Xray-core is a network proxy platform designed for anti-censorship and circumventing network restrictions. It provides a unified framework for accepting network connections using various protocols, processing data, and forwarding it through different outbound connections. The core functionality enables protocol transformation, traffic obfuscation, and intelligent routing to maintain connectivity in restrictive network environments.
This document provides a high-level overview of Xray-core's architecture, capabilities, and ecosystem. For detailed information about specific subsystems, see:
Xray-core identifies itself through a semantic versioning scheme and build metadata. The version information is defined in core/core.go20-24:
Version_x byte = 26 // Major version
Version_y byte = 2 // Minor version
Version_z byte = 6 // Patch version
The system automatically includes build information from Git VCS metadata when available core/core.go32-58 Version statements combine the semantic version with codename and platform details: "Xray 26.2.6 (Xray, Penetrates Everything.) <build> (<go-version> <os>/<arch>)" core/core.go60-72
Sources: core/core.go1-73
Xray-core follows a layered architecture where configuration flows into the core, which orchestrates proxy protocols, transport mechanisms, and connection management. The following diagram shows the major subsystems and their relationships:
Sources: core/core.go1-73 README.md1-204
Xray-core implements multiple proxy protocols for different use cases:
| Protocol | Module Path | Primary Use Case |
|---|---|---|
| VLESS | proxy/vless | Lightweight protocol with XTLS Vision support |
| WireGuard | proxy/wireguard | VPN tunneling with gVisor userspace network stack |
| SOCKS | proxy/socks | Standard SOCKS4/5 proxy server |
| HTTP | proxy/http | HTTP/HTTPS CONNECT proxy |
| Dokodemo Door | proxy/dokodemo | Transparent proxy for capturing traffic |
| Freedom | proxy/freedom | Direct outbound connections with fragmentation |
| Blackhole | proxy/blackhole | Traffic blocking |
| Loopback | proxy/loopback | Internal routing |
Sources: README.md136-159
The transport layer provides multiple mechanisms for disguising and securing traffic:
| Transport | Module Path | Description |
|---|---|---|
| REALITY | transport/internet/reality | TLS traffic mimicry with authentication |
| TLS/XTLS | transport/internet/tls | Standard TLS with fingerprinting support |
| SplitHTTP | transport/internet/splithttp | HTTP/1.1, HTTP/2, HTTP/3 obfuscation |
| WebSocket | transport/internet/websocket | WebSocket over HTTP/HTTPS |
| TCP | transport/internet/tcp | Raw TCP with header obfuscation |
| KCP | transport/internet/kcp | UDP-based custom protocol |
| HTTP/2 | transport/internet/http | HTTP/2 and H2C transport |
| QUIC | transport/internet/quic | QUIC-based transport |
Sources: transport/internet/reality/reality.go1-300 README.md1-204
REALITY is a critical anti-censorship component that mimics real TLS connections. The implementation in transport/internet/reality/reality.go1-300 provides:
UConn structure transport/internet/reality/reality.go57-63 for establishing obfuscated connectionsConn wrapper transport/internet/reality/reality.go37-55 for handling incoming REALITY connectionsSources: transport/internet/reality/reality.go1-300
WireGuard integration uses a userspace network stack to provide VPN functionality without kernel modules. The implementation consists of:
createGVisorTun() function proxy/wireguard/tun.go139-206 creates a TUN device using gVisor's network stackgvisorNet structure proxy/wireguard/tun.go120-137 implements the Tunnel interface for TCP/UDP dialingSources: proxy/wireguard/tun.go1-207 proxy/wireguard/gvisortun/tun.go1-230
Xray-core relies on a curated set of external libraries for cryptographic operations, network protocols, and platform integration. Key dependencies are specified in go.mod1-55:
| Library | Purpose | Version Constraint |
|---|---|---|
github.com/xtls/reality | REALITY protocol implementation | v0.0.0-20251014195629-e4eec4520535 |
github.com/refraction-networking/utls | TLS fingerprinting | v1.8.2 |
github.com/cloudflare/circl | Post-quantum cryptography | v1.6.3 |
gvisor.dev/gvisor | Userspace network stack | v0.0.0-20260122175437-89a5d21be8f0 |
golang.zx2c4.com/wireguard | WireGuard implementation | v0.0.0-20231211153847-12269c276173 |
golang.zx2c4.com/wintun | Windows TUN driver | v0.0.0-20230126152724-0fa3db229ce2 |
github.com/apernet/quic-go | QUIC protocol | v0.57.2-0.20260111184307-eec823306178 |
google.golang.org/protobuf | Protocol buffers | v1.36.11 |
google.golang.org/grpc | gRPC framework | v1.79.0 |
| Library | Purpose |
|---|---|
github.com/miekg/dns | DNS protocol implementation |
github.com/vishvananda/netlink | Linux netlink interface |
go4.org/netipx | IP address utilities |
Sources: go.mod1-55 go.sum1-156
The primary build workflow .github/workflows/release.yml1-288 implements a comprehensive multi-platform build system:
github.com/XTLS/go-win7The automated asset update workflow .github/workflows/scheduled-assets-update.yml1-130 runs daily at 22:30 UTC and:
Loyalsoldier/v2ray-rules-dat repository .github/workflows/scheduled-assets-update.yml43-59xray-geodat-* and xray-wintun-* .github/workflows/scheduled-assets-update.yml61-66Sources: .github/workflows/release.yml1-288 .github/workflows/release-win7.yml1-181 .github/workflows/scheduled-assets-update.yml1-130 .github/build/friendly-filenames.json1-34
Xray-core provides extensive cross-platform support through conditional compilation and platform-specific implementations:
| Operating System | Architectures |
|---|---|
| Linux | amd64, 386, arm64, arm (v5/v6/v7), riscv64, loong64, mips, mipsle, mips64, mips64le, ppc64, ppc64le, s390x |
| Windows | amd64, 386, arm64 |
| macOS | amd64, arm64 |
| FreeBSD | amd64, 386, arm64, arm (v7) |
| OpenBSD | amd64, 386, arm64, arm (v7) |
| Android | amd64, arm64 |
Socket options are implemented with platform-specific code:
js, netbsd, openbsd, and solarisSources: .github/workflows/release.yml80-161 .github/build/friendly-filenames.json1-34 transport/internet/sockopt_other.go1-25
Xray-core supports multiple installation approaches as documented in README.md50-76:
| Method | Description | Source |
|---|---|---|
| Linux Script | Official installation script | XTLS/Xray-install |
| Docker | Official container images | ghcr.io/xtls/xray-core |
| Web Panel | Management interfaces | Remnawave, 3X-UI, Marzban, Hiddify |
| One-Click Scripts | Automated deployment | Various community scripts |
| Homebrew | macOS package manager | brew install xray |
The ecosystem includes numerous client applications README.md95-134:
Cross-Platform:
Mobile:
Router/Embedded:
Third-party tools extend Xray-core's capabilities README.md143-153:
Sources: README.md1-204
The test workflow .github/workflows/test.yml1-78 runs on every push and pull request:
.pb.go files have consistent headers .github/workflows/test.yml37-51go test -timeout 1h -v ./...Example test implementation verifying error handling in WireGuard server initialization proxy/wireguard/server_test.go1-52 demonstrates proper panic recovery and error propagation.
Sources: .github/workflows/test.yml1-78 proxy/wireguard/server_test.go1-52
Xray-core is an open-source project under the Mozilla Public License Version 2.0. The project originated as a fork of v2fly-core v1.0.0 (commit 9a03cc5) and has evolved independently with significant enhancements README.md168-170
The project maintains active community channels:
@projectXray, @projectXtlshttps://xtls.github.iohttps://github.com/XTLS/Xray-coreSources: README.md32-48 README.md162-170
Refresh this wiki