Garbage data when using SOCKS 5 proxy to IPv6

While I'm not 100% sure the issue comes from wireproxy, it is to be noted that with another SOCKS 5 proxy (ssh -D) I'm not observing this issue.

When connecting to an IPv6 TCP target via the SOCKS 5 proxy of wireproxy, some garbage data are inserted at the beggining of the connection, breaking the application protocol. See the following example with SSH

Environment

Client: SSH over WireProxy 1.0.9 over macOS 14.4.1 Wireguard endpoint: mikrotik router (RouterOS 7.14.3) Server: SSH (OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023) on Debian 12

It is to be noted I do not have any issue with "official" wireguard clients (either on iOS or macOS)

Direct connection from a client on the same LAN than the server

IPv4

$ nc 172.29.47.10 22
SSH-2.0-OpenSSH_9.2p1 Debian-2

IPv6

$ nc fd00:172:29:47::10 22
SSH-2.0-OpenSSH_9.2p1 Debian-2

Using WireProxy with TCPClientTunnel

IPv4

# WireProxy Configuration file
WGConfig = /path/to/wireguard.conf
[TCPClientTunnel]
BindAddress = 127.0.0.1:25345
Target = 172.29.47.10:22

$ nc 127.0.0.1 25345
SSH-2.0-OpenSSH_9.2p1 Debian-2

IPv6

# WireProxy Configuration file
WGConfig = /path/to/wireguard.conf
[TCPClientTunnel]
BindAddress = 127.0.0.1:25345
Target = [fd00:172:29:47::10]:22

$ nc 127.0.0.1 25345
SSH-2.0-OpenSSH_9.2p1 Debian-2

Using WireProxy with Socks5

# WireProxy Configuration file
WGConfig = /path/to/wireguard.conf
[Socks5]
BindAddress = 127.0.0.1:25345

IPv4

nc -X 5 -x 127.0.0.1:25345 172.29.47.10 22
SSH-2.0-OpenSSH_9.2p1 Debian-2

IPv6

nc -X 5 -x 127.0.0.1:25345 fd00:172:29:47::10 22
I�SSH-2.0-OpenSSH_9.2p1 Debian-2

Note the garbage data before the SSH banner

The same can be observed with an HTTP server

IPv4 (it waits for me to enter a request)


$ nc -X 5 -x 127.0.0.1:25344 172.29.47.26 80
GET /
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request


- IPv6 (**it immediately prints some garbage**)

$ nc -X 5 -x 127.0.0.1:25344 fd00:172:29:47::26 80 I��

pufferffish / wireproxy