fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
This commit is contained in:
parent
f304cc67b4
commit
415b82a84a
@ -1,5 +1,12 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 2025-03-11 - 3.38.1 - fix(PortProxy)
|
||||||
|
Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
|
||||||
|
|
||||||
|
- In the renegotiation handler, create and pass a connection info object (sourceIp, sourcePort, destIp, destPort) instead of a boolean flag.
|
||||||
|
- Update the TLS handshake processing to construct a connection info object for detailed SNI extraction and logging.
|
||||||
|
- Enhance consistency by using processTlsPacket with cached SNI hints during fallback.
|
||||||
|
|
||||||
## 2025-03-11 - 3.38.0 - feat(SniHandler)
|
## 2025-03-11 - 3.38.0 - feat(SniHandler)
|
||||||
Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing
|
Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing
|
||||||
|
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@push.rocks/smartproxy',
|
name: '@push.rocks/smartproxy',
|
||||||
version: '3.38.0',
|
version: '3.38.1',
|
||||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
||||||
}
|
}
|
||||||
|
@ -920,7 +920,15 @@ export class PortProxy {
|
|||||||
if (SniHandler.isClientHello(renegChunk)) {
|
if (SniHandler.isClientHello(renegChunk)) {
|
||||||
try {
|
try {
|
||||||
// Extract SNI from ClientHello
|
// Extract SNI from ClientHello
|
||||||
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, this.settings.enableTlsDebugLogging);
|
// Create a connection info object for the existing connection
|
||||||
|
const connInfo = {
|
||||||
|
sourceIp: record.remoteIP,
|
||||||
|
sourcePort: record.incoming.remotePort || 0,
|
||||||
|
destIp: record.incoming.localAddress || '',
|
||||||
|
destPort: record.incoming.localPort || 0
|
||||||
|
};
|
||||||
|
|
||||||
|
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, connInfo, this.settings.enableTlsDebugLogging);
|
||||||
|
|
||||||
// Skip if no SNI was found
|
// Skip if no SNI was found
|
||||||
if (!newSNI) return;
|
if (!newSNI) return;
|
||||||
@ -1590,7 +1598,15 @@ export class PortProxy {
|
|||||||
`[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes`
|
`[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes`
|
||||||
);
|
);
|
||||||
// Try to extract SNI and log detailed debug info
|
// Try to extract SNI and log detailed debug info
|
||||||
SniHandler.extractSNIWithResumptionSupport(chunk, true);
|
// Create connection info for debug logging
|
||||||
|
const debugConnInfo = {
|
||||||
|
sourceIp: remoteIP,
|
||||||
|
sourcePort: socket.remotePort || 0,
|
||||||
|
destIp: socket.localAddress || '',
|
||||||
|
destPort: socket.localPort || 0
|
||||||
|
};
|
||||||
|
|
||||||
|
SniHandler.extractSNIWithResumptionSupport(chunk, debugConnInfo, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@ -1797,7 +1813,21 @@ export class PortProxy {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
serverName = SniHandler.extractSNIWithResumptionSupport(chunk, this.settings.enableTlsDebugLogging) || '';
|
// Create connection info object for SNI extraction
|
||||||
|
const connInfo = {
|
||||||
|
sourceIp: remoteIP,
|
||||||
|
sourcePort: socket.remotePort || 0,
|
||||||
|
destIp: socket.localAddress || '',
|
||||||
|
destPort: socket.localPort || 0
|
||||||
|
};
|
||||||
|
|
||||||
|
// Use the new processTlsPacket method for comprehensive handling
|
||||||
|
serverName = SniHandler.processTlsPacket(
|
||||||
|
chunk,
|
||||||
|
connInfo,
|
||||||
|
this.settings.enableTlsDebugLogging,
|
||||||
|
connectionRecord.lockedDomain // Pass any previously negotiated domain as a hint
|
||||||
|
) || '';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lock the connection to the negotiated SNI.
|
// Lock the connection to the negotiated SNI.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user