GithubHelp home page GithubHelp logo

ihciah / shadow-tls Goto Github PK

View Code? Open in Web Editor NEW
2.2K 26.0 254.0 471 KB

A proxy to expose real tls handshake to the firewall

Home Page: https://www.ihcblog.com/a-better-tls-obfs-proxy/

License: MIT License

Dockerfile 0.49% Shell 0.91% Rust 98.60%
proxy tls

shadow-tls's Introduction

Shadow TLS

Build Releases Crates.io FOSSA Status

一个可以使用别人的受信证书的 TLS 伪装代理。

它和 trojan 的表现类似,但它在做真实 TLS 握手的同时,可以直接使用别人的受信证书(如某些大公司或机构的域名),而不需要自己签发证书。当直接使用浏览器打开时,可以正常显示对应可信域名的网页内容。

A proxy to expose real tls handshake to the firewall.

It works like trojan but it does not require signing certificate. The firewall will see real tls handshake with valid certificate that you choose.

How to Use It

这个服务需要双边部署,并且它一般需要搭配一个加密代理(因为本项目不包含数据加密和代理请求封装功能,这不是我们的目标)。

通常,你可以在同机部署 shadowsocks-server 和 shadowtls-server;之后在防火墙的另一端部署 shadowsocks-client 和 shadowtls-client。

有两种方式部署这个服务。

  1. 使用 Docker + Docker Compose

    修改 docker-compose.yml 后直接 docker-compose up -d

  2. 使用预编译的二进制

    Release 页面下载对应平台的二进制文件, 然后运行即可。运行指南可以 ./shadow-tls client --help./shadow-tls server --help 看到。

更详细的使用指南请参考 Wiki

Normally you need to deploy this service on both sides of the firewall. And it is usually used with an encryption proxy (because this project does not include encryption and proxy request encapsulation, which is not our goal).

  1. Run with Docker + Docker Compose Modfy docker-compose.yml and run docker-compose up -d.

  2. Use prebuilt binary Download the binary from Release page and run it.

For more detailed usage guide, please refer to Wiki.

How it Works

On client side, just do tls handshake. And for server, we have to relay data as well as parsing tls handshake to handshaking server which will provide valid certificate. We need to know when the tls handshaking is finished. Once finished, we can relay data to our real server.

Full design doc is here: v2 | v3.

完整的协议设计: v2 | v3.

Note

This project relies on Monoio which is a high performance rust async runtime with io_uring. However, it does not support windows yet. So this project does not support windows.

However, if this project is used widely, we will support it by conditional compiling.

Also, you may need to modify some system limitations to make it work. If it does not work, you can add environ MONOIO_FORCE_LEGACY_DRIVER=1 to use epoll instead of io_uring.

你可能需要修改某些系统设置来让它工作,参考这里。如果它不起作用,您可以添加环境变量 MONOIO_FORCE_LEGACY_DRIVER=1 以使用 epoll 而不是 io_uring。

License

FOSSA Status

shadow-tls's People

Contributors

er888kh avatar fossabot avatar ihciah avatar kirito41dd avatar woluo-dev avatar zhenpingfeng avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hsqstephenzhang ironnman gotounix dumpmemory nekoawa owen800q ovler-young topme88 ximliu lfvoku60vfqw8vbszluyuw zhe1253 easyconn bzcrl mitokohaku qin2dim ajun701 cjh0613 nexstorm s4ndxyz miooiio lcajimmy yinheli tension oh8 jiahao2333 oldking139 kuaizi meteorsliu moriro imooxx archdemac xindq zephyrchien xyz2629 nonomal iwzoo ylqf yukino16 lixaioli crazyforks mikumikume hollykbuck 5page justtestcode zu1kbackup pl6me cyber-ingwen spysir whichbfj28 luqigit wikihacker lwd-temp ekkog dstansice somacomputer yeyiqun monster12138 sloaix yu-steven zgq-inc fangliding jjbossjj keramist luckyreg lining1993 xiaobaiweinuli qianxunyuyun2019 poluzhao kekeguai ruslanyy randomcivil wangdongdongc astrologus123 c33dd pu55yf3r lolistudio jovany-rong whoerau traxsw gh6324 edsburke esmivn idle0init1 yyh0808 oneadm qqhpc etnperlong zzerding predidit three-taile-dragon pandajoy hjklove hjie anran-world wang5258 fbion amiking killvxk wbaby fengjixuchui

shadow-tls's Issues

v0.2.3 tcp handshake failed. 

