@push.rocks/smartproxy 3.41.6 → 3.41.7

package/ts/classes.snihandler.ts

@@ -1321,6 +1321,7 @@ export class SniHandler {
    * @param cachedSni - Optional cached SNI from previous connections (for racing detection)
    * @returns The extracted server name or undefined if not found or more data needed
    */
+
   public static processTlsPacket(
     buffer: Buffer,
     connectionInfo: {
@@ -1373,6 +1374,74 @@ export class SniHandler {
       return undefined;
     }
 
+    // Enhanced session resumption detection
+    if (this.isClientHello(buffer)) {
+      const resumptionInfo = this.hasSessionResumption(buffer, enableLogging);
+
+      if (resumptionInfo.isResumption) {
+        log(`Session resumption detected in TLS packet`);
+
+        // Always try standard SNI extraction first
+        const standardSni = this.extractSNI(buffer, enableLogging);
+        if (standardSni) {
+          log(`Found standard SNI in session resumption: ${standardSni}`);
+
+          // Cache this SNI
+          this.cacheSession(connectionInfo.sourceIp, standardSni);
+          return standardSni;
+        }
+
+        // Enhanced session resumption SNI extraction
+        // Try extracting from PSK identity
+        const pskSni = this.extractSNIFromPSKExtension(buffer, enableLogging);
+        if (pskSni) {
+          log(`Extracted SNI from PSK extension: ${pskSni}`);
+          this.cacheSession(connectionInfo.sourceIp, pskSni);
+          return pskSni;
+        }
+
+        // Additional check for SNI in session tickets
+        if (enableLogging) {
+          log(`Checking for session ticket information to extract server name...`);
+          // Log more details for debugging
+          try {
+            // Look at the raw buffer for patterns
+            log(`Buffer hexdump (first 100 bytes): ${buffer.slice(0, 100).toString('hex')}`);
+
+            // Try to find hostname-like patterns in the buffer
+            const bufferStr = buffer.toString('utf8', 0, buffer.length);
+            const hostnamePattern =
+              /([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?/gi;
+            const hostMatches = bufferStr.match(hostnamePattern);
+
+            if (hostMatches && hostMatches.length > 0) {
+              log(`Possible hostnames found in buffer: ${hostMatches.join(', ')}`);
+
+              // Check if any match looks like a valid domain
+              for (const match of hostMatches) {
+                if (match.includes('.') && match.length > 3) {
+                  log(`Potential SNI found in session data: ${match}`);
+                  // Don't automatically use this - just log for debugging
+                }
+              }
+            }
+          } catch (e) {
+            log(`Error scanning for patterns: ${e}`);
+          }
+        }
+
+        // If we still don't have SNI, check for cached sessions
+        const cachedSni = this.getCachedSession(connectionInfo.sourceIp);
+        if (cachedSni) {
+          log(`Using cached SNI for session resumption: ${cachedSni}`);
+          return cachedSni;
+        }
+
+        log(`Session resumption without extractable SNI`);
+        // If allowSessionTicket=false, should be rejected by caller
+      }
+    }
+
     // For handshake messages, try the full extraction process
     const sni = this.extractSNIWithResumptionSupport(buffer, connectionInfo, enableLogging);