gandc/mtprotoproxy
1
0
Fork 0
mirror of https://github.com/alexbers/mtprotoproxy.git synced 2026-03-14 07:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
287 Commits 4 Branches 14 Tags
37d570f8dccf5339fb739c6e6fd658f9af0a2fcb
Commit Graph

287 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vladislav Grishenko
121a8974de add unix socket support (#127) 
Config option LISTEN_UNIX_SOCK = "/path/to/socket.file" allows to listen
on specified unix socket in additional to (or instead of) configured ip
addresses. Listening on a socket can be useful for connection from local
reverse proxy w/o wasting tcp ports and network subsystem resources just
for inter-process communication.
Default value is empty - socket not used.
 2019-08-17 15:11:49 +05:00
Alexander Bersenev
fdf5efe3d2 change max tls record size to make it look like complying https://tools.ietf.org/html/rfc8446\#section-5.2 instead of the section 5.1 2019-08-17 14:42:49 +05:00
Alexander Bersenev
015d0a2012 be more tolerate to time skewing. This should cover 90% of cases 2019-08-17 13:21:57 +05:00
Alexander Bersenev
dcad0bd51b if the client time is skewed, just print a message for a while. Additional analysis needed 2019-08-17 04:48:17 +05:00
Alexander Bersenev
da9e51ed03 better error texts 2019-08-17 02:07:17 +05:00
Alexander Bersenev
59306e6e67 take cert length from the masked host 2019-08-16 20:25:23 +05:00
Alexander Bersenev
7502d1dc31 add one more message about the client time skew 2019-08-16 18:11:50 +05:00
Alexander Bersenev
9df42cda79 time based protection against replay attack 2019-08-16 18:01:20 +05:00
Alexander Bersenev
a65f7a8e17 add one more nonce in the reserved nonces list 2019-08-16 16:45:22 +05:00
Alexander Bersenev
8a4bc77125 make default client handshake timeout random 2019-08-16 16:23:14 +05:00
Alexander Bersenev
294cb65738 rename the function from pseudo tls to the fake tls to make the terminology consistent 2019-08-16 16:15:09 +05:00
Alexander Bersenev
559c577df1 early break if the protocol is not tls 2019-08-16 15:17:07 +05:00
Alexander Bersenev
ccc8c3fb14 read initial tls header byte by byte 2019-08-16 15:07:27 +05:00
Alexander Bersenev
e061cd81c4 optimize reading a handshake by detecting tls early 2019-08-15 18:26:56 +05:00
Alexander Bersenev
7527d402d6 mimic as tls 1.3 instead of tls 1.2 to bypass uncrypted certificates problem 2019-08-15 16:23:44 +05:00
Vladislav Grishenko
f51a4bfe34 Add proxy protocol v1/v2 support (#119) 
* add proxy protocol v1/v2 support

With fake-tls enabled, it was still quite hard to use mtprotoproxy
as backend behing some reverse https/tls proxy (nginx, haproxy, etc)
because it still need client address & port info.
With nginx already configured to use stream proxy with proxy protocol,
it was impossibe to connect due additional proxy header transmission
before real hadshake.
Adding general support of proxy protocol fixed both issues.

New config option PROXY_PROTOCOL = True enables transparent support,
unproxied incoming connections will still be accepted.
Since reverse proxy needs to be trusted, option disabled by default.

References:
* https://www.haproxy.com/blog/haproxy/proxy-protocol/
* http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt

* slightly optimize proxy v1 error path

* rework proxy handler

* deny direct connection with enabled PROXY_PROTOCOl per specs
* simplify proxy header checking
* use textual form of proxy v1 header
* drop useless find() call

* fix client address logging
 2019-08-14 23:03:01 +05:00
Alexander Bersenev
d9fa5b222a remove unused variable 2019-08-14 04:07:36 +05:00
Alexander Bersenev
91ec36653e add slots to classes, thanks to MrMrRobat 2019-08-14 03:59:44 +05:00
Allineer
e43ae99911 Fix default port in the main script. 
Different port in main and config files. It's changed to 3256.
 2019-08-13 16:42:14 +05:00
Alexander Bersenev
ab52521a25 change the tls links to hex encoding until base64 is fixed 2019-08-13 16:26:38 +05:00
Alexander Bersenev
53184470e9 fixed cached readings in fake tls 2019-08-13 15:23:47 +05:00
Alexander Bersenev
48330f1e8a shrunk max tls record size according to https://tools.ietf.org/html/rfc8446\#section-5.1 2019-08-13 03:31:49 +05:00
Alexander Bersenev
4e2cb87685 change the comment 2019-08-13 02:52:41 +05:00
Alexander Bersenev
a030ae2978 redirect bad clients to some host 2019-08-13 02:06:17 +05:00
Alexander Bersenev
3d8961316e use urlsafe version of base64 encoder 2019-08-11 21:28:55 +05:00
Alexander Bersenev
d7c163c0dc add tls only mode 2019-08-11 21:22:10 +05:00
Alexander Bersenev
80062c95bc print proxy addresses and logins on reload 2019-07-26 14:51:41 +05:00
Alexander Bersenev
c1fdc4c0a3 move setting instant rst into a function 2019-07-25 02:09:10 +05:00
Alexander Bersenev
f5d41e9aa7 close tcp connection with rst when tls failed 2019-07-25 02:05:04 +05:00
Alexander Bersenev
4e754a75bd add an experimental note for the new proto 2019-07-24 03:16:03 +05:00
Alexander Bersenev
1a934f992d add fake-tls mode 2019-07-24 03:03:36 +05:00
Alexander Bersenev
c543bc1c3d launch script explicitely using python 2019-07-23 18:01:44 +05:00
Alexander Bersenev
96ba65aba0 add one more reserved string in the nonce beginnings 2019-07-23 10:26:58 +05:00
Alexander Bersenev
985e3eb546 add user data quotas 2019-07-22 21:34:09 +05:00
Alexander Bersenev
129f5cc981 use global var to enable direct connect 2019-07-22 18:55:27 +05:00
Alexander Bersenev
6fb022284e check if ipv6 is available every time before using 2019-07-22 18:24:03 +05:00
Alexander Bersenev
4691917c34 optimize docker containers for reloading 2019-07-22 17:21:43 +05:00
Alexander Bersenev
7d11ff07bd cancel all tasks on exit 2019-07-19 15:58:54 +05:00
Alexander Bersenev
1c875e3d31 do not listen if listen addr is zero 2019-07-19 15:46:34 +05:00
Alexander Bersenev
a2890cf213 redesign the config handling 2019-07-19 03:11:18 +05:00
Alexander Bersenev
026849cb54 rename USER_EXPIRATION to USER_EXPIRATIONS and reformat the code to comply pep8 2019-06-29 13:15:08 +05:00
Alexander Bersenev
4f1fea79eb Merge pull request #107 from pouryare/master 
adding expiration date for users
 2019-06-29 12:51:51 +05:00
pouryare
50df84bc80 Update mtprotoproxy.py 2019-06-28 16:41:41 +04:30
pouryare
6823117c63 Update mtprotoproxy.py 2019-06-27 06:23:45 +04:30
pouryare
d21eab60c2 Update mtprotoproxy.py 
adding expiration date for users
 2019-06-27 06:05:01 +04:30
Alexander Bersenev
312539c3b8 more reliable protection from replay attacks 2019-05-30 14:36:24 +05:00
Alexander Bersenev
a9e12bb1bb add warning about default secrets 2019-05-17 02:45:24 +05:00
Alexander Bersenev
6c5155ce07 rename USER_CONN_LIMITS to USER_MAX_TCP_CONNS 2019-05-17 02:35:39 +05:00
Alexander Bersenev
422c409480 update the ip address of one of the telegram servers 2019-05-17 00:27:40 +05:00
Alexander Bersenev
cdd4fef49e better comment 2019-05-15 17:42:33 +05:00