search

hexian000 / kcptun-libev

A powerful and extremely lightweight encrypted port forwarder based on reliable UDP protocol.
MIT License
29 stars 7 forks source link

Add the ability to bind both tcp and udp #6

Closed GeekZJJ closed 9 months ago

GeekZJJ commented 9 months ago

Currently this project can only forward tcp traffic. But in some case, such as shadowsocks/socks5, it is necessary to forward the same TCP and UDP port. Do we have any plan to support this feature?

hexian000 commented 9 months ago

It seems that you're trying to setup a proxy. Let's make it specifically. @GeekZJJ

  1. DNS in UDP

SOCKS/HTTP proxy client should send the remote domain name(not the IP address resolved before) whenever possible.

Still, DoT/DoH can relay DNS requests over TCP connections.

From what I've observed, Firefox/Chromium can be configured to behave as described above. You can check it with DNS leak test

  1. QUIC(HTTP/3)

The feature is duplicated with KCP. It can be disabled.

  1. Other unavoidable UDP

For those packets, KCP has nothing to do. User can run some VPN (like Wireguard) to encrypt packets. If desired, kcptun-libev can be run unencrypted within a VPN to forward TCP connections.

If your case is not covered yet, please let me know.

GeekZJJ commented 9 months ago

I mainly want to use it to forward shadowsocks connection over lossy network. For some case, such as UDP DNS query, I set shadowsocks' mode to tcp_and_udp. It means that the shadowsocks' UDP traffic could not reach the other side with this KCP tunnel. So that's the point I open this issue. On the other hand, it's a useful ability to forward a remote UDP port. Just like what we have now, forward a TCP port to get a better connection quality.

hexian000 commented 9 months ago

I set shadowsocks' mode to tcp_and_udp. It means that the shadowsocks' UDP traffic could not reach the other side with this KCP tunnel.

As far as I know, shadowsocks has encrypted the UDP traffic already. It should be safe to send UDP packets directly to the server. Some shadowsocks implementations actually support this (by 2 instances in tcp_only & udp_only).

As mentioned above, UDP is not absolutely required for remote DNS. If any SOCKS server meets your needs, another project of mine neosocksd may help. It supports remote name resolves but does not support UDP.

GeekZJJ commented 9 months ago

As far as I know, shadowsocks has encrypted the UDP traffic already. It should be safe to send UDP packets directly to the server. Some shadowsocks implementations actually support this (by 2 instances in tcp_only & udp_only).

I see. I want to take the advantage of KCP's performance in lossy network, rather than the encryption of kcptun-libev. On the contrary, because I run it in the OpenWrt based router, which has a very limit resource, I would use it without encryption for performance reason, if it can.

As mentioned above, UDP is not absolutely required for remote DNS. If any SOCKS server meets your needs, another project of mine neosocksd may help. It supports remote name resolves but does not support UDP.

I known UDP is not a requirement for DNS query. But as I mentioned above, DNS is just one case that goes though UDP. Actually in my daily use, I notice a lot of UDP traffic goes though ss-redir, although I didn't dig into the traffic for what they came from. So I believe that the UDP forward for shadowsocks connection is a requirement of my daily use case.

hexian000 commented 9 months ago

I want to take the advantage of KCP's performance in lossy network, rather than the encryption of kcptun-libev.

Due to its design, KCP works as an alternative to TCP. And therefore does not provide performance benefits for UDP.

Actually in my daily use, I notice a lot of UDP traffic goes though ss-redir, although I didn't dig into the traffic for what they came from.

If you believe the lack of UDP support breaks something, try Case 3(edited).

Hope this helps. 😉

GeekZJJ commented 9 months ago

Got that. 😄