Remove XTLS (#431)

* remove xtls

* generate pb

* Update protoc

* Clean up go.mod & go.sum

* format code

* restore vless flow

* fix codacy

* do NOT interfere with pb.go files

Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>

go.mod

@@ -14,7 +14,6 @@ require (
 	github.com/seiflotfy/cuckoofilter v0.0.0-20201009151232-afb285a456ab
 	github.com/stretchr/testify v1.6.1
 	github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885
-	github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0
 	go.starlark.net v0.0.0-20201014215153-dff0ae5b4820
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
 	golang.org/x/net v0.0.0-20201031054903-ff519b6c9102

go.sum

@@ -173,8 +173,6 @@ github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885 h1:nbFN1ZhtcffOD3ZWx0L
 github.com/v2fly/VSign v0.0.0-20201107160721-6e7f92656885/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
-github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0 h1:Q0OSaIJ+wOy38+g5KYVP9slhbznXwsYGkzscpUrVsak=
-github.com/xtls/go v0.0.0-20201101145325-207fdcada8d0/go.mod h1:5TB2+k58gx4A4g2Nf5miSHNDF6CuAzHKpWBooLAshTs=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.starlark.net v0.0.0-20201014215153-dff0ae5b4820 h1:GsJfRMJ3pXl+Pa5CkSQKIA1hNIo1u0M7I2+ff3RCCME=

infra/conf/transport_internet.go

@@ -16,7 +16,6 @@ import (
 	"v2ray.com/core/transport/internet/tcp"
 	"v2ray.com/core/transport/internet/tls"
 	"v2ray.com/core/transport/internet/websocket"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 var (
@@ -321,81 +320,6 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 	return config, nil
 }
 
-type XTLSCertConfig struct {
-	CertFile string   `json:"certificateFile"`
-	CertStr  []string `json:"certificate"`
-	KeyFile  string   `json:"keyFile"`
-	KeyStr   []string `json:"key"`
-	Usage    string   `json:"usage"`
-}
-
-// Build implements Buildable.
-func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) {
-	certificate := new(xtls.Certificate)
-
-	cert, err := readFileOrString(c.CertFile, c.CertStr)
-	if err != nil {
-		return nil, newError("failed to parse certificate").Base(err)
-	}
-	certificate.Certificate = cert
-
-	if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 {
-		key, err := readFileOrString(c.KeyFile, c.KeyStr)
-		if err != nil {
-			return nil, newError("failed to parse key").Base(err)
-		}
-		certificate.Key = key
-	}
-
-	switch strings.ToLower(c.Usage) {
-	case "encipherment":
-		certificate.Usage = xtls.Certificate_ENCIPHERMENT
-	case "verify":
-		certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY
-	case "issue":
-		certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE
-	default:
-		certificate.Usage = xtls.Certificate_ENCIPHERMENT
-	}
-
-	return certificate, nil
-}
-
-type XTLSConfig struct {
-	Insecure                 bool              `json:"allowInsecure"`
-	InsecureCiphers          bool              `json:"allowInsecureCiphers"`
-	Certs                    []*XTLSCertConfig `json:"certificates"`
-	ServerName               string            `json:"serverName"`
-	ALPN                     *StringList       `json:"alpn"`
-	DisableSessionResumption bool              `json:"disableSessionResumption"`
-	DisableSystemRoot        bool              `json:"disableSystemRoot"`
-}
-
-// Build implements Buildable.
-func (c *XTLSConfig) Build() (proto.Message, error) {
-	config := new(xtls.Config)
-	config.Certificate = make([]*xtls.Certificate, len(c.Certs))
-	for idx, certConf := range c.Certs {
-		cert, err := certConf.Build()
-		if err != nil {
-			return nil, err
-		}
-		config.Certificate[idx] = cert
-	}
-	serverName := c.ServerName
-	config.AllowInsecure = c.Insecure
-	config.AllowInsecureCiphers = c.InsecureCiphers
-	if len(c.ServerName) > 0 {
-		config.ServerName = serverName
-	}
-	if c.ALPN != nil && len(*c.ALPN) > 0 {
-		config.NextProtocol = []string(*c.ALPN)
-	}
-	config.DisableSessionResumption = c.DisableSessionResumption
-	config.DisableSystemRoot = c.DisableSystemRoot
-	return config, nil
-}
-
 type TransportProtocol string
 
 // Build implements Buildable.
@@ -457,7 +381,6 @@ type StreamConfig struct {
 	Network        *TransportProtocol  `json:"network"`
 	Security       string              `json:"security"`
 	TLSSettings    *TLSConfig          `json:"tlsSettings"`
-	XTLSSettings   *XTLSConfig         `json:"xtlsSettings"`
 	TCPSettings    *TCPConfig          `json:"tcpSettings"`
 	KCPSettings    *KCPConfig          `json:"kcpSettings"`
 	WSSettings     *WebSocketConfig    `json:"wsSettings"`
@@ -482,9 +405,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 	if strings.EqualFold(c.Security, "tls") {
 		tlsSettings := c.TLSSettings
 		if tlsSettings == nil {
-			if c.XTLSSettings != nil {
-				return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`)
-			}
 			tlsSettings = &TLSConfig{}
 		}
 		ts, err := tlsSettings.Build()
@@ -495,25 +415,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 		config.SecuritySettings = append(config.SecuritySettings, tm)
 		config.SecurityType = tm.Type
 	}
-	if strings.EqualFold(c.Security, "xtls") {
-		if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" {
-			return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.")
-		}
-		xtlsSettings := c.XTLSSettings
-		if xtlsSettings == nil {
-			if c.TLSSettings != nil {
-				return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`)
-			}
-			xtlsSettings = &XTLSConfig{}
-		}
-		ts, err := xtlsSettings.Build()
-		if err != nil {
-			return nil, newError("Failed to build XTLS config.").Base(err)
-		}
-		tm := serial.ToTypedMessage(ts)
-		config.SecuritySettings = append(config.SecuritySettings, tm)
-		config.SecurityType = tm.Type
-	}
 	if c.TCPSettings != nil {
 		ts, err := c.TCPSettings.Build()
 		if err != nil {

infra/conf/trojan.go

@@ -21,7 +21,6 @@ type TrojanServerTarget struct {
 	Password string   `json:"password"`
 	Email    string   `json:"email"`
 	Level    byte     `json:"level"`
-	Flow     string   `json:"flow"`
 }
 
 // TrojanClientConfig is configuration of trojan servers
@@ -50,7 +49,6 @@ func (c *TrojanClientConfig) Build() (proto.Message, error) {
 		}
 		account := &trojan.Account{
 			Password: rec.Password,
-			Flow:     rec.Flow,
 		}
 		trojan := &protocol.ServerEndpoint{
 			Address: rec.Address.Build(),
@@ -86,7 +84,6 @@ type TrojanUserConfig struct {
 	Password string `json:"password"`
 	Level    byte   `json:"level"`
 	Email    string `json:"email"`
-	Flow     string `json:"flow"`
 }
 
 // TrojanServerConfig is Inbound configuration
@@ -104,7 +101,6 @@ func (c *TrojanServerConfig) Build() (proto.Message, error) {
 		user := new(protocol.User)
 		account := &trojan.Account{
 			Password: rawUser.Password,
-			Flow:     rawUser.Flow,
 		}
 
 		user.Email = rawUser.Email

infra/conf/v2ray.go

@@ -11,7 +11,6 @@ import (
 	"v2ray.com/core/app/proxyman"
 	"v2ray.com/core/app/stats"
 	"v2ray.com/core/common/serial"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 var (
@@ -205,9 +204,6 @@ func (c *InboundDetourConfig) Build() (*core.InboundHandlerConfig, error) {
 		if err != nil {
 			return nil, err
 		}
-		if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") {
-			return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.")
-		}
 		receiverSettings.StreamSettings = ss
 	}
 	if c.SniffingConfig != nil {
@@ -275,9 +271,6 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
 		if err != nil {
 			return nil, err
 		}
-		if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) && !strings.EqualFold(c.Protocol, "vless") && !strings.EqualFold(c.Protocol, "trojan") {
-			return nil, newError("XTLS doesn't supports " + c.Protocol + " for now.")
-		}
 		senderSettings.StreamSettings = ss
 	}
 
