search

heiher / hev-socks5-server

A high-performance socks5 server for Unix (Linux/Android/BSD/macOS/iOS)
MIT License
242 stars 39 forks source link

Traffic monitoring #43

Closed vavrecan closed 6 months ago

vavrecan commented 8 months ago

Hello,

I'm wondering if it's possible to track traffic and associate it with a username. For UDP, it's relatively straightforward, as the transferred size is in res variable of hev_socks5_udp_fwd_f / hev_socks5_udp_fwd_b.

However, for TCP, it presents a more challenging modification due to the task system performing a copy, and it doesn't expose the size of transferred data. Do you have any ideas on how to achieve this for TCP?

Thank you!

heiher commented 8 months ago

Now we can mark upstream traffic for each user, so I think using iptables to count is a good way.

https://github.com/heiher/hev-socks5-server#authentication-file

vavrecan commented 8 months ago

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

heiher commented 8 months ago

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

Okay. I think you can override the splicer method of HevSocks5TCP/HevSocks5UDP in the HevSocks5Session, to use a custom splice with counting.

https://github.com/heiher/hev-socks5-core/blob/664beaa4e7df3f10dbb28f0ec90dfadc9bc4de76/src/hev-socks5-tcp.h#L26

Here is an example:

https://github.com/heiher/hev-socks5-tunnel/blob/master/src/hev-socks5-session-tcp.c#L350

vavrecan commented 8 months ago

Does it make sense to implement tcp splitter from tunnel in tproxy?

On Fri, 19 Jan 2024 at 16:06, hev @.***> wrote:

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

Okay. I think you can override the splicer method of HevSocks5TCP/ HevSocks5UDP in the HevSocks5Session, to use a custom splice with counting.

https://github.com/heiher/hev-socks5-core/blob/664beaa4e7df3f10dbb28f0ec90dfadc9bc4de76/src/hev-socks5-tcp.h#L26

Here is an example:

https://github.com/heiher/hev-socks5-tunnel/blob/master/src/hev-socks5-session-tcp.c#L350

— Reply to this email directly, view it on GitHub https://github.com/heiher/hev-socks5-server/issues/43#issuecomment-1900591339, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUREIOPHNSR2VK42XS6FLYPKDXTAVCNFSM6AAAAABCBFLXSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBQGU4TCMZTHE . You are receiving this because you authored the thread.Message ID: @.***>

heiher commented 8 months ago

@vavrecan tcp splitter?

vavrecan commented 8 months ago

Yes - is there any reason tunnel is not using same tcp splitter as tproxy?

On Fri, 19 Jan 2024 at 17:12, hev @.***> wrote:

@vavrecan https://github.com/vavrecan tcp splitter?

— Reply to this email directly, view it on GitHub https://github.com/heiher/hev-socks5-server/issues/43#issuecomment-1900699886, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUREOHUPIOEXHXCXB3T43YPKLQHAVCNFSM6AAAAABCBFLXSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBQGY4TSOBYGY . You are receiving this because you were mentioned.Message ID: @.***>

vavrecan commented 8 months ago

I am thinking about changing hev_task_io_splice adding two new parameters, size_t sent, size_t received and then just incrementing new variable in _HevTaskIOSplicer structurure (as it is using IO_SPLICE_SYSCALL - its more performer isn't it?

heiher commented 8 months ago

I am thinking about changing hev_task_io_splice adding two new parameters, size_t sent, size_t received and then just incrementing new variable in _HevTaskIOSplicer structurure (as it is using IO_SPLICE_SYSCALL - its more performer isn't it?

Yeah. You need a custom splicer with counting.

heiher commented 8 months ago

Here is an example: https://github.com/heiher/hev-socks5-server/commit/08be977439283616948662071f79944521fbba2a