Commit graph

91 commits

Author SHA1 Message Date
Σrebe - Romain GERARD
15db9358a0
feat(dns): Use HTTP proxy if configured for Dns over HTTPS/TLS 2024-06-26 13:27:36 +02:00
Σrebe - Romain GERARD
f2404e79e1
bump deps 2024-06-24 20:37:14 +02:00
erebe
7165f328a8
fix dns over TLS and HTTPS 2024-06-24 20:07:24 +02:00
Σrebe - Romain GERARD
fb378d29d5
feat(linux): Add SO_MARK support for DNS request 2024-06-24 20:07:17 +02:00
Σrebe - Romain GERARD
880aa257a1
feat: Allow to specify DNS resolver on client too - fix #290 for windows 2024-06-09 14:57:54 +02:00
Σrebe - Romain GERARD
2dd99130fa
lint 2024-05-29 19:19:03 +02:00
Σrebe - Romain GERARD
e8a27ea4df
Cleanup exit wstunnel when stdio tunnel terminate 2024-05-25 10:32:30 +02:00
Siddhant Kameswar
29f989f71f
Fix logging in client mode (#278) 2024-05-20 09:45:26 +02:00
erebe
9b82006c6e
Improve stdio tunnel on windows
- Handle CTRL+C to exit properly
- Restore terminal mode at exit
- Use logger to stderr
2024-05-18 16:02:28 +02:00
Σrebe - Romain GERARD
0595e23050
lint 2024-05-16 10:49:39 +02:00
Jasper Siepkes
054460ad3e
Mark unsupported configurations as conflicting (#273)
This change marks combining the yaml restrictions file together with arguments such as `--restrict-http-upgrade-path-prefix` as conflicting in clap. Since wstunnel will only use the yaml restrictions file when it is supplied and ignore the other arguments. This change makes this more obvious for users (since wstunnel will exit with an error).

The reason for still allowing the client `--http-upgrade-path-prefix` is that one could be using a proxy server in front of wstunnel which does mTLS. This is a pretty specific corner case though. A warning was added so it's clear to users that this will only work in specific scenarios.
2024-05-16 10:48:24 +02:00
Σrebe - Romain GERARD
246862a6da
Reduce allocation when using client certificate 2024-05-16 09:05:04 +02:00
Jasper Siepkes
ddebdfd3d2
When mTLS is used force path to match client certificate CN (#272)
This change makes the server verify the client's path prefix matches the common name (CN) in the certificate the client presented when mTLS is used. This makes it impossible for the client to spoof the path prefix specified in the `restrictions.yaml` file.
2024-05-16 08:39:30 +02:00
Σrebe - Romain GERARD
562c78187b
Add flag to control max backoff time to connect to the server 2024-05-14 08:32:44 +02:00
Σrebe - Romain GERARD
bf9459b3fc
Bump dependencies 2024-05-09 14:18:38 +02:00
Σrebe - Romain GERARD
1eccb70aab
lint 2024-05-09 12:26:16 +02:00
Jasper Siepkes
88e42d3b9f
Allow client certificate CN to be used for upgrade path (#264)
This change causes the wstunnel client to use the common name (CN) of the client's certificate for the upgrade path when mTLS is enabled.
2024-05-06 10:00:08 +02:00
Σrebe - Romain GERARD
5ef14d1a8c
feat(restriction): Auto-reload restriction file 2024-05-01 12:07:18 +02:00
Σrebe - Romain GERARD
368f6657fd
Turn match in restriction config into a list 2024-05-01 09:17:37 +02:00
Σrebe - Romain GERARD
3c84c59a11
Allow multiple ports in restriction file 2024-04-29 08:43:08 +02:00
Σrebe - Romain GERARD
8a228248d7
Add config file for restrictions 2024-04-28 00:07:57 +02:00
Σrebe - Romain GERARD
70b5a216b0
Add support for mTLS 2024-04-19 09:36:14 +02:00
Σrebe - Romain GERARD
3129fe3219
feat(tls): Add flag to not send SNI during tls handshake 2024-03-16 22:21:35 +01:00
Σrebe - Romain GERARD
92bea1379f
chore: change flag from http-headers-file-path to http-headers-file 2024-01-27 13:31:46 +01:00
Σrebe - Romain GERARD
f0cb4ab671
Add flag to read http headers from a file 2024-01-25 19:16:45 +01:00
Σrebe - Romain GERARD
f51981ff15
feat(http2): Add documentation for using http2 as transport protocol 2024-01-23 13:47:59 +01:00
Σrebe - Romain GERARD
459a0667b1
Add suport for http2 as transport for tunnel 2024-01-16 22:25:36 +01:00
Σrebe - Romain GERARD
ebd7591b34
cleanup transport addr and scheme 2024-01-13 23:31:54 +01:00
Σrebe - Romain GERARD
6375e14185
Prep work for new transport 2024-01-13 18:42:15 +01:00
Σrebe - Romain GERARD
56543696b7
fix imports for non unix target 2024-01-12 18:03:11 +01:00
Σrebe - Romain GERARD
c7645a8d9c
Add doc in CLI for unix socket 2024-01-12 17:49:52 +01:00
Σrebe - Romain GERARD
10f15d1225
Add support for unix socket 2024-01-12 17:42:24 +01:00
Σrebe - Romain GERARD
dc4eadb8f9
Support proxy protocol for tcp connection 2024-01-11 09:19:32 +01:00
Σrebe - Romain GERARD
5226360942
Improve log for htt-proxy 2024-01-09 13:04:13 +01:00
Σrebe - Romain GERARD
2a6bda3c80
http-proxy: Allow specifying login/password separatly & add env variable support 2024-01-08 13:19:29 +00:00
Σrebe - Romain GERARD
f373293ede
Add short flag for passing --http-upgrade-path-prefix 2024-01-08 13:34:05 +01:00
Σrebe - Romain GERARD
b9bf0f005d
cleanup 2024-01-07 21:27:59 +01:00
Σrebe - Romain GERARD
f97bdc7c84
clippy 2024-01-07 16:54:02 +01:00
Σrebe - Romain GERARD
bdf88d0e89
Add Socks5 Udp Associate 2024-01-07 16:52:23 +01:00
Σrebe - Romain GERARD
23a38fced0
preparation work for udp association 2024-01-07 16:52:22 +01:00
Σrebe - Romain GERARD
0001afc6af
Update supported format for private key 2024-01-04 08:28:26 +01:00
Σrebe - Romain GERARD
360cd8b8e8
Update certificate/key format in CLI 2024-01-03 09:39:03 +01:00
Σrebe - Romain GERARD
b705484d9f
Dont use libc dns resolver by default
+ By default libc dns resolution is blocking.
    Which force async runtime to spawn blocking thread for it
    which lead to heavy memory usage
2024-01-02 19:38:16 +01:00
Σrebe - Romain GERARD
bffd2470e7
fix dns-resolver cmd line parsing 2024-01-02 13:15:04 +01:00
Justin
0e05469fc7
main.rs: fix typo (#204)
Thank you :)
2023-12-29 13:50:28 +01:00
Σrebe - Romain GERARD
640102f82e
Support auto-reload of tls certificate 2023-12-29 09:56:47 +01:00
Σrebe - Romain GERARD
facdf2ad5a
Use less fingerprintable default upgrade path prefix 2023-12-26 21:41:21 +01:00
Σrebe - Romain GERARD
f31db8067f
Add command line for log level 2023-12-26 21:36:23 +01:00
Σrebe - Romain GERARD
89c8405396
Add cmd line options to control color output and nb of worker threads 2023-12-20 21:26:08 +01:00
Σrebe - Romain GERARD
27f16984e0
Allow loading http upgrade path prefix from env 2023-12-19 23:23:36 +01:00