@@ -290,15 +283,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
 	}
 
 	if c.MuxSettings != nil {
-		ms := c.MuxSettings.Build()
-		if ms != nil && ms.Enabled {
-			if ss := senderSettings.StreamSettings; ss != nil {
-				if ss.SecurityType == serial.GetMessageType(&xtls.Config{}) {
-					return nil, newError("XTLS doesn't support Mux for now.")
-				}
-			}
-		}
-		senderSettings.MultiplexSettings = ms
+		senderSettings.MultiplexSettings = c.MuxSettings.Build()
 	}
 
 	settings := []byte("{}")

infra/conf/vless.go

@@ -45,12 +45,6 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
 			return nil, newError(`VLESS clients: invalid user`).Base(err)
 		}
 
-		switch account.Flow {
-		case "", "xtls-rprx-origin", "xtls-rprx-direct":
-		default:
-			return nil, newError(`VLESS clients: "flow" doesn't support "` + account.Flow + `" in this version`)
-		}
-
 		if account.Encryption != "" {
 			return nil, newError(`VLESS clients: "encryption" should not in inbound settings`)
 		}
@@ -165,12 +159,6 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
 				return nil, newError(`VLESS users: invalid user`).Base(err)
 			}
 
-			switch account.Flow {
-			case "", "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", "xtls-rprx-direct-udp443":
-			default:
-				return nil, newError(`VLESS users: "flow" doesn't support "` + account.Flow + `" in this version`)
-			}
-
 			if account.Encryption != "none" {
 				return nil, newError(`VLESS users: please add/set "encryption":"none" for every user`)
 			}

infra/conf/vless_test.go

@@ -26,7 +26,6 @@ func TestVLessOutbound(t *testing.T) {
 					"users": [
 						{
 							"id": "27848739-7e62-4138-9fd3-098a63964b6b",
-							"flow": "xtls-rprx-origin-udp443",
 							"encryption": "none",
 							"level": 0
 						}
@@ -47,7 +46,6 @@ func TestVLessOutbound(t *testing.T) {
 							{
 								Account: serial.ToTypedMessage(&vless.Account{
 									Id:         "27848739-7e62-4138-9fd3-098a63964b6b",
-									Flow:       "xtls-rprx-origin-udp443",
 									Encryption: "none",
 								}),
 								Level: 0,
@@ -71,7 +69,6 @@ func TestVLessInbound(t *testing.T) {
 				"clients": [
 					{
 						"id": "27848739-7e62-4138-9fd3-098a63964b6b",
-						"flow": "xtls-rprx-origin",
 						"level": 0,
 						"email": "love@v2fly.org"
 					}
@@ -97,8 +94,7 @@ func TestVLessInbound(t *testing.T) {
 				Clients: []*protocol.User{
 					{
 						Account: serial.ToTypedMessage(&vless.Account{
-							Id:   "27848739-7e62-4138-9fd3-098a63964b6b",
-							Flow: "xtls-rprx-origin",
+							Id: "27848739-7e62-4138-9fd3-098a63964b6b",
 						}),
 						Level: 0,
 						Email: "love@v2fly.org",

main/distro/all/all.go

@@ -46,7 +46,6 @@ import (
 	_ "v2ray.com/core/transport/internet/tls"
 	_ "v2ray.com/core/transport/internet/udp"
 	_ "v2ray.com/core/transport/internet/websocket"
-	_ "v2ray.com/core/transport/internet/xtls"
 
 	// Transport headers
 	_ "v2ray.com/core/transport/internet/headers/http"

proxy/trojan/client.go

@@ -10,7 +10,6 @@ import (
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/net"
-	"v2ray.com/core/common/platform"
 	"v2ray.com/core/common/protocol"
 	"v2ray.com/core/common/retry"
 	"v2ray.com/core/common/session"
@@ -19,7 +18,6 @@ import (
 	"v2ray.com/core/features/policy"
 	"v2ray.com/core/transport"
 	"v2ray.com/core/transport/internet"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 // Client is a inbound handler for trojan protocol
@@ -85,46 +83,6 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 		return newError("user account is not valid")
 	}
 
-	iConn := conn
-	if statConn, ok := iConn.(*internet.StatCouterConnection); ok {
-		iConn = statConn.Connection
-	}
-
-	connWriter := &ConnWriter{}
-	allowUDP443 := false
-	switch account.Flow {
-	case XRO + "-udp443", XRD + "-udp443":
-		allowUDP443 = true
-		account.Flow = account.Flow[:16]
-		fallthrough
-	case XRO, XRD:
-		if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
-			return newError(account.Flow + " doesn't support Mux").AtWarning()
-		}
-		if destination.Network == net.Network_UDP {
-			if !allowUDP443 && destination.Port == 443 {
-				return newError(account.Flow + " stopped UDP/443").AtInfo()
-			}
-		} else { // enable XTLS only if making TCP request
-			if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-				xtlsConn.RPRX = true
-				xtlsConn.SHOW = trojanXTLSShow
-				connWriter.Flow = account.Flow
-				if account.Flow == XRD {
-					xtlsConn.DirectMode = true
-				}
-			} else {
-				return newError(`failed to use ` + account.Flow + `, maybe "security" is not "xtls"`).AtWarning()
-			}
-		}
-	case "":
-		if _, ok := iConn.(*xtls.Conn); ok {
-			panic(`To avoid misunderstanding, you must fill in Trojan "flow" when using XTLS.`)
-		}
-	default:
-		return newError("unsupported flow " + account.Flow).AtWarning()
-	}
-
 	sessionPolicy := c.policyManager.ForLevel(user.Level)
 	ctx, cancel := context.WithCancel(ctx)
 	timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
@@ -134,9 +92,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 
 		var bodyWriter buf.Writer
 		bufferWriter := buf.NewBufferedWriter(buf.NewWriter(conn))
-		connWriter.Writer = bufferWriter
-		connWriter.Target = destination
-		connWriter.Account = account
+		connWriter := &ConnWriter{Writer: bufferWriter, Target: destination, Account: account}
 
 		if destination.Network == net.Network_UDP {
 			bodyWriter = &PacketWriter{Writer: connWriter, Target: destination}
@@ -146,7 +102,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 
 		// write some request payload to buffer
 		if err = buf.CopyOnceTimeout(link.Reader, bodyWriter, time.Millisecond*100); err != nil && err != buf.ErrNotTimeoutReader && err != buf.ErrReadTimeout {
-			return newError("failed to write A reqeust payload").Base(err).AtWarning()
+			return newError("failed to write A request payload").Base(err).AtWarning()
 		}
 
 		// Flush; bufferWriter.WriteMultiBufer now is bufferWriter.writer.WriteMultiBuffer
@@ -187,11 +143,4 @@ func init() {
 	common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		return NewClient(ctx, config.(*ClientConfig))
 	}))
-
-	const defaultFlagValue = "NOT_DEFINED_AT_ALL"
-
-	xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
-	if xtlsShow == "true" {
-		trojanXTLSShow = true
-	}
 }

proxy/trojan/config.go

@@ -3,7 +3,7 @@ package trojan
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	fmt "fmt"
+	"fmt"
 
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/protocol"
@@ -13,7 +13,6 @@ import (
 type MemoryAccount struct {
 	Password string
 	Key      []byte
-	Flow     string
 }
 
 // AsAccount implements protocol.AsAccount.
@@ -23,7 +22,6 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 	return &MemoryAccount{
 		Password: password,
 		Key:      key,
-		Flow:     a.Flow,
 	}, nil
 }
 

proxy/trojan/config.pb.go

@@ -32,7 +32,6 @@ type Account struct {
 	unknownFields protoimpl.UnknownFields
 
 	Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
-	Flow     string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
 }
 
 func (x *Account) Reset() {
@@ -74,13 +73,6 @@ func (x *Account) GetPassword() string {
 	return ""
 }
 
