fix typos

better handling for server-side socket closing in connection pool
fix small bugs
2026-03-14 07:13:09 +00:00 · 2026-02-18 00:04:07 +05:00 · 2026-02-17 21:14:42 +05:00 · 2026-02-10 16:49:20 +05:00 · 2025-11-18 04:27:47 +05:00 · 2025-11-18 03:46:19 +05:00
2 changed files with 58 additions and 25 deletions
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04

 RUN apt-get update && apt-get install --no-install-recommends -y python3 python3-uvloop python3-cryptography python3-socks libcap2-bin ca-certificates && rm -rf /var/lib/apt/lists/*
-RUN setcap cap_net_bind_service=+ep /usr/bin/python3.10
+RUN setcap cap_net_bind_service=+ep /usr/bin/python3.12

 RUN useradd tgproxy -u 10000

--- a/mtprotoproxy.py
+++ b/mtprotoproxy.py
@@ -36,10 +36,10 @@ TG_DATACENTERS_V6 = [
 # This list will be updated in the runtime
 TG_MIDDLE_PROXIES_V4 = {
    1: [("149.154.175.50", 8888)], -1: [("149.154.175.50", 8888)],
-    2: [("149.154.162.38", 80)], -2: [("149.154.162.38", 80)],
+    2: [("149.154.161.144", 8888)], -2: [("149.154.161.144", 8888)],
    3: [("149.154.175.100", 8888)], -3: [("149.154.175.100", 8888)],
    4: [("91.108.4.136", 8888)], -4: [("149.154.165.109", 8888)],
-    5: [("91.108.56.181", 8888)], -5: [("91.108.56.181", 8888)]
+    5: [("91.108.56.183", 8888)], -5: [("91.108.56.183", 8888)]
 }

 TG_MIDDLE_PROXIES_V6 = {
@@ -47,7 +47,7 @@ TG_MIDDLE_PROXIES_V6 = {
    2: [("2001:67c:04e8:f002::d", 80)], -2: [("2001:67c:04e8:f002::d", 80)],
    3: [("2001:b28:f23d:f003::d", 8888)], -3: [("2001:b28:f23d:f003::d", 8888)],
    4: [("2001:67c:04e8:f004::d", 8888)], -4: [("2001:67c:04e8:f004::d", 8888)],
-    5: [("2001:b28:f23f:f005::d", 8888)], -5: [("2001:67c:04e8:f004::d", 8888)]
+    5: [("2001:b28:f23f:f005::d", 8888)], -5: [("2001:b28:f23f:f005::d", 8888)]
 }

 PROXY_SECRET = bytes.fromhex(
@@ -62,7 +62,6 @@ PREKEY_LEN = 32
 KEY_LEN = 32
 IV_LEN = 16
 HANDSHAKE_LEN = 64
-TLS_HANDSHAKE_LEN = 1 + 2 + 2 + 512
 PROTO_TAG_POS = 56
 DC_IDX_POS = 60

@@ -140,10 +139,10 @@ def init_config():
    # use middle proxy, necessary to show ad
    conf_dict.setdefault("USE_MIDDLE_PROXY", len(conf_dict["AD_TAG"]) == 16)

-    # if IPv6 avaliable, use it by default
+    # if IPv6 available, use it by default
    conf_dict.setdefault("PREFER_IPV6", socket.has_ipv6)

-    # disables tg->client trafic reencryption, faster but less secure
+    # disables tg->client traffic reencryption, faster but less secure
    conf_dict.setdefault("FAST_MODE", True)

    # enables some working modes
@@ -484,7 +483,7 @@ myrandom = MyRandom()


 class TgConnectionPool:
-    MAX_CONNS_IN_POOL = 64
+    MAX_CONNS_IN_POOL = 16

    def __init__(self):
        self.pools = {}
@@ -501,6 +500,16 @@ class TgConnectionPool:
                                          timeout=config.TG_CONNECT_TIMEOUT)
        return reader_tgt, writer_tgt

+    def is_conn_dead(self, reader, writer):
+        if writer.transport.is_closing():
+            return True
+        raw_reader = reader
+        while hasattr(raw_reader, 'upstream'):
+            raw_reader = raw_reader.upstream
+        if raw_reader.at_eof():
+            return True
+        return False
+
    def register_host_port(self, host, port, init_func):
        if (host, port, init_func) not in self.pools:
            self.pools[(host, port, init_func)] = []
@@ -513,15 +522,16 @@ class TgConnectionPool:
        self.register_host_port(host, port, init_func)

        ret = None
-        for task in self.pools[(host, port, init_func)][::]:
+        for task in self.pools[(host, port, init_func)][:]:
            if task.done():
                if task.exception():
                    self.pools[(host, port, init_func)].remove(task)
                    continue

