mirrors/redsocks
0
0
Fork 0
mirror of https://github.com/darkk/redsocks.git synced 2025-08-26 03:35:30 +00:00
Code
181 Commits 1 Branch 5 Tags 2.1 MiB
4521797847
Commit Graph

69 Commits

Author SHA1 Message Date
Leonid Evdokimov
4521797847 Add disclose_src option to tell client src IP to http-connect proxy 2016-04-05 02:42:34 +03:00
Leonid Evdokimov
3c7f635bf3 Warn about http-relay usage 
http-relay should be avoided due to CVE-2009-0801. It was implemented to
support ancient HTTP/1.0 clients that did not set `Host` header, so
upstream proxy had at least some way to determine request destination.

In modern post-SPDY world this method should not be used, you should
rather configure upstream proxy to accept CONNECT requests to any port
and use `http-connect` instead.

Great CVE-2009-0801 description can be found in squid-users on 2015-12-18
http://lists.squid-cache.org/pipermail/squid-users/2015-December/008392.html
 2016-04-03 23:45:54 +03:00
Leonid Evdokimov
c6c5cb93ce Mark client socket non-blocking 
Avoiding to do so caused splice() to block during write.

AFAIK, it does not affect bufferevent pump, but I may be wrong.
 2016-04-03 23:23:48 +03:00
Leonid Evdokimov
af46180272 Add naive zero-copy implementation using splice 
It gives ~33% increase of throughput on CPU-bound box.  E.g. following
machine single-connection throughput goes from ~30 Mbit/s to ~40 Mbit/s

system type: xRX200 rev 1.2
machine: TDW8980 - TP-LINK TD-W8980
cpu model: MIPS 34Kc V5.6
BogoMIPS: 332.54
 2016-04-03 23:18:45 +03:00
Leonid Evdokimov
42977373b9 Emit better log message if client has `loopback' destination 2016-03-28 22:44:34 +03:00
Leonid Evdokimov
afd298f6ce Replace wm_read/wm_write manipulations with call to bufferevent_setwatermark 
bufferevent_setwatermark() has some meaningful code to run on
high-watermark changes, avoiding this code may lead to stuck
connections.
 2016-03-18 11:23:58 +03:00
Leonid Evdokimov
d2165a4ff0 Replace libevent macroses with functions 2016-03-18 00:41:04 +03:00
Leonid Evdokimov
ad06706af7 Log network errors better, use errno if SO_ERROR is clear 
Some errors are not stored in SO_ERROR. Moreover, libevent uses SO_ERROR
itself and SO_ERROR is cleared after reading. Probably, using SO_ERROR
is not a good idea at all, but I have no proper test-case checking if
it's safe to remove SO_ERROR code.
 2016-03-17 18:57:49 +03:00
Leonid Evdokimov
4e222f3f27 Avoid EBADF warnings from epoll using bufferevent_free more accurately 2016-03-17 18:48:33 +03:00
Leonid Evdokimov
681452324a Add options to specify TCP_KEEPIDLE, TCP_KEEPCNT and TCP_KEEPINTVL 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
83703f0de4 Log back-pressure events with LOG_DEBUG severity to ease debugging 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
ef46553e27 Fix hung connection when client sends EOF before relay even replies 
EOF is forwarded only when the bi-directional connection is established.

Thanks to semigodking for describing the test-case in #26

Moreover, linux kernel may reply SYN-ACK with RST if the now-connecting
socket is brought down with shutdown(fd, SHUT_WR):

connect(26, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("11.22.33.44")}, 16) = -1 EINPROGRESS (Operation now in progress)
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [S], seq 813066190, win 27200, options [...], length 0
epoll_ctl(3, EPOLL_CTL_ADD, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
epoll_wait(3, {{EPOLLIN, {u32=25, u64=25}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {728135, 720450764}) = 0
gettimeofday({1457464453, 327070}, NULL) = 0
ioctl(25, FIONREAD, [0]) = 0
readv(25, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], 1) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 25, {EPOLLIN, {u32=25, u64=25}}) = 0
shutdown(25, SHUT_RD) = 0
shutdown(26, SHUT_WR) = 0
epoll_ctl(3, EPOLL_CTL_DEL, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0
IP 11.22.33.44.8080 > 192.168.10.254.42578: Flags [S.], seq 481785732, ack 813066191, win 65535, options [...], length 0
IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [R], seq 813066191, win 0, length 0
epoll_wait(3, ...
 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
14ff78dfe7 Replace inconsistent rand()/random() with call to libevent2 rng 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
24a5384e29 Emit better errors from config file parser 2016-03-09 01:12:38 +03:00
Leonid Evdokimov
23fb178f04 logging: do not crash in SIGUSR1 handler in partly-initialized case 2016-03-07 22:16:51 +03:00
Leonid Evdokimov
e8fd5422e5 logging: respect log_debug for non-syslog `log', SIGUSR1 writes LOG_NOTICE 
log_debug and log_info should not waste CPU and disk space while logging
to file and stderr, but SIGUSR1 dump is explicit request, so it's always
logged.
 2016-03-07 21:39:23 +03:00
Leonid Evdokimov
18e2b5ed1f Fix compilation on Ubuntu 10.04 LTS and (hopefully) Debian squeeze[1] 
fixes #28, fixes #22, fixes #24
[1] current "stable" release
 2012-09-12 02:05:39 +04:00
Leonid Evdokimov
6015b3a6f2 inet_ntop -> red_inet_ntop 2012-04-10 01:43:22 +04:00
Leonid Evdokimov
4d2e10df17 Implement better exponential backoff in case of accept() failure. 
This commit implements two more features:
 * min_accept_backoff configuration option
 * retry accept() after some close() calls

