Freedom: Fix UDP reply mismatch-address #4816
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jun 15, 2025
Closed
patterniha
force-pushed
the
fix-udp-reply
branch
from
b0c2f03 to
1cdca10
Compare
patterniha
force-pushed
the
fix-udp-reply
branch
from
c9cf1ab to
adea016
Compare
|
|
KobeArthurScofield
referenced
this pull request
Jul 24, 2025
Announcement of NFTs by Project X: #3633 Project X NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1 XHTTP: Beyond REALITY: #4113 REALITY NFT: https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2
1 task
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the problem:
the problem #4800 (comment) is because after browser sending UDP-data(quic initial packet) the packet correctly reaches to the final-target but the response-data does not reach to the browser, this problem happen when target-address is domain, let's explain why:
code-A (freedom.go > ReadMultiBuffer):
Xray-core/proxy/freedom/freedom.go
Lines 309 to 313 in fbae89d
code-B (udp/dispatcher.go > handleInput):
Xray-core/transport/internet/udp/dispatcher.go
Lines 135 to 138 in fbae89d
code-C (socks/server.go):
Xray-core/proxy/socks/server.go
Lines 237 to 243 in fbae89d
suppose browser send UDP-socks-request(UDP-associate) and target is cloudflare-quic.com:443.
each request packet consists of header+payload and header is "cloudflare-quic:443".
the response packet is also consists header+payload, the response-header must also be "cloudflare-quic.com", otherwise browser does not accept the received data.
to sending packet to "cloudflare-quic.com", Xray-core must resolve it to IP, suppose resolved-IP is "188.114.98.0".
after sending data,
ReadMultiBufferfunction receive response-data and because packet received from "188.114.98.0", it setb.UDP(buffer-UDP) address to "188.114.98.0" ---> code-Aafter udp-dispatcher call a "callback" and pass the buffer(
b) to that ---> code-Bif for example inbound is socks-protocol the 'callback" is "udpServer" in "socks/server.go > handleUDPPayload".
because
payload.UDPis notniland is equal to "188.114.98.0:443", the response-header-address overridden by "188.114.98.0:443", but the request-header was "cloudflare-quic.com" so the browser reject the response. ---> code-CIn short:
in short, the request and response header must be same but if address is domain(or fakedns) Xray-core send resolved-IP as a response header and this causes the browser to reject the packet.
so if the address is domain or fakedns or changed by
redirectsettings, Xray-core should ignore response-IP-address and send request-header-address as a response-header-address.