                reader, writer, *other = task.result()
-                if writer.transport.is_closing():
+                if self.is_conn_dead(reader, writer):
                    self.pools[(host, port, init_func)].remove(task)
+                    writer.transport.abort()
                    continue

                if not ret:
@@ -658,7 +668,7 @@ class CryptoWrappedStreamReader(LayeredStreamReaderBase):

            needed_till_full_block = -len(data) % self.block_size
            if needed_till_full_block > 0:
-                data += self.upstream.readexactly(needed_till_full_block)
+                data += await self.upstream.readexactly(needed_till_full_block)
            return self.decryptor.decrypt(data)

    async def readexactly(self, n):
@@ -779,7 +789,7 @@ class MTProtoCompactFrameStreamWriter(LayeredStreamWriterBase):

    def write(self, data, extra={}):
        SMALL_PKT_BORDER = 0x7f
-        LARGE_PKT_BORGER = 256 ** 3
+        LARGE_PKT_BORDER = 256 ** 3

        if len(data) % 4 != 0:
            print_err("BUG: MTProtoFrameStreamWriter attempted to send msg with len", len(data))
@@ -792,7 +802,7 @@ class MTProtoCompactFrameStreamWriter(LayeredStreamWriterBase):

        if len_div_four < SMALL_PKT_BORDER:
            return self.upstream.write(bytes([len_div_four]) + data)
-        elif len_div_four < LARGE_PKT_BORGER:
+        elif len_div_four < LARGE_PKT_BORDER:
            return self.upstream.write(b'\x7f' + int.to_bytes(len_div_four, 3, 'little') + data)
        else:
            print_err("Attempted to send too large pkt len =", len(data))
@@ -868,6 +878,7 @@ class ProxyReqStreamReader(LayeredStreamReaderBase):
        RPC_PROXY_ANS = b"\x0d\xda\x03\x44"
        RPC_CLOSE_EXT = b"\xa2\x34\xb6\x5e"
        RPC_SIMPLE_ACK = b"\x9b\x40\xac\x3b"
+        RPC_UNKNOWN = b'\xdf\xa2\x30\x57'

        data = await self.upstream.read(1)

@@ -886,8 +897,11 @@ class ProxyReqStreamReader(LayeredStreamReaderBase):
            conn_id, confirm = data[4:12], data[12:16]
            return confirm, {"SIMPLE_ACK": True}

+        if ans_type == RPC_UNKNOWN:
+            return b"", {"SKIP_SEND": True}
+
        print_err("unknown rpc ans type:", ans_type)
-        return b""
+        return b"", {"SKIP_SEND": True}


 class ProxyReqStreamWriter(LayeredStreamWriterBase):
@@ -1232,7 +1246,7 @@ async def handle_handshake(reader, writer):
    global last_client_ips
    global last_clients_with_same_handshake

-    TLS_START_BYTES = b"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03"
+    TLS_START_BYTES = b"\x16\x03\x01"

    if writer.transport.is_closing() or writer.get_extra_info("peername") is None:
        return False
@@ -1258,7 +1272,13 @@ async def handle_handshake(reader, writer):
            break

    if is_tls_handshake:
-        handshake += await reader.readexactly(TLS_HANDSHAKE_LEN - len(handshake))
+        handshake += await reader.readexactly(2)
+        tls_handshake_len = int.from_bytes(handshake[-2:], "big")
+        if tls_handshake_len < 512:
+            is_tls_handshake = False
+
+    if is_tls_handshake:
+        handshake += await reader.readexactly(tls_handshake_len)
        tls_handshake_result = await handle_fake_tls_handshake(handshake, reader, writer, peer)

        if not tls_handshake_result:
@@ -1355,7 +1375,7 @@ async def do_direct_handshake(proto_tag, dc_idx, dec_key_and_iv=None):
        print_err("Got connection refused while trying to connect to", dc, TG_DATACENTER_PORT)
        return False
    except ConnectionAbortedError as E:
-        print_err("The Telegram server connection is bad: %d (%s %s) %s" % (dc_idx, addr, port, E))
+        print_err("The Telegram server connection is bad: %d (%s %s) %s" % (dc_idx, dc, TG_DATACENTER_PORT, E))
        return False
    except (OSError, asyncio.TimeoutError) as E:
        print_err("Unable to connect to", dc, TG_DATACENTER_PORT)
@@ -1570,6 +1590,9 @@ async def tg_connect_reader_to_writer(rd, wr, user, rd_buf_size, is_upstream):
            else:
                extra = {}