See also https://github.com/darkk/redsocks/issues/19
 2012-03-25 23:58:40 +04:00
Leonid Evdokimov
dd089f09bd Proper accept_backoff event cleanup. 2012-03-25 23:14:27 +04:00
Leonid Evdokimov
5ac05d5b77 Fix typo. Thanks to Apollon Oikonomopoulos. 2012-01-30 14:01:30 +04:00
Leonid Evdokimov
128d730583 Implement exponential backoff in case of accept() failure. 
Busy-loop strikes the daemon without backoff and log flood fills disks.

See also https://github.com/darkk/redsocks/issues/19
 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
6f8312b21f Refactor: replace struct event with tracked_event to track EVLIST_INSERTED state. 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
8156e442c2 Add option to specify listen() queue length. 2012-01-28 00:00:09 +04:00
Leonid Evdokimov
d517e650ef redsocks now compiles with libevent-2.0 2011-08-01 13:28:38 +04:00
Leonid Evdokimov
79e22a67fa Change license to Apache 2.0 to ensure compatibility with android stack. 2011-04-20 20:17:09 +03:00
Leonid Evdokimov
8b0a9dcc6c Make redsocks working with OpenBSD pf (at least sometimes). 2011-02-11 00:52:47 +02:00
Leonid Evdokimov
9bcb4dcc7e Fix compilation at OpenBSD 4.9. 2011-02-10 00:02:05 +02:00
Przemyslaw Pawelczyk
cf3dc2c4f0 Hide warnings on unused variables if asserts are off. 
redsocks.c: In function 'redsocks_read_expected':
redsocks.c:407: warning: unused variable 'read'

http-relay.c: In function 'httpr_client_read_cb':
http-relay.c:520: warning: unused variable 'written_wo_null'

These variables are used in asserts and if asserts are not compiled,
e.g. by defining NDEBUG (usually in CFLAGS via -DNDEBUG), then we have
misleading warnings.

Add in utils.h UNUSED() macro for creating null statement with result
casted to void. Use it to fix above warnings.
 2011-01-27 23:22:09 +01:00
Przemyslaw Pawelczyk
c82e944cba Fix dead store bugs. 
scan-build result for redsocks.c:707, base.c:402, redudp.c:659:

    Dead assignment
 2011-01-27 22:52:13 +01:00
Leonid Evdokimov
642c9a448f Fix several compiler warnings. 2011-01-15 16:29:40 +02:00
Bin Jin
9d876181b3 merge commits from upstream 2010-12-03 22:02:40 +08:00
Leonid Evdokimov
bce12d59dd Fix bug introduced in 45cab3. 2010-12-02 23:30:21 +02:00
Leonid Evdokimov
94c96a60ef Cleanup client session logging. 2010-12-02 23:16:23 +02:00
Bin Jin
7772258767 fix issue: recieve eof from client while connection to relay is not established 2010-11-29 22:41:53 +08:00
Leonid Evdokimov
45cab3de31 This cleanup commit introduces ex-plain function! 2010-11-29 00:09:48 +02:00
Bin Jin
04662c4226 fix several fatal issues; send request body on fly, rather than depend on content-length 2010-11-28 13:47:49 +08:00
Leonid Evdokimov
6e574a2021 Another source code cleanup. 2010-11-27 23:30:58 +02:00
Leonid Evdokimov
8ad8d7eb41 More source code cleanup. 2010-11-27 23:20:46 +02:00
Leonid Evdokimov
c50dd8b2b4 Some source code cleanup. 2010-11-27 21:57:43 +02:00
Bin Jin
9136aa5e5f add clang compiler support; clean warnings; remove auth info from log file 2010-11-25 19:11:14 +08:00
Bin Jin
651754834f fix memory leak issues 2010-11-23 14:19:57 +08:00
Bin Jin
a1e65e4ccb fix issue: EOF from client in http relay 2010-11-23 13:21:09 +08:00
Bin Jin
abb26a1505 fix issue: segment fault on ARM platform 2010-11-21 22:33:27 +08:00
Bin Jin
c12924022a add proxy auth for http-connect, working but buggy 2010-11-18 22:57:20 +08:00
Leonid Evdokimov
77a490422b Added GPLv3 copyright notice to every source file. 2008-12-13 15:40:52 +06:00
Leonid Evdokimov
ed80ac7d70 Fix compiler warning: time() was undefined. 2008-08-19 02:21:14 +07:00
Leonid Evdokimov
7c714b750f Added ability to create many redsocks config sections to have many redirectors. 2008-08-18 17:46:27 +07:00
Leonid Evdokimov
0a1bcb5bb9 Enable SO_KEEPALIVE for client and relay sockets. 2008-08-14 03:49:42 +07:00
Leonid Evdokimov
1814548b1d More debug logging: active event-mask is logged too. 2008-07-16 15:12:01 +07:00