Add delay_auth_write to Socks5 Client Advanced Config #2933
Conversation
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #2933 +/- ##
==========================================
- Coverage 35.60% 35.59% -0.02%
==========================================
Files 729 729
Lines 41596 41612 +16
==========================================
Hits 14812 14812
- Misses 25149 25167 +18
+ Partials 1635 1633 -2 ☔ View full report in Codecov by Sentry. |
|
I have seen a lots of comment about people falsely accusing V2Ray's implementation of socks5 is wrong by sending socks hello packet and socks auth packet together and not waiting for server side reply. This is not true, and my decision to include this workaround is not a concession to their claim, but simply as a way to make life easier for users. In TCP, the receiver should never assume the message boundary are preserved, and should adherence to the protocol's framing method. The client are supposed to be able to use protocol pipelining to reduce the amount of roundtrip required to finish any operation when possible. When a server does failed to correctly frame the messages and the client send a combined message with protocol pipelining, the server will failed to parse the messages correctly. This is strictly server's fault of inability to process TCP message correctly, and using TCP socket as if it is a SCTP socket. But this is not how some people determine who is at fault here, their mindset is simple... If we couldn't get the server to change its behavior, then we must get the client to change its behavior. And if someone is wrong, then it better be the one that could change the behavior to be wrong, otherwise it won't work because I could not get the more stubborn party to change their behavior. This is how they survive, and they are not wrong in the way they can only demand and pressure the party that are more friendly to them to change, but they are wrong that they have to accuse that the more friendly party is wrong to get them to help them. We call this workaround, the one doing a right thing to get around the wrong thing other people are doing. The more flexible and more friendly party can help you to get things working not because they are wrong, but they want your life to be better. I didn't merge the previous suggest change from contributor, not because I insist I would only change if I am wrong, but simply because the purposed change does not match the quality standard of the project. And as today I some free time and energy, I wrote a workaround that does not compromise the code quality and design objective of project. When you are seeing injustice and abnormality from someone or something you couldn't change, work around it, keep remembering what is right and what is normal. The light within you will guide you, and don't let it submerged by sands. |
|
how to use? |
It doesn't seem to work. |
Could you please at least provide error message? I was unable to determine the exact cause of error without more detailed information. |
|
請問這個命令列該如何啟用? |
This is an advanced configuration option, please ask the respective application developer to support it in their application. v2rayN, gost are all application developed by third party developers and we are unable to provide support for their application. If you couldn't use this option in the most recent v2ray-core with jsonv5 configuration format, please let me know. |
|
@xiaokangwang {
"type": "field",
"inboundTag": [
"vmess-inbound"
],
"outboundTag": "socks5-outbound"
}in routing rules. i got I saw this page and add "protocol": "#v2ray.core.proxy.socks.ClientConfig" and "version": "SOCKS5" is work? my server config is below: // Config file of V2Ray. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
// https://www.v2fly.org/
{
"log": {
// By default, V2Ray writes access log to stdout.
// "access": "/path/to/access/log/file",
// By default, V2Ray write error log to stdout.
// "error": "/path/to/error/log/file",
// Log level, one of "debug", "info", "warning", "error", "none"
"loglevel": "warning"
},
// List of inbound proxy configurations.
"inbounds": [
{
// Port to listen on. You may need root access if the value is less than 1024.
"port": 83,
// IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
"listen": "0.0.0.0",
// Tag of the inbound proxy. May be used for routing.
"tag": "vmess-inbound",
// Protocol name of inbound proxy.
"protocol": "vmess",
// Settings of the protocol. Varies based on protocol.
"settings": {
/*"auth": "password",
"udp": false,
"ip": "127.0.0.1",
"accounts": [
{
"user": "in",
"pass": "lxxxq"
}
]*/
"clients": [
{
"id": "d9c247b8-fe0e-432c-afad-993680f3749b",
"alterId": 64,
"security": "auto"
}
]
},
// Enable sniffing on TCP connection.
"sniffing": {
"enabled": true,
// Target domain will be overriden to the one carried by the connection, if the connection is HTTP or HTTPS.
"destOverride": [
"http",
"tls"
]
}
}
],
// List of outbound proxy configurations.
"outbounds": [
{
// Protocol name of the outbound proxy.
"protocol": "freedom",
// Settings of the protocol. Varies based on protocol.
"settings": {},
// Tag of the outbound. May be used for routing.
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "socks",
"tag": "socks5-outbound",
"proxySettings": {
"tag": "overlay",
"transportLayer": true
},
"settings": {
"servers": [
{
"address": "107.150.127.116",
"port": 2333,
"user": [
{
"account": {
"@type": "v2ray.core.proxy.socks.Account",
"username": "------",
"password": "------"
}
}
}
],
// "version": "SOCKS5",
"delay_auth_write": true
}
}
],
// Transport is for global transport settings. If you have multiple transports with same settings
// (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
//"transport": {},
// Routing controls how traffic from inbounds are sent to outbounds.
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
// Blocks access to private IPs. Remove this if you want to access your router.
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
},
{
// Blocks major ads.
"type": "field",
"domain": [
"geosite:category-ads"
],
"outboundTag": "blocked"
},
{
"type": "field",
"inboundTag": [
"vmess-inbound"
],
"outboundTag": "socks5-outbound"
}
]
},
// Dns settings for domain resolution.
"dns": {
// Static hosts, similar to hosts file.
"hosts": {
// Match v2fly.org to another domain on CloudFlare. This domain will be used when querying IPs for v2fly.org.
"domain:v2fly.org": "www.vicemc.net",
// The following settings help to eliminate DNS poisoning in mainland China.
// It is safe to comment these out if this is not the case for you.
"domain:github.io": "pages.github.com",
"domain:wikipedia.org": "www.wikimedia.org",
"domain:shadowsocks.org": "electronicsrealm.com"
},
"servers": [
"1.1.1.1",
{
"address": "114.114.114.114",
"port": 53,
// List of domains that use this DNS first.
"domains": [
"geosite:cn"
]
},
"8.8.8.8",
"localhost"
]
},
// Policy controls some internal behavior of how V2Ray handles connections.
// It may be on connection level by user levels in 'levels', or global settings in 'system.'
"policy": {
// Connection policys by user levels
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0
}
},
"system": {
"statsInboundUplink": false,
"statsInboundDownlink": false,
"statsOutboundUplink": false,
"statsOutboundDownlink": false
}
},
// Stats enables internal stats counter.
// This setting can be used together with Policy and Api.
//"stats":{},
// Api enables gRPC APIs for external programs to communicate with V2Ray instance.
//"api": {
//"tag": "api",
//"services": [
// "HandlerService",
// "LoggerService",
// "StatsService"
//]
//},
// You may add other entries to the configuration, but they will not be recognized by V2Ray.
"other": {}
} |
As a workaround to compensate bug in other socks5 implementations, an advanced option
delay_auth_writewas added to socks5.When this setting is enabled, the socks5 will will for an additional roundtrip before sending authentication information. This have adverse impact on connection speed, but could avoid triggering bug in some incorrect implementation of socks5 server.
Working setting example as follow:
{ "log": { "error": { "level": "Debug", "type": "Console" }, "access": { "type": "None" } }, "outbounds": [ { "protocol": "#v2ray.core.proxy.socks.ClientConfig", "settings": { "server": [ { "address": "------", "port": 4950, "user": [ { "account": { "@type": "v2ray.core.proxy.socks.Account", "username": "------", "password": "------" } } ] } ], "version": "SOCKS5", "delay_auth_write": true }, "proxySettings": { "tag": "overlay", "transportLayer": true } }, { "protocol": "vmess", "tag": "overlay", "settings": { "address": "------", "port": 443, "uuid": "------" }, "streamSettings": { "transport": "ws", "transportSettings": { "path": "v2ray", "maxEarlyData": "4096" }, "security": "tls" } } ], "inbounds": [ { "protocol": "socks", "settings": { "udpEnabled": true, "address": "127.0.0.1" }, "port": 12345, "listen": "127.0.0.1" } ] }(Fix: #2619)
(Fix: #1048)