fix(sniffing): return early on empty SNI to avoid 'missing port in address' errors (#645)
When TLS ClientHello has no SNI extension (ServerName is empty), normalizeHost returns empty string. Both sniffer_tls.go paths (sniffing and forwarder packages) previously still called dial with an empty host, cascading 'missing port in address' errors through connector, router, and service layers. Now returns early with a debug-level log, silently closing the connection instead of attempting to dial upstream.
This commit is contained in:
@@ -48,12 +48,16 @@ func (h *Sniffer) HandleTLS(ctx context.Context, network string, conn net.Conn,
|
||||
}
|
||||
|
||||
host := normalizeHost(clientHello.ServerName, "443")
|
||||
if host != "" {
|
||||
ro.Host = host
|
||||
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
|
||||
return xbypass.ErrBypass
|
||||
if host == "" {
|
||||
if log != nil {
|
||||
log.Debugf("no sni in clienthello from %s", conn.RemoteAddr())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
ro.Host = host
|
||||
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
|
||||
dial := ho.dial
|
||||
|
||||
Reference in New Issue
Block a user