@push.rocks/smartproxy 19.3.2 → 19.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/forwarding/factory/forwarding-factory.js +29 -1
- package/dist_ts/http/index.d.ts +1 -3
- package/dist_ts/http/index.js +4 -10
- package/dist_ts/http/models/http-types.d.ts +4 -91
- package/dist_ts/http/models/http-types.js +5 -60
- package/dist_ts/http/router/proxy-router.d.ts +1 -1
- package/dist_ts/http/router/route-router.d.ts +1 -1
- package/dist_ts/index.d.ts +9 -7
- package/dist_ts/index.js +10 -7
- package/dist_ts/proxies/{network-proxy → http-proxy}/certificate-manager.d.ts +2 -2
- package/dist_ts/proxies/{network-proxy → http-proxy}/certificate-manager.js +1 -1
- package/dist_ts/proxies/{network-proxy → http-proxy}/connection-pool.d.ts +2 -2
- package/dist_ts/proxies/http-proxy/connection-pool.js +210 -0
- package/dist_ts/proxies/http-proxy/context-creator.js +108 -0
- package/dist_ts/proxies/{network-proxy → http-proxy}/function-cache.js +1 -1
- package/dist_ts/proxies/http-proxy/handlers/index.d.ts +5 -0
- package/dist_ts/proxies/http-proxy/handlers/index.js +6 -0
- package/dist_ts/proxies/http-proxy/handlers/redirect-handler.d.ts +18 -0
- package/dist_ts/proxies/http-proxy/handlers/redirect-handler.js +78 -0
- package/dist_ts/proxies/http-proxy/handlers/static-handler.d.ts +19 -0
- package/dist_ts/proxies/http-proxy/handlers/static-handler.js +203 -0
- package/dist_ts/proxies/{network-proxy/network-proxy.d.ts → http-proxy/http-proxy.d.ts} +10 -9
- package/dist_ts/proxies/{network-proxy/network-proxy.js → http-proxy/http-proxy.js} +13 -12
- package/dist_ts/proxies/{network-proxy → http-proxy}/http-request-handler.js +1 -1
- package/dist_ts/proxies/http-proxy/http2-request-handler.js +201 -0
- package/dist_ts/proxies/{network-proxy → http-proxy}/index.d.ts +2 -2
- package/dist_ts/proxies/http-proxy/index.js +12 -0
- package/dist_ts/proxies/http-proxy/models/http-types.d.ts +119 -0
- package/dist_ts/proxies/http-proxy/models/http-types.js +112 -0
- package/dist_ts/proxies/http-proxy/models/index.d.ts +5 -0
- package/dist_ts/proxies/http-proxy/models/index.js +6 -0
- package/dist_ts/proxies/{network-proxy → http-proxy}/models/types.d.ts +2 -2
- package/dist_ts/proxies/http-proxy/models/types.js +276 -0
- package/dist_ts/proxies/{network-proxy → http-proxy}/request-handler.d.ts +3 -3
- package/dist_ts/proxies/{network-proxy → http-proxy}/request-handler.js +2 -2
- package/dist_ts/proxies/http-proxy/security-manager.js +255 -0
- package/dist_ts/proxies/{network-proxy → http-proxy}/websocket-handler.d.ts +3 -3
- package/dist_ts/proxies/{network-proxy → http-proxy}/websocket-handler.js +2 -2
- package/dist_ts/proxies/index.d.ts +5 -5
- package/dist_ts/proxies/index.js +5 -5
- package/dist_ts/proxies/smart-proxy/certificate-manager.d.ts +4 -4
- package/dist_ts/proxies/smart-proxy/certificate-manager.js +11 -11
- package/dist_ts/proxies/smart-proxy/http-proxy-bridge.d.ts +41 -0
- package/dist_ts/proxies/smart-proxy/http-proxy-bridge.js +121 -0
- package/dist_ts/proxies/smart-proxy/index.d.ts +2 -1
- package/dist_ts/proxies/smart-proxy/index.js +4 -2
- package/dist_ts/proxies/smart-proxy/models/interfaces.d.ts +2 -2
- package/dist_ts/proxies/smart-proxy/port-manager.js +3 -3
- package/dist_ts/proxies/smart-proxy/route-connection-handler.d.ts +3 -3
- package/dist_ts/proxies/smart-proxy/route-connection-handler.js +24 -265
- package/dist_ts/proxies/smart-proxy/smart-proxy.d.ts +1 -1
- package/dist_ts/proxies/smart-proxy/smart-proxy.js +25 -25
- package/dist_ts/routing/index.d.ts +5 -0
- package/dist_ts/routing/index.js +8 -0
- package/dist_ts/routing/models/http-types.d.ts +6 -0
- package/dist_ts/routing/models/http-types.js +7 -0
- package/dist_ts/routing/router/index.d.ts +8 -0
- package/dist_ts/routing/router/index.js +7 -0
- package/dist_ts/{classes.router.d.ts → routing/router/proxy-router.d.ts} +14 -11
- package/dist_ts/{classes.router.js → routing/router/proxy-router.js} +2 -2
- package/dist_ts/routing/router/route-router.d.ts +108 -0
- package/dist_ts/routing/router/route-router.js +393 -0
- package/package.json +1 -1
- package/readme.md +18 -35
- package/readme.plan.md +173 -271
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/forwarding/factory/forwarding-factory.ts +28 -0
- package/ts/index.ts +13 -9
- package/ts/proxies/{network-proxy → http-proxy}/certificate-manager.ts +2 -2
- package/ts/proxies/{network-proxy → http-proxy}/connection-pool.ts +2 -2
- package/ts/proxies/http-proxy/handlers/index.ts +6 -0
- package/ts/proxies/http-proxy/handlers/redirect-handler.ts +105 -0
- package/ts/proxies/http-proxy/handlers/static-handler.ts +251 -0
- package/ts/proxies/{network-proxy/network-proxy.ts → http-proxy/http-proxy.ts} +15 -14
- package/ts/proxies/{network-proxy → http-proxy}/index.ts +3 -3
- package/ts/proxies/http-proxy/models/http-types.ts +165 -0
- package/ts/proxies/http-proxy/models/index.ts +5 -0
- package/ts/proxies/{network-proxy → http-proxy}/models/types.ts +2 -2
- package/ts/proxies/{network-proxy → http-proxy}/request-handler.ts +3 -3
- package/ts/proxies/{network-proxy → http-proxy}/websocket-handler.ts +3 -3
- package/ts/proxies/index.ts +7 -7
- package/ts/proxies/smart-proxy/certificate-manager.ts +10 -10
- package/ts/proxies/smart-proxy/{network-proxy-bridge.ts → http-proxy-bridge.ts} +44 -44
- package/ts/proxies/smart-proxy/index.ts +4 -1
- package/ts/proxies/smart-proxy/models/interfaces.ts +3 -3
- package/ts/proxies/smart-proxy/port-manager.ts +2 -2
- package/ts/proxies/smart-proxy/route-connection-handler.ts +23 -307
- package/ts/proxies/smart-proxy/smart-proxy.ts +25 -25
- package/ts/routing/index.ts +9 -0
- package/ts/routing/models/http-types.ts +6 -0
- package/ts/{http → routing}/router/proxy-router.ts +1 -1
- package/ts/{http → routing}/router/route-router.ts +1 -1
- package/dist_ts/certificate/acme/acme-factory.d.ts +0 -17
- package/dist_ts/certificate/acme/acme-factory.js +0 -40
- package/dist_ts/certificate/acme/challenge-handler.d.ts +0 -44
- package/dist_ts/certificate/acme/challenge-handler.js +0 -92
- package/dist_ts/certificate/acme/index.d.ts +0 -4
- package/dist_ts/certificate/acme/index.js +0 -5
- package/dist_ts/certificate/certificate-manager.d.ts +0 -150
- package/dist_ts/certificate/certificate-manager.js +0 -505
- package/dist_ts/certificate/events/certificate-events.d.ts +0 -33
- package/dist_ts/certificate/events/certificate-events.js +0 -38
- package/dist_ts/certificate/events/simplified-events.d.ts +0 -56
- package/dist_ts/certificate/events/simplified-events.js +0 -13
- package/dist_ts/certificate/index.d.ts +0 -30
- package/dist_ts/certificate/index.js +0 -37
- package/dist_ts/certificate/models/certificate-errors.d.ts +0 -69
- package/dist_ts/certificate/models/certificate-errors.js +0 -141
- package/dist_ts/certificate/models/certificate-strategy.d.ts +0 -60
- package/dist_ts/certificate/models/certificate-strategy.js +0 -73
- package/dist_ts/certificate/models/certificate-types.d.ts +0 -97
- package/dist_ts/certificate/models/certificate-types.js +0 -2
- package/dist_ts/certificate/providers/cert-provisioner.d.ts +0 -119
- package/dist_ts/certificate/providers/cert-provisioner.js +0 -422
- package/dist_ts/certificate/providers/index.d.ts +0 -4
- package/dist_ts/certificate/providers/index.js +0 -5
- package/dist_ts/certificate/simplified-certificate-manager.d.ts +0 -150
- package/dist_ts/certificate/simplified-certificate-manager.js +0 -501
- package/dist_ts/certificate/storage/file-storage.d.ts +0 -66
- package/dist_ts/certificate/storage/file-storage.js +0 -194
- package/dist_ts/certificate/storage/index.d.ts +0 -4
- package/dist_ts/certificate/storage/index.js +0 -5
- package/dist_ts/certificate/utils/certificate-helpers.d.ts +0 -17
- package/dist_ts/certificate/utils/certificate-helpers.js +0 -45
- package/dist_ts/classes.iptablesproxy.d.ts +0 -112
- package/dist_ts/classes.iptablesproxy.js +0 -765
- package/dist_ts/classes.networkproxy.d.ts +0 -243
- package/dist_ts/classes.networkproxy.js +0 -1424
- package/dist_ts/classes.nftablesproxy.d.ts +0 -219
- package/dist_ts/classes.nftablesproxy.js +0 -1542
- package/dist_ts/classes.port80handler.d.ts +0 -215
- package/dist_ts/classes.port80handler.js +0 -736
- package/dist_ts/classes.portproxy.d.ts +0 -171
- package/dist_ts/classes.portproxy.js +0 -1802
- package/dist_ts/classes.pp.acmemanager.d.ts +0 -34
- package/dist_ts/classes.pp.acmemanager.js +0 -123
- package/dist_ts/classes.pp.connectionhandler.d.ts +0 -39
- package/dist_ts/classes.pp.connectionhandler.js +0 -754
- package/dist_ts/classes.pp.connectionmanager.d.ts +0 -78
- package/dist_ts/classes.pp.connectionmanager.js +0 -378
- package/dist_ts/classes.pp.domainconfigmanager.d.ts +0 -55
- package/dist_ts/classes.pp.domainconfigmanager.js +0 -103
- package/dist_ts/classes.pp.interfaces.d.ts +0 -133
- package/dist_ts/classes.pp.interfaces.js +0 -2
- package/dist_ts/classes.pp.networkproxybridge.d.ts +0 -57
- package/dist_ts/classes.pp.networkproxybridge.js +0 -306
- package/dist_ts/classes.pp.portproxy.d.ts +0 -64
- package/dist_ts/classes.pp.portproxy.js +0 -567
- package/dist_ts/classes.pp.portrangemanager.d.ts +0 -56
- package/dist_ts/classes.pp.portrangemanager.js +0 -179
- package/dist_ts/classes.pp.securitymanager.d.ts +0 -47
- package/dist_ts/classes.pp.securitymanager.js +0 -126
- package/dist_ts/classes.pp.snihandler.d.ts +0 -153
- package/dist_ts/classes.pp.snihandler.js +0 -1053
- package/dist_ts/classes.pp.timeoutmanager.d.ts +0 -47
- package/dist_ts/classes.pp.timeoutmanager.js +0 -154
- package/dist_ts/classes.pp.tlsalert.d.ts +0 -149
- package/dist_ts/classes.pp.tlsalert.js +0 -225
- package/dist_ts/classes.pp.tlsmanager.d.ts +0 -57
- package/dist_ts/classes.pp.tlsmanager.js +0 -132
- package/dist_ts/classes.snihandler.d.ts +0 -198
- package/dist_ts/classes.snihandler.js +0 -1210
- package/dist_ts/classes.sslredirect.d.ts +0 -8
- package/dist_ts/classes.sslredirect.js +0 -28
- package/dist_ts/common/acmeFactory.d.ts +0 -9
- package/dist_ts/common/acmeFactory.js +0 -20
- package/dist_ts/common/port80-adapter.d.ts +0 -11
- package/dist_ts/common/port80-adapter.js +0 -87
- package/dist_ts/examples/forwarding-example.d.ts +0 -1
- package/dist_ts/examples/forwarding-example.js +0 -96
- package/dist_ts/forwarding/config/domain-config.d.ts +0 -12
- package/dist_ts/forwarding/config/domain-config.js +0 -12
- package/dist_ts/forwarding/config/domain-manager.d.ts +0 -86
- package/dist_ts/forwarding/config/domain-manager.js +0 -242
- package/dist_ts/helpers.certificates.d.ts +0 -5
- package/dist_ts/helpers.certificates.js +0 -23
- package/dist_ts/http/port80/acme-interfaces.d.ts +0 -108
- package/dist_ts/http/port80/acme-interfaces.js +0 -51
- package/dist_ts/http/port80/challenge-responder.d.ts +0 -53
- package/dist_ts/http/port80/challenge-responder.js +0 -203
- package/dist_ts/http/port80/index.d.ts +0 -6
- package/dist_ts/http/port80/index.js +0 -9
- package/dist_ts/http/port80/port80-handler.d.ts +0 -136
- package/dist_ts/http/port80/port80-handler.js +0 -592
- package/dist_ts/http/redirects/index.d.ts +0 -4
- package/dist_ts/http/redirects/index.js +0 -5
- package/dist_ts/networkproxy/classes.np.certificatemanager.d.ts +0 -77
- package/dist_ts/networkproxy/classes.np.certificatemanager.js +0 -372
- package/dist_ts/networkproxy/classes.np.connectionpool.d.ts +0 -47
- package/dist_ts/networkproxy/classes.np.connectionpool.js +0 -210
- package/dist_ts/networkproxy/classes.np.networkproxy.d.ts +0 -118
- package/dist_ts/networkproxy/classes.np.networkproxy.js +0 -387
- package/dist_ts/networkproxy/classes.np.requesthandler.d.ts +0 -56
- package/dist_ts/networkproxy/classes.np.requesthandler.js +0 -393
- package/dist_ts/networkproxy/classes.np.types.d.ts +0 -83
- package/dist_ts/networkproxy/classes.np.types.js +0 -35
- package/dist_ts/networkproxy/classes.np.websockethandler.d.ts +0 -38
- package/dist_ts/networkproxy/classes.np.websockethandler.js +0 -188
- package/dist_ts/networkproxy/index.d.ts +0 -1
- package/dist_ts/networkproxy/index.js +0 -4
- package/dist_ts/nfttablesproxy/classes.nftablesproxy.d.ts +0 -219
- package/dist_ts/nfttablesproxy/classes.nftablesproxy.js +0 -1542
- package/dist_ts/port80handler/classes.port80handler.d.ts +0 -10
- package/dist_ts/port80handler/classes.port80handler.js +0 -16
- package/dist_ts/proxies/network-proxy/connection-pool.js +0 -210
- package/dist_ts/proxies/network-proxy/context-creator.js +0 -108
- package/dist_ts/proxies/network-proxy/http2-request-handler.js +0 -201
- package/dist_ts/proxies/network-proxy/index.js +0 -12
- package/dist_ts/proxies/network-proxy/models/index.d.ts +0 -4
- package/dist_ts/proxies/network-proxy/models/index.js +0 -5
- package/dist_ts/proxies/network-proxy/models/types.js +0 -276
- package/dist_ts/proxies/network-proxy/security-manager.js +0 -255
- package/dist_ts/proxies/network-proxy/simplified-certificate-bridge.d.ts +0 -48
- package/dist_ts/proxies/network-proxy/simplified-certificate-bridge.js +0 -76
- package/dist_ts/proxies/smart-proxy/connection-handler.d.ts +0 -39
- package/dist_ts/proxies/smart-proxy/connection-handler.js +0 -894
- package/dist_ts/proxies/smart-proxy/domain-config-manager.d.ts +0 -110
- package/dist_ts/proxies/smart-proxy/domain-config-manager.js +0 -386
- package/dist_ts/proxies/smart-proxy/legacy-smart-proxy.d.ts +0 -168
- package/dist_ts/proxies/smart-proxy/legacy-smart-proxy.js +0 -642
- package/dist_ts/proxies/smart-proxy/models/simplified-smartproxy-config.d.ts +0 -65
- package/dist_ts/proxies/smart-proxy/models/simplified-smartproxy-config.js +0 -31
- package/dist_ts/proxies/smart-proxy/models/smartproxy-options.d.ts +0 -102
- package/dist_ts/proxies/smart-proxy/models/smartproxy-options.js +0 -73
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.d.ts +0 -41
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.js +0 -121
- package/dist_ts/proxies/smart-proxy/port-range-manager.d.ts +0 -56
- package/dist_ts/proxies/smart-proxy/port-range-manager.js +0 -176
- package/dist_ts/proxies/smart-proxy/route-helpers/index.d.ts +0 -9
- package/dist_ts/proxies/smart-proxy/route-helpers/index.js +0 -11
- package/dist_ts/proxies/smart-proxy/route-helpers.d.ts +0 -7
- package/dist_ts/proxies/smart-proxy/route-helpers.js +0 -9
- package/dist_ts/proxies/smart-proxy/simplified-smart-proxy.d.ts +0 -41
- package/dist_ts/proxies/smart-proxy/simplified-smart-proxy.js +0 -132
- package/dist_ts/proxies/smart-proxy/utils/route-migration-utils.d.ts +0 -51
- package/dist_ts/proxies/smart-proxy/utils/route-migration-utils.js +0 -124
- package/dist_ts/redirect/classes.redirect.d.ts +0 -96
- package/dist_ts/redirect/classes.redirect.js +0 -194
- package/dist_ts/smartproxy/classes.pp.certprovisioner.d.ts +0 -54
- package/dist_ts/smartproxy/classes.pp.certprovisioner.js +0 -179
- package/dist_ts/smartproxy/classes.pp.connectionhandler.d.ts +0 -39
- package/dist_ts/smartproxy/classes.pp.connectionhandler.js +0 -894
- package/dist_ts/smartproxy/classes.pp.connectionmanager.d.ts +0 -78
- package/dist_ts/smartproxy/classes.pp.connectionmanager.js +0 -378
- package/dist_ts/smartproxy/classes.pp.domainconfigmanager.d.ts +0 -94
- package/dist_ts/smartproxy/classes.pp.domainconfigmanager.js +0 -255
- package/dist_ts/smartproxy/classes.pp.interfaces.d.ts +0 -103
- package/dist_ts/smartproxy/classes.pp.interfaces.js +0 -2
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.d.ts +0 -62
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.js +0 -316
- package/dist_ts/smartproxy/classes.pp.portrangemanager.d.ts +0 -56
- package/dist_ts/smartproxy/classes.pp.portrangemanager.js +0 -176
- package/dist_ts/smartproxy/classes.pp.securitymanager.d.ts +0 -64
- package/dist_ts/smartproxy/classes.pp.securitymanager.js +0 -149
- package/dist_ts/smartproxy/classes.pp.snihandler.d.ts +0 -153
- package/dist_ts/smartproxy/classes.pp.snihandler.js +0 -1053
- package/dist_ts/smartproxy/classes.pp.timeoutmanager.d.ts +0 -47
- package/dist_ts/smartproxy/classes.pp.timeoutmanager.js +0 -154
- package/dist_ts/smartproxy/classes.pp.tlsalert.d.ts +0 -149
- package/dist_ts/smartproxy/classes.pp.tlsalert.js +0 -225
- package/dist_ts/smartproxy/classes.pp.tlsmanager.d.ts +0 -57
- package/dist_ts/smartproxy/classes.pp.tlsmanager.js +0 -132
- package/dist_ts/smartproxy/classes.smartproxy.d.ts +0 -63
- package/dist_ts/smartproxy/classes.smartproxy.js +0 -521
- package/dist_ts/smartproxy/forwarding/domain-config.d.ts +0 -12
- package/dist_ts/smartproxy/forwarding/domain-config.js +0 -12
- package/dist_ts/smartproxy/forwarding/domain-manager.d.ts +0 -86
- package/dist_ts/smartproxy/forwarding/domain-manager.js +0 -241
- package/dist_ts/smartproxy/forwarding/forwarding.factory.d.ts +0 -24
- package/dist_ts/smartproxy/forwarding/forwarding.factory.js +0 -137
- package/dist_ts/smartproxy/forwarding/forwarding.handler.d.ts +0 -55
- package/dist_ts/smartproxy/forwarding/forwarding.handler.js +0 -94
- package/dist_ts/smartproxy/forwarding/http.handler.d.ts +0 -25
- package/dist_ts/smartproxy/forwarding/http.handler.js +0 -123
- package/dist_ts/smartproxy/forwarding/https-passthrough.handler.d.ts +0 -24
- package/dist_ts/smartproxy/forwarding/https-passthrough.handler.js +0 -154
- package/dist_ts/smartproxy/forwarding/https-terminate-to-http.handler.d.ts +0 -36
- package/dist_ts/smartproxy/forwarding/https-terminate-to-http.handler.js +0 -229
- package/dist_ts/smartproxy/forwarding/https-terminate-to-https.handler.d.ts +0 -35
- package/dist_ts/smartproxy/forwarding/https-terminate-to-https.handler.js +0 -254
- package/dist_ts/smartproxy/forwarding/index.d.ts +0 -16
- package/dist_ts/smartproxy/forwarding/index.js +0 -23
- package/dist_ts/smartproxy/types/forwarding.types.d.ts +0 -104
- package/dist_ts/smartproxy/types/forwarding.types.js +0 -50
- package/dist_ts/smartproxy.classes.networkproxy.d.ts +0 -31
- package/dist_ts/smartproxy.classes.networkproxy.js +0 -305
- package/dist_ts/smartproxy.classes.router.d.ts +0 -13
- package/dist_ts/smartproxy.classes.router.js +0 -33
- package/dist_ts/smartproxy.classes.sslredirect.d.ts +0 -8
- package/dist_ts/smartproxy.classes.sslredirect.js +0 -28
- package/dist_ts/smartproxy.helpers.certificates.d.ts +0 -5
- package/dist_ts/smartproxy.helpers.certificates.js +0 -23
- package/dist_ts/smartproxy.plugins.d.ts +0 -18
- package/dist_ts/smartproxy.plugins.js +0 -23
- package/dist_ts/smartproxy.portproxy.d.ts +0 -26
- package/dist_ts/smartproxy.portproxy.js +0 -295
- package/ts/http/index.ts +0 -16
- package/ts/http/models/http-types.ts +0 -108
- package/ts/http/redirects/index.ts +0 -3
- package/ts/proxies/network-proxy/models/index.ts +0 -4
- package/ts/redirect/classes.redirect.ts +0 -295
- /package/dist_ts/proxies/{network-proxy → http-proxy}/context-creator.d.ts +0 -0
- /package/dist_ts/proxies/{network-proxy → http-proxy}/function-cache.d.ts +0 -0
- /package/dist_ts/proxies/{network-proxy → http-proxy}/http-request-handler.d.ts +0 -0
- /package/dist_ts/proxies/{network-proxy → http-proxy}/http2-request-handler.d.ts +0 -0
- /package/dist_ts/proxies/{network-proxy → http-proxy}/security-manager.d.ts +0 -0
- /package/ts/proxies/{network-proxy → http-proxy}/context-creator.ts +0 -0
- /package/ts/proxies/{network-proxy → http-proxy}/function-cache.ts +0 -0
- /package/ts/proxies/{network-proxy → http-proxy}/http-request-handler.ts +0 -0
- /package/ts/proxies/{network-proxy → http-proxy}/http2-request-handler.ts +0 -0
- /package/ts/proxies/{network-proxy → http-proxy}/security-manager.ts +0 -0
- /package/ts/{http → routing}/router/index.ts +0 -0
|
@@ -1,132 +0,0 @@
|
|
|
1
|
-
import * as plugins from './plugins.js';
|
|
2
|
-
import { SniHandler } from './classes.pp.snihandler.js';
|
|
3
|
-
/**
|
|
4
|
-
* Manages TLS-related operations including SNI extraction and validation
|
|
5
|
-
*/
|
|
6
|
-
export class TlsManager {
|
|
7
|
-
constructor(settings) {
|
|
8
|
-
this.settings = settings;
|
|
9
|
-
}
|
|
10
|
-
/**
|
|
11
|
-
* Check if a data chunk appears to be a TLS handshake
|
|
12
|
-
*/
|
|
13
|
-
isTlsHandshake(chunk) {
|
|
14
|
-
return SniHandler.isTlsHandshake(chunk);
|
|
15
|
-
}
|
|
16
|
-
/**
|
|
17
|
-
* Check if a data chunk appears to be a TLS ClientHello
|
|
18
|
-
*/
|
|
19
|
-
isClientHello(chunk) {
|
|
20
|
-
return SniHandler.isClientHello(chunk);
|
|
21
|
-
}
|
|
22
|
-
/**
|
|
23
|
-
* Extract Server Name Indication (SNI) from TLS handshake
|
|
24
|
-
*/
|
|
25
|
-
extractSNI(chunk, connInfo, previousDomain) {
|
|
26
|
-
// Use the SniHandler to process the TLS packet
|
|
27
|
-
return SniHandler.processTlsPacket(chunk, connInfo, this.settings.enableTlsDebugLogging || false, previousDomain);
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* Handle session resumption attempts
|
|
31
|
-
*/
|
|
32
|
-
handleSessionResumption(chunk, connectionId, hasSNI) {
|
|
33
|
-
// Skip if session tickets are allowed
|
|
34
|
-
if (this.settings.allowSessionTicket !== false) {
|
|
35
|
-
return { shouldBlock: false };
|
|
36
|
-
}
|
|
37
|
-
// Check for session resumption attempt
|
|
38
|
-
const resumptionInfo = SniHandler.hasSessionResumption(chunk, this.settings.enableTlsDebugLogging || false);
|
|
39
|
-
// If this is a resumption attempt without SNI, block it
|
|
40
|
-
if (resumptionInfo.isResumption && !hasSNI && !resumptionInfo.hasSNI) {
|
|
41
|
-
if (this.settings.enableTlsDebugLogging) {
|
|
42
|
-
console.log(`[${connectionId}] Session resumption detected without SNI and allowSessionTicket=false. ` +
|
|
43
|
-
`Terminating connection to force new TLS handshake.`);
|
|
44
|
-
}
|
|
45
|
-
return {
|
|
46
|
-
shouldBlock: true,
|
|
47
|
-
reason: 'session_ticket_blocked'
|
|
48
|
-
};
|
|
49
|
-
}
|
|
50
|
-
return { shouldBlock: false };
|
|
51
|
-
}
|
|
52
|
-
/**
|
|
53
|
-
* Check for SNI mismatch during renegotiation
|
|
54
|
-
*/
|
|
55
|
-
checkRenegotiationSNI(chunk, connInfo, expectedDomain, connectionId) {
|
|
56
|
-
// Only process if this looks like a TLS ClientHello
|
|
57
|
-
if (!this.isClientHello(chunk)) {
|
|
58
|
-
return { hasMismatch: false };
|
|
59
|
-
}
|
|
60
|
-
try {
|
|
61
|
-
// Extract SNI with renegotiation support
|
|
62
|
-
const newSNI = SniHandler.extractSNIWithResumptionSupport(chunk, connInfo, this.settings.enableTlsDebugLogging || false);
|
|
63
|
-
// Skip if no SNI was found
|
|
64
|
-
if (!newSNI)
|
|
65
|
-
return { hasMismatch: false };
|
|
66
|
-
// Check for SNI mismatch
|
|
67
|
-
if (newSNI !== expectedDomain) {
|
|
68
|
-
if (this.settings.enableTlsDebugLogging) {
|
|
69
|
-
console.log(`[${connectionId}] Renegotiation with different SNI: ${expectedDomain} -> ${newSNI}. ` +
|
|
70
|
-
`Terminating connection - SNI domain switching is not allowed.`);
|
|
71
|
-
}
|
|
72
|
-
return { hasMismatch: true, extractedSNI: newSNI };
|
|
73
|
-
}
|
|
74
|
-
else if (this.settings.enableTlsDebugLogging) {
|
|
75
|
-
console.log(`[${connectionId}] Renegotiation detected with same SNI: ${newSNI}. Allowing.`);
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
catch (err) {
|
|
79
|
-
console.log(`[${connectionId}] Error processing ClientHello: ${err}. Allowing connection to continue.`);
|
|
80
|
-
}
|
|
81
|
-
return { hasMismatch: false };
|
|
82
|
-
}
|
|
83
|
-
/**
|
|
84
|
-
* Create a renegotiation handler function for a connection
|
|
85
|
-
*/
|
|
86
|
-
createRenegotiationHandler(connectionId, lockedDomain, connInfo, onMismatch) {
|
|
87
|
-
return (chunk) => {
|
|
88
|
-
const result = this.checkRenegotiationSNI(chunk, connInfo, lockedDomain, connectionId);
|
|
89
|
-
if (result.hasMismatch) {
|
|
90
|
-
onMismatch(connectionId, 'sni_mismatch');
|
|
91
|
-
}
|
|
92
|
-
};
|
|
93
|
-
}
|
|
94
|
-
/**
|
|
95
|
-
* Analyze TLS connection for browser fingerprinting
|
|
96
|
-
* This helps identify browser vs non-browser connections
|
|
97
|
-
*/
|
|
98
|
-
analyzeClientHello(chunk) {
|
|
99
|
-
// Default result
|
|
100
|
-
const result = {
|
|
101
|
-
isBrowserConnection: false,
|
|
102
|
-
isRenewal: false,
|
|
103
|
-
hasSNI: false
|
|
104
|
-
};
|
|
105
|
-
try {
|
|
106
|
-
// Check if it's a ClientHello
|
|
107
|
-
if (!this.isClientHello(chunk)) {
|
|
108
|
-
return result;
|
|
109
|
-
}
|
|
110
|
-
// Check for session resumption
|
|
111
|
-
const resumptionInfo = SniHandler.hasSessionResumption(chunk, this.settings.enableTlsDebugLogging || false);
|
|
112
|
-
// Extract SNI
|
|
113
|
-
const sni = SniHandler.extractSNI(chunk, this.settings.enableTlsDebugLogging || false);
|
|
114
|
-
// Update result
|
|
115
|
-
result.isRenewal = resumptionInfo.isResumption;
|
|
116
|
-
result.hasSNI = !!sni;
|
|
117
|
-
// Browsers typically:
|
|
118
|
-
// 1. Send SNI extension
|
|
119
|
-
// 2. Have a variety of extensions (ALPN, etc.)
|
|
120
|
-
// 3. Use standard cipher suites
|
|
121
|
-
// ...more complex heuristics could be implemented here
|
|
122
|
-
// Simple heuristic: presence of SNI suggests browser
|
|
123
|
-
result.isBrowserConnection = !!sni;
|
|
124
|
-
return result;
|
|
125
|
-
}
|
|
126
|
-
catch (err) {
|
|
127
|
-
console.log(`Error analyzing ClientHello: ${err}`);
|
|
128
|
-
return result;
|
|
129
|
-
}
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5wcC50bHNtYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvY2xhc3Nlcy5wcC50bHNtYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sY0FBYyxDQUFDO0FBRXhDLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQVl4RDs7R0FFRztBQUNILE1BQU0sT0FBTyxVQUFVO0lBQ3JCLFlBQW9CLFFBQTRCO1FBQTVCLGFBQVEsR0FBUixRQUFRLENBQW9CO0lBQUcsQ0FBQztJQUVwRDs7T0FFRztJQUNJLGNBQWMsQ0FBQyxLQUFhO1FBQ2pDLE9BQU8sVUFBVSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxhQUFhLENBQUMsS0FBYTtRQUNoQyxPQUFPLFVBQVUsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksVUFBVSxDQUNmLEtBQWEsRUFDYixRQUF5QixFQUN6QixjQUF1QjtRQUV2QiwrQ0FBK0M7UUFDL0MsT0FBTyxVQUFVLENBQUMsZ0JBQWdCLENBQ2hDLEtBQUssRUFDTCxRQUFRLEVBQ1IsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsSUFBSSxLQUFLLEVBQzVDLGNBQWMsQ0FDZixDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksdUJBQXVCLENBQzVCLEtBQWEsRUFDYixZQUFvQixFQUNwQixNQUFlO1FBRWYsc0NBQXNDO1FBQ3RDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUMvQyxPQUFPLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBRSxDQUFDO1FBQ2hDLENBQUM7UUFFRCx1Q0FBdUM7UUFDdkMsTUFBTSxjQUFjLEdBQUcsVUFBVSxDQUFDLG9CQUFvQixDQUNwRCxLQUFLLEVBQ0wsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsSUFBSSxLQUFLLENBQzdDLENBQUM7UUFFRix3REFBd0Q7UUFDeEQsSUFBSSxjQUFjLENBQUMsWUFBWSxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3JFLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dCQUN4QyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwwRUFBMEU7b0JBQzFGLG9EQUFvRCxDQUNyRCxDQUFDO1lBQ0osQ0FBQztZQUNELE9BQU87Z0JBQ0wsV0FBVyxFQUFFLElBQUk7Z0JBQ2pCLE1BQU0sRUFBRSx3QkFBd0I7YUFDakMsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBRSxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7T0FFRztJQUNJLHFCQUFxQixDQUMxQixLQUFhLEVBQ2IsUUFBeUIsRUFDekIsY0FBc0IsRUFDdEIsWUFBb0I7UUFFcEIsb0RBQW9EO1FBQ3BELElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDL0IsT0FBTyxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUNoQyxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gseUNBQXlDO1lBQ3pDLE1BQU0sTUFBTSxHQUFHLFVBQVUsQ0FBQywrQkFBK0IsQ0FDdkQsS0FBSyxFQUNMLFFBQVEsRUFDUixJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixJQUFJLEtBQUssQ0FDN0MsQ0FBQztZQUVGLDJCQUEyQjtZQUMzQixJQUFJLENBQUMsTUFBTTtnQkFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBRSxDQUFDO1lBRTNDLHlCQUF5QjtZQUN6QixJQUFJLE1BQU0sS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDOUIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3hDLE9BQU8sQ0FBQyxHQUFHLENBQ1QsSUFBSSxZQUFZLHVDQUF1QyxjQUFjLE9BQU8sTUFBTSxJQUFJO3dCQUN0RiwrREFBK0QsQ0FDaEUsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUNyRCxDQUFDO2lCQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dCQUMvQyxPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSwyQ0FBMkMsTUFBTSxhQUFhLENBQy9FLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPLENBQUMsR0FBRyxDQUNULElBQUksWUFBWSxtQ0FBbUMsR0FBRyxvQ0FBb0MsQ0FDM0YsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBRSxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7T0FFRztJQUNJLDBCQUEwQixDQUMvQixZQUFvQixFQUNwQixZQUFvQixFQUNwQixRQUF5QixFQUN6QixVQUEwRDtRQUUxRCxPQUFPLENBQUMsS0FBYSxFQUFFLEVBQUU7WUFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDLEtBQUssRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLFlBQVksQ0FBQyxDQUFDO1lBQ3ZGLElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO2dCQUN2QixVQUFVLENBQUMsWUFBWSxFQUFFLGNBQWMsQ0FBQyxDQUFDO1lBQzNDLENBQUM7UUFDSCxDQUFDLENBQUM7SUFDSixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksa0JBQWtCLENBQUMsS0FBYTtRQUtyQyxpQkFBaUI7UUFDakIsTUFBTSxNQUFNLEdBQUc7WUFDYixtQkFBbUIsRUFBRSxLQUFLO1lBQzFCLFNBQVMsRUFBRSxLQUFLO1lBQ2hCLE1BQU0sRUFBRSxLQUFLO1NBQ2QsQ0FBQztRQUVGLElBQUksQ0FBQztZQUNILDhCQUE4QjtZQUM5QixJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMvQixPQUFPLE1BQU0sQ0FBQztZQUNoQixDQUFDO1lBRUQsK0JBQStCO1lBQy9CLE1BQU0sY0FBYyxHQUFHLFVBQVUsQ0FBQyxvQkFBb0IsQ0FDcEQsS0FBSyxFQUNMLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLElBQUksS0FBSyxDQUM3QyxDQUFDO1lBRUYsY0FBYztZQUNkLE1BQU0sR0FBRyxHQUFHLFVBQVUsQ0FBQyxVQUFVLENBQy9CLEtBQUssRUFDTCxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixJQUFJLEtBQUssQ0FDN0MsQ0FBQztZQUVGLGdCQUFnQjtZQUNoQixNQUFNLENBQUMsU0FBUyxHQUFHLGNBQWMsQ0FBQyxZQUFZLENBQUM7WUFDL0MsTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBRXRCLHNCQUFzQjtZQUN0Qix3QkFBd0I7WUFDeEIsK0NBQStDO1lBQy9DLGdDQUFnQztZQUNoQyx1REFBdUQ7WUFFdkQscURBQXFEO1lBQ3JELE1BQU0sQ0FBQyxtQkFBbUIsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBRW5DLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxnQ0FBZ0MsR0FBRyxFQUFFLENBQUMsQ0FBQztZQUNuRCxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=
|
|
@@ -1,198 +0,0 @@
|
|
|
1
|
-
import { Buffer } from 'buffer';
|
|
2
|
-
/**
|
|
3
|
-
* SNI (Server Name Indication) handler for TLS connections.
|
|
4
|
-
* Provides robust extraction of SNI values from TLS ClientHello messages
|
|
5
|
-
* with support for fragmented packets, TLS 1.3 resumption, Chrome-specific
|
|
6
|
-
* connection behaviors, and tab hibernation/reactivation scenarios.
|
|
7
|
-
*/
|
|
8
|
-
export declare class SniHandler {
|
|
9
|
-
private static readonly TLS_HANDSHAKE_RECORD_TYPE;
|
|
10
|
-
private static readonly TLS_APPLICATION_DATA_TYPE;
|
|
11
|
-
private static readonly TLS_CLIENT_HELLO_HANDSHAKE_TYPE;
|
|
12
|
-
private static readonly TLS_SNI_EXTENSION_TYPE;
|
|
13
|
-
private static readonly TLS_SESSION_TICKET_EXTENSION_TYPE;
|
|
14
|
-
private static readonly TLS_SNI_HOST_NAME_TYPE;
|
|
15
|
-
private static readonly TLS_PSK_EXTENSION_TYPE;
|
|
16
|
-
private static readonly TLS_PSK_KE_MODES_EXTENSION_TYPE;
|
|
17
|
-
private static readonly TLS_EARLY_DATA_EXTENSION_TYPE;
|
|
18
|
-
private static fragmentedBuffers;
|
|
19
|
-
private static fragmentTimeout;
|
|
20
|
-
private static sessionCache;
|
|
21
|
-
private static sessionCacheTimeout;
|
|
22
|
-
private static sessionCleanupInterval;
|
|
23
|
-
/**
|
|
24
|
-
* Initialize the session cache cleanup mechanism.
|
|
25
|
-
* This should be called during application startup.
|
|
26
|
-
*/
|
|
27
|
-
static initSessionCacheCleanup(): void;
|
|
28
|
-
/**
|
|
29
|
-
* Clean up expired entries from the session cache
|
|
30
|
-
*/
|
|
31
|
-
private static cleanupSessionCache;
|
|
32
|
-
/**
|
|
33
|
-
* Create a client identity key for session tracking
|
|
34
|
-
* Uses source IP and optional client random for uniqueness
|
|
35
|
-
*
|
|
36
|
-
* @param sourceIp - Client IP address
|
|
37
|
-
* @param clientRandom - Optional TLS client random value
|
|
38
|
-
* @returns A string key for the session cache
|
|
39
|
-
*/
|
|
40
|
-
private static createClientKey;
|
|
41
|
-
/**
|
|
42
|
-
* Store SNI information in the session cache
|
|
43
|
-
*
|
|
44
|
-
* @param sourceIp - Client IP address
|
|
45
|
-
* @param sni - The extracted SNI value
|
|
46
|
-
* @param clientRandom - Optional TLS client random value
|
|
47
|
-
*/
|
|
48
|
-
private static cacheSession;
|
|
49
|
-
/**
|
|
50
|
-
* Retrieve SNI information from the session cache
|
|
51
|
-
*
|
|
52
|
-
* @param sourceIp - Client IP address
|
|
53
|
-
* @param clientRandom - Optional TLS client random value
|
|
54
|
-
* @returns The cached SNI or undefined if not found
|
|
55
|
-
*/
|
|
56
|
-
private static getCachedSession;
|
|
57
|
-
/**
|
|
58
|
-
* Extract the client random value from a ClientHello message
|
|
59
|
-
*
|
|
60
|
-
* @param buffer - The buffer containing the ClientHello
|
|
61
|
-
* @returns The 32-byte client random or undefined if extraction fails
|
|
62
|
-
*/
|
|
63
|
-
private static extractClientRandom;
|
|
64
|
-
/**
|
|
65
|
-
* Checks if a buffer contains a TLS handshake message (record type 22)
|
|
66
|
-
* @param buffer - The buffer to check
|
|
67
|
-
* @returns true if the buffer starts with a TLS handshake record type
|
|
68
|
-
*/
|
|
69
|
-
static isTlsHandshake(buffer: Buffer): boolean;
|
|
70
|
-
/**
|
|
71
|
-
* Checks if a buffer contains TLS application data (record type 23)
|
|
72
|
-
* @param buffer - The buffer to check
|
|
73
|
-
* @returns true if the buffer starts with a TLS application data record type
|
|
74
|
-
*/
|
|
75
|
-
static isTlsApplicationData(buffer: Buffer): boolean;
|
|
76
|
-
/**
|
|
77
|
-
* Creates a connection ID based on source/destination information
|
|
78
|
-
* Used to track fragmented ClientHello messages across multiple packets
|
|
79
|
-
*
|
|
80
|
-
* @param connectionInfo - Object containing connection identifiers (IP/port)
|
|
81
|
-
* @returns A string ID for the connection
|
|
82
|
-
*/
|
|
83
|
-
static createConnectionId(connectionInfo: {
|
|
84
|
-
sourceIp?: string;
|
|
85
|
-
sourcePort?: number;
|
|
86
|
-
destIp?: string;
|
|
87
|
-
destPort?: number;
|
|
88
|
-
}): string;
|
|
89
|
-
/**
|
|
90
|
-
* Handles potential fragmented ClientHello messages by buffering and reassembling
|
|
91
|
-
* TLS record fragments that might span multiple TCP packets.
|
|
92
|
-
*
|
|
93
|
-
* @param buffer - The current buffer fragment
|
|
94
|
-
* @param connectionId - Unique identifier for the connection
|
|
95
|
-
* @param enableLogging - Whether to enable logging
|
|
96
|
-
* @returns A complete buffer if reassembly is successful, or undefined if more fragments are needed
|
|
97
|
-
*/
|
|
98
|
-
static handleFragmentedClientHello(buffer: Buffer, connectionId: string, enableLogging?: boolean): Buffer | undefined;
|
|
99
|
-
/**
|
|
100
|
-
* Checks if a buffer contains a TLS ClientHello message
|
|
101
|
-
* @param buffer - The buffer to check
|
|
102
|
-
* @returns true if the buffer appears to be a ClientHello message
|
|
103
|
-
*/
|
|
104
|
-
static isClientHello(buffer: Buffer): boolean;
|
|
105
|
-
/**
|
|
106
|
-
* Checks if a ClientHello message contains session resumption indicators
|
|
107
|
-
* such as session tickets or PSK (Pre-Shared Key) extensions.
|
|
108
|
-
*
|
|
109
|
-
* @param buffer - The buffer containing a ClientHello message
|
|
110
|
-
* @param enableLogging - Whether to enable logging
|
|
111
|
-
* @returns Object containing details about session resumption and SNI presence
|
|
112
|
-
*/
|
|
113
|
-
static hasSessionResumption(buffer: Buffer, enableLogging?: boolean): {
|
|
114
|
-
isResumption: boolean;
|
|
115
|
-
hasSNI: boolean;
|
|
116
|
-
};
|
|
117
|
-
/**
|
|
118
|
-
* Detects characteristics of a tab reactivation TLS handshake
|
|
119
|
-
* These often have specific patterns in Chrome and other browsers
|
|
120
|
-
*
|
|
121
|
-
* @param buffer - The buffer containing a ClientHello message
|
|
122
|
-
* @param enableLogging - Whether to enable logging
|
|
123
|
-
* @returns true if this appears to be a tab reactivation handshake
|
|
124
|
-
*/
|
|
125
|
-
static isTabReactivationHandshake(buffer: Buffer, enableLogging?: boolean): boolean;
|
|
126
|
-
/**
|
|
127
|
-
* Extracts the SNI (Server Name Indication) from a TLS ClientHello message.
|
|
128
|
-
* Implements robust parsing with support for session resumption edge cases.
|
|
129
|
-
*
|
|
130
|
-
* @param buffer - The buffer containing the TLS ClientHello message
|
|
131
|
-
* @param enableLogging - Whether to enable detailed debug logging
|
|
132
|
-
* @returns The extracted server name or undefined if not found
|
|
133
|
-
*/
|
|
134
|
-
static extractSNI(buffer: Buffer, enableLogging?: boolean): string | undefined;
|
|
135
|
-
/**
|
|
136
|
-
* Attempts to extract SNI from the PSK extension in a TLS 1.3 ClientHello.
|
|
137
|
-
*
|
|
138
|
-
* In TLS 1.3, when a client attempts to resume a session, it may include
|
|
139
|
-
* the server name in the PSK identity hint rather than in the SNI extension.
|
|
140
|
-
*
|
|
141
|
-
* @param buffer - The buffer containing the TLS ClientHello message
|
|
142
|
-
* @param enableLogging - Whether to enable detailed debug logging
|
|
143
|
-
* @returns The extracted server name or undefined if not found
|
|
144
|
-
*/
|
|
145
|
-
static extractSNIFromPSKExtension(buffer: Buffer, enableLogging?: boolean): string | undefined;
|
|
146
|
-
/**
|
|
147
|
-
* Checks if the buffer contains TLS 1.3 early data (0-RTT)
|
|
148
|
-
* @param buffer - The buffer to check
|
|
149
|
-
* @param enableLogging - Whether to enable logging
|
|
150
|
-
* @returns true if early data is detected
|
|
151
|
-
*/
|
|
152
|
-
static hasEarlyData(buffer: Buffer, enableLogging?: boolean): boolean;
|
|
153
|
-
/**
|
|
154
|
-
* Attempts to extract SNI from an initial ClientHello packet and handles
|
|
155
|
-
* session resumption edge cases more robustly than the standard extraction.
|
|
156
|
-
*
|
|
157
|
-
* This method handles:
|
|
158
|
-
* 1. Standard SNI extraction
|
|
159
|
-
* 2. TLS 1.3 PSK-based resumption (Chrome, Firefox, etc.)
|
|
160
|
-
* 3. Session ticket-based resumption
|
|
161
|
-
* 4. Fragmented ClientHello messages
|
|
162
|
-
* 5. TLS 1.3 Early Data (0-RTT)
|
|
163
|
-
* 6. Chrome's connection racing behaviors
|
|
164
|
-
* 7. Tab reactivation patterns with session cache
|
|
165
|
-
*
|
|
166
|
-
* @param buffer - The buffer containing the TLS ClientHello message
|
|
167
|
-
* @param connectionInfo - Optional connection information for fragment handling
|
|
168
|
-
* @param enableLogging - Whether to enable detailed debug logging
|
|
169
|
-
* @returns The extracted server name or undefined if not found
|
|
170
|
-
*/
|
|
171
|
-
static extractSNIWithResumptionSupport(buffer: Buffer, connectionInfo?: {
|
|
172
|
-
sourceIp?: string;
|
|
173
|
-
sourcePort?: number;
|
|
174
|
-
destIp?: string;
|
|
175
|
-
destPort?: number;
|
|
176
|
-
}, enableLogging?: boolean): string | undefined;
|
|
177
|
-
/**
|
|
178
|
-
* Main entry point for SNI extraction that handles all edge cases.
|
|
179
|
-
* This should be called for each TLS packet received from a client.
|
|
180
|
-
*
|
|
181
|
-
* The method uses connection tracking to handle fragmented ClientHello
|
|
182
|
-
* messages and various TLS 1.3 behaviors, including Chrome's connection
|
|
183
|
-
* racing patterns and tab reactivation behaviors.
|
|
184
|
-
*
|
|
185
|
-
* @param buffer - The buffer containing TLS data
|
|
186
|
-
* @param connectionInfo - Connection metadata (IPs and ports)
|
|
187
|
-
* @param enableLogging - Whether to enable detailed debug logging
|
|
188
|
-
* @param cachedSni - Optional cached SNI from previous connections (for racing detection)
|
|
189
|
-
* @returns The extracted server name or undefined if not found or more data needed
|
|
190
|
-
*/
|
|
191
|
-
static processTlsPacket(buffer: Buffer, connectionInfo: {
|
|
192
|
-
sourceIp: string;
|
|
193
|
-
sourcePort: number;
|
|
194
|
-
destIp: string;
|
|
195
|
-
destPort: number;
|
|
196
|
-
timestamp?: number;
|
|
197
|
-
}, enableLogging?: boolean, cachedSni?: string): string | undefined;
|
|
198
|
-
}
|