diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..acb037e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +redsocks (0.2-1) unstable; urgency=low + + * Initial release (Closes: #649309) + + -- Apollon Oikonomopoulos Mon, 14 Nov 2011 14:42:55 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..45a4fb7 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +8 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..6acca1b --- /dev/null +++ b/debian/control @@ -0,0 +1,25 @@ +Source: redsocks +Section: net +Priority: extra +Maintainer: Apollon Oikonomopoulos +Build-Depends: debhelper (>= 8.0.0), libevent-dev +Standards-Version: 3.9.2 +Homepage: http://darkk.net.ru/redsocks/ +#Vcs-Git: git://git.debian.org/collab-maint/redsocks.git +#Vcs-Browser: http://git.debian.org/?p=collab-maint/redsocks.git;a=summary + +Package: redsocks +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: Redirect any TCP connection to a SOCKS or HTTPS proxy server + Redsocks is a daemon running on the local system, that will transparently + tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It + uses the system firewall's redirection facility to intercept TCP connections, + thus the redirection is system-wide, with fine-grained control, and does + not depend on LD_PRELOAD libraries. + . + Redsocks supports tunneling TCP connections and UDP packets. It has + authentication support for both, SOCKS and HTTP proxies. + . + Also included is a small DNS server returning answers with the "truncated" flag + set for any UDP query, forcing the resolver to use TCP. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e1b2e6b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,68 @@ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: redsocks +Source: http://darkk.net.ru/redsocks/ + +Files: * +Copyright: 2007-2011 Leonid Evdokimov +License: Apache 2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache License 2.0 can + be found in "/usr/share/common-licenses/Apache-2.0" + +Files: md5.* +Copyright: 1999, 2002 Aladdin Enterprises +License: Zlib + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + . + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + . + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + +Files: base64.* +Copyright: 2006 Ryan Martell +License: LGPL-2.1+ + FFmpeg is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + FFmpeg is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with FFmpeg; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU Lesser General Public + License can be found in "/usr/share/common-licenses/LGPL". + +Files: debian/* +Copyright: 2011 Apollon Oikonomopoulos +License: + Copying and distribution of this package, with or without + modification, are permitted in any medium without royalty + provided the copyright notice and this notice are + preserved. diff --git a/debian/init.d b/debian/init.d new file mode 100644 index 0000000..106b35b --- /dev/null +++ b/debian/init.d @@ -0,0 +1,135 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: redsocks +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: redsocks TCP connection-to-SOCKS redirector +# Description: +# <...> +# <...> +### END INIT INFO + +# Author: Apollon Oikonomopoulos + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=redsocks # Introduce a short description here +NAME=redsocks # Introduce the short server's name here +DAEMON=/usr/sbin/redsocks # Introduce the server's location here +DAEMON_ARGS="" # Arguments to run the daemon with +PIDFILE=/var/run/$NAME/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +[ "$START" = "yes" ] || exit 0 + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Take care of pidfile permissions + USER=$(egrep '\buser\s*=' $CONFFILE | sed -r 's/.*\buser\s+=\s*(.*);/\1/') + mkdir /var/run/$NAME 2>/dev/null || true + chown "$USER" /var/run/$NAME + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + -c "$CONFFILE" -p $PIDFILE \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..725c72d --- /dev/null +++ b/debian/postinst @@ -0,0 +1,41 @@ +#!/bin/sh +# postinst script for redsocks +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + adduser --system --disabled-password --disabled-login --home /var/run/redsocks \ + --no-create-home --quiet --group redsocks + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000..0034f3f --- /dev/null +++ b/debian/postrm @@ -0,0 +1,41 @@ +#!