2022-10-17T11:28:29.849344723+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:42420, header too short, expecting 59 bytes, but found 3 bytes
2022-10-17T11:28:33.127358801+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:42422, header too short, expecting 59 bytes, but found 3 bytes
2022-10-17T11:28:33.173111163+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:42426, header too short, expecting 59 bytes, but found 3 bytes
2022-10-17T11:28:33.699706451+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:42428, header too short, expecting 59 bytes, but found 3 bytes
2022-10-17T11:28:34.698409624+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:48830, header too short, expecting 59 bytes, but found 3 bytes
2022-10-17T11:28:34.703100254+08:00 WARN  tcp handshake failed. peer: [::ffff:127.0.0.1]:48836, header too short, expecting 59 bytes, but found 3 bytes

new version works fine, but its show lots of handshake failed warning on shadowsocks-rust server side with 2022-blake3-aes-256-gcm encryption method, is this normal?

Cdn

hello, is it possible to use Shadow Tls v2 via CDN?

question:代理检测

你好,感觉你这个挺有趣的,看了一下你的blog和协议文档,但是我对隐藏和检测这方面不是很了解,直观感觉是下面这样你的这个协议就不能用了吧(会存在这种检测可能吗 感觉小型网络是可能的)

if net.LookupIP(handshake_domain) != ip {
    ban(ip)
}

ARM下shadow-tls启动失败

日志
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
thread '' panicked at 'unable to build monoio runtime: Os { code: 12, kind: OutOfMemory, message: "Out of memory" }', src/main.rs:46:18
thread '' panicked at 'unable to build monoio runtime: Os { code: 12, kind: OutOfMemory, message: "Out of memory" }', src/main.rs:46:18
2022-08-29T12:55:36.810718Z INFO shadow_tls: Started with parallelism 4
thread 'thread '' panicked at '' panicked at 'unable to build monoio runtime: Os { code: 12, kind: OutOfMemory, message: "Out of memory" }unable to build monoio runtime: Os { code: 12, kind: OutOfMemory, message: "Out of memory" }', ', src/main.rssrc/main.rs::4646::1818

连不上伪装的原TLS网站

./stls server 0.0.0.0:443 127.0.0.1:9988 cloud.tencent.com:443
2022-09-06T11:42:59.582429Z INFO shadow_tls: Server is running!
Listen address: 0.0.0.0:443
Remote address: 127.0.0.1:9988
TLS server address: cloud.tencent.com:443

我在自己的电脑把cloud.tencent.com的IP指定到我的IP,
开Chrome测试,连cloud.tencent.com连不上。

shadow-tls握手之后,Server端会不会分辨是不是proxy流量?不是proxy流量的话会把流量导到原TLS网站吗?

OpenVPN over Shadow-tls

Hi,

I'v just tested OpenVPN over Shadow-tls, it works but OpenVPN client takes too much time to connect to the server and the Internet speed connection is very slow, about 1Mbps.

OpenVPN client => Shadow-tls client=> GFW => Shadow-tls server => OpenVPN server

希望能支持UDP

现在有很多网站都在用QUIC,而且一般HTTPS和QUIC会同时发起,所以把UDP流量伪装成QUIC应该可行

构建DOCKER镜像,版本号不对?

使用作者的Docker v0.2.1 镜像进行测试,没有成功转发。
看到前面有朋友说0.1.4能成功转发,0.2.1却不能,于是试着 clone 了 0.1.4 源码进行构建 Docker 镜像。
虽然顺利构建但在容器中发现 shadow-tls 版本号为 0.1.0。

Zero Copy may destroy the confusing nature?