-func (x *Account) GetFlow() string {
-	if x != nil {
-		return x.Flow
-	}
-	return ""
-}
-
 type Fallback struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -272,37 +264,36 @@ var file_proxy_trojan_config_proto_rawDesc = []byte{
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
 	0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a,
+	0x6f, 0x74, 0x6f, 0x22, 0x25, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1a,
 	0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c,
-	0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x22, 0x6e,
-	0x0a, 0x08, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c,
-	0x70, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12,
-	0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61,
-	0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76,
-	0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52,
-	0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42,
-	0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a,
+	0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x6e, 0x0a, 0x08, 0x46, 0x61,
+	0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x6c, 0x70, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61,
+	0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12,
+	0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79,
+	0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x72, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0x52, 0x0a, 0x0c, 0x43, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x06, 0x73, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x76, 0x32, 0x72,
+	0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e,
+	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x87,
+	0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20,
 	0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x22, 0x87, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x20, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e,
-	0x55, 0x73, 0x65, 0x72, 0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66,
-	0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21,
-	0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78,
-	0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63,
-	0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b,
-	0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76,
-	0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x2f, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52,
-	0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72,
-	0x6f, 0x6a, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72,
+	0x52, 0x05, 0x75, 0x73, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62,
+	0x61, 0x63, 0x6b, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x76, 0x32, 0x72,
+	0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x74, 0x72,
+	0x6f, 0x6a, 0x61, 0x6e, 0x2e, 0x46, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66,
+	0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x42, 0x56, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e,
+	0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x2e, 0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0x50, 0x01, 0x5a, 0x1b, 0x76, 0x32, 0x72, 0x61, 0x79,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f,
+	0x74, 0x72, 0x6f, 0x6a, 0x61, 0x6e, 0xaa, 0x02, 0x17, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43,
+	0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x54, 0x72, 0x6f, 0x6a, 0x61, 0x6e,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

proxy/trojan/config.proto

@@ -11,7 +11,6 @@ import "common/protocol/server_spec.proto";
 
 message Account {
   string password = 1;
-  string flow = 2;
 }
 
 message Fallback {

proxy/trojan/protocol.go

@@ -17,23 +17,12 @@ var (
 		protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
 		protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
 	)
-
-	trojanXTLSShow = false
 )
 
 const (
-	maxLength = 8192
-	// XRD is constant for XTLS direct mode
-	XRD = "xtls-rprx-direct"
-	// XRO is constant for XTLS origin mode
-	XRO = "xtls-rprx-origin"
-
+	maxLength       = 8192
 	commandTCP byte = 1
 	commandUDP byte = 3
-
-	// for XTLS
-	commandXRD byte = 0xf0 // XTLS direct mode
-	commandXRO byte = 0xf1 // XTLS origin mode
 )
 
 // ConnWriter is TCP Connection Writer Wrapper for trojan protocol
@@ -41,7 +30,6 @@ type ConnWriter struct {
 	io.Writer
 	Target     net.Destination
 	Account    *MemoryAccount
-	Flow       string
 	headerSent bool
 }
 
@@ -78,10 +66,6 @@ func (c *ConnWriter) writeHeader() error {
 	command := commandTCP
 	if c.Target.Network == net.Network_UDP {
 		command = commandUDP
-	} else if c.Flow == XRO {
-		command = commandXRO
-	} else if c.Flow == XRD {
-		command = commandXRD
 	}
 
 	if _, err := buffer.Write(c.Account.Key); err != nil {
@@ -175,7 +159,6 @@ func (w *PacketWriter) writePacket(payload []byte, dest net.Destination) (int, e
 type ConnReader struct {
 	io.Reader
 	Target       net.Destination
-	Flow         string
 	headerParsed bool
 }
 
@@ -199,10 +182,6 @@ func (c *ConnReader) ParseHeader() error {
 	network := net.Network_TCP
 	if command[0] == commandUDP {
 		network = net.Network_UDP
-	} else if command[0] == commandXRO {
-		c.Flow = XRO
-	} else if command[0] == commandXRD {
-		c.Flow = XRD
 	}
 
 	addr, port, err := addrParser.ReadAddressPort(nil, c.Reader)

proxy/trojan/server.go

@@ -15,7 +15,6 @@ import (
 	"v2ray.com/core/common/errors"
 	"v2ray.com/core/common/log"
 	"v2ray.com/core/common/net"
-	"v2ray.com/core/common/platform"
 	"v2ray.com/core/common/protocol"
 	udp_proto "v2ray.com/core/common/protocol/udp"
 	"v2ray.com/core/common/retry"
@@ -26,20 +25,12 @@ import (
 	"v2ray.com/core/features/routing"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/udp"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 func init() {
 	common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		return NewServer(ctx, config.(*ServerConfig))
 	}))
-
-	const defaultFlagValue = "NOT_DEFINED_AT_ALL"
-
-	xtlsShow := platform.NewEnvFlag("v2ray.trojan.xtls.show").GetValue(func() string { return defaultFlagValue })
-	if xtlsShow == "true" {
-		trojanXTLSShow = true
-	}
 }
 
 // Server is an inbound connection handler that handles messages in trojan protocol.
@@ -202,35 +193,6 @@ func (s *Server) Process(ctx context.Context, network net.Network, conn internet
 		return s.handleUDPPayload(ctx, &PacketReader{Reader: clientReader}, &PacketWriter{Writer: conn}, dispatcher)
 	}
 
-	// handle tcp request
-	account, ok := user.Account.(*MemoryAccount)
-	if !ok {
-		return newError("user account is not valid")
-	}
-
-	switch clientReader.Flow {
-	case XRO, XRD:
-		if account.Flow == clientReader.Flow {
-			if destination.Address.Family().IsDomain() && destination.Address.Domain() == muxCoolAddress {
-				return newError(clientReader.Flow + " doesn't support Mux").AtWarning()
-			}
-			if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-				xtlsConn.RPRX = true
-				xtlsConn.SHOW = trojanXTLSShow
-				if clientReader.Flow == XRD {
-					xtlsConn.DirectMode = true
-				}
-			} else {
-				return newError(`failed to use ` + clientReader.Flow + `, maybe "security" is not "xtls"`).AtWarning()
-			}
-		} else {
-			return newError("unable to use ", clientReader.Flow).AtWarning()
-		}
-	case "":
-	default:
-		return newError("unsupported flow " + account.Flow).AtWarning()
-	}
-
 	ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
 		From:   conn.RemoteAddr(),
 		To:     destination,
@@ -332,9 +294,6 @@ func (s *Server) fallback(ctx context.Context, sid errors.ExportOption, err erro
 		if tlsConn, ok := iConn.(*tls.Conn); ok {
 			alpn = tlsConn.ConnectionState().NegotiatedProtocol
 			newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
-		} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-			alpn = xtlsConn.ConnectionState().NegotiatedProtocol
-			newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
 		}
 		if apfb[alpn] == nil {
 			alpn = ""

proxy/vless/account.go

@@ -24,7 +24,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 type MemoryAccount struct {
 	// ID of the account.
 	ID *protocol.ID
-	// Flow of the account. May be "xtls-rprx-origin".
+	// Flow of the account.
 	Flow string
 	// Encryption of the account. Used for client connections, and only accepts "none" for now.
 	Encryption string

proxy/vless/account.pb.go

@@ -32,7 +32,7 @@ type Account struct {
 
 	// ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
 	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	// Flow settings. May be "xtls-rprx-origin".
+	// Flow settings.
 	Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
 	// Encryption settings. Only applies to client side, and only accepts "none" for now.
 	Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`

proxy/vless/account.proto

@@ -9,7 +9,7 @@ option java_multiple_files = true;
 message Account {
   // ID of the account, in the form of a UUID, e.g., "66ad4540-b58c-4ad2-9926-ea63445a9b57".
   string id = 1;
-  // Flow settings. May be "xtls-rprx-origin".
+  // Flow settings.
   string flow = 2;
   // Encryption settings. Only applies to client side, and only accepts "none" for now.
   string encryption = 3;

proxy/vless/encoding/addons.go

@@ -9,22 +9,11 @@ import (
 
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/protocol"
-	"v2ray.com/core/proxy/vless"
 )
 
+// EncodeHeaderAddons Add addons byte to the header
 func EncodeHeaderAddons(buffer *buf.Buffer, addons *Addons) error {
 	switch addons.Flow {
-	case vless.XRO, vless.XRD:
-		bytes, err := proto.Marshal(addons)
-		if err != nil {
-			return newError("failed to marshal addons protobuf value").Base(err)
-		}
-		if err := buffer.WriteByte(byte(len(bytes))); err != nil {
-			return newError("failed to write addons protobuf length").Base(err)
-		}
-		if _, err := buffer.Write(bytes); err != nil {
-			return newError("failed to write addons protobuf value").Base(err)
-		}
 	default:
 		if err := buffer.WriteByte(0); err != nil {
 			return newError("failed to write addons protobuf length").Base(err)
@@ -121,13 +110,6 @@ func (w *MultiLengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
 	return w.Writer.WriteMultiBuffer(mb2Write)
 }
 
