TLS : tls spoofing

infra/conf/transport_internet.go

@@ -27,6 +27,7 @@ import (
 	"github.com/xtls/xray-core/transport/internet/finalmask/mkcp/header"
 	"github.com/xtls/xray-core/transport/internet/finalmask/mkcp/original"
 	"github.com/xtls/xray-core/transport/internet/finalmask/noise"
+	"github.com/xtls/xray-core/transport/internet/finalmask/rawpacket"
 	"github.com/xtls/xray-core/transport/internet/finalmask/realm"
 	"github.com/xtls/xray-core/transport/internet/finalmask/salamander"
 	finalsudoku "github.com/xtls/xray-core/transport/internet/finalmask/sudoku"
@@ -972,6 +973,8 @@ func (p TransportProtocol) Build() (string, error) {
 	switch strings.ToLower(string(p)) {
 	case "raw", "tcp":
 		return "tcp", nil
+	case "rawpacket":
+		return "rawpacket", nil
 	case "xhttp", "splithttp":
 		return "splithttp", nil
 	case "kcp", "mkcp":
@@ -1213,6 +1216,7 @@ var (
 	tcpmaskLoader = NewJSONConfigLoader(ConfigCreatorCache{
 		"header-custom": func() interface{} { return new(HeaderCustomTCP) },
 		"fragment":      func() interface{} { return new(FragmentMask) },
+		"rawpacket":     func() interface{} { return new(RawpacketMask) },
 		"sudoku":        func() interface{} { return new(Sudoku) },
 	}, "type", "settings")
 
@@ -1417,6 +1421,49 @@ func (c *FragmentMask) Build() (proto.Message, error) {
 	return config, nil
 }
 
+type RawpacketMask struct {
+	Mode          string   `json:"mode"`
+	RemoteAddress string   `json:"remoteAddress"`
+	RemotePort    uint16   `json:"remotePort"`
+	RecvPort      uint16   `json:"recvPort"`
+	SpoofIPs      []string `json:"spoofIPs"`
+	Protocols     []string `json:"protocols"`
+	MTU           uint16   `json:"mtu"`
+	Target        string   `json:"target"`
+	TTL           uint8    `json:"ttl"`
+	SendTransport string   `json:"sendTransport"`
+	RecvTransport string   `json:"recvTransport"`
+	RelayAddress  string   `json:"relayAddress"`
+	RelayPort     uint16   `json:"relayPort"`
+	ClientIP      string   `json:"clientIP"`
+	ClientPort    uint16   `json:"clientPort"`
+	PeerSpoofIP   string   `json:"peerSpoofIP"`
+	SpoofPort     uint16   `json:"spoofPort"`
+}
+
+func (c *RawpacketMask) Build() (proto.Message, error) {
+	config := &rawpacket.Config{
+		Mode:          c.Mode,
+		RemoteAddress: c.RemoteAddress,
+		RemotePort:    uint32(c.RemotePort),
+		RecvPort:      uint32(c.RecvPort),
+		SpoofIps:      c.SpoofIPs,
+		Protocols:     c.Protocols,
+		Mtu:           uint32(c.MTU),
+		Target:        c.Target,
+		Ttl:           uint32(c.TTL),
+		SendTransport: c.SendTransport,
+		RecvTransport: c.RecvTransport,
+		RelayAddress:  c.RelayAddress,
+		RelayPort:     uint32(c.RelayPort),
+		ClientIp:      c.ClientIP,
+		ClientPort:    uint32(c.ClientPort),
+		PeerSpoofIp:   c.PeerSpoofIP,
+		SpoofPort:     uint32(c.SpoofPort),
+	}
+	return config, nil
+}
+
 type NoiseItem struct {
 	Rand      Int32Range      `json:"rand"`
 	RandRange *Int32Range     `json:"randRange"`
@@ -1986,6 +2033,7 @@ type StreamConfig struct {
 	Network             *TransportProtocol `json:"network"`
 	Security            string             `json:"security"`
 	FinalMask           *FinalMask         `json:"finalmask"`
+	RawpacketSettings   *RawpacketMask     `json:"rawpacketSettings"`
 	TLSSettings         *TLSConfig         `json:"tlsSettings"`
 	REALITYSettings     *REALITYConfig     `json:"realitySettings"`
 	RAWSettings         *TCPConfig         `json:"rawSettings"`
@@ -2117,6 +2165,16 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 			Settings:     serial.ToTypedMessage(hs),
 		})
 	}
+	if c.RawpacketSettings != nil {
+		rs, err := c.RawpacketSettings.Build()
+		if err != nil {
+			return nil, errors.New("Failed to build rawpacket config.").Base(err)
+		}
+		config.TransportSettings = append(config.TransportSettings, &internet.TransportConfig{
+			ProtocolName: "rawpacket",
+			Settings:     serial.ToTypedMessage(rs),
+		})
+	}
 	if c.HysteriaSettings != nil {
 		hs, err := c.HysteriaSettings.Build()
 		if err != nil {

transport/internet/finalmask/rawpacket/config.go

@@ -0,0 +1,56 @@
+package rawpacket
+
+import (
+	"fmt"
+	"net/netip"
+	"strings"
+)
+
+const (
+	ProtocolTCP    uint8 = 6
+	ProtocolICMP   uint8 = 1
+	ProtocolICMPv6 uint8 = 58
+	ProtocolUDP    uint8 = 17
+)
+
+func ParseProtocol(s string) (uint8, error) {
+	switch strings.ToLower(s) {
+	case "tcp":
+		return ProtocolTCP, nil
+	case "icmp":
+		return ProtocolICMP, nil
+	case "icmpv6":
+		return ProtocolICMPv6, nil
+	case "udp":
+		return ProtocolUDP, nil
+	default:
+		return 0, fmt.Errorf("rawpacket: unknown protocol: %s", s)
+	}
+}
+
+func ParseIPs(ss []string) ([]netip.Addr, error) {
+	var out []netip.Addr
+	for _, s := range ss {
+		ip, err := netip.ParseAddr(s)
+		if err != nil {
+			return nil, fmt.Errorf("rawpacket: invalid spoof IP %q: %w", s, err)
+		}
+		out = append(out, ip.Unmap())
+	}
+	return out, nil
+}
+
+type RelayConfig struct {
+	ListenPort      uint16
+	ForwardAddr     string
+	ForwardTransport string // "tcp" (Xray) or "udp" (reference, default)
+	ClientIP        netip.Addr
+	ClientPort      uint16
+	SpoofIP         netip.Addr // single fallback
+	SpoofIPs        []string
+	SpoofPort       uint16
+	PeerSpoofIP     netip.Addr
+	SendTransport   string
+	RecvTransport   string
+	icmpSuppressed  bool
+}