push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(PortProxy): Fix handling of SNI re-negotiation in PortProxy

Browse Source
This commit is contained in:
Philipp Kunz 2025-02-27 20:10:26 +00:00
parent 29688d1379
commit ec08ca51f5
3 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changelog.md
View File

@ -1,5 +1,11 @@
# Changelog # Changelog
## 2025-02-27 - 3.17.1 - fix(PortProxy)
Fix handling of SNI re-negotiation in PortProxy
- Removed connection locking to the initially negotiated SNI
- Improved handling of SNI during renegotiation in PortProxy
## 2025-02-27 - 3.17.0 - feat(smartproxy) ## 2025-02-27 - 3.17.0 - feat(smartproxy)
Enhance description clarity and improve SNI handling with domain locking. Enhance description clarity and improve SNI handling with domain locking.

2
ts/00_commitinfo_data.ts
View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.17.0', version: '3.17.1',
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.' description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
} }

13
ts/classes.portproxy.ts
View File

@ -90,7 +90,6 @@ interface IConnectionRecord {
outgoing: plugins.net.Socket | null; outgoing: plugins.net.Socket | null;
incomingStartTime: number; incomingStartTime: number;
outgoingStartTime?: number; outgoingStartTime?: number;
lockedDomain?: string; // New field to lock this connection to the initial SNI
connectionClosed: boolean; connectionClosed: boolean;
cleanupTimer?: NodeJS.Timeout; // Timer to force cleanup after max lifetime/inactivity cleanupTimer?: NodeJS.Timeout; // Timer to force cleanup after max lifetime/inactivity
} }
@ -367,19 +366,7 @@ export class PortProxy {
socket.setTimeout(0); socket.setTimeout(0);
initialDataReceived = true; initialDataReceived = true;
const serverName = extractSNI(chunk) || ''; const serverName = extractSNI(chunk) || '';
// Lock the connection to the negotiated SNI.
connectionRecord.lockedDomain = serverName;
console.log(`Received connection from ${remoteIP} with SNI: ${serverName}`); console.log(`Received connection from ${remoteIP} with SNI: ${serverName}`);
// Add an extra data listener to check for a renegotiated ClientHello.
socket.on('data', (chunk: Buffer) => {
if (chunk.length > 0 && chunk.readUInt8(0) === 22) {
const newSNI = extractSNI(chunk);
if (newSNI && newSNI !== connectionRecord.lockedDomain) {
console.log(`Rehandshake detected with different SNI: ${newSNI} vs locked ${connectionRecord.lockedDomain}. Terminating connection.`);
cleanupOnce();
}
}
});
setupConnection(serverName, chunk); setupConnection(serverName, chunk);
}); });
} else { } else {