Alexander Bersenev
0d52ae0bc7
rename metrics, add connects_all metric
2019-09-18 23:13:32 +05:00
Alexander Bersenev
2b1469985d
add an ability to export metrics to prometheus
2019-09-18 19:44:19 +05:00
Alexander Bersenev
4784491800
use only half of the digest as a key for used digest
2019-09-13 17:20:32 +05:00
Alexander Bersenev
7a2c6b9825
cast client port to int
2019-09-13 01:19:19 +05:00
Alexander Bersenev
37307a98fb
print replay attackers summary
2019-09-08 14:28:46 +05:00
Alexander Bersenev
02b39168c3
print the possible replay-attackers summary instead of every time
2019-09-08 14:12:06 +05:00
Alexander Bersenev
163e7b7cce
print a message about getting the cert
2019-09-08 03:12:19 +05:00
Alexander Bersenev
1ed13d9efa
get rid from annoying time skew messages, print summary instead
2019-09-08 02:01:23 +05:00
Alexander Bersenev
51c8d68271
disable the first bad packet heuristics if the tls-only mode activated, it has time-based protection instead
2019-09-08 01:09:44 +05:00
Alexander Bersenev
50cd74051f
add a message if uvloop is found
2019-08-30 16:05:08 +05:00
Alexander Bersenev
1d826866d1
print time skew message as one line
2019-08-26 17:00:34 +05:00
Alexander Bersenev
ff6b826e13
do not output canceled errors to get rid from scarry traceback on the proxy termination
2019-08-26 16:51:48 +05:00
Alexander Bersenev
3315ac1df6
add one more param into the undocummented mode of launch
2019-08-26 16:07:35 +05:00
Alexander Bersenev
4184875405
advice to use uvloop instead of PyPy interpreter. The uvloop gives a better speed and memory consumption
2019-08-25 03:05:45 +05:00
Alexander Bersenev
d34a15bca3
nicer exception printing
2019-08-23 23:55:26 +05:00
Alexander Bersenev
56bfab51d5
necer exception printing
2019-08-23 23:51:53 +05:00
Alexander Bersenev
4f8b1b16db
modify the workaround
2019-08-23 18:12:53 +05:00
Alexander Bersenev
27f5d249a7
add a workaround against the clients who send zero as their itimestamp
2019-08-23 17:19:03 +05:00
Alexander Bersenev
c51f6f85b8
correct the byte in the initial server hello
2019-08-23 05:24:18 +05:00
Alexander Bersenev
44a52bf958
remove the workaround
2019-08-23 02:19:21 +05:00
Alexander Bersenev
8520a26837
ability to disable replay protection
2019-08-23 01:59:53 +05:00
Alexander Bersenev
068996ab36
fix small typo
2019-08-23 01:45:54 +05:00
Alexander Bersenev
4faa96732f
workaround: the fifth telegram server doesn't answer on IPv6
2019-08-23 01:43:44 +05:00
Alexander Bersenev
bee0b3be6b
cache the ip address of mask host
2019-08-23 01:18:24 +05:00
Alexander Bersenev
09fec8ca99
Merge branch 'master' of github.com:alexbers/mtprotoproxy
2019-08-21 16:15:31 +05:00
Alexander Bersenev
25d76bee09
do not create the copy of cryptography adapter classes
2019-08-21 16:14:48 +05:00
Alexander Bersenev
a680b3e854
Update README.md
2019-08-21 03:06:20 +05:00
Alexander Bersenev
3fe87954a2
Update README.md
2019-08-21 02:50:34 +05:00
Alexander Bersenev
3fb3da139f
Update README.md
2019-08-21 02:05:57 +05:00
Alexander Bersenev
014e450e62
change readme
2019-08-21 02:03:55 +05:00
Alexander Bersenev
04491f8a6a
use hand-made random generator to make randoms more unpredictable
2019-08-20 01:58:19 +05:00
Alexander Bersenev
e081d6b727
generate plausible x25519 public key for server hello also
2019-08-19 21:48:54 +05:00
Alexander Bersenev
ea28a7055a
small readme fixes
2019-08-19 19:16:36 +05:00
Alexander Bersenev
45cb849ca9
change tls status from experimental to new
2019-08-19 18:50:52 +05:00
Alexander Bersenev
e66818326e
generate plausible keys in the key share extension
2019-08-19 17:48:10 +05:00
Alexander Bersenev
4a1bf1ec6a
print warning about default settings on stderr
2019-08-19 04:59:05 +05:00
Alexander Bersenev
854aaa1f24
add flush on print
2019-08-19 04:57:48 +05:00
Alexander Bersenev
5b0ad45cb9
cosmetic fix
2019-08-19 04:56:37 +05:00
Alexander Bersenev
26e00a7409
give some advices about non-secure settings on startup
2019-08-19 04:55:09 +05:00
Alexander Bersenev
ac6d20a897
redesing exception handling logic in handle_bad_client
2019-08-19 04:13:50 +05:00
Alexander Bersenev
06ed40c815
handle unknown ip situation, for example for unix-sockets
2019-08-19 03:44:08 +05:00
Alexander Bersenev
1938c7d3bb
change comment
2019-08-19 03:33:04 +05:00
Alexander Bersenev
01fd1a34c2
be more clear about proxy protocol usage
2019-08-19 03:31:10 +05:00
Alexander Bersenev
1a0977b10e
handle the connection resets
2019-08-19 00:25:54 +05:00
Alexander Bersenev
9dc8521c18
copy the way how the mask server closes the tcp connection to the client
2019-08-18 21:59:33 +05:00
Alexander Bersenev
4169e6acab
move the import to the top of the file
2019-08-17 15:20:05 +05:00
Vladislav Grishenko
121a8974de
add unix socket support ( #127 )
...
Config option LISTEN_UNIX_SOCK = "/path/to/socket.file" allows to listen
on specified unix socket in additional to (or instead of) configured ip
addresses. Listening on a socket can be useful for connection from local
reverse proxy w/o wasting tcp ports and network subsystem resources just
for inter-process communication.
Default value is empty - socket not used.
2019-08-17 15:11:49 +05:00
Alexander Bersenev
fdf5efe3d2
change max tls record size to make it look like complying https://tools.ietf.org/html/rfc8446\#section-5.2 instead of the section 5.1
2019-08-17 14:42:49 +05:00
Alexander Bersenev
015d0a2012
be more tolerate to time skewing. This should cover 90% of cases
2019-08-17 13:21:57 +05:00
Alexander Bersenev
dcad0bd51b
if the client time is skewed, just print a message for a while. Additional analysis needed
2019-08-17 04:48:17 +05:00
