Skip to content

Socks5 Server: allow UDP source port changes for same client IP#6392

Closed
hossinasaadi wants to merge 3 commits into
XTLS:mainfrom
hossinasaadi:fix-socks-udp
Closed

Socks5 Server: allow UDP source port changes for same client IP#6392
hossinasaadi wants to merge 3 commits into
XTLS:mainfrom
hossinasaadi:fix-socks-udp

Conversation

@hossinasaadi

Copy link
Copy Markdown
Contributor

After the changes in XTLS/Xray-core#6149, Discord voice not working.
Allow SOCKS5 UDP ASSOCIATE clients to continue working when their UDP source port changes, which can happen with Discord/WebRTC traffic.

@Fangliding

@Fangliding

Copy link
Copy Markdown
Member

如果这么改存port就完全没必要了

@Fangliding

Fangliding commented Jun 27, 2026

Copy link
Copy Markdown
Member

哦不对要指定回包目的地 如果又要兼顾在dst中固定还得手动区分dst全0还是有端口

@hossinasaadi

Copy link
Copy Markdown
Contributor Author

哦不对要指定回包目的地 如果又要兼顾在dst中固定还得手动区分dst全0还是有端口

now should be fine.

@Fangliding

Fangliding commented Jun 27, 2026

Copy link
Copy Markdown
Member

我的意思你如果最开始指定了本地的 1.1.1.1:50000 你这样一改后面 1.1.1.1:50001 发来会自动覆盖 约等于指定port的功能不生效了(虽然基本没人会用这个功能)顺便你的 if request.Port != 0 是完全等价的无效修改 因为刚初始化的时候里面port就是0
以及还有一个问题 最开始加这个特性也始于一个难绷问题就是之前俄罗斯人刷的什么本地应用访问嗅探socks5存在什么的可以越socks5密码 逼逼赖赖的好久 现在这样锁远程端口其他应用无法访问 现在这么改会导致本地其他应用也能takeover这个临时udp端口(因为IP都是127.0.0.1)
我倒是无所谓只是这堆要求是 @RPRX 提的

@hossinasaadi

Copy link
Copy Markdown
Contributor Author

Understood. The port lock is needed for security, but some users report that Discord voice and some games, especially on iOS, stop working with the new behavior.

What would be the preferred way to handle this compatibility case without weakening the default security model?

@Fangliding

Copy link
Copy Markdown
Member

我认为没有两全的解决办法 加选项是一种调和方法但是我们总不可能告诉用户 “如果遇到discord问题请尝试启用XXX”
要么放弃锁定端口要么放弃兼容这种奇怪的客户端行为(顺便这种行为真的存在么)

@hossinasaadi

Copy link
Copy Markdown
Contributor Author

我认为没有两全的解决办法 加选项是一种调和方法但是我们总不可能告诉用户 “如果遇到discord问题请尝试启用XXX” 要么放弃锁定端口要么放弃兼容这种奇怪的客户端行为(顺便这种行为真的存在么)

So far this is based on some user reports about Discord voice and PUBG game, but I also tested Discord myself and it does not work without this change.

I will investigate more and try to collect a clear log, then update you in the next couple of days.

@RPRX

RPRX commented Jul 3, 2026

Copy link
Copy Markdown
Member

由于 Socks5 UDP 的认证依赖于 TCP,UDP 每个包都不带密码,所以要防止俄罗斯那些扫端口的 APP 就只能锁定来源端口

Discord 这种行为极其稀有,应该向他们报告问题(包括为什么代理软件的实现变成了锁定来源端口),让他们改

@RPRX RPRX closed this Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants