fix(sniffing): return early on empty SNI to avoid 'missing port in address' errors (#645)

When TLS ClientHello has no SNI extension (ServerName is empty),
normalizeHost returns empty string. Both sniffer_tls.go paths (sniffing
and forwarder packages) previously still called dial with an empty host,
cascading 'missing port in address' errors through connector, router,
and service layers.

Now returns early with a debug-level log, silently closing the
connection instead of attempting to dial upstream.
This commit is contained in:
ginuerzh
2026-06-05 20:27:27 +08:00
parent 066f6813b2
commit f09a7a69b3
2 changed files with 18 additions and 10 deletions
+9 -5
View File
@@ -50,12 +50,16 @@ func (h *Sniffer) HandleTLS(ctx context.Context, conn net.Conn, opts ...HandleOp
}
host := normalizeHost(clientHello.ServerName, "443")
if host != "" {
ro.Host = host
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host, bypass.WithService(ho.service)) {
return xbypass.ErrBypass
if host == "" {
if ho.log != nil {
ho.log.Debugf("no sni in clienthello from %s", conn.RemoteAddr())
}
return nil
}
ro.Host = host
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host, bypass.WithService(ho.service)) {
return xbypass.ErrBypass
}
node, cc, err := h.dialTLS(ctx, host, &ho)