Jacob Kiers b7ec67ed07 Fix SNI header parsing
When a listener is configured to deal with TLS upstreams, we use the SNI
field of the TLS ClientHello message to decide where to send the traffic.

Therefore, a buffer of 1024 bytes was used to temporarily store this
message. However, a TLS ClientHello message can be larger than that, up
to 16K bytes.

So now the first few bytes are read and manually parsed to find out how
long the message is. And then the entire ClientHello message is
retrieved.

So hopefully that will fix the issue causing the ClientHello
determination to fail.

Closes #10

Signed-off-by: Jacob Kiers <code@kiers.eu>
2025-01-09 20:56:51 +01:00
2023-08-23 19:29:29 +02:00
2025-01-09 20:56:51 +01:00
2024-02-23 22:49:43 +01:00
2024-06-22 11:49:12 +02:00
2025-01-09 20:56:51 +01:00
2024-02-23 22:49:43 +01:00
2021-10-21 16:43:59 +08:00
2024-06-19 21:59:19 +02:00

l4p

Hey, now we are on level 4!

CI

l4p is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP data to remote addresses (only TCP) according to the configuration.

Features

  • Listen on specific port and proxy to local or remote port
  • SNI-based rule without terminating TLS connection
  • DNS-based backend with periodic resolution

Installation

To gain best performance on your computer's architecture, please consider build the source code. First, you may need Rust tool chain.

$ cd l4p
$ cargo build --release

Binary file will be generated at target/release/l4p, or you can use cargo install --path . to install.

Or you can use Cargo to install l4p:

$ cargo install l4p

Or you can download binary file form the Release page.

Configuration

l4p will read yaml format configuration file from /etc/l4p/l4p.yaml, and you can set custom path to environment variable L4P_CONFIG, here is an minimal viable example:

version: 1
log: info

servers:
  proxy_server:
    listen:
      - "127.0.0.1:8081"
    default: remote

upstream:
  remote: "tcp://www.remote.example.com:8082" # proxy to remote address

There are two upstreams built in:

  • Ban, which terminates the connection immediately
  • Echo, which reflects back with the input

For detailed configuration, check this example.

Thanks

  • fourth, of which this is a heavily modified fork.

License

l4p is available under terms of Apache-2.0.

Description
No description provided
Readme 314 KiB
v0.1.11 Latest
2025-05-01 20:04:59 +00:00
Languages
Rust 100%