bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-05-13 13:30:12 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
955 Commits 4 Branches 31 Tags 3.3 MiB
7a139e59a5
Commit Graph

614 Commits

Author SHA1 Message Date
Vladimir Dubrovin
a3729354b8 Allow hashtable to grow
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
2026-04-18 17:24:01 +03:00
Vladimir Dubrovin
45796f66c7 Cleanup 3proxy_crypt 2026-04-18 15:47:07 +03:00
Vladimir Dubrovin
260cbf7a3d Use uint32_t for hashtable indicies 2026-04-18 15:36:14 +03:00
Vladimir Dubrovin
f1af44f3a9 Refactor hashtables to use indices instead of pointers, use blake2 as a hash, mycrypt renamed to 3proxy_crypt 2026-04-18 15:12:43 +03:00
Vladimir Dubrovin
4ee7f71fb9 Использовать tablesize в хештаблице 2026-04-17 21:15:21 +03:00
Vladimir Dubrovin
98604b5421 Add hashcompact 2026-04-17 20:40:27 +03:00
Vladimir Dubrovin
a0d580b36d move hashtable/resolve/sql functions to separate files 2026-04-17 19:29:50 +03:00
Vladimir Dubrovin
4c0e3a1bac Check OpenSSL version for SNI/TLS 1.3/alpn
Some checks failed
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Has been cancelled
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
2026-04-14 17:36:35 +03:00
Vladimir Dubrovin
afbdad0ac7 Fix for first in chain https/tcps parent 2026-04-13 21:09:46 +03:00
Vladimir Dubrovin
a1a65c3fd5 ssl_client_mode = 3 added, allow 'secure' parent types ending with 's': https, tcps, socks5s, connect+s, etc. 
example:

plugin SSLPlugin.ld.so ssl_plugin

allow user1
parent 1000 http 1.1.1.1 1111
allow user2
parent 1000 https 2.2.2.2 2222
ssl_client_mode 3
ssl_client
proxy

With ssl_client_mode 3 TLS is only handshaked for https parent type and is not handshaked for http parent.
 2026-04-13 20:53:38 +03:00
Vladimir Dubrovin
878a432481 Support unix socket for parent and tcppm; abstract (fileless) unix sockets for linux support
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details 
Use unix:/path/to/socket, e.g.

tcppm 1234 unix:/path/to/socket 1234

Under linux abstract sockets are supported with '@' prefix, e.g.

parent 1000 http unix:@virtual.3proxy.socket 1111

Destination port numbers are not used in tcppm/parent, but you must specify any positive value to match the syntaxis.
 2026-04-12 19:18:15 +03:00
Vladimir Dubrovin
f77f65ac4e Fix: SOCKSv5 parent reply parsing for domain name address 2026-04-12 14:16:48 +03:00
Vladimir Dubrovin
2d6eeff5f3 FIx typos, update documentation 2026-04-12 13:58:42 +03:00
Vladimir Dubrovin
c206349ee2 Support unix sockets for internal and -i 
Example configuration:

log
auto -iunix:/path/to/3proxy.sock

test with

curl --unix-socket /path/to/3proxy.sock https://3proxy.ru
 2026-04-12 00:30:35 +03:00
Vladimir Dubrovin
a2641cb103 Push as 0.9.6 2026-04-11 13:06:43 +03:00
Vladimir Dubrovin
238ed094dd Support building without standard resolvers (NOSTDRESOLVE) 
build from stra
 2026-04-11 12:22:38 +03:00
Vladimir Dubrovin
825563ad85 Detailed warnings for 'plugin' command errors 2026-04-10 19:30:22 +03:00
Vladimir Dubrovin
0c8be907e9 -Ne / -Ni options added to specify external / internal NAT address
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
2026-04-10 15:01:43 +03:00
Vladimir Dubrovin
8cb8be1be8 Fix warnings 2026-04-08 21:13:45 +03:00
Vladimir Dubrovin
0381461495 Use PRI/SCN modifiers where possible 2026-04-08 21:13:31 +03:00
Vladimir Dubrovin
483542b914 Use uint32_t/uint16_t instead of unsigned long / unsigned short where required 2026-04-08 21:13:18 +03:00
Vladimir Dubrovin
855c04d8f6 Uodate build environment 2026-04-08 21:12:51 +03:00
Vladimir Dubrovin
d8161e94b5 Update year 2026-04-08 19:21:31 +03:00
Vladimir Dubrovin
c6eddc69a1 remove unsued variables 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
758c290092 Fix CONNECT_TO usage 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
2e534c7794 Add cmake environment 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
237fa15e36 Fix external libraries 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
6f1bb65841 Update workflows and makefiles (11 commits squashed) 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
238b314c90 switch PCREPlugin to PCRE2 2026-04-08 19:21:29 +03:00
BDBSAlive6one6
5e92822900 fix(PamAuth): добавлен вызов pam_acct_mgmt(), исправлен pam_start() (#1203) 
Добавлен вызов pam_acct_mgmt() после pam_authenticate() для проверки
прав доступа на уровне PAM (HBAC, истечение пароля, блокировка учётки)
Исправлена передача реального username в pam_start() вместо '3proxy@'

---

Added pam_acct_mgmt() call after pam_authenticate() to enable PAM
account checks (HBAC, password expiration, account lockout).
Fixed pam_start() to pass actual username instead of hardcoded '3proxy@'
Tested with FreeIPA 4.12 + SSSD Rocky Linux 9
 2026-04-08 19:21:29 +03:00
Vladimir Dubrovin
7299bcc0e2 Move timeouts from conf 2026-04-08 19:21:29 +03:00
Vladimir Dubrovin
c34d29b7dd Do not use applink.c 2026-04-08 19:21:29 +03:00
Vladimir Dubrovin
499c4240ad Fix TrafficPlugin 2026-04-08 19:21:28 +03:00
Vladimir Dubrovin
a5fce1a2f6 compile PCRE on Windows 2026-04-08 19:21:28 +03:00
Vladimir Dubrovin
c05023ab6d Correct SSL functions for Windows 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
28724187fb Use external PCRE library 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
35db214b78 Use external PCRE library 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
92f170fca2 Fix warning 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
00d2ecbc31 Use 64 bit arithmetics for rate limits 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
8292ec21a7 remove SSL_shutdown 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
ef318bff67 Use quit shutdown for SSL to prevent races 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
128386723a Fix potential use-after-free on filters, add SSL_shutdown in SSLPlugin 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
acc6db59a3 SNI break (DPI bypass) added 
-s option to tlspr (or tls type redirect), requires TCP_NODELAY to be set

auth iponly
allow *
parent 1000 tls 0.0.0.0 0
allow *
proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
251660940e Fixed: crash on invalid configuration file 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e4504997e Fixed: memory corruptions on config parsing 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
8d8ee23385 ssl_client_mode added, code cleanup 
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e47d5bd92 ssl_client_alpn added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7fce892391 Use SSL_connect / SSL_accept in non-blocking mode 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
23551e53bf Fixed: allow ssl server and client on the same service 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
35406e6b61 client_sni command added; do not send hostname from request as SNI in SSL client configuration 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
26534e9cbd Close SSL on shutdown 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
2cd0a34fd5 maxseg / TCP_MAXSEG support added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
d67a052aa8 Fixed: invalid config value initializers 2026-04-08 19:21:26 +03:00
Alexey Suslov
280c7c8976 Fix HTTPS proxy for HTTPS addresses (#1175) 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
bc7e9b2ac6 Fix: -P option for tlspr 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
5355af3112 Fix: WSAPoll fail in some Windows versions after e525ce913e 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7b4e8b6d6b Fixed: ssl_server_cert doesn't read full certificate chain 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e945890613 Fixed: CONNECT does not work in standalone 'proxy' binary 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
5c7cc3c9b2 Fixed: Failed connect may result in success response on some Windows versions 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
6e55af7f48 Fixed: invalid timeout in socksendto / sockrecvfrom 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d744e16fb Convert PAMAUTH.TXT to UTF-8 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
af25cb460f Fixed service name detection for auto / tlspr 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
2508b89d96 Avoid sleep on service thread sync 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
09a3ddeeac SOCKSTRACE fixed 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
66bdd86c6b ssl_server_verify, ssl_server_ca_dir, ssl_server_ca_store added, ssl_server / ssl_client aliases added to ssl_serv / ssl_cli 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
b624da443a ssl_noserv fixed, ssl_cli/ssl_nocli/ssl_client_cert/ssl_client_key added 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
3c51af3737 Remove legacy NTLMv1 code 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
7e7a0d4336 Support HAProxy proxy v1 protocol 
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e373d84717 Support tlspr in auto 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d58e2618e make compatible with openssl 1.x 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
1bfa64303a rsa.h not required 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
81224b6708 Use PCRE_STATIC pcre_plugin.c 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
6944a012d9 use PCRE_STATIC 2026-04-08 19:21:24 +03:00
z3apa3a
bc92819572 Fix tlspr for compatibility with older compileres 2025-03-09 19:16:35 +03:00
z3apa3a
2900b80d88 Prepare for 0.9.5 release 2025-03-09 17:29:17 +03:00
z3apa3a
74134db09e Fix ssl_plugin for Windows 2025-03-09 17:22:18 +03:00
Vladimir Dubrovin
6387bed4f2 Replace strcpy with memmove for overlapping regions 2024-12-20 14:38:58 +03:00
Vladimir Dubrovin
cf6946cc8b Fix: IPv6 address may be invalid on some plafrorms for SOCKSv5 UDP ASSOCIATE 2024-07-18 12:50:59 +03:00
Vladimir Dubrovin
ab8db00b1f Fix type for ssl_poll 2024-06-04 19:26:34 +03:00
Vladimir Dubrovin
94dfa195db char * / unsigned char * conversions fixed 2024-05-31 19:53:28 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
d347f0a058 More TLS commands added, ssl_srvkey / ssl_srvfile renamed 
ssl_server_cert - certificate for SSL server (rename from ssl_srvkey)
ssl_server_key - key for ssl_server_cert of generated mirm certificate (renamed from ssl_srvkey)
ssl_server_ca_file - CA file for mitm
ssl_server_ca_key - key for mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache is not optional, if ssl_server_ca_file / ssl_server_ca_key are configured
 2024-03-10 16:20:42 +03:00
Vladimir Dubrovin
a316622a85 Added multiple TLS configuration parameters for SSLPlugin 
ssl_client_ciphersuites - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
ssl_server_ciphersuites - TLS server ciphers for TLS 1.3
ssl_client_cipher_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_server_cipher_list - TLS server ciphers for TLS 1.2 and below
ssl_client_min_proto_version - TLS client min TLS version (e.g. TLSv1.2)
ssl_server_min_proto_version - TLS server min TLS version (e.g. TLSv1.2)
ssl_client_max_proto_version - TLS client max TLS version (e.g. TLSv1.2)
ssl_server_max_proto_version - TLS server max TLS version (e.g. TLSv1.2)
ssl_client_verify - verify certificate for upstream server in TLS client functionality
ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
 2024-03-10 13:36:40 +03:00
Vladimir Dubrovin
d87241c487 Keep TLS server context 2024-03-09 18:37:44 +03:00
Vladimir Dubrovin
144af547fb Keep TLS client context between requests 2024-03-09 16:23:03 +03:00
Vladimir Dubrovin
35d1de6f5e Ffix use-after-free in freeparam 2024-02-22 17:30:50 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
067fdd7f95 support ssl_serv / ssl_noserv commands 
example:
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_srvcert path_to_cert
ssl_srvkey path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
 2024-02-18 23:42:09 +03:00
Vladimir Dubrovin
d77e528847 minor fixes 2024-02-18 20:18:31 +03:00
Vladimir Dubrovin
2b4d8e67e4 Do not store CA cert subject 2024-02-18 19:53:35 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
6dc145b16b initial commit to TLS refactoring 2024-02-18 19:07:09 +03:00
Vladimir Dubrovin
d162ad5c38 Fix windows issues 2024-02-17 18:53:58 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
d83c1f47f8 Rollback commit in the wrong branch 2024-02-17 13:18:14 +03:00
Vladimir Dubrovin
20a929ca53 Add per-service sockfuncs 2024-02-17 12:57:36 +03:00
Michael Tautschnig
687ebafb1b Fix plugin declarations of hashindex and nametohash 
Plugins using these would fail to provide the required arguments.
 2023-10-11 10:00:47 +00:00
Vladimir Dubrovin
5e2b2a399e clean up warnings 2023-07-13 15:29:26 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
00513a7d28 eliminate redundant code in previous fix 2023-07-12 17:21:46 +03:00