netcat fails to talk to socks inbound using socks5

1sixth commented 1 year ago

Welcome

[X] Yes, I'm using the latest major release. Only such installations are supported.
[X] Yes, I'm using the latest Golang release. Only such installations are supported.
[X] Yes, I've searched similar issues on GitHub and didn't find any.
[X] Yes, I've included all information below (version, FULL config, FULL log, etc).

Description of the problem

netcat-openbsd/1.219-1 fails to talk to the proxy server using socks5:

$ nc -X 4 -vx 127.0.0.1:2080 qq.com 80 # SOCKS v.4
Connection to qq.com 80 port [tcp/http] succeeded!
$ nc -X 5 -vx 127.0.0.1:2080 qq.com 80 # SOCKS v.5
nc: connection failed, unsupported address type

curl/7.87.0 works fine though:

$ curl -x socks4://127.0.0.1:2080 qq.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>stgw</center>
</body>
</html>
$ curl -x socks4a://127.0.0.1:2080 qq.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>stgw</center>
</body>
</html>
$ curl -x socks5://127.0.0.1:2080 qq.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>stgw</center>
</body>
</html>

I also noticed that netcat is able to connect to v2ray/5.2.1 using socks5 with the following config:

{
    "log": {
        "level": "debug"
    },
    "inbounds": [
        {
            "protocol": "socks",
            "listen": "127.0.0.1",
            "port": 2080
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

Version of sing-box

```console $ sing-box version sing-box version 1.1.5 Environment: go1.19.5 linux/amd64 Tags: with_quic,with_grpc,with_wireguard,with_shadowsocksr,with_ech,with_utls,with_acme,with_clash_api,with_v2ray_api,with_gvisor CGO: enabled ```

Server and client configuration file

```json { "log": { "level": "debug" }, "inbounds": [ { "type": "socks", "listen": "127.0.0.1", "listen_port": 2080 } ], "outbounds": [ { "type": "direct" } ] } ```

Server and client log file

`netcat-openbsd`: ```log INFO[0000] inbound/socks[0]: tcp server started at 127.0.0.1:2080 INFO[0000] sing-box started (0.00s) INFO[0004] [1050980001] inbound/socks[0]: inbound connection from 127.0.0.1:40922 INFO[0004] [1050980001] inbound/socks[0]: [] inbound connection to 183.3.226.35:80 INFO[0004] [1050980001] outbound/direct[0]: outbound connection to 183.3.226.35:80 DEBUG[0005] [1050980001] inbound/socks[0]: connection closed: process connection from 127.0.0.1:40922: download: readfrom tcp 127.0.0.1:2080->127.0.0.1:40922: use of closed network connection INFO[0008] [1448373664] inbound/socks[0]: inbound connection from 127.0.0.1:40924 INFO[0008] [1448373664] inbound/socks[0]: inbound connection to qq.com:80 INFO[0008] [1448373664] outbound/direct[0]: outbound connection to qq.com:80 DEBUG[0008] [1448373664] dns: lookup domain qq.com INFO[0008] [1448373664] dns: lookup succeed for qq.com: 61.129.7.47 123.151.137.18 183.3.226.35 DEBUG[0008] [1448373664] inbound/socks[0]: connection closed: process connection from 127.0.0.1:40924: download: readfrom tcp 127.0.0.1:2080->127.0.0.1:40924: use of closed network connection | upload: readfrom tcp 192.168.2.2:49424->61.129.7.47:80: splice: connection reset by peer ``` `curl`: ```log INFO[0000] inbound/socks[0]: tcp server started at 127.0.0.1:2080 INFO[0000] sing-box started (0.00s) INFO[0005] [1346677383] inbound/socks[0]: inbound connection from 127.0.0.1:37568 INFO[0005] [1346677383] inbound/socks[0]: [] inbound connection to 183.3.226.35:80 INFO[0005] [1346677383] outbound/direct[0]: outbound connection to 183.3.226.35:80 DEBUG[0005] [1346677383] inbound/socks[0]: connection closed: process connection from 127.0.0.1:37568: download: readfrom tcp 127.0.0.1:2080->127.0.0.1:37568: use of closed network connection INFO[0007] [3386557592] inbound/socks[0]: inbound connection from 127.0.0.1:37578 INFO[0007] [3386557592] inbound/socks[0]: [] inbound connection to qq.com:80 INFO[0007] [3386557592] outbound/direct[0]: outbound connection to qq.com:80 DEBUG[0007] [3386557592] dns: lookup domain qq.com INFO[0007] [3386557592] dns: lookup succeed for qq.com: 123.151.137.18 61.129.7.47 183.3.226.35 DEBUG[0007] [3386557592] inbound/socks[0]: connection closed: process connection from 127.0.0.1:37578: download: readfrom tcp 127.0.0.1:2080->127.0.0.1:37578: use of closed network connection INFO[0010] [849484328] inbound/socks[0]: inbound connection from 127.0.0.1:37586 INFO[0010] [849484328] inbound/socks[0]: inbound connection to 61.129.7.47:80 INFO[0010] [849484328] outbound/direct[0]: outbound connection to 61.129.7.47:80 DEBUG[0010] [849484328] inbound/socks[0]: connection closed: process connection from 127.0.0.1:37586: download: readfrom tcp 127.0.0.1:2080->127.0.0.1:37586: use of closed network connection ```

dyhkwong commented 1 year ago

https://github.com/SagerNet/sing/blob/27d2950cdbe9f9fa057f1c09701043c01382d62e/protocol/socks/handshake.go#L187 According to RFC 1928, in SOCKS5 handshake response, the address/port is the server's bound address/port. For a quick fix, using M.SocksaddrFromNet(conn.LocalAddr()) should be enough.

nekohasekai commented 1 year ago

Try 99890a1af0db9246b9e5356ba6b7c5207c544d7b

1sixth commented 1 year ago

I can confirm this is now fixed. Thank you!

SagerNet / sing-box