UDP does not appear to work?

nlzy / nsproxy

Make arbitrary applications to use a specified SOCKS / HTTP proxy

GNU General Public License v2.0

232 stars 27 forks source link

UDP does not appear to work? #6

Open janedoe-lab opened 11 months ago

janedoe-lab commented 11 months ago

Hello again :)

I am trying now UDP. I've setup ncat listening locally on UDP port 8012 and using socks5 proxy, that supports UDP. Proxychains works, but with nsproxy I see "Forwarding udp:192.168.56.1:8012" but nothing in ncat. I tried both master and dev branches. Any ideas?

➜  build git:(master) ✗ proxychains4 ncat -u 192.168.56.1 8012
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
send test
receive test

➜  build git:(master) ✗ ./nsproxy -s 127.0.0.1 -p 47135 -vvv ncat -u 192.168.56.1 8012
[nsproxy] Proxy Server:       127.0.0.1:47135, SOCKS
[nsproxy] DNS Redirection:    Enabled, 1.1.1.1, TCP
[nsproxy] Verbose:            Yes
send test
[nsproxy] Forwarding udp:192.168.56.1:8012
[nsproxy] --- socks 20 bytes. udp:192.168.56.1:8012
[nsproxy] Closed 192.168.56.1:8012

proxychains4.conf:

strict_chain

[ProxyList]
socks5 127.0.0.1 47135

nlzy commented 11 months ago

Hello,

proxychains says in their document that it supports TCP only (no UDP/ICMP etc), so proxychains seems to work probably just because proxychains didn't make UDP go through proxy server.

If you are sure that your proxy server supports UDP and it's working, then another possibility is nsproxy does not fully comply with the RFC specification. This bug caused some incompatibility issues.

This bug will take some time to fix and may be fixed in a future version.

janedoe-lab commented 11 months ago

Oh, you are right. I did not realize proxychains4 does not support UDP. It probably passed through directly. I will setup a better network configuration with isolation, to make sure UDP test is correct and get back to you.

janedoe-lab commented 11 months ago

Ok, I've setup a separate VM, that is not directly accessible. I've used tun2socks to proxy UDP through socks5 (3proxy specifically - they do support UDP). It works when using tun2socks. Exact same command run through nsproxy fails.

I've run Wireshark and I see that UDP datagram is sent to socks5 port directly, using UDP, which is obviously should not work:

Here is example of the same process when proxied through tun2socks:

I think, UDP requires first to execute SOCKS5_CMD_UDPASSOC command at socks5 server, receive UDP port from socks5 server and then forward UDP datagram to that port. But I can not find SOCKS5_CMD_UDPASSOC used anywhere in the code. Perhaps it is not implemented at all currently?

nlzy commented 10 months ago

Sorry for late reply.

Yes, that's the bug, SOCKS5_CMD_UDPASSOC is not implemented at all.

My plan is to do it together with SOCKS5 authentication.