bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-04-28 15:10:12 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
908 Commits 5 Branches 31 Tags 3.3 MiB
f63a83f554
Commit Graph

575 Commits

Author SHA1 Message Date
Vladimir Dubrovin
8292ec21a7 remove SSL_shutdown 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
ef318bff67 Use quit shutdown for SSL to prevent races 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
128386723a Fix potential use-after-free on filters, add SSL_shutdown in SSLPlugin 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
acc6db59a3 SNI break (DPI bypass) added 
-s option to tlspr (or tls type redirect), requires TCP_NODELAY to be set

auth iponly
allow *
parent 1000 tls 0.0.0.0 0
allow *
proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
251660940e Fixed: crash on invalid configuration file 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e4504997e Fixed: memory corruptions on config parsing 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
8d8ee23385 ssl_client_mode added, code cleanup 
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7e47d5bd92 ssl_client_alpn added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7fce892391 Use SSL_connect / SSL_accept in non-blocking mode 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
23551e53bf Fixed: allow ssl server and client on the same service 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
35406e6b61 client_sni command added; do not send hostname from request as SNI in SSL client configuration 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
26534e9cbd Close SSL on shutdown 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
2cd0a34fd5 maxseg / TCP_MAXSEG support added 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
d67a052aa8 Fixed: invalid config value initializers 2026-04-08 19:21:26 +03:00
Alexey Suslov
280c7c8976 Fix HTTPS proxy for HTTPS addresses (#1175) 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
bc7e9b2ac6 Fix: -P option for tlspr 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
5355af3112 Fix: WSAPoll fail in some Windows versions after e525ce913e 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
7b4e8b6d6b Fixed: ssl_server_cert doesn't read full certificate chain 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e945890613 Fixed: CONNECT does not work in standalone 'proxy' binary 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
5c7cc3c9b2 Fixed: Failed connect may result in success response on some Windows versions 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
6e55af7f48 Fixed: invalid timeout in socksendto / sockrecvfrom 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d744e16fb Convert PAMAUTH.TXT to UTF-8 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
af25cb460f Fixed service name detection for auto / tlspr 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
2508b89d96 Avoid sleep on service thread sync 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
09a3ddeeac SOCKSTRACE fixed 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
66bdd86c6b ssl_server_verify, ssl_server_ca_dir, ssl_server_ca_store added, ssl_server / ssl_client aliases added to ssl_serv / ssl_cli 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
b624da443a ssl_noserv fixed, ssl_cli/ssl_nocli/ssl_client_cert/ssl_client_key added 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
3c51af3737 Remove legacy NTLMv1 code 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
7e7a0d4336 Support HAProxy proxy v1 protocol 
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
e373d84717 Support tlspr in auto 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
8d58e2618e make compatible with openssl 1.x 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
1bfa64303a rsa.h not required 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
81224b6708 Use PCRE_STATIC pcre_plugin.c 2026-04-08 19:21:24 +03:00
Vladimir Dubrovin
6944a012d9 use PCRE_STATIC 2026-04-08 19:21:24 +03:00
z3apa3a
bc92819572 Fix tlspr for compatibility with older compileres 2025-03-09 19:16:35 +03:00
z3apa3a
2900b80d88 Prepare for 0.9.5 release 2025-03-09 17:29:17 +03:00
z3apa3a
74134db09e Fix ssl_plugin for Windows 2025-03-09 17:22:18 +03:00
Vladimir Dubrovin
6387bed4f2 Replace strcpy with memmove for overlapping regions 2024-12-20 14:38:58 +03:00
Vladimir Dubrovin
cf6946cc8b Fix: IPv6 address may be invalid on some plafrorms for SOCKSv5 UDP ASSOCIATE 2024-07-18 12:50:59 +03:00
Vladimir Dubrovin
ab8db00b1f Fix type for ssl_poll 2024-06-04 19:26:34 +03:00
Vladimir Dubrovin
94dfa195db char * / unsigned char * conversions fixed 2024-05-31 19:53:28 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
d347f0a058 More TLS commands added, ssl_srvkey / ssl_srvfile renamed 
ssl_server_cert - certificate for SSL server (rename from ssl_srvkey)
ssl_server_key - key for ssl_server_cert of generated mirm certificate (renamed from ssl_srvkey)
ssl_server_ca_file - CA file for mitm
ssl_server_ca_key - key for mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache is not optional, if ssl_server_ca_file / ssl_server_ca_key are configured
 2024-03-10 16:20:42 +03:00
Vladimir Dubrovin
a316622a85 Added multiple TLS configuration parameters for SSLPlugin 
ssl_client_ciphersuites - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
ssl_server_ciphersuites - TLS server ciphers for TLS 1.3
ssl_client_cipher_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_server_cipher_list - TLS server ciphers for TLS 1.2 and below
ssl_client_min_proto_version - TLS client min TLS version (e.g. TLSv1.2)
ssl_server_min_proto_version - TLS server min TLS version (e.g. TLSv1.2)
ssl_client_max_proto_version - TLS client max TLS version (e.g. TLSv1.2)
ssl_server_max_proto_version - TLS server max TLS version (e.g. TLSv1.2)
ssl_client_verify - verify certificate for upstream server in TLS client functionality
ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
 2024-03-10 13:36:40 +03:00
Vladimir Dubrovin
d87241c487 Keep TLS server context 2024-03-09 18:37:44 +03:00
Vladimir Dubrovin
144af547fb Keep TLS client context between requests 2024-03-09 16:23:03 +03:00
Vladimir Dubrovin
35d1de6f5e Ffix use-after-free in freeparam 2024-02-22 17:30:50 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
067fdd7f95 support ssl_serv / ssl_noserv commands 
example:
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_srvcert path_to_cert
ssl_srvkey path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
 2024-02-18 23:42:09 +03:00
Vladimir Dubrovin
d77e528847 minor fixes 2024-02-18 20:18:31 +03:00
Vladimir Dubrovin
2b4d8e67e4 Do not store CA cert subject 2024-02-18 19:53:35 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
6dc145b16b initial commit to TLS refactoring 2024-02-18 19:07:09 +03:00
Vladimir Dubrovin
d162ad5c38 Fix windows issues 2024-02-17 18:53:58 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
d83c1f47f8 Rollback commit in the wrong branch 2024-02-17 13:18:14 +03:00
Vladimir Dubrovin
20a929ca53 Add per-service sockfuncs 2024-02-17 12:57:36 +03:00
Michael Tautschnig
687ebafb1b Fix plugin declarations of hashindex and nametohash 
Plugins using these would fail to provide the required arguments.
 2023-10-11 10:00:47 +00:00
Vladimir Dubrovin
5e2b2a399e clean up warnings 2023-07-13 15:29:26 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
00513a7d28 eliminate redundant code in previous fix 2023-07-12 17:21:46 +03:00
Vladimir Dubrovin
dc7e098e6b Support request filters for SOCKS, support broken BIND request from some clients 2023-07-12 15:55:50 +03:00
Vladimir Dubrovin
13979b5df4 Allow hostnames in parent 2023-04-26 15:05:47 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
862405bdfd set linger close to setsockopt 2022-12-23 17:58:15 +03:00
Daniel Winzen
b94e1fc01f
Few more changes 2022-11-08 16:02:47 +01:00
Daniel Winzen
cc0fd518bd
Incorporate feedback from z3APA3A 2022-11-08 15:42:04 +01:00
Daniel Winzen
9a6908e623
Add backlog config option 2022-11-08 15:04:19 +01:00
Daniel Winzen
25c375a78a
Increase backlog of listening sockets to match maxconn 2022-11-03 23:24:25 +01:00
Daniel Winzen
8a160dd188
Add support for TCP_FASTOPEN_CONNECT and TCP_FASTOPEN socket options (linux) 2022-11-01 20:11:26 +01:00
Vladimir Dubrovin
fb56b7d307 "auto" command added 2022-10-18 17:58:52 +03:00
Vladimir Dubrovin
5165a4d5bd prevent use-after-free in smtpp 2022-08-31 14:34:48 +03:00
Vladimir Dubrovin
bac19c9ae6 Close service only after config mutex unlocked on reload 2022-08-12 19:18:52 +03:00
Vladimir Dubrovin
c98621aeef Always select between IPV6_BOUND_IF and IP_BOUND_IF 2022-06-29 10:35:17 +03:00
Vladimir Dubrovin
3dc698eccd Fix compilation issues 2022-06-29 10:18:36 +03:00
Vladimir Dubrovin
c1beceb24b Support IP_BOUND_IF on MacOS 2022-06-28 12:50:48 +03:00
Vladimir Dubrovin
4ad05d1565 add handleredirect() to symbols 2022-06-24 10:44:28 +03:00
Vladimir Dubrovin
55d1bbe155 Grace delay feature added 
`proxy -g8000,3,10`

First parameter is average read size we want to keep, second parameter is
minimal number of packets in the same direction to apply algorythm,
last value is delay added after polling and prior to reading data.
An example above adds 10 millisecond delay before reading data if average
polling size is below 8000 bytes and 3 read operations are made in the same
direction. It's specially usefule with splice. `logdump 1 1` is useful
to see how grace delays work, choose delay value to avoid filling the read
pipe/buffer (typically 64K) but keep the request sizes close to chosen average
on large file upload/download.
 2022-05-19 18:51:02 +03:00
Vladimir Dubrovin
8a8622b30f FIX: SSLPlugin for tcppm 2022-05-19 15:42:18 +03:00
Vladimir Dubrovin
1cf169b7ae FIX: SSLPlugin with SOCKS 2022-05-19 13:26:52 +03:00
Vladimir Dubrovin
d20e76bbc9 FIX: SSLPlugin with http proxy 2022-05-19 11:49:19 +03:00
Vladimir Dubrovin
468124f55c Fix SSLPlugin with HTTP proxy 2022-05-18 18:14:24 +03:00
Vladimir Dubrovin
17f07f2053 Update udppm.c 2022-04-25 16:45:49 +03:00
Vladimir Dubrovin
6d77141ecc Update socks.c 2022-04-25 13:09:55 +03:00
Vladimir Dubrovin
7e681bbacd Update common.c 
Process failed connect more correcly
 2022-04-07 20:19:49 +03:00
Vladimir Dubrovin
266e62644c Fix RADIUS Login-Service/Login-TCP-Port length 2022-02-22 15:45:23 +03:00
Vladimir Dubrovin
f53b0eb985 fix invalid length in previous commit 2021-11-25 12:21:06 +03:00
Vladimir Dubrovin
bd1dcacf73 Fix domain name reply processing on connect request for parent proxy 2021-11-24 22:53:14 +03:00
Vladimir Dubrovin
e1448b9eb1 connlim error code corrected (should return 10) 2021-11-24 18:22:04 +03:00
Vladimir Dubrovin
70b14394b0 Change minumum DNS cache time to 1 sec 2021-10-30 13:43:20 +03:00
Vladimir Dubrovin
6c1b711fc9 do not ignore Makefile from plugins 2021-10-29 19:26:20 +03:00
Vladimir Dubrovin
461fae12e7 set logfunc after configuration reload 2021-10-29 19:12:03 +03:00
Vladimir Dubrovin
daa2b74354 Merge branch 'master' of https://github.com/3proxy/3proxy 2021-10-21 19:57:06 +03:00
Vladimir Dubrovin
bec6e589fb extNat implemented incorrectly, removing current support 2021-10-21 19:57:02 +03:00
Vladimir Dubrovin
f9347c2f8b Allow all-zero IP and port for BIND and UDP ASSOC 2021-10-21 19:56:09 +03:00
z3apa3a
5fa261e91e Send accounting start packet if log radius is enabled 2021-07-02 18:38:21 +03:00
z3apa3a
b15d5bf681 Commit as 0.9.4 2021-07-02 12:01:43 +03:00
z3apa3a
e1b4e50242 Copyright update 2021-07-02 11:50:33 +03:00
z3apa3a
1fca6ada82 Use self-built openssl for Windows 2021-07-01 19:55:20 +03:00
z3apa3a
d7eb9fb82f better error handling on splice() 2021-05-18 11:34:57 +03:00