Skip to content

WireGuard inbound: Fix leaking session information between requests#4030

Merged
RPRX merged 3 commits intomainfrom
wg-fix
Nov 20, 2024
Merged

WireGuard inbound: Fix leaking session information between requests#4030
RPRX merged 3 commits intomainfrom
wg-fix

Conversation

@Fangliding
Copy link
Member

@Fangliding Fangliding commented Nov 19, 2024

Fix #3948 #4025

我本来以为是设计缺陷,结果这竟然是故意的,wg入站在入站级别共享一系列session参数(s.info) 这些参数对于每个请求都应该是独立的 多个入站互相操作这些参数导致目标可能被不正确重置 暂时没看懂为什么这么做

@RPRX RPRX changed the title Wireguard inbound: Fix leaking session information between requests WireGuard inbound: Fix leaking session information between requests Nov 20, 2024
@RPRX RPRX merged commit 59e5d24 into main Nov 20, 2024
@Fangliding Fangliding deleted the wg-fix branch November 20, 2024 05:20
@BrewTestBot BrewTestBot mentioned this pull request Nov 22, 2024
Merged
1 task
@solopasha
Copy link

solopasha commented Nov 23, 2024
edited
Loading

I think this broke routing by tag.

This is how it used to look (v24.11.11):

xray[1122931]: 2024/11/22 18:35:40 from tcp:0.0.0.0:0 accepted tcp:****:80 [wireguard-in -> reality-ro]

And now (v24.11.21):

xray[1129149]: 2024/11/23 9:21:47 from tcp:0.0.0.0:0 accepted tcp:****:80 [reality-ro]

@hossinasaadi hossinasaadi mentioned this pull request Dec 4, 2024
Closed
@alexbarotur alexbarotur mentioned this pull request Jun 22, 2025
Open
4 tasks
@itsmepetrov
Copy link

itsmepetrov commented Jul 20, 2025

I can confirm, domain routing is broken now by this change, details: #4760

FYI @yuhan6665 @Fangliding

@yuhan6665 yuhan6665 mentioned this pull request Aug 5, 2025
Merged
@RPRX RPRX mentioned this pull request Jan 11, 2026
Closed
Copilot AI added a commit that referenced this pull request Jan 11, 2026
@RPRX
Restore inbound and content tag setting before dispatch
447b443 
As identified in issue #4760, PR #4030 commented out lines that set
inbound and content tags from routing info before dispatch. This broke
domain-based routing for WireGuard connections.

The fix adds back these lines (with mutex-protected access) positioned
right before the Dispatch call, ensuring routing configuration is
properly passed for domain-based routing rules to work.

This addresses the feedback that uncommenting those lines fixes routing.

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
Copilot AI mentioned this pull request Jan 16, 2026
Draft
it2konst pushed a commit to it2konst/gametunnel-core that referenced this pull request Mar 1, 2026
@Fangliding
WireGuard inbound: Fix leaking session information between requests (X…
092f5f5 
…TLS#4030)

Fixes XTLS#3948 XTLS#4025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

wireguard inbound + vless outbound 偶尔连接错误的TCP

4 participants

@Fangliding @solopasha @itsmepetrov @RPRX