bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-04-28 23:20:12 +08:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
899 Commits 5 Branches 31 Tags 3.5 MiB
083a70393f
Commit Graph

110 Commits

Author SHA1 Message Date
Vladimir Dubrovin
083a70393f Minor hashtable refactor 2026-04-20 10:40:38 +03:00
Vladimir Dubrovin
7102afe856 authcache switched to hashtables, overflow fixed 
- authcache switched to use hashtables, size parameter added
- overflow fixed on hashinit
- hashtable prefers new values on insert if table is full
- hashtable is able to compact/grow
 2026-04-19 19:16:33 +03:00
Vladimir Dubrovin
a0d580b36d move hashtable/resolve/sql functions to separate files 2026-04-17 19:29:50 +03:00
Vladimir Dubrovin
afbdad0ac7 Fix for first in chain https/tcps parent 2026-04-13 21:09:46 +03:00
Vladimir Dubrovin
a1a65c3fd5 ssl_client_mode = 3 added, allow 'secure' parent types ending with 's': https, tcps, socks5s, connect+s, etc. 
example:

plugin SSLPlugin.ld.so ssl_plugin

allow user1
parent 1000 http 1.1.1.1 1111
allow user2
parent 1000 https 2.2.2.2 2222
ssl_client_mode 3
ssl_client
proxy

With ssl_client_mode 3 TLS is only handshaked for https parent type and is not handshaked for http parent.
 2026-04-13 20:53:38 +03:00
Vladimir Dubrovin
f77f65ac4e Fix: SOCKSv5 parent reply parsing for domain name address 2026-04-12 14:16:48 +03:00
Vladimir Dubrovin
2d6eeff5f3 FIx typos, update documentation 2026-04-12 13:58:42 +03:00
Vladimir Dubrovin
c206349ee2 Support unix sockets for internal and -i 
Example configuration:

log
auto -iunix:/path/to/3proxy.sock

test with

curl --unix-socket /path/to/3proxy.sock https://3proxy.ru
 2026-04-12 00:30:35 +03:00
Vladimir Dubrovin
483542b914 Use uint32_t/uint16_t instead of unsigned long / unsigned short where required 2026-04-08 21:13:18 +03:00
Vladimir Dubrovin
758c290092 Fix CONNECT_TO usage 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
00d2ecbc31 Use 64 bit arithmetics for rate limits 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
8d8ee23385 ssl_client_mode added, code cleanup 
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
3c51af3737 Remove legacy NTLMv1 code 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
7e7a0d4336 Support HAProxy proxy v1 protocol 
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
f53b0eb985 fix invalid length in previous commit 2021-11-25 12:21:06 +03:00
Vladimir Dubrovin
bd1dcacf73 Fix domain name reply processing on connect request for parent proxy 2021-11-24 22:53:14 +03:00
Vladimir Dubrovin
e1448b9eb1 connlim error code corrected (should return 10) 2021-11-24 18:22:04 +03:00
Vladimir Dubrovin
70b14394b0 Change minumum DNS cache time to 1 sec 2021-10-30 13:43:20 +03:00
Vladimir Dubrovin
daa2b74354 Merge branch 'master' of https://github.com/3proxy/3proxy 2021-10-21 19:57:06 +03:00
Vladimir Dubrovin
f9347c2f8b Allow all-zero IP and port for BIND and UDP ASSOC 2021-10-21 19:56:09 +03:00
z3apa3a
e1b4e50242 Copyright update 2021-07-02 11:50:33 +03:00
Vladimir Dubrovin
7335bc2fb6 Do not change error code >10 on redirection 2021-04-29 14:01:07 +03:00
z3apa3a
cc2979ee5b use uint16 instead of char 2021-04-22 11:26:18 +03:00
z3apa3a
bad85a3d51 Support IPv6 subnets in parent extip 2021-04-21 20:39:57 +03:00
z3APA3A
c30065256f Use so._closesocket instead of socket (compilation issues on non-Windows) 2021-01-20 17:55:09 +03:00
z3APA3A
cbe0c2f511 parentretries command added 2021-01-19 14:40:18 +03:00
z3APA3A
129d26475e Fixed: counters incorectly shown in webadmin, contall/nocountall are not applied 2020-12-02 20:08:03 +03:00
z3APA3A
99a744abda Few bugfixes 2020-11-18 16:10:07 +03:00
z3APA3A
021314d6f5 Fix bandlim handling 2020-11-11 17:40:46 +03:00
z3APA3A
596dee0c5b typo corrected 2020-11-05 17:43:03 +03:00
z3APA3A
32d5dc05c3 More accurate bandlim hangling 2020-11-05 16:09:13 +03:00
z3APA3A
c1c5875356 better memory allocation errors handling, countall/nocountall corrected 2020-11-03 02:05:18 +03:00
z3APA3A
d0725163d1 countall / nocountall ssupport added 2020-10-06 14:29:08 +03:00
z3APA3A
3b5fa46e27 Change Proxy-authorization to Proxy-Authorization for compatiblity with RFC ignorant upstreams 2020-07-02 18:34:37 +03:00
z3APA3A
19eef46d7e Compile error in last commit corrected 2020-06-23 11:17:32 +03:00
z3APA3A
c532958b9f Do not cache external port 2020-06-17 16:14:34 +03:00
z3APA3A
1e7e94d7ac corrected 'acl' and 'ext' cach types added with previous commit 
acl - allows to bind cache entry to ACL to prevent caching
authentication for different services
ext - allows to cache external address
both options are useful with RADIUS
 2020-06-17 16:09:28 +03:00
z3APA3A
859713d10f Fail if can not bind to device 2020-06-17 16:05:23 +03:00
z3APA3A
9eac5c13a8 Correct wildcard hostname compare and make it case-insensitve where possible 2020-04-11 11:34:08 +03:00
z3APA3A
9996856698 Send Basic vs basic for Basic HTTP auth to deal with reportedly broken implementation 2019-10-16 11:29:07 +03:00
z3APA3A
e7e7d2fddf "limit" support in authcache to bind sessions to ip 2019-08-21 15:20:43 +03:00
z3APA3A
eb09ae7c58 Support socket options for connback sockets and connection timeouts 2018-05-05 17:16:51 +03:00
z3APA3A
951304e18e Send Connection instead of Proxy-Connection to parent proxy 2018-04-27 22:17:37 +03:00
z3APA3A
24127196ce Remove ICQPR because OSCAR is outdated 2018-04-22 21:46:00 +03:00