diff --git a/changelog.md b/changelog.md index cde672b..3f17d53 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,12 @@ # Changelog +## 2025-03-11 - 3.38.1 - fix(PortProxy) +Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging. + +- In the renegotiation handler, create and pass a connection info object (sourceIp, sourcePort, destIp, destPort) instead of a boolean flag. +- Update the TLS handshake processing to construct a connection info object for detailed SNI extraction and logging. +- Enhance consistency by using processTlsPacket with cached SNI hints during fallback. + ## 2025-03-11 - 3.38.0 - feat(SniHandler) Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 8d8b8cd..d2a0c4c 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartproxy', - version: '3.38.0', + version: '3.38.1', description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.' } diff --git a/ts/classes.portproxy.ts b/ts/classes.portproxy.ts index 5a3e574..748d388 100644 --- a/ts/classes.portproxy.ts +++ b/ts/classes.portproxy.ts @@ -920,7 +920,15 @@ export class PortProxy { if (SniHandler.isClientHello(renegChunk)) { try { // Extract SNI from ClientHello - const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, this.settings.enableTlsDebugLogging); + // Create a connection info object for the existing connection + const connInfo = { + sourceIp: record.remoteIP, + sourcePort: record.incoming.remotePort || 0, + destIp: record.incoming.localAddress || '', + destPort: record.incoming.localPort || 0 + }; + + const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, connInfo, this.settings.enableTlsDebugLogging); // Skip if no SNI was found if (!newSNI) return; @@ -1590,7 +1598,15 @@ export class PortProxy { `[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes` ); // Try to extract SNI and log detailed debug info - SniHandler.extractSNIWithResumptionSupport(chunk, true); + // Create connection info for debug logging + const debugConnInfo = { + sourceIp: remoteIP, + sourcePort: socket.remotePort || 0, + destIp: socket.localAddress || '', + destPort: socket.localPort || 0 + }; + + SniHandler.extractSNIWithResumptionSupport(chunk, debugConnInfo, true); } } }); @@ -1797,7 +1813,21 @@ export class PortProxy { ); } - serverName = SniHandler.extractSNIWithResumptionSupport(chunk, this.settings.enableTlsDebugLogging) || ''; + // Create connection info object for SNI extraction + const connInfo = { + sourceIp: remoteIP, + sourcePort: socket.remotePort || 0, + destIp: socket.localAddress || '', + destPort: socket.localPort || 0 + }; + + // Use the new processTlsPacket method for comprehensive handling + serverName = SniHandler.processTlsPacket( + chunk, + connInfo, + this.settings.enableTlsDebugLogging, + connectionRecord.lockedDomain // Pass any previously negotiated domain as a hint + ) || ''; } // Lock the connection to the negotiated SNI.