gandc/mtprotoproxy
1
0
Fork 0
mirror of https://github.com/alexbers/mtprotoproxy.git synced 2026-03-14 07:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
172 Commits 4 Branches 14 Tags
f51a4bfe34cd6be5dfb49d567405a767ff8a75f4
Commit Graph

139 Commits

Author SHA1 Message Date
Vladislav Grishenko
f51a4bfe34 Add proxy protocol v1/v2 support (#119) 
* add proxy protocol v1/v2 support

With fake-tls enabled, it was still quite hard to use mtprotoproxy
as backend behing some reverse https/tls proxy (nginx, haproxy, etc)
because it still need client address & port info.
With nginx already configured to use stream proxy with proxy protocol,
it was impossibe to connect due additional proxy header transmission
before real hadshake.
Adding general support of proxy protocol fixed both issues.

New config option PROXY_PROTOCOL = True enables transparent support,
unproxied incoming connections will still be accepted.
Since reverse proxy needs to be trusted, option disabled by default.

References:
* https://www.haproxy.com/blog/haproxy/proxy-protocol/
* http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt

* slightly optimize proxy v1 error path

* rework proxy handler

* deny direct connection with enabled PROXY_PROTOCOl per specs
* simplify proxy header checking
* use textual form of proxy v1 header
* drop useless find() call

* fix client address logging
 2019-08-14 23:03:01 +05:00
Alexander Bersenev
d9fa5b222a remove unused variable 2019-08-14 04:07:36 +05:00
Alexander Bersenev
91ec36653e add slots to classes, thanks to MrMrRobat 2019-08-14 03:59:44 +05:00
Allineer
e43ae99911 Fix default port in the main script. 
Different port in main and config files. It's changed to 3256.
 2019-08-13 16:42:14 +05:00
Alexander Bersenev
ab52521a25 change the tls links to hex encoding until base64 is fixed 2019-08-13 16:26:38 +05:00
Alexander Bersenev
53184470e9 fixed cached readings in fake tls 2019-08-13 15:23:47 +05:00
Alexander Bersenev
48330f1e8a shrunk max tls record size according to https://tools.ietf.org/html/rfc8446\#section-5.1 2019-08-13 03:31:49 +05:00
Alexander Bersenev
4e2cb87685 change the comment 2019-08-13 02:52:41 +05:00
Alexander Bersenev
a030ae2978 redirect bad clients to some host 2019-08-13 02:06:17 +05:00
Alexander Bersenev
3d8961316e use urlsafe version of base64 encoder 2019-08-11 21:28:55 +05:00
Alexander Bersenev
d7c163c0dc add tls only mode 2019-08-11 21:22:10 +05:00
Alexander Bersenev
80062c95bc print proxy addresses and logins on reload 2019-07-26 14:51:41 +05:00
Alexander Bersenev
c1fdc4c0a3 move setting instant rst into a function 2019-07-25 02:09:10 +05:00
Alexander Bersenev
f5d41e9aa7 close tcp connection with rst when tls failed 2019-07-25 02:05:04 +05:00
Alexander Bersenev
4e754a75bd add an experimental note for the new proto 2019-07-24 03:16:03 +05:00
Alexander Bersenev
1a934f992d add fake-tls mode 2019-07-24 03:03:36 +05:00
Alexander Bersenev
96ba65aba0 add one more reserved string in the nonce beginnings 2019-07-23 10:26:58 +05:00
Alexander Bersenev
985e3eb546 add user data quotas 2019-07-22 21:34:09 +05:00
Alexander Bersenev
129f5cc981 use global var to enable direct connect 2019-07-22 18:55:27 +05:00
Alexander Bersenev
6fb022284e check if ipv6 is available every time before using 2019-07-22 18:24:03 +05:00
Alexander Bersenev
7d11ff07bd cancel all tasks on exit 2019-07-19 15:58:54 +05:00
Alexander Bersenev
1c875e3d31 do not listen if listen addr is zero 2019-07-19 15:46:34 +05:00
Alexander Bersenev
a2890cf213 redesign the config handling 2019-07-19 03:11:18 +05:00
Alexander Bersenev
026849cb54 rename USER_EXPIRATION to USER_EXPIRATIONS and reformat the code to comply pep8 2019-06-29 13:15:08 +05:00
pouryare
50df84bc80 Update mtprotoproxy.py 2019-06-28 16:41:41 +04:30
pouryare
6823117c63 Update mtprotoproxy.py 2019-06-27 06:23:45 +04:30
pouryare
d21eab60c2 Update mtprotoproxy.py 
adding expiration date for users
 2019-06-27 06:05:01 +04:30
Alexander Bersenev
312539c3b8 more reliable protection from replay attacks 2019-05-30 14:36:24 +05:00
Alexander Bersenev
a9e12bb1bb add warning about default secrets 2019-05-17 02:45:24 +05:00
Alexander Bersenev
6c5155ce07 rename USER_CONN_LIMITS to USER_MAX_TCP_CONNS 2019-05-17 02:35:39 +05:00
Alexander Bersenev
422c409480 update the ip address of one of the telegram servers 2019-05-17 00:27:40 +05:00
Alexander Bersenev
cdd4fef49e better comment 2019-05-15 17:42:33 +05:00
Alexander Bersenev
9da90d25d3 ability to specify user limits 2019-05-15 17:16:01 +05:00
Alexander Bersenev
eba7f9be69 protect from time skewing. The proxy protocol is very sensible to clock skew. If the skew is detected, disable advertising, making the connection directly to tg servers, instead of middle proxies 2019-05-12 01:42:20 +05:00
Alexander Bersenev
af8c102449 disable one fingerprinting protection by default because it causes trouble on some ios clinets 2019-05-09 03:29:53 +05:00
Alexander Bersenev
a01896522d changed the comment 2019-05-09 02:59:06 +05:00
Alexander Bersenev
6f70ff3003 adaptive buffer sizes 2019-05-09 02:51:36 +05:00
Alexander Bersenev
d48c177e36 comment out the message active fingerprinting - there is too many messages 2019-04-23 15:01:34 +05:00
Alexander Bersenev
f55ae68092 even more protect against replay-based fingerprinting 2019-04-20 15:02:13 +05:00
Alexander Bersenev
4cae6290b9 active fingerprinting detection and blocking 2019-04-20 04:44:11 +05:00
Alexander Bersenev
830d55fe77 fix ipv4 resolver url 2019-04-04 16:06:24 +05:00
Alexander Bersenev
73592c4f72 change ip address resovers since the old one doesnt work anymore 2019-02-15 20:11:57 +05:00
Alexander Bersenev
b0cb48f684 ignore errors in setsockopt on old kernels 2018-12-30 14:44:28 +05:00
Alexander Bersenev
cb10355681 more verbose error messages on https failures 2018-12-30 14:25:17 +05:00
Alexander Bersenev
bd8e0f935d add some endlines 2018-11-27 22:25:47 +05:00
Alexander Bersenev
e2435461ca refactoring 2018-11-27 22:15:38 +05:00
Alexander Bersenev
47218748aa more reliable ip detection 2018-11-25 22:25:13 +05:00
Alexander Bersenev
5187725088 Revert "just for history: attempting to pretent cloudfare service" 
This reverts commit dd1d0a6262.
 2018-11-13 02:18:13 +05:00
Alexander Bersenev
dd1d0a6262 just for history: attempting to pretent cloudfare service 2018-11-13 02:18:04 +05:00
Alexander Bersenev
780dbc5866 document all advanced options 2018-09-20 04:03:32 +05:00