bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-04-20 19:22:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
805 Commits 5 Branches 30 Tags 2.7 MiB
b19cd39e2d
Commit Graph

63 Commits

Author SHA1 Message Date
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
fb56b7d307 "auto" command added 2022-10-18 17:58:52 +03:00
Vladimir Dubrovin
4ad05d1565 add handleredirect() to symbols 2022-06-24 10:44:28 +03:00
Vladimir Dubrovin
55d1bbe155 Grace delay feature added 
`proxy -g8000,3,10`

First parameter is average read size we want to keep, second parameter is
minimal number of packets in the same direction to apply algorythm,
last value is delay added after polling and prior to reading data.
An example above adds 10 millisecond delay before reading data if average
polling size is below 8000 bytes and 3 read operations are made in the same
direction. It's specially usefule with splice. `logdump 1 1` is useful
to see how grace delays work, choose delay value to avoid filling the read
pipe/buffer (typically 64K) but keep the request sizes close to chosen average
on large file upload/download.
 2022-05-19 18:51:02 +03:00
z3apa3a
e1b4e50242 Copyright update 2021-07-02 11:50:33 +03:00
Vladimir Dubrovin
e235ada0de Make SSLPlugin to compile under *nix 2021-05-11 13:53:41 +03:00
z3APA3A
a8b000b7f1 Allow to specify binding address for RADIUS 2020-10-15 12:21:46 +03:00
z3APA3A
eb829b062b Major code refactoring 
- sockmapping rewritten from stratch to minimilse polling. poll() is now
only called if blocking is actually expected, splice pipes are now
polled if splice fails, buffers flushing is much more accurate.
- logging code moved to separate files
- signal masks added to client threads to prevent unneeded interruptions
- bandwidth limitation will not delay the thread after client or server
shutdown
 2020-10-09 15:42:34 +03:00
z3APA3A
8c511a19e9 Do not resolve hostname to IP on ACL destination 2020-08-06 17:56:28 +03:00
z3APA3A
22cf9254c5 rename memory functions in pluginlink 2019-09-03 20:46:47 +03:00
z3APA3A
8ad8a9ccd2 Remove unsupported "myalloc" code 2019-08-13 12:36:55 +03:00
z3APA3A
eb09ae7c58 Support socket options for connback sockets and connection timeouts 2018-05-05 17:16:51 +03:00
z3APA3A
24127196ce Remove ICQPR because OSCAR is outdated 2018-04-22 21:46:00 +03:00
z3APA3A
d2705df891 Use splice by default if no filteers set 
-s0 to disable splice
 2018-04-22 20:03:04 +03:00
z3APA3A
39be30ba5d Simplify socket options printing 
+ add supported options to 3proxy help message
 2018-04-21 17:02:20 +03:00
z3APA3A
b76b3b49fa rename static buffer 2018-04-21 01:45:09 +03:00
z3APA3A
50277692f4 Replace fclose+fopen with freopen where possible 2018-04-21 00:30:02 +03:00
z3APA3A
7423cd0112 Clearing LdapPlugin compilation issues 2018-04-06 17:45:18 +03:00
z3APA3A
ff91a6fe72 connlim / noconnlim commands added to support connection / connectio rate limits 2018-01-12 19:09:42 +03:00
z3APA3A
4a553de100 RADIUS accounting added (not optimized yet) 2017-12-19 01:22:07 +03:00
z3APA3A
0bda7f332e Move sys/timeb.h to Win32 section. 2017-11-24 12:41:01 +03:00
z3APA3A
b4043e944c Unify RADIUS code for logging 2017-06-25 18:40:26 +03:00
z3APA3A
d40e5d458c FIX: tcppm may not work with parent proxy 2017-02-02 00:36:59 +03:00
z3APA3A
c1beee44ef Add support for -os, -oc, -ol 
-ocOPTIONS, -osOPTIONS, -olOPTIONS - options for client (oc), server
(os) or listening (ol) socket
e.g.
proxy -ocTCP_NODELAY,SO_KEEPALIVE,SO_DONTROUTE
 2016-12-25 02:46:30 +03:00
z3APA3A
e2884b182a Add timeout for connect in all modules 2016-12-23 00:56:16 +03:00
z3APA3A
16f094168a Correct EINPROGRESS for Windows 2016-12-22 17:46:06 +03:00
z3APA3A
e7433d633c 'radius' and 'auth radius' support added (not tested yet) 
Example:
radius secret 192.168.0.1 192.168.0.2
authcache ip,user
auth cache radius
 2016-12-20 19:50:50 +03:00
z3apa3a
5cb3947c45 radauth.c: implements RADIUS authentication for 3proxy 2016-12-20 18:39:06 +03:00
z3APA3A
f709255d62 Copyrights cleaned, authradius.c added 2016-12-20 15:47:02 +03:00
z3apa3a
6696b35d74 Added -s option support for proxying with splice() for Liux 
(without copying network data to
userspace). Currently only for tcppm.
 2016-12-19 02:56:23 +03:00
z3APA3A
4e96a66093 fix authentication via reverse name 2016-09-04 15:10:45 +03:00
z3APA3A
b242d6df8c Fix daemonize in *nix 2016-08-23 14:19:27 +03:00
z3APA3A
f347b37770 support port number in 'nserver' / 'authnserver' 2016-05-18 00:05:23 +03:00
z3APA3A
58a64924dd log_mutex used prior to initialization 2016-03-02 19:00:28 +03:00
Vladimir Dubrovin
9ddc1fb874 fix *nix warnings 2016-02-18 17:01:18 +03:00
z3APA3A
3b8e7741b3 Compilation warnings cleanup 2016-02-16 15:29:51 +03:00
z3APA3A
5fc1d81e5c add stack size configuration 
'stacksize' command and -S configuration option added
 2016-02-11 16:16:44 +03:00
z3APA3A
6713530fda log_mutex init moved to proxymain 2016-02-05 19:04:16 +03:00
z3APA3A
975b4ac445 Remove date from copyright notice in proxy.h 2016-01-27 17:56:01 +03:00
z3APA3A
d9271bfec8 + Increase static buffer size 2015-12-27 19:45:15 +03:00
z3APA3A
7df2461a26 Unify logging (make it always blocking in exchange for memory) 2015-12-27 19:27:17 +03:00
z3APA3A
bd37ffa2f7 Race conditions fixed on config reload 
Race conditions on logging and name resolution
 2015-12-04 00:59:52 +03:00
z3APA3A
b2e415b8cb Code restructure 
! configuration moved to config.c
- msnpr.c removed
- countersutil.c removed
 2015-12-03 02:17:15 +03:00
z3APA3A
62775da1d5 race condition fixed on configuration reload 
Race condition on service free'ing
 2015-11-29 00:01:41 +03:00
z3APA3A
a2b5af6dab Connect back proxy functionality added 
-r and -R options added to support connect back functionality between
two instances of proxy
 2015-09-20 21:01:50 +03:00
z3APA3A
1ab94fa002 SSLPlugin: add SNI to server request 2015-05-16 18:14:35 +03:00
z3APA3A
5844e165b5 nscache6 command support + nsrecord with IPv6 
nscache6 - new command for IPv6 addresses cache
nsrecord supports IPv6 addresses
dnsauth should work with IPv6 servers and clients
+ caching is now more accurate
 2014-12-14 05:33:08 +03:00
z3APA3A
7fc43e3fbd add some entropy to DNS hashtable 2014-12-14 00:46:03 +03:00