XTLS · yuhan6665 · Apr 13, 2024 · Apr 13, 2024 · Sep 6, 2025 · Apr 17, 2024
diff --git a/proxy/addons.pb.go b/proxy/addons.pb.go
diff --git a/proxy/addons.proto b/proxy/addons.proto
@@ -0,0 +1,42 @@
+syntax = "proto3";
+
+package xray.proxy;
+option csharp_namespace = "Xray.Proxy";
+option go_package = "github.com/xtls/xray-core/proxy";
+option java_package = "com.xray.proxy";
+option java_multiple_files = true;
+
+message Addons {
+  string Flow = 1;
+  bytes Seed = 2;
+  SeedMode Mode = 3;
+  string Duration = 4;  // "0-8" means apply to number of packets, "1000b-" means start applying once both side exchange 1kb data, counting two-ways
+  PaddingConfig Padding = 5;
+  DelayConfig Delay = 6;
+  SchedulerConfig Scheduler = 7;
+}
+
+enum SeedMode {
+  Unknown = 0;
+  PaddingOnly = 1;
+  PaddingPlusDelay = 2;
+  IndependentScheduler = 3;
+}
+
+message PaddingConfig {
+  uint32 RegularMin = 1;
+  uint32 RegularMax = 2;
+  uint32 LongMin = 3;
+  uint32 LongMax = 4;
+}
+
+message DelayConfig {
+  bool IsRandom = 1;
+  uint32 MinMillis = 2;
+  uint32 MaxMillis = 3;
+}
+
+message SchedulerConfig {
+  uint32 TimeoutMillis = 1; // original traffic will not be sent right away but when scheduler want to send or pending buffer times out
+  // Other TBD  
+}
diff --git a/proxy/proxy.go b/proxy/proxy.go
@@ -13,6 +13,7 @@ import (
 	"math/big"
 	"runtime"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/pires/go-proxyproto"
@@ -102,6 +103,11 @@ type GetOutbound interface {
 // It is used by XTLS to determine if switch to raw copy mode, It is used by Vision to calculate padding
 type TrafficState struct {
 	UserUUID               []byte
+	StartTime              time.Time
+	ByteSent               int64
+	ByteReceived           int64
+	NumberOfPacketSent     int
+	NumberOfPacketReceived int
 	NumberOfPacketToFilter int
 	EnableXtls             bool
 	IsTLS12orAbove         bool
@@ -138,42 +144,51 @@ type OutboundState struct {
 	UplinkWriterDirectCopy bool
 }
 
-func NewTrafficState(userUUID []byte) *TrafficState {
-	return &TrafficState{
+func NewTrafficState(userUUID []byte, flow string) *TrafficState {
+	var state = TrafficState{
 		UserUUID:               userUUID,
+		StartTime:              time.Time{},
+		ByteSent:               0,
+		ByteReceived:           0,
+		NumberOfPacketSent:     0,
+		NumberOfPacketReceived: 0,
 		NumberOfPacketToFilter: 8,
 		EnableXtls:             false,
 		IsTLS12orAbove:         false,
 		IsTLS:                  false,
 		Cipher:                 0,
 		RemainingServerHello:   -1,
 		Inbound: InboundState{
-			WithinPaddingBuffers:     true,
 			UplinkReaderDirectCopy:   false,
 			RemainingCommand:         -1,
 			RemainingContent:         -1,
 			RemainingPadding:         -1,
 			CurrentCommand:           0,
-			IsPadding:                true,
 			DownlinkWriterDirectCopy: false,
+			IsPadding:                true,
 		},
 		Outbound: OutboundState{
-			WithinPaddingBuffers:     true,
 			DownlinkReaderDirectCopy: false,
 			RemainingCommand:         -1,
 			RemainingContent:         -1,
 			RemainingPadding:         -1,
 			CurrentCommand:           0,
-			IsPadding:                true,
 			UplinkWriterDirectCopy:   false,
+			IsPadding:                true,
 		},
 	}
+	if len(flow) > 0 {
+		state.Inbound.WithinPaddingBuffers = true;
+		state.Outbound.WithinPaddingBuffers = true;
+	}
+	return &state
 }
 