-func NewLengthPacketWriter(writer io.Writer) *LengthPacketWriter {
-	return &LengthPacketWriter{
-		Writer: writer,
-		cache:  make([]byte, 0, 65536),
-	}
-}
-
 type LengthPacketWriter struct {
 	io.Writer
 	cache []byte
@@ -135,7 +117,6 @@ type LengthPacketWriter struct {
 
 func (w *LengthPacketWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
 	length := mb.Len() // none of mb is nil
-	// fmt.Println("Write", length)
 	if length == 0 {
 		return nil
 	}
@@ -171,7 +152,6 @@ func (r *LengthPacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 		return nil, newError("failed to read packet length").Base(err)
 	}
 	length := int32(r.cache[0])<<8 | int32(r.cache[1])
-	// fmt.Println("Read", length)
 	mb := make(buf.MultiBuffer, 0, length/buf.Size+1)
 	for length > 0 {
 		size := length

proxy/vless/encoding/encoding.go

@@ -5,18 +5,11 @@ package encoding
 //go:generate go run v2ray.com/core/common/errors/errorgen
 
 import (
-	"fmt"
 	"io"
-	"syscall"
-
 	"v2ray.com/core/common/buf"
-	"v2ray.com/core/common/errors"
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/common/protocol"
-	"v2ray.com/core/common/signal"
-	"v2ray.com/core/features/stats"
 	"v2ray.com/core/proxy/vless"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 const (
@@ -173,36 +166,3 @@ func DecodeResponseHeader(reader io.Reader, request *protocol.RequestHeader) (*A
 
 	return responseAddons, nil
 }
-
-func ReadV(reader buf.Reader, writer buf.Writer, timer signal.ActivityUpdater, conn *xtls.Conn, rawConn syscall.RawConn, counter stats.Counter) error {
-	err := func() error {
-		var ct stats.Counter
-		for {
-			if conn.DirectIn {
-				conn.DirectIn = false
-				reader = buf.NewReadVReader(conn.Connection, rawConn)
-				ct = counter
-				if conn.SHOW {
-					fmt.Println(conn.MARK, "ReadV")
-				}
-			}
-			buffer, err := reader.ReadMultiBuffer()
-			if !buffer.IsEmpty() {
-				if ct != nil {
-					ct.Add(int64(buffer.Len()))
-				}
-				timer.Update()
-				if werr := writer.WriteMultiBuffer(buffer); werr != nil {
-					return werr
-				}
-			}
-			if err != nil {
-				return err
-			}
-		}
-	}()
-	if err != nil && errors.Cause(err) != io.EOF {
-		return err
-	}
-	return nil
-}

proxy/vless/inbound/inbound.go

@@ -8,7 +8,6 @@ import (
 	"context"
 	"io"
 	"strconv"
-	"syscall"
 	"time"
 
 	"v2ray.com/core"
@@ -17,7 +16,6 @@ import (
 	"v2ray.com/core/common/errors"
 	"v2ray.com/core/common/log"
 	"v2ray.com/core/common/net"
-	"v2ray.com/core/common/platform"
 	"v2ray.com/core/common/protocol"
 	"v2ray.com/core/common/retry"
 	"v2ray.com/core/common/session"
@@ -27,16 +25,10 @@ import (
 	feature_inbound "v2ray.com/core/features/inbound"
 	"v2ray.com/core/features/policy"
 	"v2ray.com/core/features/routing"
-	"v2ray.com/core/features/stats"
 	"v2ray.com/core/proxy/vless"
 	"v2ray.com/core/proxy/vless/encoding"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
-)
-
-var (
-	xtls_show = false
 )
 
 func init() {
@@ -50,13 +42,6 @@ func init() {
 		}
 		return New(ctx, config.(*Config), dc)
 	}))
-
-	const defaultFlagValue = "NOT_DEFINED_AT_ALL"
-
-	xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue })
-	if xtlsShow == "true" {
-		xtls_show = true
-	}
 }
 
 // Handler is an inbound connection handler that handles messages in VLess protocol.
@@ -194,9 +179,6 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 				if tlsConn, ok := iConn.(*tls.Conn); ok {
 					alpn = tlsConn.ConnectionState().NegotiatedProtocol
 					newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
-				} else if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-					alpn = xtlsConn.ConnectionState().NegotiatedProtocol
-					newError("realAlpn = " + alpn).AtInfo().WriteToLog(sid)
 				}
 				if apfb[alpn] == nil {
 					alpn = ""
@@ -370,44 +352,7 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 	}
 	inbound.User = request.User
 
-	account := request.User.Account.(*vless.MemoryAccount)
-
-	responseAddons := &encoding.Addons{
-		// Flow: requestAddons.Flow,
-	}
-
-	var rawConn syscall.RawConn
-
-	switch requestAddons.Flow {
-	case vless.XRO, vless.XRD:
-		if account.Flow == requestAddons.Flow {
-			switch request.Command {
-			case protocol.RequestCommandMux:
-				return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
-			case protocol.RequestCommandUDP:
-				return newError(requestAddons.Flow + " doesn't support UDP").AtWarning()
-			case protocol.RequestCommandTCP:
-				if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-					xtlsConn.RPRX = true
-					xtlsConn.SHOW = xtls_show
-					xtlsConn.MARK = "XTLS"
-					if requestAddons.Flow == vless.XRD {
-						xtlsConn.DirectMode = true
-						if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
-							rawConn, _ = sc.SyscallConn()
-						}
-					}
-				} else {
-					return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning()
-				}
-			}
-		} else {
-			return newError(account.ID.String() + " is not able to use " + requestAddons.Flow).AtWarning()
-		}
-	case "":
-	default:
-		return newError("unknown request flow " + requestAddons.Flow).AtWarning()
-	}
+	responseAddons := &encoding.Addons{}
 
 	if request.Command != protocol.RequestCommandMux {
 		ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
@@ -438,20 +383,8 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection i
 		// default: clientReader := reader
 		clientReader := encoding.DecodeBodyAddons(reader, request, requestAddons)
 
-		var err error
-
-		if rawConn != nil {
-			var counter stats.Counter
-			if statConn != nil {
-				counter = statConn.ReadCounter
-			}
-			err = encoding.ReadV(clientReader, serverWriter, timer, iConn.(*xtls.Conn), rawConn, counter)
-		} else {
-			// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
-			err = buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer))
-		}
-
-		if err != nil {
+		// from clientReader.ReadMultiBuffer to serverWriter.WriteMultiBufer
+		if err := buf.Copy(clientReader, serverWriter, buf.UpdateActivity(timer)); err != nil {
 			return newError("failed to transfer request payload").Base(err).AtInfo()
 		}
 

proxy/vless/outbound/outbound.go

@@ -6,43 +6,28 @@ package outbound
 
 import (
 	"context"
-	"syscall"
 	"time"
+	"v2ray.com/core/proxy/vless"
 
 	"v2ray.com/core"
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/net"
-	"v2ray.com/core/common/platform"
 	"v2ray.com/core/common/protocol"
 	"v2ray.com/core/common/retry"
 	"v2ray.com/core/common/session"
 	"v2ray.com/core/common/signal"
 	"v2ray.com/core/common/task"
 	"v2ray.com/core/features/policy"
-	"v2ray.com/core/features/stats"
-	"v2ray.com/core/proxy/vless"
 	"v2ray.com/core/proxy/vless/encoding"
 	"v2ray.com/core/transport"
 	"v2ray.com/core/transport/internet"
-	"v2ray.com/core/transport/internet/xtls"
-)
-
-var (
-	xtls_show = false
 )
 
 func init() {
 	common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
 		return New(ctx, config.(*Config))
 	}))
-
-	const defaultFlagValue = "NOT_DEFINED_AT_ALL"
-
-	xtlsShow := platform.NewEnvFlag("v2ray.vless.xtls.show").GetValue(func() string { return defaultFlagValue })
-	if xtlsShow == "true" {
-		xtls_show = true
-	}
 }
 
