0
0
mirror of https://github.com/darkk/redsocks.git synced 2025-08-28 20:55:30 +00:00
Commit Graph

194 Commits

Author SHA1 Message Date
Leonid Evdokimov
32aeeb284a Specify required libevent version in README. Closes #85
libevent-2.0.x is required since 14ff78d.
2016-04-19 10:28:16 +03:00
Leonid Evdokimov
a1be0807ef Implement redsocks_conn_max option, simplify accept-backoff
Sophisticated accept-backoff is not required, it's ONLY purpose is to
protect against busy-loop when `redsocks_conn_max` does not match
RLIMIT_NOFILE.
2016-04-14 22:53:50 +03:00
Leonid Evdokimov
83702c9577 Fix cleanup order to avoid EBADF from epoll_ctl 2016-04-14 01:47:34 +03:00
Leonid Evdokimov
7963de73d4 Add on_proxy_fail to inform user's browser about sort of failure
Use the feature with care, enable it only for HTTP port to avoid
confusion, no client protocol detection is done at the moment.
2016-04-13 02:30:08 +03:00
Leonid Evdokimov
ec06dc6ad6 Log dropped clients when http-proxy reply is too long 2016-04-13 01:50:34 +03:00
Leonid Evdokimov
6804500a0a Add tests for authentication failure 2016-04-13 01:38:38 +03:00
Leonid Evdokimov
7b1f67b395 Test that nonce reuse in http-digest actually works 2016-04-12 23:47:11 +03:00
Leonid Evdokimov
91fcbd1a68 Add protocol latency tests 2016-04-12 22:22:20 +03:00
Leonid Evdokimov
e6bfa73f23 Make netns exec call easier in tests 2016-04-12 22:16:58 +03:00
Leonid Evdokimov
6375a4fece Update link to Archlinux AUR. Fixes #82 2016-04-12 12:17:52 +03:00
Leonid Evdokimov
f3ef436c8e Fix memory leak in Basic http-auth 2016-04-12 12:16:28 +03:00
Leonid Evdokimov
aa6c7500aa Add smoke tests 2016-04-12 12:16:28 +03:00
Leonid Evdokimov
f94a981512 Fix typo introduced in 003765ba, fixes #81 2016-04-08 19:55:32 +03:00
Leonid Evdokimov
4521797847 Add disclose_src option to tell client src IP to http-connect proxy 2016-04-05 02:42:34 +03:00
Leonid Evdokimov
003765ba98 Move socks4 & socks5 login/password config syntax check to startup 2016-04-04 00:18:11 +03:00
Leonid Evdokimov
3c7f635bf3 Warn about http-relay usage
http-relay should be avoided due to CVE-2009-0801. It was implemented to
support ancient HTTP/1.0 clients that did not set `Host` header, so
upstream proxy had at least some way to determine request destination.

In modern post-SPDY world this method should not be used, you should
rather configure upstream proxy to accept CONNECT requests to any port
and use `http-connect` instead.

Great CVE-2009-0801 description can be found in squid-users on 2015-12-18
http://lists.squid-cache.org/pipermail/squid-users/2015-December/008392.html
2016-04-03 23:45:54 +03:00
Leonid Evdokimov
c6c5cb93ce Mark client socket non-blocking
Avoiding to do so caused splice() to block during write.

AFAIK, it does not affect bufferevent pump, but I may be wrong.
2016-04-03 23:23:48 +03:00
Leonid Evdokimov
af46180272 Add naive zero-copy implementation using splice
It gives ~33% increase of throughput on CPU-bound box.  E.g. following
machine single-connection throughput goes from ~30 Mbit/s to ~40 Mbit/s

system type: xRX200 rev 1.2
machine: TDW8980 - TP-LINK TD-W8980
cpu model: MIPS 34Kc V5.6
BogoMIPS: 332.54
2016-04-03 23:18:45 +03:00
Leonid Evdokimov
42977373b9 Emit better log message if client has `loopback' destination 2016-03-28 22:44:34 +03:00
Leonid Evdokimov
48dd5557c0 Mention `nogroup' name difference between RedHat-like and Debian-like distributions.
See also #60
2016-03-21 11:10:11 +03:00
Leonid Evdokimov
afd298f6ce Replace wm_read/wm_write manipulations with call to bufferevent_setwatermark
bufferevent_setwatermark() has some meaningful code to run on
high-watermark changes, avoiding this code may lead to stuck
connections.
2016-03-18 11:23:58 +03:00
Leonid Evdokimov
d2165a4ff0 Replace libevent macroses with functions 2016-03-18 00:41:04 +03:00
Leonid Evdokimov
d70227eb10 Use proper buffer size in assertion 2016-03-17 19:08:49 +03:00
Leonid Evdokimov
91a5b80a31 Add quick-n-dirty debugging code to estimate memory usage.
Debugging code is not compiled by default, don't use it unless you're
just trying to measure something :)
2016-03-17 19:03:12 +03:00
Leonid Evdokimov
ad06706af7 Log network errors better, use errno if SO_ERROR is clear
Some errors are not stored in SO_ERROR. Moreover, libevent uses SO_ERROR
itself and SO_ERROR is cleared after reading. Probably, using SO_ERROR
is not a good idea at all, but I have no proper test-case checking if
it's safe to remove SO_ERROR code.
2016-03-17 18:57:49 +03:00
Leonid Evdokimov
8a703e4a27 Write more information about unclean builds 2016-03-17 18:56:57 +03:00
Leonid Evdokimov
62cb189c1b Emit better errors from config file parser 2016-03-17 18:48:37 +03:00
Leonid Evdokimov
4e222f3f27 Avoid EBADF warnings from epoll using bufferevent_free more accurately 2016-03-17 18:48:33 +03:00
Leonid Evdokimov
5c716327b2 Write message priority to the log file/stderr 2016-03-17 18:05:01 +03:00
Leonid Evdokimov
64afce95a1 Add libevent version to redsocks -v output 2016-03-17 17:07:42 +03:00
Leonid Evdokimov
681452324a Add options to specify TCP_KEEPIDLE, TCP_KEEPCNT and TCP_KEEPINTVL 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
83703f0de4 Log back-pressure events with LOG_DEBUG severity to ease debugging 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
ef46553e27 Fix hung connection when client sends EOF before relay even replies
EOF is forwarded only when the bi-directional connection is established.

Thanks to semigodking for describing the test-case in #26

Moreover, linux kernel may reply SYN-ACK with RST if the now-connecting
socket is brought down with shutdown(fd, SHUT_WR):

connect(26, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("11.22.33.44")}, 16) = -1 EINPROGRESS (Operation now in progress)
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [S], seq 813066190, win 27200, options [...], length 0
epoll_ctl(3, EPOLL_CTL_ADD, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
epoll_wait(3, {{EPOLLIN, {u32=25, u64=25}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {728135, 720450764}) = 0
gettimeofday({1457464453, 327070}, NULL) = 0
ioctl(25, FIONREAD, [0]) = 0
readv(25, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], 1) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 25, {EPOLLIN, {u32=25, u64=25}}) = 0
shutdown(25, SHUT_RD) = 0
shutdown(26, SHUT_WR) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
IP 11.22.33.44.8080 > 192.168.10.254.42578: Flags [S.], seq 481785732, ack 813066191, win 65535, options [...], length 0
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [R], seq 813066191, win 0, length 0
epoll_wait(3, ...
2016-03-09 01:12:38 +03:00
Leonid Evdokimov
14ff78dfe7 Replace inconsistent rand()/random() with call to libevent2 rng 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
24a5384e29 Emit better errors from config file parser 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
b322e4a8dd Fix crash in config file parser caused by unknown option key 2016-03-09 01:12:36 +03:00
Leonid Evdokimov
23fb178f04 logging: do not crash in SIGUSR1 handler in partly-initialized case 2016-03-07 22:16:51 +03:00
Leonid Evdokimov
e8fd5422e5 logging: respect log_debug for non-syslog `log', SIGUSR1 writes LOG_NOTICE
log_debug and log_info should not waste CPU and disk space while logging
to file and stderr, but SIGUSR1 dump is explicit request, so it's always
logged.
2016-03-07 21:39:23 +03:00
Leonid Evdokimov
2118c616b4 Merge pull request #52 from przemoc/switch-from-gnu99-to-c99
Switch from gnu99 to c99.
2015-09-07 16:03:08 +03:00
Przemyslaw Pawelczyk
a7d1fb09a0 Switch from gnu99 to C99 and provide proper feature macros.
Use _XOPEN_SOURCE=600 to make system headers expose Single UNIX
Specification v3 (SUSv3) definitions, i.e. POSIX.1-2001 base
specification plus the X/Open System Interface (XSI) extension.
POSIX.1-2001 is aligned with C99, so that all of the library
functions standardized in C99 are also standardized in POSIX.1-2001.

Use _BSD_SOURCE together with _DEFAULT_SOURCE to compile without
warnings in glibc <= 2.19 and glibc >= 2.20 (_BSD_SOURCE is deprecated
since glibc 2.20 and it has same effect as defining _DEFAULT_SOURCE
but generates a compile-time warning if used alone). This is required
for availability of non-POSIX functions, like inet_aton() or timercmp(),
that are present on most BSD derivatives.

Note: _DEFAULT_SOURCE, which was introduced in glibc 2.19, will actually
bump _POSIX_C_SOURCE from 200112L to 200809L, but it brings no harm.
2014-07-05 01:28:44 +02:00
Przemyslaw Pawelczyk
19f0fb225a Use __typeof instead of typeof.
__typeof adheres to ISO C standard as it is reserved identifier [1],
so it is collision-free and works in non-GNU mode as long as compiler
supports it.

[1] C99: "All identifiers that begin with an underscore and either an
uppercase letter or another underscore are always reserved for any use."
2014-07-05 01:11:34 +02:00
Przemyslaw Pawelczyk
fce288f657 Rewrite container_of macro without using statement expression.
Statement expression is GNU C extension, not present in ISO standard.
Type checking works now via implicit conversion performed for compound
literal (compound literals are available since C99). typeof is only used
on GNUC compilers like gcc or clang.
2014-07-05 00:31:04 +02:00
Leonid Evdokimov
2e3f648809 Merge pull request #40 from tlvince/systemd-improv
Replace 'su' cruft with systemd's 'User='
2013-02-13 01:55:36 -08:00
Tom Vincent
b1cf7c473d Replace 'su' cruft with systemd's 'User='
See systemd.exec(5)
2013-02-13 13:36:48 +08:00
Leonid Evdokimov
778340243e Add README from balabit.com - it's nice doc about TPROXY. 2012-12-04 20:59:13 +04:00
Leonid Evdokimov
0a491b0be8 Merge pull request #33 from kanzure/typofix
typo fix in README (Andoird -> Android)
2012-09-20 01:08:03 -07:00
Bryan Bishop
c7513aafc6 typo fix in README (Andoird -> Android) 2012-09-20 01:33:46 -05:00
Leonid Evdokimov
18e2b5ed1f Fix compilation on Ubuntu 10.04 LTS and (hopefully) Debian squeeze[1]
fixes #28, fixes #22, fixes #24
[1] current "stable" release
2012-09-12 02:05:39 +04:00
Leonid Evdokimov
9352d659ba conf.example: comments about UDP redirection 2012-09-10 22:36:01 +04:00
Leonid Evdokimov
d8d521c4b5 Merge pull request #29 from tlvince/systemd
Add systemd service unit
2012-09-10 01:44:15 -07:00