-// VisionReader is used to read xtls vision protocol
+// VisionReader is used to read seed protocol
 // Note Vision probably only make sense as the inner most layer of reader, since it need assess traffic state from origin proxy traffic
 type VisionReader struct {
 	buf.Reader
+	addons       *Addons
 	trafficState *TrafficState
 	ctx          context.Context
 	isUplink     bool
@@ -186,9 +201,10 @@ type VisionReader struct {
 	directReadCounter stats.Counter
 }
 
-func NewVisionReader(reader buf.Reader, trafficState *TrafficState, isUplink bool, ctx context.Context, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer, ob *session.Outbound) *VisionReader {
+func NewVisionReader(reader buf.Reader, addon *Addons, trafficState *TrafficState, isUplink bool, ctx context.Context, conn net.Conn, input *bytes.Reader, rawInput *bytes.Buffer, ob *session.Outbound) *VisionReader {
 	return &VisionReader{
 		Reader:       reader,
+		addons:       addon,
 		trafficState: trafficState,
 		ctx:          ctx,
 		isUplink:     isUplink,
@@ -204,6 +220,10 @@ func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 	if buffer.IsEmpty() {
 		return buffer, err
 	}
+	if w.trafficState.StartTime.IsZero() {
+		w.trafficState.StartTime = time.Now()
+	}
+	w.trafficState.ByteReceived += int64(buffer.Len())
 
 	var withinPaddingBuffers *bool
 	var remainingContent *int32
@@ -231,7 +251,7 @@ func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 		return buffer, err
 	}
 
-	if *withinPaddingBuffers || w.trafficState.NumberOfPacketToFilter > 0 {
+	if *withinPaddingBuffers || w.trafficState.NumberOfPacketReceived <= 8 || !ShouldStopSeed(w.addons, w.trafficState) {
 		mb2 := make(buf.MultiBuffer, 0, len(buffer))
 		for _, b := range buffer {
 			newbuffer := XtlsUnpadding(b, w.trafficState, w.isUplink, w.ctx)
@@ -251,6 +271,7 @@ func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 			errors.LogInfo(w.ctx, "XtlsRead unknown command ", *currentCommand, buffer.Len())
 		}
 	}
+	w.trafficState.NumberOfPacketReceived += len(buffer)
 	if w.trafficState.NumberOfPacketToFilter > 0 {
 		XtlsFilterTls(buffer, w.trafficState, w.ctx)
 	}
@@ -283,32 +304,36 @@ func (w *VisionReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 	return buffer, err
 }
 
-// VisionWriter is used to write xtls vision protocol
+// VisionWriter is used to write seed protocol
 // Note Vision probably only make sense as the inner most layer of writer, since it need assess traffic state from origin proxy traffic
 type VisionWriter struct {
 	buf.Writer
+	addons       *Addons
 	trafficState *TrafficState
 	ctx          context.Context
 	isUplink     bool
 	conn         net.Conn
 	ob           *session.Outbound
 
 	// internal
-	writeOnceUserUUID  []byte
+	writeOnceUserUUID  *[]byte
 	directWriteCounter stats.Counter
+	scheduler          *Scheduler
 }
 
-func NewVisionWriter(writer buf.Writer, trafficState *TrafficState, isUplink bool, ctx context.Context, conn net.Conn, ob *session.Outbound) *VisionWriter {
+func NewVisionWriter(writer buf.Writer, addon *Addons, trafficState *TrafficState, isUplink bool, ctx context.Context, conn net.Conn, ob *session.Outbound) *VisionWriter {
 	w := make([]byte, len(trafficState.UserUUID))
 	copy(w, trafficState.UserUUID)
 	return &VisionWriter{
 		Writer:            writer,
+		addons:            addon,
 		trafficState:      trafficState,
 		ctx:               ctx,
-		writeOnceUserUUID: w,
+		writeOnceUserUUID: &w,
 		isUplink:          isUplink,
 		conn:              conn,
 		ob:                ob,
+		scheduler:         NewScheduler(writer, addon, trafficState, &w, ctx),
 	}
 }
 
@@ -341,49 +366,63 @@ func (w *VisionWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
 		w.directWriteCounter.Add(int64(mb.Len()))
 	}
 
+	w.trafficState.NumberOfPacketSent += len(mb)
 	if w.trafficState.NumberOfPacketToFilter > 0 {
 		XtlsFilterTls(mb, w.trafficState, w.ctx)
 	}
 
-	if *isPadding {
+	if *isPadding && ShouldStartSeed(w.addons, w.trafficState) {
 		if len(mb) == 1 && mb[0] == nil {
-			mb[0] = XtlsPadding(nil, CommandPaddingContinue, &w.writeOnceUserUUID, true, w.ctx) // we do a long padding to hide vless header
-			return w.Writer.WriteMultiBuffer(mb)
-		}
-		mb = ReshapeMultiBuffer(w.ctx, mb)
-		longPadding := w.trafficState.IsTLS
-		for i, b := range mb {
-			if w.trafficState.IsTLS && b.Len() >= 6 && bytes.Equal(TlsApplicationDataStart, b.BytesTo(3)) {
-				if w.trafficState.EnableXtls {
-					*switchToDirectCopy = true
+			mb[0] = XtlsPadding(nil, CommandPaddingContinue, w.writeOnceUserUUID, true, w.addons, w.ctx) // we do a long padding to hide vless header
+		} else {
+			mb = ReshapeMultiBuffer(w.ctx, mb)
+			longPadding := w.trafficState.IsTLS
+			for i, b := range mb {
+				if w.trafficState.IsTLS && b.Len() >= 6 && bytes.Equal(TlsApplicationDataStart, b.BytesTo(3)) {
+					if w.trafficState.EnableXtls {
+						*switchToDirectCopy = true
+					}
+					var command byte = CommandPaddingContinue
+					if i == len(mb) - 1 {
+						if w.trafficState.EnableXtls {
+							command = CommandPaddingDirect
+							*isPadding = false
+						} else if ShouldStopSeed(w.addons, w.trafficState) {
+							command = CommandPaddingEnd
+							*isPadding = false
+						}
+					}
+					mb[i] = XtlsPadding(b, command, w.writeOnceUserUUID, true, w.addons, w.ctx)
+					longPadding = false
+					continue
+				} else if !w.trafficState.IsTLS12orAbove && ShouldStopSeed(w.addons, w.trafficState) {
+					*isPadding = false
+					mb[i] = XtlsPadding(b, CommandPaddingEnd, w.writeOnceUserUUID, longPadding, w.addons, w.ctx)
+					break
 				}
 				var command byte = CommandPaddingContinue
-				if i == len(mb)-1 {
+				if i == len(mb)-1 && !*isPadding {
 					command = CommandPaddingEnd
 					if w.trafficState.EnableXtls {
 						command = CommandPaddingDirect
 					}
 				}
-				mb[i] = XtlsPadding(b, command, &w.writeOnceUserUUID, true, w.ctx)
-				*isPadding = false // padding going to end
-				longPadding = false
-				continue
-			} else if !w.trafficState.IsTLS12orAbove && w.trafficState.NumberOfPacketToFilter <= 1 { // For compatibility with earlier vision receiver, we finish padding 1 packet early
-				*isPadding = false
-				mb[i] = XtlsPadding(b, CommandPaddingEnd, &w.writeOnceUserUUID, longPadding, w.ctx)
-				break
-			}
-			var command byte = CommandPaddingContinue
-			if i == len(mb)-1 && !*isPadding {
-				command = CommandPaddingEnd
-				if w.trafficState.EnableXtls {
-					command = CommandPaddingDirect
-				}
+				mb[i] = XtlsPadding(b, command, w.writeOnceUserUUID, longPadding, w.addons, w.ctx)
 			}
-			mb[i] = XtlsPadding(b, command, &w.writeOnceUserUUID, longPadding, w.ctx)
 		}
 	}
-	return w.Writer.WriteMultiBuffer(mb)
+	w.trafficState.ByteSent += int64(mb.Len())
+	if w.trafficState.StartTime.IsZero() {
+		w.trafficState.StartTime = time.Now()
+	}
+	w.scheduler.Buffer <- mb
+	if w.addons.Scheduler == nil {
+		w.scheduler.Trigger <- -1 // send all buffers
+	}
+	if len(w.scheduler.Error) > 0 {
+		return <-w.scheduler.Error
+	}
+	return nil
 }
 
