Giter VIP home page Giter VIP logo

Comments (7)

zglqaq avatar zglqaq commented on July 17, 2024

redudp {
bind = "0.0.0.0:10053";
relay = "x.x.x.x:1080";
//login = username;// field 'login' is reused as encryption
// method of shadowsocks
//password = pazzw0rd;

// know types: socks5, shadowsocks
type = socks5;

// redsocks knows about two options while redirecting UDP packets at
// linux: TPROXY and REDIRECT.  TPROXY requires more complex routing
// configuration and fresh kernel (>= 2.6.37 according to squid
// developers[1]) but has hack-free way to get original destination
// address, REDIRECT is easier to configure, but requires `dest`
// to be set, limiting packet redirection to single destination.
// [1] http://wiki.squid-cache.org/Features/Tproxy4
//dest = "8.8.8.8:53";

udp_timeout = 30;
// udp_timeout_stream = 180;

}

from redsocks.

zglqaq avatar zglqaq commented on July 17, 2024

我修改了redudp.c打印日志的代码
if (0 != bind(node->fd, (struct sockaddr*)addr, sizeof(*addr))) { const struct sockaddr_in *v4 = (const struct sockaddr_in*)addr; char str[1000]; char* ipAddressStr = inet_ntoa(v4->sin_addr); sprintf(str, "bind %s:%d", ipAddressStr,v4->sin_port); log_errno(LOG_ERR, str); goto fail; }
重新编译后的报错内容
1705994981.498481 err redudp.c:155 bound_udp_get(...) bind 192.168.11.53:37395: Address already in use
1705994981.498513 warning redudp.c:302 redudp_fwd_pkt_to_sender(...) [172.16.168.53:4780->192.168.11.53:5010]: bound_udp_get failure
发现redsocks把目标端口号5010=0x1392读取成了37395=0x9213,应该是大小端问题。
然后我使用抓包工具分析socks5代理服务器的回复数据包没有问题

f41e0a9687bc8c8f00a1296718b132c

我是用java实现的socks5服务器,下面是udp穿透中代理服务器给客户端回复部分的代码
`//从真实服务器发来的数据,封装后转发给客户端
ByteBuf originData = msg.content();

                                SocketAddress remoteServerAddress = msg.sender();
                                int remoteServerPort = msg.sender().getPort();

                                ByteBuf respBuff = Unpooled.buffer(originData.capacity() + 4 + ((InetSocketAddress) remoteServerAddress).getAddress().getAddress().length + 2);

// resp.put((byte)0x00); //保留
// resp.put((byte)0x00); //保留
// resp.put((byte)0x00); //分片
byte type = ((InetSocketAddress) remoteServerAddress).getAddress().getAddress().length == 4 ? TYPE_IPV4 : TYPE_IPV6;
byte[] header = new byte[]{0x00, 0x00, 0x00, type};
respBuff.writeBytes(header);
respBuff.writeBytes(((InetSocketAddress) remoteServerAddress).getAddress().getAddress()); //远程地址 0x08 0x08 0x08 0x08
Short remotePort = (short) (remoteServerPort & 0xFFFF);
respBuff.writeShort(remotePort); // 远程地址端口 0x00 0x35
//真实数据
respBuff.writeBytes(originData);

                                ctx.channel().writeAndFlush(new DatagramPacket(respBuff,
                                        new InetSocketAddress(clientAddress, clientPort)));`

另外我发现同样的redsocks代码再ubuntu上可以正常运行,在centos7上会出现这样的问题

from redsocks.

semigodking avatar semigodking commented on July 17, 2024

from redsocks.

semigodking avatar semigodking commented on July 17, 2024

from redsocks.

semigodking avatar semigodking commented on July 17, 2024

花了点时间调查了一下。你这个问题我没办法确认。你看到的端口错误其实是因为你打印的时候没有做ntohs。#194 的问题没解决之前,兼容性是个问题。

from redsocks.

zglqaq avatar zglqaq commented on July 17, 2024

的确是打印错误,但是我已经找到了原因。当udp穿透的目标端口是53时,如果允许redsocks的主机上已经运行了dns服务就会出现bound_udp_get(...) bind: Address already in use。同样的我上面提到的目标端口是5010的错误也是因为本机udp5010端口已经被占用了。当我把5010端口所在的服务监听的地址从绑定所有地址0.0.0.0:5010改成其中一个地址172.16.0.8:5010后错误就消失了。虽然错误解决了,但是我不理解为什么redsocks转发udp数据时要在本机上绑定目标端口,这是TPROXY机制吗?

from redsocks.

semigodking avatar semigodking commented on July 17, 2024

要绑定的是目标地址,以便以目标地址向客户端发响应数据。

from redsocks.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.