+            if extra.get("SKIP_SEND"):
+                continue
+
            if not data:
                wr.write_eof()
                await wr.drain()
@@ -1918,6 +1941,16 @@ async def get_encrypted_cert(host, port, server_name):
    if record3_type != 23:
        return b""

+    if len(record3) < MIN_CERT_LEN:
+        record4_type, record4 = await get_tls_record(reader)
+        if record4_type != 23:
+            return b""
+        msg = ("The MASK_HOST %s sent some TLS record before certificate record, this makes the " +
+               "proxy more detectable") % config.MASK_HOST
+        print_err(msg)
+
+        return record4
+
    return record3


@@ -1978,7 +2011,7 @@ async def get_srv_time():
                    continue
                line = line[len("Date: "):].decode()
                srv_time = datetime.datetime.strptime(line, "%a, %d %b %Y %H:%M:%S %Z")
-                now_time = datetime.datetime.utcnow()
+                now_time = datetime.datetime.now(datetime.timezone.utc)
                is_time_skewed = (now_time-srv_time).total_seconds() > MAX_TIME_SKEW
                if is_time_skewed and config.USE_MIDDLE_PROXY and not disable_middle_proxy:
                    print_err("Time skew detected, please set the clock")
@@ -2124,15 +2157,15 @@ def print_tg_info():
        for ip in ip_addrs:
            if config.MODES["classic"]:
                params = {"server": ip, "port": config.PORT, "secret": secret}
-                params_encodeded = urllib.parse.urlencode(params, safe=':')
-                classic_link = "tg://proxy?{}".format(params_encodeded)
+                params_encoded = urllib.parse.urlencode(params, safe=':')
+                classic_link = "tg://proxy?{}".format(params_encoded)
                proxy_links.append({"user": user, "link": classic_link})
                print("{}: {}".format(user, classic_link), flush=True)

            if config.MODES["secure"]:
                params = {"server": ip, "port": config.PORT, "secret": "dd" + secret}
-                params_encodeded = urllib.parse.urlencode(params, safe=':')
-                dd_link = "tg://proxy?{}".format(params_encodeded)
+                params_encoded = urllib.parse.urlencode(params, safe=':')
+                dd_link = "tg://proxy?{}".format(params_encoded)
                proxy_links.append({"user": user, "link": dd_link})
                print("{}: {}".format(user, dd_link), flush=True)

@@ -2142,8 +2175,8 @@ def print_tg_info():
                # tls_secret = bytes.fromhex("ee" + secret) + config.TLS_DOMAIN.encode()
                # tls_secret_base64 = base64.urlsafe_b64encode(tls_secret)
                params = {"server": ip, "port": config.PORT, "secret": tls_secret}
-                params_encodeded = urllib.parse.urlencode(params, safe=':')
-                tls_link = "tg://proxy?{}".format(params_encodeded)
+                params_encoded = urllib.parse.urlencode(params, safe=':')
+                tls_link = "tg://proxy?{}".format(params_encoded)
                proxy_links.append({"user": user, "link": tls_link})
                print("{}: {}".format(user, tls_link), flush=True)
Author	SHA1	Message	Date
Alexander Bersenev	1f7ce9e977	fix typos	2026-02-18 00:04:07 +05:00
Alexander Bersenev	8920faf650	better handling for server-side socket closing in connection pool	2026-02-17 21:14:42 +05:00
Alexander Bersenev	34f743858c	fix small bugs	2026-02-10 16:49:20 +05:00
Alexander Bersenev	375fee1535	update default proxy addresses	2025-11-18 04:27:47 +05:00
Alexander Bersenev	e0ea17978c	update client hello handling for newer tg clients	2025-11-18 03:46:19 +05:00
Rustam @SecondFry Gubaydullin	8bb885ada5	Upgrade base image to Ubuntu 24.04 and Python version	2025-11-13 14:09:38 +05:00
Alexander Bersenev	bc841cff48	change middle proxy default port from 80 to 8888	2024-11-12 01:08:57 +05:00
Alexander Bersenev	c89479000f	change ip of default second middle proxy server, it was updated on the telegram side	2024-09-21 02:51:18 +05:00
Viacheslav Komarov	74711c4212	Hotfix, Change ubuntu version to 22.04 LTS in Dockerfile (#296 )	2023-10-30 18:49:14 +05:00
Alexander Bersenev	51b2482dec	support domains which send several tls records, but print warning	2023-02-27 00:40:25 +05:00
Alexander Bersenev	87f4370927	update ubuntu version in docker	2023-02-20 14:45:21 +05:00
Alexander Bersenev	a978eae922	ignore all new rpc calls instead of closing connection	2023-02-20 14:37:16 +05:00
Alexander Bersenev	88c8c57a44	add handling of some unknown new rpc	2023-02-17 20:16:52 +05:00