mirrors/redsocks
0
0
Fork 0
mirror of https://github.com/darkk/redsocks.git synced 2025-08-26 19:55:30 +00:00
Code
206 Commits 1 Branch 5 Tags 2.1 MiB
268c00eb29
Commit Graph

74 Commits

Author SHA1 Message Date
Leonid Evdokimov
9a0809c439 Bump year in Copyright mark, ouch that is ancient soft! 2018-01-26 23:57:43 +03:00
Leonid Evdokimov
59992c31f8 Add dnsu2t module to convert DNS/UDP to DNS/TCP 2018-01-26 23:52:48 +03:00
Leonid Evdokimov
a1be0807ef Implement redsocks_conn_max option, simplify accept-backoff 
Sophisticated accept-backoff is not required, it's ONLY purpose is to
protect against busy-loop when `redsocks_conn_max` does not match
RLIMIT_NOFILE.
 2016-04-14 22:53:50 +03:00
Leonid Evdokimov
83702c9577 Fix cleanup order to avoid EBADF from epoll_ctl 2016-04-14 01:47:34 +03:00
Leonid Evdokimov
7963de73d4 Add on_proxy_fail to inform user's browser about sort of failure 
Use the feature with care, enable it only for HTTP port to avoid
confusion, no client protocol detection is done at the moment.
 2016-04-13 02:30:08 +03:00
Leonid Evdokimov
4521797847 Add disclose_src option to tell client src IP to http-connect proxy 2016-04-05 02:42:34 +03:00
Leonid Evdokimov
3c7f635bf3 Warn about http-relay usage 
http-relay should be avoided due to CVE-2009-0801. It was implemented to
support ancient HTTP/1.0 clients that did not set `Host` header, so
upstream proxy had at least some way to determine request destination.

In modern post-SPDY world this method should not be used, you should
rather configure upstream proxy to accept CONNECT requests to any port
and use `http-connect` instead.

Great CVE-2009-0801 description can be found in squid-users on 2015-12-18
http://lists.squid-cache.org/pipermail/squid-users/2015-December/008392.html
 2016-04-03 23:45:54 +03:00
Leonid Evdokimov
c6c5cb93ce Mark client socket non-blocking 
Avoiding to do so caused splice() to block during write.

AFAIK, it does not affect bufferevent pump, but I may be wrong.
 2016-04-03 23:23:48 +03:00
Leonid Evdokimov
af46180272 Add naive zero-copy implementation using splice 
It gives ~33% increase of throughput on CPU-bound box.  E.g. following
machine single-connection throughput goes from ~30 Mbit/s to ~40 Mbit/s

system type: xRX200 rev 1.2
machine: TDW8980 - TP-LINK TD-W8980
cpu model: MIPS 34Kc V5.6
BogoMIPS: 332.54
 2016-04-03 23:18:45 +03:00
Leonid Evdokimov
42977373b9 Emit better log message if client has `loopback' destination 2016-03-28 22:44:34 +03:00
Leonid Evdokimov
afd298f6ce Replace wm_read/wm_write manipulations with call to bufferevent_setwatermark 
bufferevent_setwatermark() has some meaningful code to run on
high-watermark changes, avoiding this code may lead to stuck
connections.
 2016-03-18 11:23:58 +03:00
Leonid Evdokimov
d2165a4ff0 Replace libevent macroses with functions 2016-03-18 00:41:04 +03:00
Leonid Evdokimov
ad06706af7 Log network errors better, use errno if SO_ERROR is clear 
Some errors are not stored in SO_ERROR. Moreover, libevent uses SO_ERROR
itself and SO_ERROR is cleared after reading. Probably, using SO_ERROR
is not a good idea at all, but I have no proper test-case checking if
it's safe to remove SO_ERROR code.
 2016-03-17 18:57:49 +03:00
Leonid Evdokimov
4e222f3f27 Avoid EBADF warnings from epoll using bufferevent_free more accurately 2016-03-17 18:48:33 +03:00
Leonid Evdokimov
681452324a Add options to specify TCP_KEEPIDLE, TCP_KEEPCNT and TCP_KEEPINTVL 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
83703f0de4 Log back-pressure events with LOG_DEBUG severity to ease debugging 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
ef46553e27 Fix hung connection when client sends EOF before relay even replies 
EOF is forwarded only when the bi-directional connection is established.

Thanks to semigodking for describing the test-case in #26

Moreover, linux kernel may reply SYN-ACK with RST if the now-connecting
socket is brought down with shutdown(fd, SHUT_WR):

