mirror of
https://github.com/3proxy/3proxy.git
synced 2026-03-15 21:50:11 +08:00
SNI break (DPI bypass) added
Some checks failed
C/C++ CI / ${{ matrix.target }} (macos-15) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Some checks failed
C/C++ CI / ${{ matrix.target }} (macos-15) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
C/C++ CI / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
-s option to tlspr (or tls type redirect), requires TCP_NODELAY to be set auth iponly allow * parent 1000 tls 0.0.0.0 0 allow * proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
This commit is contained in:
Vladimir Dubrovin
parent
12c9039ea4
commit
be8fa4542c
18
src/tlspr.c
18
src/tlspr.c
@ -38,7 +38,7 @@ int readtls(struct clientparam *param, int direction, unsigned char *buf, int bu
|
||||
#define PROTOLEN (32)
|
||||
|
||||
|
||||
int parsehello(int type, unsigned char *hello, int len, char *sni, int *lv, char * proto){
|
||||
int parsehello(int type, unsigned char *hello, int len, char *sni, int * snipos, int *lv, char * proto){
|
||||
int hlen;
|
||||
unsigned offset;
|
||||
int slen;
|
||||
@ -86,6 +86,7 @@ int parsehello(int type, unsigned char *hello, int len, char *sni, int *lv, char
|
||||
if(snlen + 3 > snllen) return -14;
|
||||
if(snlen+1 > SNILEN) return -15;
|
||||
memcpy(sni, hello + offset + 9, snlen);
|
||||
*snipos = offset + 9;
|
||||
sni[snlen] = 0;
|
||||
snifound = snlen;
|
||||
}
|
||||
@ -178,6 +179,7 @@ void * tlsprchild(struct clientparam* param) {
|
||||
char req[SNILEN+PROTOLEN+16];
|
||||
int lv=-1;
|
||||
char proto[PROTOLEN]="-";
|
||||
int snipos = 0;
|
||||
|
||||
res = tlstobufcli(param, 0);
|
||||
if(res <= 0 || param->clibuf[0] != 22){
|
||||
@ -185,7 +187,7 @@ void * tlsprchild(struct clientparam* param) {
|
||||
}
|
||||
else {
|
||||
lv = param->clibuf[2];
|
||||
res = parsehello(1, param->clibuf, res, sni, &lv, proto);
|
||||
res = parsehello(1, param->clibuf, res, sni, &snipos, &lv, proto);
|
||||
if(res > 0){
|
||||
if(param->hostname){
|
||||
myfree(param->hostname);
|
||||
@ -193,6 +195,16 @@ void * tlsprchild(struct clientparam* param) {
|
||||
}
|
||||
else if (parsehostname(sni, param, param->srv->targetport? ntohs(param->srv->targetport):443)) RETURN (100);
|
||||
if (!param->hostname)param->hostname = (unsigned char *)mystrdup(sni);
|
||||
if(param->srv->singlepacket && snipos && res > 1){
|
||||
int len;
|
||||
|
||||
len = socksend(param, param->remsock, param->clibuf+param->clioffset,snipos + (res/2), conf.timeouts[STRING_S]);
|
||||
if(len != snipos + (res/2)){
|
||||
RETURN(310);
|
||||
}
|
||||
param->clioffset += snipos + (res/2);
|
||||
|
||||
}
|
||||
}
|
||||
else if (res < 0 && param->srv->requirecert) RETURN(310-res);
|
||||
}
|
||||
@ -216,7 +228,7 @@ void * tlsprchild(struct clientparam* param) {
|
||||
res = tlstobufsrv(param, 0);
|
||||
if(res <= 0 || param->srvbuf[0] != 22) RETURN(340-res);
|
||||
lv = param->srvbuf[2];
|
||||
res = parsehello(2, param->srvbuf, res, sni, &lv, proto);
|
||||
res = parsehello(2, param->srvbuf, res, sni, &snipos, &lv, proto);
|
||||
if (res < 0) RETURN(350-res);
|
||||
}
|
||||
if(param->srv->requirecert > 2){
|
||||
|
||||
Loading…
Reference in New Issue
Block a user