Skip to content

Commit c694073

Browse files
therealalephtherealaleph
committed
Revert "v0.3.1: IP-literal destinations -> plain TCP passthrough (always)"
This reverts commit eed64ca.
1 parent eed64ca commit c694073

4 files changed

Lines changed: 5 additions & 25 deletions

File tree

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "mhrv-rs"
3-
version = "0.3.1"
3+
version = "0.3.0"
44
edition = "2021"
55
description = "Rust port of MasterHttpRelayVPN -- DPI bypass via Google Apps Script relay with domain fronting"
66
license = "MIT"

src/domain_fronter.rs

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -318,15 +318,12 @@ impl DomainFronter {
318318
Ok(Ok(bytes)) => bytes,
319319
Ok(Err(e)) => {
320320
self.relay_failures.fetch_add(1, Ordering::Relaxed);
321-
// Most upstream errors (self-signed certs, unreachable hosts,
322-
// non-HTTP endpoints) are normal for misrouted traffic. Log
323-
// at warn so they don't spam error channels.
324-
tracing::warn!("relay failed: {}", e);
321+
tracing::error!("Relay failed: {}", e);
325322
return error_response(502, &format!("Relay error: {}", e));
326323
}
327324
Err(_) => {
328325
self.relay_failures.fetch_add(1, Ordering::Relaxed);
329-
tracing::warn!("relay timeout");
326+
tracing::error!("Relay timeout");
330327
return error_response(504, "Relay timeout");
331328
}
332329
};

src/proxy_server.rs

Lines changed: 1 addition & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -308,17 +308,7 @@ async fn dispatch_tunnel(
308308
return do_sni_rewrite_tunnel_from_tcp(sock, &host, port, mitm, rewrite_ctx).await;
309309
}
310310

311-
// 2. IP-literal destinations are almost always app-level custom protocols
312-
// (xray/VLESS, torrent, SSH, VPN, raw TCP). Browsers never use raw IPs
313-
// in CONNECT. MITMing these would break the app's own TLS/auth, and
314-
// trying to relay opaque bytes through Apps Script always fails.
315-
// Always plain TCP passthrough for IP literals.
316-
if is_ip_literal(&host) {
317-
plain_tcp_passthrough(sock, &host, port).await;
318-
return Ok(());
319-
}
320-
321-
// 3. Peek at the first byte to detect TLS vs plain. Time-bounded — if the
311+
// 2. Peek at the first byte to detect TLS vs plain. Time-bounded — if the
322312
// client doesn't send anything within 300ms, assume server-first
323313
// protocol (SMTP, POP3, FTP banner) and jump straight to plain TCP.
324314
let mut peek_buf = [0u8; 8];
@@ -355,13 +345,6 @@ async fn dispatch_tunnel(
355345
Ok(())
356346
}
357347

358-
// ---------- IP literal detection ----------
359-
360-
fn is_ip_literal(host: &str) -> bool {
361-
let h = host.trim_start_matches('[').trim_end_matches(']');
362-
h.parse::<std::net::IpAddr>().is_ok()
363-
}
364-
365348
// ---------- Plain TCP passthrough ----------
366349

367350
async fn plain_tcp_passthrough(mut sock: TcpStream, host: &str, port: u16) {

0 commit comments

Comments
 (0)