细节调整

SeaHOH · May 21, 2023 · 7c64995 · 7c64995
1 parent ee9e82d
commit 7c64995
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 17 deletions.
diff --git a/local/CFWFetch.py b/local/CFWFetch.py
@@ -28,7 +28,7 @@
 cfw_iplist = []
 
 class cfw_params:
-    server = ()
+    server = (0, 7)
     port = 443
     ssl = True
     command = 'POST'
@@ -127,6 +127,7 @@ def get_worker_params(f=None):
 
 def set_dns():
     if dns.gettill(cfw_params.hostname):
+        http_cfw.max_per_ip = math.ceil(32 / len(cfw_iplist))
         return
     dns.setpadding(cfw_params.hostname)
     explodeip = GC.CFW_EXPLODEIP

diff --git a/local/FilterUtil.py b/local/FilterUtil.py
@@ -184,7 +184,7 @@ def get_action(scheme, host, path, url):
         if action is 'TEMPACT':
             if mtime() > expire:
                 del filters[0]
-                logging.warning('%r 的临时 %s 规则已经失效。', GC.LISTEN_ACT, key)
+                logging.warning('%r 的临时 %s 规则已经失效。', key, GC.LISTEN_ACT)
             #符合自动多线程时不使用临时 GAE 规则，仍尝试默认规则
             #是否包含元组元素（媒体文件）
             elif GC.LISTEN_ACT == 'GAE' and any(path.endswith(x) for x in GC.AUTORANGE_FAST_ENDSWITH):

diff --git a/local/HTTPUtil.py b/local/HTTPUtil.py
@@ -334,8 +334,8 @@ def get_context(self, cache_key):
             return self.context_cache[cache_key]
         except KeyError:
             pass
-        if self.gws:
-            #强制 GWS 使用 TLSv1.3
+        if self.gws or cache_key.startswith('cloudflare_workers'):
+            #强制使用 TLSv1.3
             ssl_method = SSL.TLSv1_3_METHOD
         else:
             ssl_method = GC.LINK_REMOTESSL
@@ -355,9 +355,10 @@ def get_context(self, cache_key):
         ssl_options |= SSL.OP_NO_COMPRESSION
         #通用问题修复
         ssl_options |= SSL.OP_ALL
+        ssl_options |= SSL.OP_IGNORE_UNEXPECTED_EOF
         #会话重用
-        context.set_session_cache_mode(SSL.SESS_CACHE_CLIENT)
-        context.lock = threading.Lock()
+        ssl_options |= SSL.OP_NO_TICKET
+        context.set_session_cache_mode(SSL.SESS_CACHE_OFF)
         #证书验证
         context.set_cert_store(self._cert_store)
         context.set_verify(SSL.VERIFY_PEER, self._verify_callback)
@@ -414,7 +415,7 @@ def set_tcp_socket(sock, timeout=None, set_buffer=True):
         sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
         # set struct linger{l_onoff=1,l_linger=0} to avoid 10048 socket error
         # struct.pack('ii', 1, 0) == b'\x01\x00\x00\x00\x00\x00\x00\x00'
-        sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, b'\x01\x00\x00\x00\x00\x00\x00\x00')
+        #sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, b'\x01\x00\x00\x00\x00\x00\x00\x00')
         # resize socket recv buffer 8K->*K to improve browser releated application performance
         if set_buffer:
             sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, GC.LINK_RECVBUFFER)
@@ -764,7 +765,10 @@ def _create_ssl_connection(self, ipaddr, cache_key, host, queobj, timeout=None,
                         callback(e)
                         return isinstance(e, LimiterFull)
                 # reset a large and random timeout to the ipaddr
-                self.ssl_connection_time[ipaddr] = self.timeout + 1
+                try:
+                    self.ssl_connection_time[ipaddr] += 1
+                except KeyError:
+                    self.ssl_connection_time[ipaddr] = self.timeout + 1
                 queobj.put(e)
             break
 

diff --git a/local/ProxyHandler.py b/local/ProxyHandler.py
@@ -38,6 +38,7 @@
     get_action, get_connect_action )
 from .FilterConfig import action_filters
 
