fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.

This commit is contained in:
Philipp Kunz 2025-03-11 17:37:43 +00:00
parent f304cc67b4
commit 415b82a84a
3 changed files with 41 additions and 4 deletions

View File

@ -1,5 +1,12 @@
# Changelog # Changelog
## 2025-03-11 - 3.38.1 - fix(PortProxy)
Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
- In the renegotiation handler, create and pass a connection info object (sourceIp, sourcePort, destIp, destPort) instead of a boolean flag.
- Update the TLS handshake processing to construct a connection info object for detailed SNI extraction and logging.
- Enhance consistency by using processTlsPacket with cached SNI hints during fallback.
## 2025-03-11 - 3.38.0 - feat(SniHandler) ## 2025-03-11 - 3.38.0 - feat(SniHandler)
Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing

View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.38.0', version: '3.38.1',
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.' description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
} }

View File

@ -920,7 +920,15 @@ export class PortProxy {
if (SniHandler.isClientHello(renegChunk)) { if (SniHandler.isClientHello(renegChunk)) {
try { try {
// Extract SNI from ClientHello // Extract SNI from ClientHello
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, this.settings.enableTlsDebugLogging); // Create a connection info object for the existing connection
const connInfo = {
sourceIp: record.remoteIP,
sourcePort: record.incoming.remotePort || 0,
destIp: record.incoming.localAddress || '',
destPort: record.incoming.localPort || 0
};
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, connInfo, this.settings.enableTlsDebugLogging);
// Skip if no SNI was found // Skip if no SNI was found
if (!newSNI) return; if (!newSNI) return;
@ -1590,7 +1598,15 @@ export class PortProxy {
`[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes` `[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes`
); );
// Try to extract SNI and log detailed debug info // Try to extract SNI and log detailed debug info
SniHandler.extractSNIWithResumptionSupport(chunk, true); // Create connection info for debug logging
const debugConnInfo = {
sourceIp: remoteIP,
sourcePort: socket.remotePort || 0,
destIp: socket.localAddress || '',
destPort: socket.localPort || 0
};
SniHandler.extractSNIWithResumptionSupport(chunk, debugConnInfo, true);
} }
} }
}); });
@ -1797,7 +1813,21 @@ export class PortProxy {
); );
} }
serverName = SniHandler.extractSNIWithResumptionSupport(chunk, this.settings.enableTlsDebugLogging) || ''; // Create connection info object for SNI extraction
const connInfo = {
sourceIp: remoteIP,
sourcePort: socket.remotePort || 0,
destIp: socket.localAddress || '',
destPort: socket.localPort || 0
};
// Use the new processTlsPacket method for comprehensive handling
serverName = SniHandler.processTlsPacket(
chunk,
connInfo,
this.settings.enableTlsDebugLogging,
connectionRecord.lockedDomain // Pass any previously negotiated domain as a hint
) || '';
} }
// Lock the connection to the negotiated SNI. // Lock the connection to the negotiated SNI.