v2rayN icon indicating copy to clipboard operation
v2rayN copied to clipboard

Published 20 hours ago verified publisher icon 2dust

[Bug]: connect retry rate control mechanism when settings are incorrect

Open free-the-internet opened this issue 2 years ago • 4 comments

预期情况

Decrease the rate of retrying to opening a connection (similar what TCP has)

实际情况

When a setting is incorrect (or mistaken) in client side, e.g. www in address of SNI field, the client makes too many attempts to open the connection session to the server (probably as many times as there are application packets to send out). I don't know how much is the interval for these retries, but it is less than a second based on packet generation rate by applications.

Since this behavior normally does not happen with TLS in browsers, it may reveal the V2ray traffic.

I would suggest to create at least an option to set the interval to a fixed value (static), or follow a common algorithm like the exponential formula that TCP SYN use to retry and timeout assumption. In fact the V2ray client should drop the outgoing packet and do not try to open a handshake session for each of them. It should implement a mechanism to delay connection opening as a consequence of previous handshake failure.

This is just a suggestion, and not a solution because it must be confirmed by developers who has complete knowledge of the V2ray architecture.

复现方法

Entering incorrect values for server information on client side

日志信息

Configuration successful
[] [VMess] svr1(*****:443)
Start service (11/1/2022 10:54:50 PM)...
Xray 1.5.5 (Xray, Penetrates Everything.) Custom (go1.18.1 windows/amd64)
A unified platform for anti-censorship.
2022/11/01 22:54:50 [Info] infra/conf/serial: Reading config: C:\Users\USER\Downloads\v2rayN-Core\v2rayN-Core\config.json
2022/11/01 22:54:50 [Warning] core: Xray 1.5.5 started
2022/11/01 22:54:59 tcp:127.0.0.1:55374 accepted tcp:34.120.208.123:443 [socks -> block]
2022/11/01 22:54:59 tcp:127.0.0.1:55375 accepted tcp:172.217.168.238:443 [socks -> proxy]
2022/11/01 22:54:59 tcp:127.0.0.1:55377 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:54:59 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:00 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:00 tcp:127.0.0.1:55379 accepted tcp:34.117.237.239:443 [socks -> proxy]
2022/11/01 22:55:00 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:01 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:01 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:02 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:03 [Warning] [2293283066] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:03 [Warning] [2217300728] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:03 tcp:127.0.0.1:55385 accepted tcp:34.120.208.123:443 [socks -> block]
2022/11/01 22:55:03 tcp:127.0.0.1:55386 accepted tcp:34.120.208.123:443 [socks -> block]
2022/11/01 22:55:03 tcp:127.0.0.1:55387 accepted tcp:34.120.208.123:443 [socks -> block]
2022/11/01 22:55:03 tcp:127.0.0.1:55388 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:03 tcp:127.0.0.1:55389 accepted tcp:34.120.208.123:443 [socks -> block]
2022/11/01 22:55:03 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:03 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:04 [Warning] [3341109084] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:04 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:04 tcp:127.0.0.1:55392 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:04 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:05 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:05 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:06 [Warning] [3914450930] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:06 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:07 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:08 [Warning] [1748966498] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:08 tcp:127.0.0.1:55399 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:08 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:09 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:09 tcp:127.0.0.1:55402 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:09 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:10 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:10 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:11 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:12 [Warning] [631072751] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:12 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:13 [Warning] [1818506008] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:13 tcp:127.0.0.1:55408 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:13 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:14 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:14 tcp:127.0.0.1:55412 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:14 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:15 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:15 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:16 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:16 [Warning] [2007727019] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:17 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:18 [Warning] [4174223309] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:18 tcp:127.0.0.1:55417 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:18 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:19 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:19 tcp:127.0.0.1:55421 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:19 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:20 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:20 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:21 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:22 [Warning] [3923019710] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:22 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:23 [Warning] [2289628870] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/http: failed to dial to tcp:DOMAIN.COM:443 > Put "https://DOMAIN.COM:443/": x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM] > common/retry: all retry attempts failed
2022/11/01 22:55:23 tcp:127.0.0.1:55426 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:23 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:23 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:24 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:24 tcp:127.0.0.1:55430 accepted tcp:34.107.221.82:80 [socks -> proxy]
2022/11/01 22:55:24 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:25 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM
2022/11/01 22:55:26 [Error] transport/internet/http: failed to dial to DOMAIN.COM:443 > x509: certificate is valid for www.DOMAIN.COM, not DOMAIN.COM

额外信息

No response

我确认已更新至最新版本

  • [X] 是

我确认已查询历史issues

  • [X] 是

free-the-internet avatar Nov 01 '22 22:11 free-the-internet

why do you provide the issue in english...

macarthor avatar Nov 03 '22 01:11 macarthor

why do you provide the issue in english...

I don't know any other language. BTW, the important thing is that I reported this. Hope developers see it.

free-the-internet avatar Nov 03 '22 10:11 free-the-internet

why do you provide the issue in english...

I don't know any other language. BTW, the important thing is that I reported this. Hope developers see it.

well i've been thinking only chinese need this software...

macarthor avatar Nov 04 '22 00:11 macarthor

why do you provide the issue in english...

I don't know any other language. BTW, the important thing is that I reported this. Hope developers see it.

well i've been thinking only chinese need this software...

Unfortunately in Iran, people also faced something similar to Chinese FW, so they started to use this software as all other VPN and VPN tools are blocked.

free-the-internet avatar Nov 05 '22 09:11 free-the-internet