In SSL/TLS, every packet is wrapped in a special Record Protocol, where the first byte is in 20-23. By adopting the zero-copy technology and directly relay TCP contents, it seems that it is easy to discover a shadow-tls connection by just checking the first byte of the first packet after Handshake.

server疑似无法监听远程请求

使用docker和预编译版本(使用systemd控制),都出现了该问题,版本0.2.1,环境Ubuntu 20.04 LTS

表现:server设置了监听0.0.0.0:4321,但是远程(墙内、外)使用curl和netcat连接端口都没回应,服务端也没有访问输出,在服务器运行curl -vv 127.0.0.1:4321才能看见输出,怀疑无法监听远程连接(排除了ufw的原因)

docker运行失败OutOfMemory,

系统是Debian11
错误日志:
2022-10-03T09:20:47.158302Z INFO shadow_tls: Started with parallelism 1
thread '' panicked at 'unable to build monoio runtime: Os { code: 12, kind: OutOfMemory, message: "Out of memory" }', src/main.rs:82:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

当时内存占用情况:
MiB Mem : 473.3 total, 218.8 free, 131.6 used, 122.9 buff/cache
MiB Swap: 256.0 total, 217.4 free, 38.6 used. 327.0 avail Mem

一个可能的漏洞:IP地址的ASN信息对不上

大公司(比如apple,microsoft,google)使用的IP地址信息都是自有的。

比如谷歌的IP都是AS15169 Google LLC之类的。苹果的IP信息是AS714 Apple Inc、AS6185 Apple Inc.之类的。

大多数常用于翻墙的主机商的ip,去ipinfo查一下就知道了,大量注册在不知名小主机商ASN下的IP地址却对应着大公司的域名,根本对不上。这算不算一种很明显的特征?

Some simple issues

  • Will Windows(amd-64) version be released?

  • Is shadow-tls compatible with trojan/v2ray or such protocols?

  • If the answer of former issue is 'Yes' , can you give the configuration files out?

Thanks.

feature request: 简易加密支持

虽说直接用加密协议就可以,但是如果希望减轻加密负担,就能加速网速,可以用于审查不太严格的情况

0.2.3及0.2.2版本启动服务后没有任何输出

./shadow server --listen 127.0.0.1:8443 --server 127.0.0.1:24000 --tls www.apple.com.cn:443 --password aaa
./shadow client --listen 127.0.0.1:3443 --server 1.1.1.1:8443 --sni www.apple.com.cn --password aaa
按上述命令分别在服务端和客户端启动,但都没有输出内容,也没有生效。
使用docker部署,启动容器后查看容器内日志也是如此。
使用0.2.1版本正常

安卓客户端Bug

环境:
客户端
Redmi K50 Android 12 MIUI 13 官方稳定版ROM (ARMv8)
(如果使用PC windows 11 客户端,则无此问题)

./shadow-tls-aarch64-unknown-linux-musl client --listen "0.0.0.0:8243" --server "x.x.x.x:8443" --sni "oracle.com" --password "yyyyyyyy"

Log:
2022-11-20T19:04:57.401453Z INFO shadow_tls: Client is running!
Listen address: 0.0.0.0:8243
Remote address: x.x.x.x:8443
TLS server name: oracle.com
2022-11-20T19:05:01.524408Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41416
2022-11-20T19:05:01.672460Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41420
2022-11-20T19:05:01.954111Z WARN rustls::conn: Sending fatal alert BadCertificate
2022-11-20T19:05:01.954981Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41424
2022-11-20T19:05:02.103545Z WARN rustls::conn: Sending fatal alert BadCertificate
2022-11-20T19:05:02.463809Z WARN rustls::conn: Sending fatal alert BadCertificate
2022-11-20T19:05:02.466068Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41428
2022-11-20T19:05:02.977163Z WARN rustls::conn: Sending fatal alert BadCertificate
2022-11-20T19:05:02.979236Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41432
2022-11-20T19:05:03.489424Z WARN rustls::conn: Sending fatal alert BadCertificate
2022-11-20T19:05:03.491310Z INFO shadow_tls: Accepted a connection from 127.0.0.1:41436
2022-11-20T19:05:04.001440Z WARN rustls::conn: Sending fatal alert BadCertificate

我查了一下,oracle.com的CA根证书是Digicert,对比了序列号,我手机上有这个预装的受信任根证书。
是不是rusttls无法读取安卓的cert store?

Can't understand what those parameters exactly mean, plz give example or doc. 

./shadow-tls server 0.0.0.0:8443 wechat.com's ip:443 wechat.com:443
./shadow-tls client 0.0.0.0:1084 server_ipv4:8443 wechat.com

client_log:

2022-08-25T13:42:09.836466Z  INFO shadow_tls::protocol: tcp connected, start handshaking
2022-08-25T13:42:14.234668Z  INFO shadow_tls: Accepted a connection from 127.0.0.1:50384
2022-08-25T13:42:14.245772Z  INFO shadow_tls: Accepted a connection from 127.0.0.1:50386
2022-08-25T13:42:14.340122Z  INFO shadow_tls::protocol: tcp connected, start handshaking

server_log:

2022-08-25T13:42:07.928400Z  INFO shadow_tls: Accepted a connection from client_ipv4:26623
2022-08-25T13:42:07.935882Z  INFO shadow_tls: Accepted a connection from client_ipv4:26622

no error and seem connection successfully but can't access censored website. browser response ERR_CONNECTION_RESET or ERR_TIMEOUT

PoC: 协议探测风险

shadow-tls的设计已经过时,Telegram MTProto FakeTLS已经采用过这种设计,而且更为完善
服务端参考代码
但是依然被GFW封锁,此方法已经过时了,开发者早日弃坑吧

suggest modifying memlock unlimited

link

To modify this limit globally, you can modify the /etc/security/limits.conf file and add two lines:
* hard memlock unlimited
* soft memlock unlimited

origin method don't work on debian 11 and this work on debian 11
echo "DefaultLimitMEMLOCK=infinity" >> /etc/systemd/system.conf && reboot

another thing:
can shadow-tls relay client's udp data to backend which is shadowsocks?

0.2.3 客户端报错

thread '' panicked at 'client exited: invalid dns name', src/main.rs:125:14

./stls -t 1 client --server "sever:443" --sni "cloud.tencent.com:443" --password "password" --listen "0.0.0.0:18080"

使用shadow-tls后连接网站的延迟翻倍

服务器ping延时200ms,原先正常使用v2ray,连接网站的延迟差不多也是200,使用shadow-tls后变成400+。请问这不可避免吗?还是说可以后续优化。

Server side auto exit problem

After using it for a while, the server side shadow-tls automatically exits without an error message. Usually happens when loading a lot of pictures, or loading a lot of unread telegram messages (seems like it happened when loading lots of small chunks of data).

观成科技公司对Shadow-TLS-V2协议的分析

据观成科技公司的分析文章结论:
Shadow-TLS-V2在数据封装和数据校验方面做出了进一步改进,使被动检测和主动探测难度得到提升,但是其加密流量特征和服务端响应特征仍然存在可检测的异常点

不知真假,但是文章图文并茂的介绍了整个协议的连接过程并貌似进行了详尽分析,下面是文章地址,对隐私有疑虑的请用代理方式并在浏览文章前测试是否有DNS泄漏

https://www.buaq.net/go-143882.html

https://www.aqniu.com/vendor/92733.html

会有支援http2计划吗?

会有支援http2计划吗?

因测试时发现shadow-tls client 和 server 之间不停建立tcp connection, 看似没有h2的多路复用特征

客户端报错,无法连接。

以下为错误日志:

2022-12-13T03:18:18.998505Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998513Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998516Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998524Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998527Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998535Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998538Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998546Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998549Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998557Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998560Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998567Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998571Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998578Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998582Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998589Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998592Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998600Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998603Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998611Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998614Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998622Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998625Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999148Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999153Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999161Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999164Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999171Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999175Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999183Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999186Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999193Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999196Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999204Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999207Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999215Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999218Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999226Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999229Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999237Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999240Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999248Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999251Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999259Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999262Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999270Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999273Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998505Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998513Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998516Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998524Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998527Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998535Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998538Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998546Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998549Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998557Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998560Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998567Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998571Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998578Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998582Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998589Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998592Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998600Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998603Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998611Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998614Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998622Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.998625Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999148Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999153Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999161Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999164Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999171Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999175Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999183Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999186Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999193Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999196Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999204Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999207Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999215Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999218Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999226Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999229Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999237Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999240Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999248Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999251Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999259Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999262Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999270Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)
2022-12-13T03:18:18.999273Z ERROR shadow_tls: Accept failed: No file descriptors available (os error 24)

服务端运行在Debian11,客户端运行在openwrt_x86

服务端无报错,客户端出现上述报错。

想请教一下是什么原因导致的。

能否关闭并行传输的功能?

首先谢谢大神的项目!!!

这边有个问题想问一下,能否关闭并行传输的功能?因为看起来这个并行传输功能会导致下载文件及看youtube都长时间停顿等待,而浏览一般网页就感觉不出来,但从server及client两边的console log来看是没有错误的。
我转发的是vmess协议,如果不用shadow-tls转发而是直连这个vmess协议是没有停顿问题的,至少晚高峰时间段可以流畅播2k视频,下面是配置及log

shadow-tls server 0.0.0.0:443 127.0.0.1:10000 www.apple.com:443

server console log:

2022-09-28T08:36:19.075914Z INFO shadow_tls::protocol: Relay for 114.114.114.114:58766 finished
2022-09-28T08:36:26.726580Z INFO shadow_tls::protocol: Relay for 114.114.114.114:50896 finished
2022-09-28T08:36:26.768609Z INFO shadow_tls::protocol: Relay for 114.114.114.114:39418 finished
2022-09-28T08:36:26.953982Z INFO shadow_tls::protocol: Relay for 114.114.114.114:58714 finished
2022-09-28T08:36:26.954164Z INFO shadow_tls::protocol: Relay for 114.114.114.114:39402 finished
2022-09-28T08:36:26.954255Z INFO shadow_tls::protocol: Relay for 114.114.114.114:58744 finished
2022-09-28T08:36:26.959311Z INFO shadow_tls::protocol: Relay for 114.114.114.114:58758 finished
2022-09-28T08:38:27.277662Z INFO shadow_tls: Accepted a connection from 114.114.114.114:49586
2022-09-28T08:38:27.730756Z INFO shadow_tls::protocol: Handshake for 114.114.114.114:49586 finished
2022-09-28T08:38:27.731451Z INFO shadow_tls::protocol: Relay for 114.114.114.114:49586 finished

shadow-tls client 0.0.0.0:10000 www.myname.com:443 www.apple.com

client console log:

2022-09-28T08:36:08.972900Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61091 finished
2022-09-28T08:36:16.164492Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61044 finished
2022-09-28T08:36:16.366694Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61042 finished
2022-09-28T08:36:16.366765Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61079 finished
2022-09-28T08:36:16.371688Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61085 finished
2022-09-28T08:36:16.375655Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61089 finished
2022-09-28T08:38:16.487822Z INFO shadow_tls: Accepted a connection from 10.0.0.25:61098
2022-09-28T08:38:17.331272Z INFO shadow_tls::protocol: Relay for 10.0.0.25:61098 finished

客户端报错

最新树莓派客户端:
2022-11-14T00:46:13.416959Z ERROR rustls::conn: TLS alert received: AlertMessagePayload {
level: Fatal,
description: HandshakeFailure,

在windows上使用WSL2的ubuntu,也是相同的报错

但是在ios上的shadowrocket上使用正常,配置是ss+shadows_tls
使用的sni是apple.com

不知道是哪里出了问题

在使用youtube客户端时,视频卡住,经常要等很久才能播放

怀疑时quic的问题,iptables禁用了udp 80,443没有效果,clash禁用了udp也没有效果。
为了排除shadow-tls的问题,采用clash直接链接shadowsocks-rust,不禁用udp 80,443,不禁用clash udp,用客户端看视频没问题,非常流畅
当clash->shadow-tls client->shadow-tls server->shadowsocks-rust,不禁用udp 80,443,不禁用clash udp,用客户端看视频卡住超时,等很久后才开始播放,换一个视频又卡住,等很久...,禁用udp 80,443,禁用clash udp,问题依旧
具体是哪里的问题说不上,但是套了shadow-tls就不正常,实测如此,作者可以试试

除了使用客户端看视频有问题外,访问网页,用网页看视频均没有问题

使用到的软件clash,shadow-tls,shadowsocks-rust均是最新版本
视频客户端使用的是:android youtube vanced

Multiple SNI

Thank you for your wonderful software.
Is it possible to use multiple SNI ?

服务端报错

Server使用这个配置

version: '2.4'
services:
shadowsocks:
image: shadowsocks/shadowsocks-libev
container_name: shadowsocks-raw
restart: always
network_mode: "host"
environment:
- SERVER_PORT=24000
- SERVER_ADDR=127.0.0.1
- METHOD=chacha20-ietf-poly1305
- PASSWORD=EXAMPLE_PASSWORD_CHANGE_IT
shadow-tls:
image: ghcr.io/ihciah/shadow-tls:latest
restart: always
network_mode: "host"
environment:
- MODE=server
- LISTEN=0.0.0.0:8443
- SERVER=127.0.0.1:24000
- TLS=cloud.tencent.com:443
- PASSWORD=CHANGE_IT
启动docker compose报错 services.shadowsocks Additional property shadow-tls is not allowed
请问怎么解决

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.