bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-02-23 02:25:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
764 Commits 4 Branches 29 Tags 2.5 MiB
cb6a4166b7
Commit Graph

764 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vladimir Dubrovin
cb6a4166b7 Use -fPIC instead of -fPIE 2024-09-11 18:34:40 +03:00
Vladimir Dubrovin
cf6946cc8b Fix: IPv6 address may be invalid on some plafrorms for SOCKSv5 UDP ASSOCIATE 2024-07-18 12:50:59 +03:00
Vladimir Dubrovin
ab8db00b1f Fix type for ssl_poll 2024-06-04 19:26:34 +03:00
Vladimir Dubrovin
94dfa195db char * / unsigned char * conversions fixed 2024-05-31 19:53:28 +03:00
Vladimir Dubrovin
fb4ab5d07f Remove accidentely added binary 2024-05-20 13:44:50 +03:00
Vladimir Dubrovin
57f11d8a0f Add tlspr binary to git ignore 2024-05-20 13:41:55 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
29ef226b3c Обновлена документация 2024-03-10 17:01:54 +03:00
Vladimir Dubrovin
d347f0a058 More TLS commands added, ssl_srvkey / ssl_srvfile renamed 
ssl_server_cert - certificate for SSL server (rename from ssl_srvkey)
ssl_server_key - key for ssl_server_cert of generated mirm certificate (renamed from ssl_srvkey)
ssl_server_ca_file - CA file for mitm
ssl_server_ca_key - key for mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache is not optional, if ssl_server_ca_file / ssl_server_ca_key are configured
 2024-03-10 16:20:42 +03:00
Vladimir Dubrovin
a316622a85 Added multiple TLS configuration parameters for SSLPlugin 
ssl_client_ciphersuites - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
ssl_server_ciphersuites - TLS server ciphers for TLS 1.3
ssl_client_cipher_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_server_cipher_list - TLS server ciphers for TLS 1.2 and below
ssl_client_min_proto_version - TLS client min TLS version (e.g. TLSv1.2)
ssl_server_min_proto_version - TLS server min TLS version (e.g. TLSv1.2)
ssl_client_max_proto_version - TLS client max TLS version (e.g. TLSv1.2)
ssl_server_max_proto_version - TLS server max TLS version (e.g. TLSv1.2)
ssl_client_verify - verify certificate for upstream server in TLS client functionality
ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
 2024-03-10 13:36:40 +03:00
Vladimir Dubrovin
d87241c487 Keep TLS server context 2024-03-09 18:37:44 +03:00
Vladimir Dubrovin
144af547fb Keep TLS client context between requests 2024-03-09 16:23:03 +03:00
Vladimir Dubrovin
35d1de6f5e Ffix use-after-free in freeparam 2024-02-22 17:30:50 +03:00
Vladimir Dubrovin
a592f07783 Update SSLPlugin documentation 2024-02-19 00:13:08 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
067fdd7f95 support ssl_serv / ssl_noserv commands 
example:
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_srvcert path_to_cert
ssl_srvkey path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
 2024-02-18 23:42:09 +03:00
Vladimir Dubrovin
d77e528847 minor fixes 2024-02-18 20:18:31 +03:00
Vladimir Dubrovin
2b4d8e67e4 Do not store CA cert subject 2024-02-18 19:53:35 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
6dc145b16b initial commit to TLS refactoring 2024-02-18 19:07:09 +03:00
Vladimir Dubrovin
d162ad5c38 Fix windows issues 2024-02-17 18:53:58 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
d83c1f47f8 Rollback commit in the wrong branch 2024-02-17 13:18:14 +03:00
Vladimir Dubrovin
20a929ca53 Add per-service sockfuncs 2024-02-17 12:57:36 +03:00
Vladimir Dubrovin
a80bef9ecf
Merge pull request #978 from tautschnig/fix-decls 
Fix plugin declarations of hashindex and nametohash
 2023-10-11 17:00:48 +03:00
Michael Tautschnig
687ebafb1b Fix plugin declarations of hashindex and nametohash 
Plugins using these would fail to provide the required arguments.
 2023-10-11 10:00:47 +00:00
Vladimir Dubrovin
5e2b2a399e clean up warnings 2023-07-13 15:29:26 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
00513a7d28 eliminate redundant code in previous fix 2023-07-12 17:21:46 +03:00
Vladimir Dubrovin
dc7e098e6b Support request filters for SOCKS, support broken BIND request from some clients 2023-07-12 15:55:50 +03:00
Vladimir Dubrovin
8b57982a09 Fix FreeBSD install 2023-06-10 12:22:59 +03:00
Vladimir Dubrovin
cebb45c095 Fix FreeBSD install secrion 2023-06-01 11:42:16 +03:00
Vladimir Dubrovin
13979b5df4 Allow hostnames in parent 2023-04-26 15:05:47 +03:00
Vladimir Dubrovin
782878b5b4 Fix github links 2023-04-26 15:04:24 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
862405bdfd set linger close to setsockopt 2022-12-23 17:58:15 +03:00
Vladimir Dubrovin
c716c67da2
Merge pull request #840 from DanWin/increase-listen-backlog 
Add backlog configuration
 2022-11-08 19:51:40 +03:00
Daniel Winzen
b94e1fc01f
Few more changes 2022-11-08 16:02:47 +01:00
Daniel Winzen
cc0fd518bd
Incorporate feedback from z3APA3A 2022-11-08 15:42:04 +01:00
Daniel Winzen
9a6908e623
Add backlog config option 2022-11-08 15:04:19 +01:00
Daniel Winzen
65e57a251d
Clarify use of maxconn in man page 2022-11-08 13:25:05 +01:00
Daniel Winzen
25c375a78a
Increase backlog of listening sockets to match maxconn 2022-11-03 23:24:25 +01:00
Vladimir Dubrovin
a22e2be77b
Merge pull request #838 from DanWin/linux-tcp-fastopen 
Add support for TCP_FASTOPEN_CONNECT and TCP_FASTOPEN socket options
 2022-11-02 10:57:40 +03:00
Daniel Winzen
8a160dd188
Add support for TCP_FASTOPEN_CONNECT and TCP_FASTOPEN socket options (linux) 2022-11-01 20:11:26 +01:00
Vladimir Dubrovin
fb56b7d307 "auto" command added 2022-10-18 17:58:52 +03:00
Vladimir Dubrovin
5165a4d5bd prevent use-after-free in smtpp 2022-08-31 14:34:48 +03:00
Vladimir Dubrovin
bac19c9ae6 Close service only after config mutex unlocked on reload 2022-08-12 19:18:52 +03:00
Vladimir Dubrovin
c98621aeef Always select between IPV6_BOUND_IF and IP_BOUND_IF 2022-06-29 10:35:17 +03:00
Vladimir Dubrovin
3dc698eccd Fix compilation issues 2022-06-29 10:18:36 +03:00
Vladimir Dubrovin
c1beceb24b Support IP_BOUND_IF on MacOS 2022-06-28 12:50:48 +03:00