle = time.Duration(sockopt.TcpKeepAliveIdle) * time.Second
 			}
 			if sockopt.TcpKeepAliveInterval > 0 {
 				lc.KeepAliveConfig.Enable = true
 				lc.KeepAliveConfig.Interval = time.Duration(sockopt.TcpKeepAliveInterval) * time.Second
 			}
 			if sockopt.TcpMptcp {
 				lc.SetMultipathTCP(true)
Author	SHA1	Message	Date
RPRX	1aebc84eaa	v25.7.25 Announcement of NFTs by Project X: https://github.com/XTLS/Xray-core/discussions/3633 Project X NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1 XHTTP: Beyond REALITY: https://github.com/XTLS/Xray-core/discussions/4113 REALITY NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2	2025-07-25 12:08:00 +00:00
风扇滑翔翼	eb433d9462	Inbounds & Outbounds: TCP KeepAlive better default value (#4931 ) From https://github.com/XTLS/Xray-core/pull/4927	2025-07-25 12:06:05 +00:00
风扇滑翔翼	87d8b97d9a	Commands: Output certificate chain's total length in `tls ping` (#4933 ) Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>	2025-07-25 10:18:26 +00:00
风扇滑翔翼	9d15ecf1f9	REALITY client: Fix log when printing "is using X25519MLKEM768..." (#4929 )	2025-07-25 07:11:35 +00:00