 // Handler is an outbound connection handler for VLess protocol.
@@ -127,44 +112,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		Flow: account.Flow,
 	}
 
-	var rawConn syscall.RawConn
-
-	allowUDP443 := false
-	switch requestAddons.Flow {
-	case vless.XRO + "-udp443", vless.XRD + "-udp443":
-		allowUDP443 = true
-		requestAddons.Flow = requestAddons.Flow[:16]
-		fallthrough
-	case vless.XRO, vless.XRD:
-		switch request.Command {
-		case protocol.RequestCommandMux:
-			return newError(requestAddons.Flow + " doesn't support Mux").AtWarning()
-		case protocol.RequestCommandUDP:
-			if !allowUDP443 && request.Port == 443 {
-				return newError(requestAddons.Flow + " stopped UDP/443").AtInfo()
-			}
-			requestAddons.Flow = ""
-		case protocol.RequestCommandTCP:
-			if xtlsConn, ok := iConn.(*xtls.Conn); ok {
-				xtlsConn.RPRX = true
-				xtlsConn.SHOW = xtls_show
-				xtlsConn.MARK = "XTLS"
-				if requestAddons.Flow == vless.XRD {
-					xtlsConn.DirectMode = true
-					if sc, ok := xtlsConn.Connection.(syscall.Conn); ok {
-						rawConn, _ = sc.SyscallConn()
-					}
-				}
-			} else {
-				return newError(`failed to use ` + requestAddons.Flow + `, maybe "security" is not "xtls"`).AtWarning()
-			}
-		}
-	default:
-		if _, ok := iConn.(*xtls.Conn); ok {
-			panic(`To avoid misunderstanding, you must fill in VLESS "flow" when using XTLS.`)
-		}
-	}
-
 	sessionPolicy := h.policyManager.ForLevel(request.User.Level)
 	ctx, cancel := context.WithCancel(ctx)
 	timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
@@ -200,6 +147,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		switch requestAddons.Flow {
 		default:
 		}
+
 		return nil
 	}
 
@@ -214,18 +162,8 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		// default: serverReader := buf.NewReader(conn)
 		serverReader := encoding.DecodeBodyAddons(conn, request, responseAddons)
 
-		if rawConn != nil {
-			var counter stats.Counter
-			if statConn != nil {
-				counter = statConn.ReadCounter
-			}
-			err = encoding.ReadV(serverReader, clientWriter, timer, iConn.(*xtls.Conn), rawConn, counter)
-		} else {
-			// from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer
-			err = buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer))
-		}
-
-		if err != nil {
+		// from serverReader.ReadMultiBuffer to clientWriter.WriteMultiBufer
+		if err := buf.Copy(serverReader, clientWriter, buf.UpdateActivity(timer)); err != nil {
 			return newError("failed to transfer response payload").Base(err).AtInfo()
 		}
 

proxy/vless/vless.go

@@ -6,8 +6,3 @@
 package vless
 
 //go:generate go run v2ray.com/core/common/errors/errorgen
-
-const (
-	XRO = "xtls-rprx-origin"
-	XRD = "xtls-rprx-direct"
-)

transport/internet/domainsocket/dial.go

@@ -11,7 +11,6 @@ import (
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (internet.Connection, error) {
@@ -28,8 +27,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil
-	} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil
 	}
 
 	return conn, nil

transport/internet/domainsocket/listener.go

@@ -10,24 +10,21 @@ import (
 	"os"
 	"strings"
 
-	goxtls "github.com/xtls/go"
 	"golang.org/x/sys/unix"
 
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 type Listener struct {
-	addr       *net.UnixAddr
-	ln         net.Listener
-	tlsConfig  *gotls.Config
-	xtlsConfig *goxtls.Config
-	config     *Config
-	addConn    internet.ConnHandler
-	locker     *fileLocker
+	addr      *net.UnixAddr
+	ln        net.Listener
+	tlsConfig *gotls.Config
+	config    *Config
+	addConn   internet.ConnHandler
+	locker    *fileLocker
 }
 
 func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) {
@@ -62,9 +59,6 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		ln.tlsConfig = config.GetTLSConfig()
 	}
-	if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		ln.xtlsConfig = config.GetXTLSConfig()
-	}
 
 	go ln.run()
 
@@ -95,8 +89,6 @@ func (ln *Listener) run() {
 
 		if ln.tlsConfig != nil {
 			conn = tls.Server(conn, ln.tlsConfig)
-		} else if ln.xtlsConfig != nil {
-			conn = xtls.Server(conn, ln.xtlsConfig)
 		}
 
 		ln.addConn(internet.Connection(conn))

transport/internet/kcp/dialer.go

@@ -13,7 +13,6 @@ import (
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 var (
@@ -90,8 +89,6 @@ func DialKCP(ctx context.Context, dest net.Destination, streamSettings *internet
 
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		iConn = tls.Client(iConn, config.GetTLSConfig(tls.WithDestination(dest)))
-	} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		iConn = xtls.Client(iConn, config.GetXTLSConfig(xtls.WithDestination(dest)))
 	}
 
 	return iConn, nil

transport/internet/kcp/listener.go

@@ -8,15 +8,12 @@ import (
 	gotls "crypto/tls"
 	"sync"
 
-	goxtls "github.com/xtls/go"
-
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
 	"v2ray.com/core/transport/internet/udp"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 type ConnectionID struct {
@@ -28,15 +25,14 @@ type ConnectionID struct {
 // Listener defines a server listening for connections
 type Listener struct {
 	sync.Mutex
-	sessions   map[ConnectionID]*Connection
-	hub        *udp.Hub
-	tlsConfig  *gotls.Config
-	xtlsConfig *goxtls.Config
-	config     *Config
-	reader     PacketReader
-	header     internet.PacketHeader
-	security   cipher.AEAD
-	addConn    internet.ConnHandler
+	sessions  map[ConnectionID]*Connection
+	hub       *udp.Hub
+	tlsConfig *gotls.Config
+	config    *Config
+	reader    PacketReader
+	header    internet.PacketHeader
+	security  cipher.AEAD
+	addConn   internet.ConnHandler
 }
 
 func NewListener(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (*Listener, error) {
@@ -64,9 +60,6 @@ func NewListener(ctx context.Context, address net.Address, port net.Port, stream
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		l.tlsConfig = config.GetTLSConfig()
 	}
-	if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		l.xtlsConfig = config.GetXTLSConfig()
-	}
 
 	hub, err := udp.ListenUDP(ctx, address, port, streamSettings, udp.HubCapacity(1024))
 	if err != nil {
@@ -139,8 +132,6 @@ func (l *Listener) OnReceive(payload *buf.Buffer, src net.Destination) {
 		var netConn internet.Connection = conn
 		if l.tlsConfig != nil {
 			netConn = tls.Server(conn, l.tlsConfig)
-		} else if l.xtlsConfig != nil {
-			netConn = xtls.Server(conn, l.xtlsConfig)
 		}
 
 		l.addConn(netConn)

transport/internet/tcp/dialer.go

@@ -10,7 +10,6 @@ import (
 	"v2ray.com/core/common/session"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 // Dial dials a new TCP connection to the given destination.
@@ -31,9 +30,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 			}
 		*/
 		conn = tls.Client(conn, tlsConfig)
-	} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		xtlsConfig := config.GetXTLSConfig(xtls.WithDestination(dest))
-		conn = xtls.Client(conn, xtlsConfig)
 	}
 
 	tcpSettings := streamSettings.ProtocolSettings.(*Config)

transport/internet/tcp/hub.go

@@ -8,21 +8,17 @@ import (
 	"strings"
 	"time"
 
-	goxtls "github.com/xtls/go"
-
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/common/session"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
-	"v2ray.com/core/transport/internet/xtls"
 )
 
 // Listener is an internet.Listener that listens for TCP connections.
 type Listener struct {
 	listener   net.Listener
 	tlsConfig  *gotls.Config
-	xtlsConfig *goxtls.Config
 	authConfig internet.ConnectionAuthenticator
 	config     *Config
 	addConn    internet.ConnHandler
@@ -77,9 +73,6 @@ func ListenTCP(ctx context.Context, address net.Address, port net.Port, streamSe
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		l.tlsConfig = config.GetTLSConfig(tls.WithNextProto("h2"))
 	}
-	if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
-		l.xtlsConfig = config.GetXTLSConfig(xtls.WithNextProto("h2"))
-	}
 
 	if tcpSettings.HeaderSettings != nil {
 		headerConfig, err := tcpSettings.HeaderSettings.GetInstance()
@@ -114,8 +107,6 @@ func (v *Listener) keepAccepting() {
 
 		if v.tlsConfig != nil {
 			conn = tls.Server(conn, v.tlsConfig)
-		} else if v.xtlsConfig != nil {
-			conn = xtls.Server(conn, v.xtlsConfig)
 		}
 		if v.authConfig != nil {
 			conn = v.authConfig.Server(conn)

transport/internet/xtls/config.go

@@ -1,241 +0,0 @@
-// +build !confonly
-
-package xtls
-
-import (
-	"crypto/x509"
-	"sync"
-	"time"
-
-	xtls "github.com/xtls/go"
-
-	"v2ray.com/core/common/net"
-	"v2ray.com/core/common/protocol/tls/cert"
-	"v2ray.com/core/transport/internet"
-)
-
-var (
-	globalSessionCache = xtls.NewLRUClientSessionCache(128)
-)
-
-// ParseCertificate converts a cert.Certificate to Certificate.
-func ParseCertificate(c *cert.Certificate) *Certificate {
-	if c != nil {
-		certPEM, keyPEM := c.ToPEM()
-		return &Certificate{
-			Certificate: certPEM,
-			Key:         keyPEM,
-		}
-	}
-	return nil
-}
-
-func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
-	root := x509.NewCertPool()
-	for _, cert := range c.Certificate {
-		if !root.AppendCertsFromPEM(cert.Certificate) {
-			return nil, newError("failed to append cert").AtWarning()
-		}
-	}
-	return root, nil
-}
-
-// BuildCertificates builds a list of TLS certificates from proto definition.
-func (c *Config) BuildCertificates() []xtls.Certificate {
-	certs := make([]xtls.Certificate, 0, len(c.Certificate))
-	for _, entry := range c.Certificate {
-		if entry.Usage != Certificate_ENCIPHERMENT {
-			continue
-		}
-		keyPair, err := xtls.X509KeyPair(entry.Certificate, entry.Key)
-		if err != nil {
-			newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog()
-			continue
-		}
-		certs = append(certs, keyPair)
-	}
-	return certs
-}
-
-func isCertificateExpired(c *xtls.Certificate) bool {
-	if c.Leaf == nil && len(c.Certificate) > 0 {
-		if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil {
-			c.Leaf = pc
-		}
-	}
-
-	// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
-	return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute))
-}
-
-func issueCertificate(rawCA *Certificate, domain string) (*xtls.Certificate, error) {
-	parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key)
-	if err != nil {
-		return nil, newError("failed to parse raw certificate").Base(err)
-	}
-	newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain))
-	if err != nil {
-		return nil, newError("failed to generate new certificate for ", domain).Base(err)
-	}
-	newCertPEM, newKeyPEM := newCert.ToPEM()
-	cert, err := xtls.X509KeyPair(newCertPEM, newKeyPEM)
-	return &cert, err
-}
-
-func (c *Config) getCustomCA() []*Certificate {
-	certs := make([]*Certificate, 0, len(c.Certificate))
-	for _, certificate := range c.Certificate {
-		if certificate.Usage == Certificate_AUTHORITY_ISSUE {
-			certs = append(certs, certificate)
-		}
-	}
-	return certs
-}
-
-func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
-	var access sync.RWMutex
-
-	return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
-		domain := hello.ServerName
-		certExpired := false
-
-		access.RLock()
-		certificate, found := c.NameToCertificate[domain]
-		access.RUnlock()
-
-		if found {
-			if !isCertificateExpired(certificate) {
-				return certificate, nil
-			}
-			certExpired = true
-		}
-
-		if certExpired {
-			newCerts := make([]xtls.Certificate, 0, len(c.Certificates))
-
-			access.Lock()
-			for _, certificate := range c.Certificates {
-				if !isCertificateExpired(&certificate) {
-					newCerts = append(newCerts, certificate)
-				}
-			}
-
-			c.Certificates = newCerts
-			access.Unlock()
-		}
-
-		var issuedCertificate *xtls.Certificate
-
-		// Create a new certificate from existing CA if possible
-		for _, rawCert := range ca {
-			if rawCert.Usage == Certificate_AUTHORITY_ISSUE {
-				newCert, err := issueCertificate(rawCert, domain)
-				if err != nil {
-					newError("failed to issue new certificate for ", domain).Base(err).WriteToLog()
-					continue
-				}
-
-				access.Lock()
-				c.Certificates = append(c.Certificates, *newCert)
-				issuedCertificate = &c.Certificates[len(c.Certificates)-1]
-				access.Unlock()
-				break
-			}
-		}
-
-		if issuedCertificate == nil {
-			return nil, newError("failed to create a new certificate for ", domain)
-		}
-
-		access.Lock()
-		c.BuildNameToCertificate()
-		access.Unlock()
-
-		return issuedCertificate, nil
-	}
-}
-
-func (c *Config) parseServerName() string {
-	return c.ServerName
-}
-
-// GetXTLSConfig converts this Config into xtls.Config.
-func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
-	root, err := c.getCertPool()
-	if err != nil {
-		newError("failed to load system root certificate").AtError().Base(err).WriteToLog()
-	}
-
-	if c == nil {
-		return &xtls.Config{
-			ClientSessionCache:     globalSessionCache,
-			RootCAs:                root,
-			InsecureSkipVerify:     false,
-			NextProtos:             nil,
-			SessionTicketsDisabled: false,
-		}
-	}
-
-	config := &xtls.Config{
-		ClientSessionCache:     globalSessionCache,
-		RootCAs:                root,
-		InsecureSkipVerify:     c.AllowInsecure,
-		NextProtos:             c.NextProtocol,
-		SessionTicketsDisabled: c.DisableSessionResumption,
-	}
-
-	for _, opt := range opts {
-		opt(config)
-	}
-
-	config.Certificates = c.BuildCertificates()
-	config.BuildNameToCertificate()
-
-	caCerts := c.getCustomCA()
-	if len(caCerts) > 0 {
-		config.GetCertificate = getGetCertificateFunc(config, caCerts)
-	}
-
-	if sn := c.parseServerName(); len(sn) > 0 {
-		config.ServerName = sn
-	}
-
-	if len(config.NextProtos) == 0 {
-		config.NextProtos = []string{"h2", "http/1.1"}
-	}
-
-	return config
-}
-
-// Option for building XTLS config.
-type Option func(*xtls.Config)
-
-// WithDestination sets the server name in XTLS config.
-func WithDestination(dest net.Destination) Option {
-	return func(config *xtls.Config) {
-		if dest.Address.Family().IsDomain() && config.ServerName == "" {
-			config.ServerName = dest.Address.Domain()
-		}
-	}
-}
-
-// WithNextProto sets the ALPN values in XTLS config.
-func WithNextProto(protocol ...string) Option {
-	return func(config *xtls.Config) {
-		if len(config.NextProtos) == 0 {
-			config.NextProtos = protocol
-		}
-	}
-}
-
-// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.
-func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config {
-	if settings == nil {
-		return nil
-	}
-	config, ok := settings.SecuritySettings.(*Config)
-	if !ok {
-		return nil
-	}
-	return config
-}

transport/internet/xtls/config.pb.go

@@ -1,379 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.25.0
-// 	protoc        v3.13.0
-// source: transport/internet/xtls/config.proto
-
-package xtls
-
-import (
-	proto "github.com/golang/protobuf/proto"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// This is a compile-time assertion that a sufficiently up-to-date version
-// of the legacy proto package is being used.
-const _ = proto.ProtoPackageIsVersion4
-
-type Certificate_Usage int32
-
-const (
-	Certificate_ENCIPHERMENT     Certificate_Usage = 0
-	Certificate_AUTHORITY_VERIFY Certificate_Usage = 1
-	Certificate_AUTHORITY_ISSUE  Certificate_Usage = 2
-)
-
-// Enum value maps for Certificate_Usage.
-var (
-	Certificate_Usage_name = map[int32]string{
-		0: "ENCIPHERMENT",
-		1: "AUTHORITY_VERIFY",
-		2: "AUTHORITY_ISSUE",
-	}
-	Certificate_Usage_value = map[string]int32{
-		"ENCIPHERMENT":     0,
-		"AUTHORITY_VERIFY": 1,
-		"AUTHORITY_ISSUE":  2,
-	}
-)
-
-func (x Certificate_Usage) Enum() *Certificate_Usage {
-	p := new(Certificate_Usage)
-	*p = x
-	return p
-}
-
-func (x Certificate_Usage) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor {
-	return file_transport_internet_xtls_config_proto_enumTypes[0].Descriptor()
-}
-
-func (Certificate_Usage) Type() protoreflect.EnumType {
-	return &file_transport_internet_xtls_config_proto_enumTypes[0]
-}
-
-func (x Certificate_Usage) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Certificate_Usage.Descriptor instead.
-func (Certificate_Usage) EnumDescriptor() ([]byte, []int) {
-	return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0, 0}
-}
-
-type Certificate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// XTLS certificate in x509 format.
-	Certificate []byte `protobuf:"bytes,1,opt,name=Certificate,proto3" json:"Certificate,omitempty"`
-	// XTLS key in x509 format.
-	Key   []byte            `protobuf:"bytes,2,opt,name=Key,proto3" json:"Key,omitempty"`
-	Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=v2ray.core.transport.internet.xtls.Certificate_Usage" json:"usage,omitempty"`
-}
-
-func (x *Certificate) Reset() {
-	*x = Certificate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_transport_internet_xtls_config_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Certificate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Certificate) ProtoMessage() {}
-
-func (x *Certificate) ProtoReflect() protoreflect.Message {
-	mi := &file_transport_internet_xtls_config_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
-func (*Certificate) Descriptor() ([]byte, []int) {
-	return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Certificate) GetCertificate() []byte {
-	if x != nil {
-		return x.Certificate
-	}
-	return nil
-}
-
-func (x *Certificate) GetKey() []byte {
-	if x != nil {
-		return x.Key
-	}
-	return nil
-}
-
-func (x *Certificate) GetUsage() Certificate_Usage {
-	if x != nil {
-		return x.Usage
-	}
-	return Certificate_ENCIPHERMENT
-}
-
-type Config struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Whether or not to allow self-signed certificates.
-	AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
-	// Whether or not to allow insecure cipher suites.
-	AllowInsecureCiphers bool `protobuf:"varint,5,opt,name=allow_insecure_ciphers,json=allowInsecureCiphers,proto3" json:"allow_insecure_ciphers,omitempty"`
-	// List of certificates to be served on server.
-	Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
-	// Override server name.
-	ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
-	// Lists of string as ALPN values.
-	NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
-	// Whether or not to disable session (ticket) resumption.
-	DisableSessionResumption bool `protobuf:"varint,6,opt,name=disable_session_resumption,json=disableSessionResumption,proto3" json:"disable_session_resumption,omitempty"`
-	// If true, root certificates on the system will not be loaded for
-	// verification.
-	DisableSystemRoot bool `protobuf:"varint,7,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
-}
-
-func (x *Config) Reset() {
-	*x = Config{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_transport_internet_xtls_config_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Config) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Config) ProtoMessage() {}
-
-func (x *Config) ProtoReflect() protoreflect.Message {
-	mi := &file_transport_internet_xtls_config_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Config.ProtoReflect.Descriptor instead.
-func (*Config) Descriptor() ([]byte, []int) {
-	return file_transport_internet_xtls_config_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *Config) GetAllowInsecure() bool {
-	if x != nil {
-		return x.AllowInsecure
-	}
-	return false
-}
-
-func (x *Config) GetAllowInsecureCiphers() bool {
-	if x != nil {
-		return x.AllowInsecureCiphers
-	}
-	return false
-}
-
-func (x *Config) GetCertificate() []*Certificate {
-	if x != nil {
-		return x.Certificate
-	}
-	return nil
-}
-
-func (x *Config) GetServerName() string {
-	if x != nil {
-		return x.ServerName
-	}
-	return ""
-}
-
-func (x *Config) GetNextProtocol() []string {
-	if x != nil {
-		return x.NextProtocol
-	}
-	return nil
-}
-
-func (x *Config) GetDisableSessionResumption() bool {
-	if x != nil {
-		return x.DisableSessionResumption
-	}
-	return false
-}
-
-func (x *Config) GetDisableSystemRoot() bool {
-	if x != nil {
-		return x.DisableSystemRoot
-	}
-	return false
-}
-
-var File_transport_internet_xtls_config_proto protoreflect.FileDescriptor
-
-var file_transport_internet_xtls_config_proto_rawDesc = []byte{
-	0x0a, 0x24, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x65, 0x74, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x22, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x0b, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03,
-	0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x4b,
-	0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e,
-	0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73,
-	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74,
-	0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x55,
-	0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x22, 0x44, 0x0a, 0x05, 0x55,
-	0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x4e, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52,
-	0x4d, 0x45, 0x4e, 0x54, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x48, 0x4f, 0x52,
-	0x49, 0x54, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f,
-	0x41, 0x55, 0x54, 0x48, 0x4f, 0x52, 0x49, 0x54, 0x59, 0x5f, 0x49, 0x53, 0x53, 0x55, 0x45, 0x10,
-	0x02, 0x22, 0xec, 0x02, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0e,
-	0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63,
-	0x75, 0x72, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6e, 0x73,
-	0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75,
-	0x72, 0x65, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x0b, 0x63, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f,
-	0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e,
-	0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78,
-	0x74, 0x6c, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
-	0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a,
-	0x0d, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
-	0x6f, 0x6c, 0x12, 0x3c, 0x0a, 0x1a, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x65,
-	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53,
-	0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x2e, 0x0a, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x79, 0x73, 0x74,
-	0x65, 0x6d, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x64,
-	0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x52, 0x6f, 0x6f, 0x74,
-	0x42, 0x77, 0x0a, 0x26, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x6e, 0x65, 0x74, 0x2e, 0x78, 0x74, 0x6c, 0x73, 0x50, 0x01, 0x5a, 0x26, 0x76, 0x32,
-	0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2f,
-	0x78, 0x74, 0x6c, 0x73, 0xaa, 0x02, 0x22, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72,
-	0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65,
-	0x72, 0x6e, 0x65, 0x74, 0x2e, 0x58, 0x74, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
-}
-
-var (
-	file_transport_internet_xtls_config_proto_rawDescOnce sync.Once
-	file_transport_internet_xtls_config_proto_rawDescData = file_transport_internet_xtls_config_proto_rawDesc
-)
-
-func file_transport_internet_xtls_config_proto_rawDescGZIP() []byte {
-	file_transport_internet_xtls_config_proto_rawDescOnce.Do(func() {
-		file_transport_internet_xtls_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_transport_internet_xtls_config_proto_rawDescData)
-	})
-	return file_transport_internet_xtls_config_proto_rawDescData
-}
-
-var file_transport_internet_xtls_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_transport_internet_xtls_config_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_transport_internet_xtls_config_proto_goTypes = []interface{}{
-	(Certificate_Usage)(0), // 0: v2ray.core.transport.internet.xtls.Certificate.Usage
-	(*Certificate)(nil),    // 1: v2ray.core.transport.internet.xtls.Certificate
-	(*Config)(nil),         // 2: v2ray.core.transport.internet.xtls.Config
-}
-var file_transport_internet_xtls_config_proto_depIdxs = []int32{
-	0, // 0: v2ray.core.transport.internet.xtls.Certificate.usage:type_name -> v2ray.core.transport.internet.xtls.Certificate.Usage
-	1, // 1: v2ray.core.transport.internet.xtls.Config.certificate:type_name -> v2ray.core.transport.internet.xtls.Certificate
-	2, // [2:2] is the sub-list for method output_type
-	2, // [2:2] is the sub-list for method input_type
-	2, // [2:2] is the sub-list for extension type_name
-	2, // [2:2] is the sub-list for extension extendee
-	0, // [0:2] is the sub-list for field type_name
-}
-
-func init() { file_transport_internet_xtls_config_proto_init() }
-func file_transport_internet_xtls_config_proto_init() {
-	if File_transport_internet_xtls_config_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_transport_internet_xtls_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Certificate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_transport_internet_xtls_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Config); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_transport_internet_xtls_config_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_transport_internet_xtls_config_proto_goTypes,
-		DependencyIndexes: file_transport_internet_xtls_config_proto_depIdxs,
-		EnumInfos:         file_transport_internet_xtls_config_proto_enumTypes,
-		MessageInfos:      file_transport_internet_xtls_config_proto_msgTypes,
-	}.Build()
-	File_transport_internet_xtls_config_proto = out.File
-	file_transport_internet_xtls_config_proto_rawDesc = nil
-	file_transport_internet_xtls_config_proto_goTypes = nil
-	file_transport_internet_xtls_config_proto_depIdxs = nil
-}

transport/internet/xtls/config.proto

@@ -1,47 +0,0 @@
-syntax = "proto3";
-
-package v2ray.core.transport.internet.xtls;
-option csharp_namespace = "V2Ray.Core.Transport.Internet.Xtls";
-option go_package = "v2ray.com/core/transport/internet/xtls";
-option java_package = "com.v2ray.core.transport.internet.xtls";
-option java_multiple_files = true;
-
-message Certificate {
-  // XTLS certificate in x509 format.
-  bytes Certificate = 1;
-
-  // XTLS key in x509 format.
-  bytes Key = 2;
-
-  enum Usage {
-    ENCIPHERMENT = 0;
-    AUTHORITY_VERIFY = 1;
-    AUTHORITY_ISSUE = 2;
-  }
-
-  Usage usage = 3;
-}
-
-message Config {
-  // Whether or not to allow self-signed certificates.
-  bool allow_insecure = 1;
-
-  // Whether or not to allow insecure cipher suites.
-  bool allow_insecure_ciphers = 5;
-
-  // List of certificates to be served on server.
-  repeated Certificate certificate = 2;
-
-  // Override server name.
-  string server_name = 3;
-
-  // Lists of string as ALPN values.
-  repeated string next_protocol = 4;
-
-  // Whether or not to disable session (ticket) resumption.
-  bool disable_session_resumption = 6;
-
-  // If true, root certificates on the system will not be loaded for
-  // verification.
-  bool disable_system_root = 7;
-}

transport/internet/xtls/config_other.go

@@ -1,53 +0,0 @@
-// +build !windows
-// +build !confonly
-
-package xtls
-
-import (
-	"crypto/x509"
-	"sync"
-)
-
-type rootCertsCache struct {
-	sync.Mutex
-	pool *x509.CertPool
-}
-
-func (c *rootCertsCache) load() (*x509.CertPool, error) {
-	c.Lock()
-	defer c.Unlock()
-
-	if c.pool != nil {
-		return c.pool, nil
-	}
-
-	pool, err := x509.SystemCertPool()
-	if err != nil {
-		return nil, err
-	}
-	c.pool = pool
-	return pool, nil
-}
-
-var rootCerts rootCertsCache
-
-func (c *Config) getCertPool() (*x509.CertPool, error) {
-	if c.DisableSystemRoot {
-		return c.loadSelfCertPool()
-	}
-
-	if len(c.Certificate) == 0 {
-		return rootCerts.load()
-	}
-
-	pool, err := x509.SystemCertPool()
-	if err != nil {
-		return nil, newError("system root").AtWarning().Base(err)
-	}
-	for _, cert := range c.Certificate {
-		if !pool.AppendCertsFromPEM(cert.Certificate) {
-			return nil, newError("append cert to root").AtWarning().Base(err)
-		}
-	}
-	return pool, err
-}

transport/internet/xtls/config_test.go

@@ -1,100 +0,0 @@
-package xtls_test
-
-import (
-	"crypto/x509"
-	"testing"
-	"time"
-
-	xtls "github.com/xtls/go"
-
-	"v2ray.com/core/common"
-	"v2ray.com/core/common/protocol/tls/cert"
-	. "v2ray.com/core/transport/internet/xtls"
-)
-
-func TestCertificateIssuing(t *testing.T) {
-	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
-	certificate.Usage = Certificate_AUTHORITY_ISSUE
-
-	c := &Config{
-		Certificate: []*Certificate{
-			certificate,
-		},
-	}
-
-	xtlsConfig := c.GetXTLSConfig()
-	v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
-		ServerName: "www.v2fly.org",
-	})
-	common.Must(err)
-
-	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
-	common.Must(err)
-	if !x509Cert.NotAfter.After(time.Now()) {
-		t.Error("NotAfter: ", x509Cert.NotAfter)
-	}
-}
-
-func TestExpiredCertificate(t *testing.T) {
-	caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
-	expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org"))
-
-	certificate := ParseCertificate(caCert)
-	certificate.Usage = Certificate_AUTHORITY_ISSUE
-
-	certificate2 := ParseCertificate(expiredCert)
-
-	c := &Config{
-		Certificate: []*Certificate{
-			certificate,
-			certificate2,
-		},
-	}
-
-	xtlsConfig := c.GetXTLSConfig()
-	v2rayCert, err := xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
-		ServerName: "www.v2fly.org",
-	})
-	common.Must(err)
-
-	x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0])
-	common.Must(err)
-	if !x509Cert.NotAfter.After(time.Now()) {
-		t.Error("NotAfter: ", x509Cert.NotAfter)
-	}
-}
-
-func TestInsecureCertificates(t *testing.T) {
-	c := &Config{
-		AllowInsecureCiphers: true,
-	}
-
-	xtlsConfig := c.GetXTLSConfig()
-	if len(xtlsConfig.CipherSuites) > 0 {
-		t.Fatal("Unexpected tls cipher suites list: ", xtlsConfig.CipherSuites)
-	}
-}
-
-func BenchmarkCertificateIssuing(b *testing.B) {
-	certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
-	certificate.Usage = Certificate_AUTHORITY_ISSUE
-
-	c := &Config{
-		Certificate: []*Certificate{
-			certificate,
-		},
-	}
-
-	xtlsConfig := c.GetXTLSConfig()
-	lenCerts := len(xtlsConfig.Certificates)
-
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		_, _ = xtlsConfig.GetCertificate(&xtls.ClientHelloInfo{
-			ServerName: "www.v2fly.org",
-		})
-		delete(xtlsConfig.NameToCertificate, "www.v2fly.org")
-		xtlsConfig.Certificates = xtlsConfig.Certificates[:lenCerts]
-	}
-}

transport/internet/xtls/config_windows.go

@@ -1,14 +0,0 @@
-// +build windows
-// +build !confonly
-
-package xtls
-
-import "crypto/x509"
-
-func (c *Config) getCertPool() (*x509.CertPool, error) {
-	if c.DisableSystemRoot {
-		return c.loadSelfCertPool()
-	}
-
-	return nil, nil
-}

transport/internet/xtls/errors.generated.go

@@ -1,9 +0,0 @@
-package xtls
-
-import "v2ray.com/core/common/errors"
-
-type errPathObjHolder struct{}
-
-func newError(values ...interface{}) *errors.Error {
-	return errors.New(values...).WithPathObj(errPathObjHolder{})
-}

transport/internet/xtls/xtls.go

@@ -1,38 +0,0 @@
-// +build !confonly
-
-package xtls
-
-import (
-	xtls "github.com/xtls/go"
-
-	"v2ray.com/core/common/net"
-)
-
-//go:generate go run v2ray.com/core/common/errors/errorgen
-
-type Conn struct {
-	*xtls.Conn
-}
-
-func (c *Conn) HandshakeAddress() net.Address {
-	if err := c.Handshake(); err != nil {
-		return nil
-	}
-	state := c.ConnectionState()
-	if state.ServerName == "" {
-		return nil
-	}
-	return net.ParseAddress(state.ServerName)
-}
-
-// Client initiates a XTLS client handshake on the given connection.
-func Client(c net.Conn, config *xtls.Config) net.Conn {
-	xtlsConn := xtls.Client(c, config)
-	return &Conn{Conn: xtlsConn}
-}
-
-// Server initiates a XTLS server handshake on the given connection.
-func Server(c net.Conn, config *xtls.Config) net.Conn {
-	xtlsConn := xtls.Server(c, config)
-	return &Conn{Conn: xtlsConn}
-}