/bin/sh +# postrm script for redsocks +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + deluser --system redsocks || true + delgroup --system redsocks || true + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/redsocks.8 b/debian/redsocks.8 new file mode 100644 index 0000000..c81714f --- /dev/null +++ b/debian/redsocks.8 @@ -0,0 +1,53 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH REDSOCKS 8 "November 14, 2011" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +redsocks \- rediect any TCP connection to a SOCKS or HTTP proxy +.SH SYNOPSIS +.B redsocks +.RI [ options ] +.SH DESCRIPTION +\fBredsocks\fP is a daemon running on the local system, that will transparently +tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It +uses the system firewall's redirection facility to intercept TCP connections, +thus the redirection is system-wide, with fine-grained control, and does +not depend on LD_PRELOAD libraries. +.PP +Redsocks supports tunneling TCP connections and UDP packets. It has +authentication support for both, SOCKS and HTTP proxies. +.PP +Also included is a small DNS server returning answers with the "truncated" flag +set for any UDP query, forcing the resolver to use TCP. +.SH OPTIONS +.TP +.B \-p pidfile +Write the process ID to \fIpidfile\fP. +.TP +.B \-c config +Use \fIconfig\fP as configuration file. +.TP +.B \-t +Test configuration file syntax. +.SH SEE ALSO +.BR iptables (8), +/etc/redsocks.conf +.br +.SH AUTHOR +redsocks was written by Leonid Evdokimov +.PP +This manual page was written by Apollon Oikonomopoulos , +for the Debian project (and may be used by others). diff --git a/debian/redsocks.conf b/debian/redsocks.conf new file mode 100644 index 0000000..d29881c --- /dev/null +++ b/debian/redsocks.conf @@ -0,0 +1,89 @@ +base { + // debug: connection progress & client list on SIGUSR1 + log_debug = off; + + // info: start and end of client session + log_info = on; + + /* possible `log' values are: + * stderr + * "file:/path/to/file" + * syslog:FACILITY facility is any of "daemon", "local0"..."local7" + */ + log = "syslog:daemon"; + + // detach from console + daemon = on; + + /* Change uid, gid and root directory, these options require root + * privilegies on startup. + * Note, your chroot may requre /etc/localtime if you write log to syslog. + * Log is opened before chroot & uid changing. + */ + user = redsocks; + group = redsocks; + // chroot = "/var/chroot"; + + /* possible `redirector' values are: + * iptables - for Linux + * ipf - for FreeBSD + * pf - for OpenBSD + * generic - some generic redirector that MAY work + */ + redirector = iptables; +} + +redsocks { + /* `local_ip' defaults to 127.0.0.1 for security reasons, + * use 0.0.0.0 if you want to listen on every interface. + * `local_*' are used as port to redirect to. + */ + local_ip = 127.0.0.1; + local_port = 12345; + + // `ip' and `port' are IP and tcp-port of proxy-server + ip = 127.0.0.1; + port = 1080; + + + // known types: socks4, socks5, http-connect, http-relay + type = socks5; + + // login = "foobar"; + // password = "baz"; +} + +redudp { + // `local_ip' should not be 0.0.0.0 as it's also used for outgoing + // packets that are sent as replies - and it should be fixed + // if we want NAT to work properly. + local_ip = 127.0.0.1; + local_port = 10053; + + // `ip' and `port' of socks5 proxy server. + ip = 10.0.0.1; + port = 1080; + login = username; + password = pazzw0rd; + + // kernel does not give us this information, so we have to duplicate it + // in both iptables rules and configuration file. By the way, you can + // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to + // forward ;-) + // This limitation may be relaxed in future versions using contrack-tools. + dest_ip = 8.8.8.8; + dest_port = 53; + + udp_timeout = 30; + udp_timeout_stream = 180; +} + +dnstc { + // fake and really dumb DNS server that returns "truncated answer" to + // every query via UDP, RFC-compliant resolver should repeat same query + // via TCP in this case. + local_ip = 127.0.0.1; + local_port = 5300; +} + +// you can add more `redsocks' and `redudp' sections if you need. diff --git a/debian/redsocks.default b/debian/redsocks.default new file mode 100644 index 0000000..db65ba6 --- /dev/null +++ b/debian/redsocks.default @@ -0,0 +1,13 @@ +# Defaults for redsocks initscript +# sourced by /etc/init.d/redsocks +# installed at /etc/default/redsocks by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Enable during startup? +START=no + +# Configuration file +CONFFILE="/etc/redsocks.conf" diff --git a/debian/redsocks.docs b/debian/redsocks.docs new file mode 100644 index 0000000..bc63974 --- /dev/null +++ b/debian/redsocks.docs @@ -0,0 +1,2 @@ +README +README.html diff --git a/debian/redsocks.install b/debian/redsocks.install new file mode 100644 index 0000000..cc965fe --- /dev/null +++ b/debian/redsocks.install @@ -0,0 +1,2 @@ +redsocks /usr/sbin +debian/redsocks.conf /etc diff --git a/debian/redsocks.manpages b/debian/redsocks.manpages new file mode 100644 index 0000000..107b0d5 --- /dev/null +++ b/debian/redsocks.manpages @@ -0,0 +1 @@ +debian/redsocks.8 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b760bee --- /dev/null +++ b/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..c95a2c5 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=3 + +# Use githubredir.debian.net for the time being +http://githubredir.debian.net/github/darkk/redsocks (.*).tar.gz