Skip to content

feat: scope vless flow with flow_inbound_tags #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chaosoffire wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: scope vless flow with flow_inbound_tags #908

chaosoffire wants to merge 2 commits into from

Conversation

@chaosoffire
Copy link

@chaosoffire chaosoffire commented Nov 23, 2025

Problem:

  • Previously, if a user's flow was specified, all of that user's vless outbounds that use TLS would inherit and use the same flow. This made it impossible to scope flow to specific inbounds and could cause flow to appear on unintended inbounds.

Solution:

  • This PR adds flow_inbound_tags to allow admins to scope a user's flow to specific inbound tags. Behavior rules:
    • If flow is non-empty and flow_inbound_tags is empty, behavior is unchanged: all of the user's TLS vless outbounds will use flow.
    • If flow is non-empty and flow_inbound_tags contains tags, only TLS vless outbounds whose inbound tag matches one of the listed tags will have flow applied.

@chaosoffire
feat: Refine VLESS flow control based on inbound
a406a80 
This commit refines the handling of the VLESS `flow` setting.
- The `flow` parameter is now selectively removed from VLESS configurations when TLS is not enabled.
- For subscriptions, `flow` is now applied only to the specific inbound it's configured for, by checking against `flow_inbound_tags`.
- Shared links will now correctly include the `flow` parameter only when the inbound tag matches.
- Updated the frontend submodule to include related UI changes.
@chaosoffire
refactor: simplify protocol handling in getOutbounds function
cc9d55e
@chaosoffire chaosoffire mentioned this pull request Nov 24, 2025
Open
@chaosoffire
Copy link
Author

chaosoffire commented Nov 24, 2025

It may fix the limitation in issue #529.
The issue mentioned a conflict caused by the global application of flow when mixing inbound protocols with incompatible requirements. With the introduction of flow_inbound_tags, we can now selectively apply flow (e.g., xtls-rprx-vision) only to specific inbound tags, leaving other inbounds unaffected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaosoffire