Project X Channel

The XTLS team, once again living up to the slogan “penetrates everywhere,” has indeed integrated several new tools into the core based on the previously described FinalMask mechanism. In particular, this refers to xDNS and xICMP. xDNS allows us to proxy traffic inside legitimate DNS queries. xICMP allows traffic to be proxied inside ICMP (ping) packets Configuration examples can be found here: https://github.com/XTLS/Xray-core/pull/5633 https://github.com/XTLS/Xray-core/pull/5560 https://xtls.github.io/config/transport.html#finalmaskobject P.S. If you are a developer of a client application or a management panel, please note that because masks can now be stacked and their structure has become more complex, the standard vless:// link format has been updated. Parameters are now passed as a URL-encoded JSON object via the &fm= key.

💬New comment onXray-core#5581 Geodat: Reduce peak memory usage by @RPRX 感谢 @fortuna 提供有价值的参考资料，伊朗的民间互联网出境被完全切断时，只能依赖 DNSTT、XDNS 这类基于真实 DNS TXT 查询的隧道（利用了运营商自用的互联网出境线路），若商用互联网出境未被切断，则还可以使用 XHTTP 加境内 CDN XDRIVE 要等伊朗的民间互联网开放了一些网站才能用，一个月前开放的是 Google、OpenAI 等，或者如果能从境外访问到伊朗境内的商用互联网，理论上也可以利用境内的网盘、付费存储等服务，[或者自己搭个 FTPS，境内 VPS 上并不存在 Xray](https://github.com/XTLS/Xray-core/pull/5645#issuecomment-3980000253) 我觉得 XDRIVE 在技术上不存在大问题（即使是利用 ChatGPT 中转），而是免费服务商可能的封禁，当然如果是付费的比如阿里云 OSS 等兼容 S3 的存储服务则不会以“超过频率”这一理由拒绝提供服务，而是境内的服务商可能会配合 GFW 试图封它 比较有趣的一点是 XDRIVE 被设计为使用 Xray 的通用 TLS 设置以支持 domain fronting，https://github.com/XTLS/Xray-core/pull/5645#issuecomment-3851839033 提到的给 www.googleapis.com 发 www.google.com 的 SNI 其实可能会导致返回默认证书，这种情况可以用 verifyPeerCertByName Reply to this message to post a comment on GitHub.

最近公司里不少用cursor的，但是cursor在国内只能用那几个垃圾模型，我就想在vps上弄个转发程序，转发一下api2.cursor.sh。然后我突然想到，reality不就对外表现成端口转发吗？直接reality偷api2.cursor.sh，再改一下本机hosts，果然就能用opus4.6了。给了几个同事一块用，正好可以骗骗公司的流量审计，以后正大光明的用reality翻墙

About a month ago, when Iran experienced serious disruptions in Internet access, the XTLS team closely monitored the situation and collected data on methods that were actually effective in bypassing the restrictions. The analysis showed that in aggressive network environments, the solutions we normally rely on are sometimes insufficient for maintaining stable connectivity. In a number of cases, additional obfuscation mechanisms were required, for example mimicking DNS traffic, ICMP, or other protocols permitted within the country. At that time, implementing new obfuscation methods directly in the core was an extremely labor-intensive process. For instance, disguising traffic as DNS or ICMP would have effectively required implementing a full-fledged transport protocol from scratch. As a result, the idea was proposed to completely decouple data delivery from packet obfuscation, and a new concept called finalmask was introduced into the core. The final masking layer represents the lowest, unreliable layer. For UDP, it only performs per-packet obfuscation and does not provide reliable delivery. Reliability is handled by the upper layer. The responsibility model can now be structured as follows: Protocol: encryption and authentication. Transport: fragmentation, retransmission, and congestion control. Finalmask: a stack of stateless masks that sequentially wrap the packet before transmission. For clarity, we need to distinguish between several key concepts: header-: simply attaches a fake header to a packet. x: actually encapsulates and transmits data through the structure of the target protocol. xDNS: allows traffic to be tunneled inside legitimate DNS queries. Since it is an X* protocol, xDNS generates fully standards-compliant packets. Its implementation is straightforward. Client side: The data stream is split into small chunks and encoded. These chunks are then divided into 63-byte labels and assembled into an FQDN of the form: [N].[N+1].[domain] The result is encoded in DNS wire format. Server side: The server extracts the data and packs the response into a TXT answer record.

Yes,for now i can only access internet with dns tunnels

آقا به نظر میاد XDNS کار میکنه

叫simple x（

这种视频不被下架？

✅ Group video description display turned off

✅ Group video description display turned off

Xray 何苦为难 Xray，本是同根生相煎何太急

但运营商app内置个读应用列表的功能真的一点成本都没有（