+gethttpproxy = partial(re.compile(r'^/(htt)?(ps?://)').subn, r'htt\2')
 normattachment = partial(re.compile(r'(?<=filename=)([^"\']+)').sub, r'"\1"')
 getbytes = re.compile(r'^bytes=(\d*)-(\d*)(,..)?').search
 getrange = re.compile(r'^bytes (\d+)-(\d+)/(\d+|\*)').search
@@ -315,6 +316,10 @@ def _do_METHOD(self):
         if self.host in self.localhosts and (
                 self.port in (80, 443) or
                 self.port in self.listen_port):
+            url, httpproxy = gethttpproxy(self.path)
+            if httpproxy:
+                self.target = url, (True, None)
+                return self.do_IREDIRECT()
             self.do_LOCAL()
             return True
 
@@ -424,6 +429,7 @@ def handle_request_headers(self):
         self.payload = payload
         self.reread_req = True
         self.cc = self.close_connection
+        logging.debug('request_headers=%s', request_headers)
         return request_headers.copy(), payload
 
     def handle_response_headers(self, response):
@@ -507,7 +513,7 @@ def handle_response_headers(self, response):
             response_headers['Connection' if self.tunnel else 'Proxy-Connection'] = 'close' if self.close_connection else 'keep-alive'
         headers_data = 'HTTP/1.1 %s %s\r\n%s\r\n' % (response.status, response.reason, ''.join('%s: %s\r\n' % x for x in response_headers.items()))
         self.write(headers_data)
-        logging.debug('headers_data=%s', headers_data)
+        logging.debug('response_headers=%s', headers_data)
         if 300 <= response.status < 400 and \
                 response.status != 304 and \
                 'Location' in response_headers:
@@ -1156,9 +1162,10 @@ def do_IREDIRECT(self):
             self.ssl = url_parts.scheme == 'https'
             #重设主机和端口
             origport = self.port
+            local_proxy = self.host in self.localhosts and origport in self.listen_port
             self.parse_host(None, url_parts.netloc, mhost)
             #未明确定义重定向端口时不改变原非标准端口
-            if origport not in (80, 443) and self.port in (80, 443):
+            if not local_proxy and origport not in (80, 443) and self.port in (80, 443):
                 self.ssl = origssl
                 self.port = origport
                 scheme = 'https' if origssl else 'http'

diff --git a/local/common/dns.py b/local/common/dns.py
@@ -385,20 +385,23 @@ def is_resolved(qtype):
                     for r in reply.rr:
                         if r.rtype is qtype:
                             ip = str(r.rdata)
-                            if ip in ip_blacklist:
+                            if ip in ip_blacklist or \
+                                    qtype is AAAA and rr_alone and \
+                                    len(ip) <= 15 and ip.startswith('2001::'):
                                 query_times += 1
-                                iplist.clear()
+                                if ip in ip_blacklist:
+                                    iplist.clear()
                                 if not pollution:
                                     polluted_hosts.add(qname)
                                 pollution = True
                                 break
                             #一个简单排除 IPv6 污染定式的方法，有及其微小的机率误伤正常结果
                             #虽然没办法用于 IPv4，但这只是 check_edns_opt 的后备，聊胜于无
-                            elif qtype is AAAA and pollution and rr_alone and \
-                                    len(ip) <= 15 and ip.startswith('2001::'):
-                                query_times += 1
-                                #iplist.clear()
-                                #break
+                            #elif qtype is AAAA and pollution and rr_alone and \
+                            #        len(ip) <= 15 and ip.startswith('2001::'):
+                            #    query_times += 1
+                            #    #iplist.clear()
+                            #    #break
                             else:
                                 iplist.append(ip)
                 elif reply.header.rcode is NXDOMAIN: