mirrors/redsocks
0
0
Fork 0
mirror of https://github.com/darkk/redsocks.git synced 2025-08-27 12:15:29 +00:00
Code
206 Commits 1 Branch 5 Tags 2.1 MiB
268c00eb29
Commit Graph

206 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonid Evdokimov
268c00eb29 travis: add libevent-dev as build-dep 2018-01-27 00:18:14 +03:00
Leonid Evdokimov
195ede55e0 Add gen to .gitignore 2018-01-27 00:01:00 +03:00
Leonid Evdokimov
4722fb0eb0 Drop confusing reddns module 2018-01-26 23:58:57 +03:00
Leonid Evdokimov
9a0809c439 Bump year in Copyright mark, ouch that is ancient soft! 2018-01-26 23:57:43 +03:00
Leonid Evdokimov
59992c31f8 Add dnsu2t module to convert DNS/UDP to DNS/TCP 2018-01-26 23:52:48 +03:00
Leonid Evdokimov
298fe507e5 More reserver IPv4 addresses 2018-01-26 23:50:12 +03:00
Leonid Evdokimov
27b17889a4 Version bump - v0.5 2016-12-27 20:16:18 +03:00
Leonid Evdokimov
11350bfaf3 Link against levent_core when that is enough 2016-12-27 20:06:24 +03:00
Leonid Evdokimov
78a73fca15 Emit better errors from config file parser 2016-09-07 13:59:58 +03:00
Leonid Evdokimov
9ef1950dd1 Fix typo 2016-08-19 16:20:22 +03:00
Leonid Evdokimov
da0f774a8c New link to Netfilter-packet-flow image 2016-07-14 13:37:54 +03:00
Leonid Evdokimov
ce850860fe Add travis-ci to smoke-test MacOSX builds 2016-04-29 23:16:07 +03:00
Leonid Evdokimov
32aeeb284a Specify required libevent version in README. Closes #85 
libevent-2.0.x is required since 14ff78d.
 2016-04-19 10:28:16 +03:00
Leonid Evdokimov
a1be0807ef Implement redsocks_conn_max option, simplify accept-backoff 
Sophisticated accept-backoff is not required, it's ONLY purpose is to
protect against busy-loop when `redsocks_conn_max` does not match
RLIMIT_NOFILE.
 2016-04-14 22:53:50 +03:00
Leonid Evdokimov
83702c9577 Fix cleanup order to avoid EBADF from epoll_ctl 2016-04-14 01:47:34 +03:00
Leonid Evdokimov
7963de73d4 Add on_proxy_fail to inform user's browser about sort of failure 
Use the feature with care, enable it only for HTTP port to avoid
confusion, no client protocol detection is done at the moment.
 2016-04-13 02:30:08 +03:00
Leonid Evdokimov
ec06dc6ad6 Log dropped clients when http-proxy reply is too long 2016-04-13 01:50:34 +03:00
Leonid Evdokimov
6804500a0a Add tests for authentication failure 2016-04-13 01:38:38 +03:00
Leonid Evdokimov
7b1f67b395 Test that nonce reuse in http-digest actually works 2016-04-12 23:47:11 +03:00
Leonid Evdokimov
91fcbd1a68 Add protocol latency tests 2016-04-12 22:22:20 +03:00
Leonid Evdokimov
e6bfa73f23 Make netns exec call easier in tests 2016-04-12 22:16:58 +03:00
Leonid Evdokimov
6375a4fece Update link to Archlinux AUR. Fixes #82 2016-04-12 12:17:52 +03:00
Leonid Evdokimov
f3ef436c8e Fix memory leak in Basic http-auth 2016-04-12 12:16:28 +03:00
Leonid Evdokimov
aa6c7500aa Add smoke tests 2016-04-12 12:16:28 +03:00
Leonid Evdokimov
f94a981512 Fix typo introduced in 003765ba, fixes #81 2016-04-08 19:55:32 +03:00
Leonid Evdokimov
4521797847 Add disclose_src option to tell client src IP to http-connect proxy 2016-04-05 02:42:34 +03:00
Leonid Evdokimov
003765ba98 Move socks4 & socks5 login/password config syntax check to startup 2016-04-04 00:18:11 +03:00
Leonid Evdokimov
3c7f635bf3 Warn about http-relay usage 
http-relay should be avoided due to CVE-2009-0801. It was implemented to
support ancient HTTP/1.0 clients that did not set `Host` header, so
upstream proxy had at least some way to determine request destination.

In modern post-SPDY world this method should not be used, you should
rather configure upstream proxy to accept CONNECT requests to any port
and use `http-connect` instead.

Great CVE-2009-0801 description can be found in squid-users on 2015-12-18
http://lists.squid-cache.org/pipermail/squid-users/2015-December/008392.html
 2016-04-03 23:45:54 +03:00
Leonid Evdokimov
c6c5cb93ce Mark client socket non-blocking 
Avoiding to do so caused splice() to block during write.

AFAIK, it does not affect bufferevent pump, but I may be wrong.
 2016-04-03 23:23:48 +03:00
Leonid Evdokimov
af46180272 Add naive zero-copy implementation using splice 
It gives ~33% increase of throughput on CPU-bound box.  E.g. following
machine single-connection throughput goes from ~30 Mbit/s to ~40 Mbit/s

system type: xRX200 rev 1.2
machine: TDW8980 - TP-LINK TD-W8980
cpu model: MIPS 34Kc V5.6
BogoMIPS: 332.54
 2016-04-03 23:18:45 +03:00
Leonid Evdokimov
42977373b9 Emit better log message if client has `loopback' destination 2016-03-28 22:44:34 +03:00
Leonid Evdokimov
48dd5557c0 Mention `nogroup' name difference between RedHat-like and Debian-like distributions. 
See also #60
 2016-03-21 11:10:11 +03:00
Leonid Evdokimov
afd298f6ce Replace wm_read/wm_write manipulations with call to bufferevent_setwatermark 
bufferevent_setwatermark() has some meaningful code to run on
high-watermark changes, avoiding this code may lead to stuck
connections.
 2016-03-18 11:23:58 +03:00
Leonid Evdokimov
d2165a4ff0 Replace libevent macroses with functions 2016-03-18 00:41:04 +03:00
Leonid Evdokimov
d70227eb10 Use proper buffer size in assertion 2016-03-17 19:08:49 +03:00
Leonid Evdokimov
91a5b80a31 Add quick-n-dirty debugging code to estimate memory usage. 
Debugging code is not compiled by default, don't use it unless you're
just trying to measure something :)
 2016-03-17 19:03:12 +03:00
Leonid Evdokimov
ad06706af7 Log network errors better, use errno if SO_ERROR is clear 
Some errors are not stored in SO_ERROR. Moreover, libevent uses SO_ERROR
itself and SO_ERROR is cleared after reading. Probably, using SO_ERROR
is not a good idea at all, but I have no proper test-case checking if
it's safe to remove SO_ERROR code.
 2016-03-17 18:57:49 +03:00
Leonid Evdokimov
8a703e4a27 Write more information about unclean builds 2016-03-17 18:56:57 +03:00
Leonid Evdokimov
62cb189c1b Emit better errors from config file parser 2016-03-17 18:48:37 +03:00
Leonid Evdokimov
4e222f3f27 Avoid EBADF warnings from epoll using bufferevent_free more accurately 2016-03-17 18:48:33 +03:00
Leonid Evdokimov
5c716327b2 Write message priority to the log file/stderr 2016-03-17 18:05:01 +03:00
Leonid Evdokimov
64afce95a1 Add libevent version to redsocks -v output 2016-03-17 17:07:42 +03:00
Leonid Evdokimov
681452324a Add options to specify TCP_KEEPIDLE, TCP_KEEPCNT and TCP_KEEPINTVL 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
83703f0de4 Log back-pressure events with LOG_DEBUG severity to ease debugging 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
ef46553e27 Fix hung connection when client sends EOF before relay even replies 
EOF is forwarded only when the bi-directional connection is established.

Thanks to semigodking for describing the test-case in #26

Moreover, linux kernel may reply SYN-ACK with RST if the now-connecting
socket is brought down with shutdown(fd, SHUT_WR):

connect(26, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("11.22.33.44")}, 16) = -1 EINPROGRESS (Operation now in progress)
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [S], seq 813066190, win 27200, options [...], length 0
epoll_ctl(3, EPOLL_CTL_ADD, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
epoll_wait(3, {{EPOLLIN, {u32=25, u64=25}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {728135, 720450764}) = 0
gettimeofday({1457464453, 327070}, NULL) = 0
ioctl(25, FIONREAD, [0]) = 0
readv(25, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], 1) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 25, {EPOLLIN, {u32=25, u64=25}}) = 0
shutdown(25, SHUT_RD) = 0
shutdown(26, SHUT_WR) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
IP 11.22.33.44.8080 > 192.168.10.254.42578: Flags [S.], seq 481785732, ack 813066191, win 65535, options [...], length 0
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [R], seq 813066191, win 0, length 0
epoll_wait(3, ...
 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
14ff78dfe7 Replace inconsistent rand()/random() with call to libevent2 rng 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
24a5384e29 Emit better errors from config file parser 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
b322e4a8dd Fix crash in config file parser caused by unknown option key 2016-03-09 01:12:36 +03:00
Leonid Evdokimov
23fb178f04 logging: do not crash in SIGUSR1 handler in partly-initialized case 2016-03-07 22:16:51 +03:00
Leonid Evdokimov
e8fd5422e5 logging: respect log_debug for non-syslog `log', SIGUSR1 writes LOG_NOTICE 
log_debug and log_info should not waste CPU and disk space while logging
to file and stderr, but SIGUSR1 dump is explicit request, so it's always
logged.
 2016-03-07 21:39:23 +03:00