connect(26, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("11.22.33.44")}, 16) = -1 EINPROGRESS (Operation now in progress)
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [S], seq 813066190, win 27200, options [...], length 0
epoll_ctl(3, EPOLL_CTL_ADD, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
epoll_wait(3, {{EPOLLIN, {u32=25, u64=25}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {728135, 720450764}) = 0
gettimeofday({1457464453, 327070}, NULL) = 0
ioctl(25, FIONREAD, [0]) = 0
readv(25, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], 1) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 25, {EPOLLIN, {u32=25, u64=25}}) = 0
shutdown(25, SHUT_RD) = 0
shutdown(26, SHUT_WR) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
IP 11.22.33.44.8080 > 192.168.10.254.42578: Flags [S.], seq 481785732, ack 813066191, win 65535, options [...], length 0
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [R], seq 813066191, win 0, length 0
epoll_wait(3, ...
 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
14ff78dfe7 Replace inconsistent rand()/random() with call to libevent2 rng 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
24a5384e29 Emit better errors from config file parser 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
23fb178f04 logging: do not crash in SIGUSR1 handler in partly-initialized case 2016-03-07 22:16:51 +03:00
Leonid Evdokimov
e8fd5422e5 logging: respect log_debug for non-syslog `log', SIGUSR1 writes LOG_NOTICE 
log_debug and log_info should not waste CPU and disk space while logging
to file and stderr, but SIGUSR1 dump is explicit request, so it's always
logged.
 2016-03-07 21:39:23 +03:00
Leonid Evdokimov
18e2b5ed1f Fix compilation on Ubuntu 10.04 LTS and (hopefully) Debian squeeze[1] 
fixes #28, fixes #22, fixes #24
[1] current "stable" release
 2012-09-12 02:05:39 +04:00
Leonid Evdokimov
6015b3a6f2 inet_ntop -> red_inet_ntop 2012-04-10 01:43:22 +04:00
Leonid Evdokimov
4d2e10df17 Implement better exponential backoff in case of accept() failure. 
This commit implements two more features:
 * min_accept_backoff configuration option
 * retry accept() after some close() calls

See also https://github.com/darkk/redsocks/issues/19
 2012-03-25 23:58:40 +04:00
Leonid Evdokimov
dd089f09bd Proper accept_backoff event cleanup. 2012-03-25 23:14:27 +04:00
Leonid Evdokimov
5ac05d5b77 Fix typo. Thanks to Apollon Oikonomopoulos. 2012-01-30 14:01:30 +04:00
Leonid Evdokimov
128d730583 Implement exponential backoff in case of accept() failure. 
Busy-loop strikes the daemon without backoff and log flood fills disks.

See also https://github.com/darkk/redsocks/issues/19
 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
6f8312b21f Refactor: replace struct event with tracked_event to track EVLIST_INSERTED state. 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
8156e442c2 Add option to specify listen() queue length. 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
d517e650ef redsocks now compiles with libevent-2.0 2011-08-01 13:28:38 +04:00
Leonid Evdokimov
79e22a67fa Change license to Apache 2.0 to ensure compatibility with android stack. 2011-04-20 20:17:09 +03:00
Leonid Evdokimov
8b0a9dcc6c Make redsocks working with OpenBSD pf (at least sometimes). 2011-02-11 00:52:47 +02:00
Leonid Evdokimov
9bcb4dcc7e Fix compilation at OpenBSD 4.9. 2011-02-10 00:02:05 +02:00
Przemyslaw Pawelczyk
cf3dc2c4f0 Hide warnings on unused variables if asserts are off. 
redsocks.c: In function 'redsocks_read_expected':
redsocks.c:407: warning: unused variable 'read'

http-relay.c: In function 'httpr_client_read_cb':
http-relay.c:520: warning: unused variable 'written_wo_null'

These variables are used in asserts and if asserts are not compiled,
e.g. by defining NDEBUG (usually in CFLAGS via -DNDEBUG), then we have
misleading warnings.

Add in utils.h UNUSED() macro for creating null statement with result
casted to void. Use it to fix above warnings.
 2011-01-27 23:22:09 +01:00
Przemyslaw Pawelczyk
c82e944cba Fix dead store bugs. 
scan-build result for redsocks.c:707, base.c:402, redudp.c:659:

    Dead assignment
 2011-01-27 22:52:13 +01:00
Leonid Evdokimov
642c9a448f Fix several compiler warnings. 2011-01-15 16:29:40 +02:00
Bin Jin
9d876181b3 merge commits from upstream 2010-12-03 22:02:40 +08:00
Leonid Evdokimov
bce12d59dd Fix bug introduced in 45cab3. 2010-12-02 23:30:21 +02:00
Leonid Evdokimov
94c96a60ef Cleanup client session logging. 2010-12-02 23:16:23 +02:00
Bin Jin
7772258767 fix issue: recieve eof from client while connection to relay is not established 2010-11-29 22:41:53 +08:00
Leonid Evdokimov
45cab3de31 This cleanup commit introduces ex-plain function! 2010-11-29 00:09:48 +02:00
Bin Jin
04662c4226 fix several fatal issues; send request body on fly, rather than depend on content-length 2010-11-28 13:47:49 +08:00
Leonid Evdokimov
6e574a2021 Another source code cleanup. 2010-11-27 23:30:58 +02:00
Leonid Evdokimov
8ad8d7eb41 More source code cleanup. 2010-11-27 23:20:46 +02:00
Leonid Evdokimov
c50dd8b2b4 Some source code cleanup. 2010-11-27 21:57:43 +02:00
Bin Jin
9136aa5e5f add clang compiler support; clean warnings; remove auth info from log file 2010-11-25 19:11:14 +08:00
Bin Jin
651754834f fix memory leak issues 2010-11-23 14:19:57 +08:00
Bin Jin
a1e65e4ccb fix issue: EOF from client in http relay 2010-11-23 13:21:09 +08:00
Bin Jin
abb26a1505 fix issue: segment fault on ARM platform 2010-11-21 22:33:27 +08:00
Bin Jin
c12924022a add proxy auth for http-connect, working but buggy 2010-11-18 22:57:20 +08:00