fix: allow use vision on vless encryption over ws

Author: wwqgtxx

adapter/outbound/vless.go

@@ -64,7 +64,6 @@ type VlessOption struct {
 	HTTP2Opts         HTTP2Options      `proxy:"h2-opts,omitempty"`
 	GrpcOpts          GrpcOptions       `proxy:"grpc-opts,omitempty"`
 	WSOpts            WSOptions         `proxy:"ws-opts,omitempty"`
-	WSPath            string            `proxy:"ws-path,omitempty"`
 	WSHeaders         map[string]string `proxy:"ws-headers,omitempty"`
 	SkipCertVerify    bool              `proxy:"skip-cert-verify,omitempty"`
 	Fingerprint       string            `proxy:"fingerprint,omitempty"`
@@ -407,7 +406,7 @@ func parseVlessAddr(metadata *C.Metadata, xudp bool) *vless.DstAddr {
 
 func NewVless(option VlessOption) (*Vless, error) {
 	var addons *vless.Addons
-	if option.Network != "ws" && len(option.Flow) >= 16 {
+	if len(option.Flow) >= 16 {
 		option.Flow = option.Flow[:16]
 		if option.Flow != vless.XRV {
 			return nil, fmt.Errorf("unsupported xtls flow type: %s", option.Flow)

listener/inbound/vless_test.go

@@ -120,17 +120,46 @@ func TestInboundVless_Encryption(t *testing.T) {
 			for i := range paddings {
 				padding := paddings[i].data
 				t.Run(paddings[i].name, func(t *testing.T) {
+					t.Parallel()
 					inboundOptions := inbound.VlessOption{
 						Decryption: "mlkem768x25519plus." + mode + ".600s." + padding + privateKeyBase64 + "." + seedBase64,
 					}
 					outboundOptions := outbound.VlessOption{
 						Encryption: "mlkem768x25519plus." + mode + ".0rtt." + padding + passwordBase64 + "." + clientBase64,
 					}
-					testInboundVless(t, inboundOptions, outboundOptions)
-					t.Run("xtls-rprx-vision", func(t *testing.T) {
+					t.Run("raw", func(t *testing.T) {
+						testInboundVless(t, inboundOptions, outboundOptions)
+						t.Run("xtls-rprx-vision", func(t *testing.T) {
+							outboundOptions := outboundOptions
+							outboundOptions.Flow = "xtls-rprx-vision"
+							testInboundVless(t, inboundOptions, outboundOptions)
+						})
+					})
+					t.Run("ws", func(t *testing.T) {
+						inboundOptions := inboundOptions
+						inboundOptions.WsPath = "/ws"
 						outboundOptions := outboundOptions
-						outboundOptions.Flow = "xtls-rprx-vision"
+						outboundOptions.Network = "ws"
+						outboundOptions.WSOpts = outbound.WSOptions{Path: "/ws"}
 						testInboundVless(t, inboundOptions, outboundOptions)
+						t.Run("xtls-rprx-vision", func(t *testing.T) {
+							outboundOptions := outboundOptions
+							outboundOptions.Flow = "xtls-rprx-vision"
+							testInboundVless(t, inboundOptions, outboundOptions)
+						})
+					})
+					t.Run("grpc", func(t *testing.T) {
+						inboundOptions := inboundOptions
+						inboundOptions.GrpcServiceName = "GunService"
+						outboundOptions := outboundOptions
+						outboundOptions.Network = "grpc"
+						outboundOptions.GrpcOpts = outbound.GrpcOptions{GrpcServiceName: "GunService"}
+						testInboundVless(t, inboundOptions, outboundOptions)
+						t.Run("xtls-rprx-vision", func(t *testing.T) {
+							outboundOptions := outboundOptions
+							outboundOptions.Flow = "xtls-rprx-vision"
+							testInboundVless(t, inboundOptions, outboundOptions)
+						})
 					})
 				})
 			}
@@ -149,16 +178,9 @@ func TestInboundVless_Wss1(t *testing.T) {
 		TLS:         true,
 		Fingerprint: tlsFingerprint,
 		Network:     "ws",
-		WSOpts: outbound.WSOptions{
-			Path: "/ws",
-		},
+		WSOpts:      outbound.WSOptions{Path: "/ws"},
 	}
 	testInboundVless(t, inboundOptions, outboundOptions)
-	t.Run("xtls-rprx-vision", func(t *testing.T) {
-		outboundOptions := outboundOptions
-		outboundOptions.Flow = "xtls-rprx-vision"
-		testInboundVless(t, inboundOptions, outboundOptions)
-	})
 	t.Run("ECH", func(t *testing.T) {
 		inboundOptions := inboundOptions
 		outboundOptions := outboundOptions
@@ -168,11 +190,6 @@ func TestInboundVless_Wss1(t *testing.T) {
 			Config: echConfigBase64,
 		}
 		testInboundVless(t, inboundOptions, outboundOptions)
-		t.Run("xtls-rprx-vision", func(t *testing.T) {
-			outboundOptions := outboundOptions
-			outboundOptions.Flow = "xtls-rprx-vision"
-			testInboundVless(t, inboundOptions, outboundOptions)
-		})
 	})
 }
 
@@ -187,16 +204,9 @@ func TestInboundVless_Wss2(t *testing.T) {
 		TLS:         true,
 		Fingerprint: tlsFingerprint,
 		Network:     "ws",
-		WSOpts: outbound.WSOptions{
-			Path: "/ws",
-		},
+		WSOpts:      outbound.WSOptions{Path: "/ws"},
 	}
 	testInboundVless(t, inboundOptions, outboundOptions)
-	t.Run("xtls-rprx-vision", func(t *testing.T) {
-		outboundOptions := outboundOptions
-		outboundOptions.Flow = "xtls-rprx-vision"
-		testInboundVless(t, inboundOptions, outboundOptions)
-	})
 	t.Run("ECH", func(t *testing.T) {
 		inboundOptions := inboundOptions
 		outboundOptions := outboundOptions
@@ -206,11 +216,6 @@ func TestInboundVless_Wss2(t *testing.T) {
 			Config: echConfigBase64,
 		}
 		testInboundVless(t, inboundOptions, outboundOptions)
-		t.Run("xtls-rprx-vision", func(t *testing.T) {
-			outboundOptions := outboundOptions
-			outboundOptions.Flow = "xtls-rprx-vision"
-			testInboundVless(t, inboundOptions, outboundOptions)
-		})
 	})
 }
 

transport/vless/vision/vision.go

@@ -82,7 +82,7 @@ func NewConn(conn net.Conn, tlsConn net.Conn, userUUID uuid.UUID) (*Conn, error)
 	}
 	if t == nil || p == nil {
 		log.Warnln("vision: not a valid supported TLS connection: %s", reflect.TypeOf(tlsConn))
-		return nil, fmt.Errorf(`failed to use vision, maybe "security" is not "tls" or "utls"`)
+		return nil, fmt.Errorf(`failed to use vision, maybe "tls" is not enable and "encryption" is empty`)
 	}
 
 	if err := checkTLSVersion(tlsConn); err != nil {