 // ReshapeMultiBuffer prepare multi buffer for padding structure (max 21 bytes)
@@ -422,24 +461,24 @@ func ReshapeMultiBuffer(ctx context.Context, buffer buf.MultiBuffer) buf.MultiBu
 }
 
 // XtlsPadding add padding to eliminate length signature during tls handshake
-func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, ctx context.Context) *buf.Buffer {
+func XtlsPadding(b *buf.Buffer, command byte, userUUID *[]byte, longPadding bool, addons *Addons, ctx context.Context) *buf.Buffer {
 	var contentLen int32 = 0
 	var paddingLen int32 = 0
 	if b != nil {
 		contentLen = b.Len()
 	}
-	if contentLen < 900 && longPadding {
-		l, err := rand.Int(rand.Reader, big.NewInt(500))
+	if contentLen < int32(addons.Padding.LongMin) && longPadding {
+		l, err := rand.Int(rand.Reader, big.NewInt(int64(addons.Padding.LongMax - addons.Padding.LongMin)))
 		if err != nil {
 			errors.LogDebugInner(ctx, err, "failed to generate padding")
 		}
-		paddingLen = int32(l.Int64()) + 900 - contentLen
+		paddingLen = int32(l.Int64()) + int32(addons.Padding.LongMin) - contentLen
 	} else {
-		l, err := rand.Int(rand.Reader, big.NewInt(256))
+		l, err := rand.Int(rand.Reader, big.NewInt(int64(addons.Padding.RegularMax - addons.Padding.RegularMin)))
 		if err != nil {
 			errors.LogDebugInner(ctx, err, "failed to generate padding")
 		}
-		paddingLen = int32(l.Int64())
+		paddingLen = int32(l.Int64()) + int32(addons.Padding.RegularMin)
 	}
 	if paddingLen > buf.Size-21-contentLen {
 		paddingLen = buf.Size - 21 - contentLen
@@ -735,3 +774,50 @@ func IsRAWTransportWithoutSecurity(conn stat.Connection) bool {
 	_, ok3 := iConn.(*internet.UnixConnWrapper)
 	return ok1 || ok2 || ok3
 }
+
+func ShouldStartSeed(addons *Addons, trafficState *TrafficState) bool {
+	if len(addons.Duration) == 0 || len(strings.Split(addons.Duration, "-")) < 2 {
+		return false
+	}
+	start := strings.ToLower(strings.Split(addons.Duration, "-")[0])
+	if len(start) == 0 {
+		return true
+	}
+	if strings.Contains(start, "b") {
+		start = strings.TrimRight(start, "b")
+		i, err := strconv.Atoi(start)
+		if err == nil && i <= int(trafficState.ByteSent + trafficState.ByteSent) {
+			return true
+		}
+	} else {
+		i, err := strconv.Atoi(start)
+		if err == nil && i <= trafficState.NumberOfPacketSent + trafficState.NumberOfPacketReceived {
+			return true
+		}
+	}
+	return false
+}
+
+func ShouldStopSeed(addons *Addons, trafficState *TrafficState) bool {
+	if len(addons.Duration) == 0 || len(strings.Split(addons.Duration, "-")) < 2 {
+		return true
+	}
+	start := strings.ToLower(strings.Split(addons.Duration, "-")[1])
+	if len(start) == 0 { // infinite
+		return false
+	}
+	if strings.Contains(start, "b") {
+		start = strings.TrimRight(start, "b")
+		i, err := strconv.Atoi(start)
+		if err == nil && i > int(trafficState.ByteSent + trafficState.ByteSent) {
+			return false
+		}
+	} else {
+		i, err := strconv.Atoi(start)
+		if err == nil && i > trafficState.NumberOfPacketSent + trafficState.NumberOfPacketReceived {
+			return false
+		}
+	}
+	return true
+}
+