Home Explore Help
Sign In
yosoyhendrix
/
Multi_Script
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Actualizar 'C/proxy_dual.c'

gcc -O3 -o proxy_dual proxy_dual.c -lssl -lcrypto -lpthread

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /root/key.pem -out /root/cert.pem -subj "/C=US/ST=NY/L=New York/O=Cloudflare/CN=www.cloudflare.com"
yosoyhendrix 4 days ago
parent
d23a895036
commit
d701602bad
1 changed files with 21 additions and 10 deletions
Split View Show Diff Stats
  1. 21 10
      C/proxy_dual.c

+ 21 - 10
C/proxy_dual.c
View File 

@@ -1,7 +1,9 @@
 
 /*
 
  * =====================================================================================
 
- * PROXY VPN DUAL (TCP + TLS) - ULTIMATE BARE-METAL EDITION
 
- * Características: Dual-Stack, Mensajes Rotativos, Anti-Flood, Auto-Ban en RAM.
 
+ * PROXY VPN DUAL (TCP + TLS) - ULTIMATE BARE-METAL EDITION V9
 
+ * Correcciones: 
+ * 1. Bugfix de OpenSSL Internal Buffer (SSL_pending) para NetMod.
 
+ * 2. Anti-Flood calibrado para evitar auto-baneos por hilos múltiples de VPN.
 
  * Compilación: gcc -O3 -o proxy_dual proxy_dual.c -lssl -lcrypto -lpthread
 
  * =====================================================================================
 
  */
 
@@ -32,9 +34,9 @@
 
 
 // --- CONFIGURACIÓN DE SEGURIDAD (ANTI-FLOOD & BAN) ---
 
 #define MAX_TRACKED_IPS 200
 
-#define AUTO_BAN_STRIKES 3
 
+#define AUTO_BAN_STRIKES 15 // Aumentado a 15 para soportar los hilos de NetMod
 
 #define BAN_TIME 3600 // 1 Hora
 
-#define COOLDOWN_SEC 1 // 1 Segundo de enfriamiento
 
+#define COOLDOWN_SEC 1 // Ventana de 1 segundo
 
 
 typedef struct {
 
     char ip[INET6_ADDRSTRLEN];
 
@@ -83,7 +85,7 @@ void write_log(const char *ip, const char *proto, const char *msg) {
 
     pthread_mutex_unlock(&log_mutex);
 
 }
 
 
-// --- MOTOR DE SEGURIDAD (Devuelve 1 si OK, 0 si BANEADO, -1 si NUEVO BANEO) ---
 
+// --- MOTOR DE SEGURIDAD ---
 
 int check_and_update_ip(const char *ip) {
 
     pthread_mutex_lock(&ip_db_mutex);
 
     time_t now = time(NULL);
 
@@ -107,7 +109,7 @@ int check_and_update_ip(const char *ip) {
 
                     return -1; // Acaba de ser baneado
 
                 }
 
             } else {
 
-                ip_database[i].strikes = 0;
 
+                ip_database[i].strikes = 1;
 
                 ip_database[i].last_connect = now;
 
             }
 
             break;
 
@@ -116,7 +118,7 @@ int check_and_update_ip(const char *ip) {
 
     if (!found && empty_slot != -1) {
 
         strcpy(ip_database[empty_slot].ip, ip);
 
         ip_database[empty_slot].last_connect = now;
 
-        ip_database[empty_slot].strikes = 0;
 
+        ip_database[empty_slot].strikes = 1;
 
         ip_database[empty_slot].ban_until = 0;
 
     }
 
     pthread_mutex_unlock(&ip_db_mutex);
 
@@ -192,12 +194,18 @@ void *connection_handler(void *arg) {
 
         }
 
     }
 
 
+    // =========================================================================
 
+    // BUGFIX: REVISAR LA MEMORIA INTERNA DE OPENSSL ANTES DE ESPERAR EN EL CABLE
 
+    // =========================================================================
 
     fd_set init_fds; FD_ZERO(&init_fds); FD_SET(client_sock, &init_fds);
 
     struct timeval init_tv = {3, 0}; 
     char buffer[BUFLEN];
 
     int bytes_read = 0;
 
 
-    if (select(client_sock + 1, &init_fds, NULL, NULL, &init_tv) > 0) {
 
+    int ssl_has_data = is_tls ? SSL_pending(ssl) : 0;
 
+
 
+    // Si SSL ya secuestró el paquete, lo leemos de inmediato. Si no, esperamos 3 seg.
 
+    if (ssl_has_data > 0 || select(client_sock + 1, &init_fds, NULL, NULL, &init_tv) > 0) {
 
         if (is_tls) bytes_read = SSL_read(ssl, buffer, sizeof(buffer)-1);
 
         else bytes_read = recv(client_sock, buffer, sizeof(buffer)-1, 0);
 
     } 
@@ -243,6 +251,8 @@ void *connection_handler(void *arg) {
 
 
             if (is_tls) SSL_write(ssl, response, strlen(response));
 
             else send(client_sock, response, strlen(response), 0);
 
+            
+            write_log(client_ip, proto_name, "✅ Túnel Inyectado OK");
 
         }
 
     } else {
 
         struct sockaddr_in t_addr;
 
@@ -251,6 +261,7 @@ void *connection_handler(void *arg) {
 
         t_addr.sin_port = htons(SSH_PORT);
 
         inet_pton(AF_INET, SSH_HOST, &t_addr.sin_addr);
 
         if (connect(target_sock, (struct sockaddr *)&t_addr, sizeof(t_addr)) != 0) goto cleanup;
 
+        write_log(client_ip, proto_name, "✅ Túnel Modo Silencioso");
 
     }
 
 
     int max_fd = (client_sock > target_sock) ? client_sock : target_sock;
 
@@ -301,8 +312,8 @@ int main(int argc, char **argv) {
 
 
     if (server_tcp < 0 || server_tls < 0) exit(1);
 
 
-    write_log(NULL, "SISTEMA", "🚀 PROXY DUAL BARE-METAL INICIADO (Ultimate Edition)");
 
-    write_log(NULL, "SISTEMA", "🛡️  Módulos cargados: Anti-Flood, Auto-Ban, IPv4/IPv6, Full Headers");
 
+    write_log(NULL, "SISTEMA", "🚀 PROXY DUAL BARE-METAL INICIADO (Ultimate Edition V9)");
 
+    write_log(NULL, "SISTEMA", "🛡️  Módulos cargados: Anti-Flood (15/s), Auto-Ban, SSL_pending Fix, Full Headers");
 
 
     int max_server_fd = (server_tcp > server_tls) ? server_tcp : server_tls;