rofl0r
commented
3 years ago usually one listens on "0.0.0.0" which means all interfaces. though i guess it wouldn't be hard to modify bind option to take a delimited list of addresses to listen on
Open olili opened 3 years ago
rofl0r
commented
3 years ago usually one listens on "0.0.0.0" which means all interfaces. though i guess it wouldn't be hard to modify bind option to take a delimited list of addresses to listen on
olili
commented
3 years ago thx.
But "-i 0.0.0.0" or simply skipping "-i" is not working on any of my 4 vpsmachines. It is not listening on these default ips.
-i ipv4 or -i ipv6 works as expected.
Any hint?
Am Sa., 7. Aug. 2021 um 01:58 Uhr schrieb rofl0r @.***>:
usually one listens on "0.0.0.0" which means all interfaces. though i guess it wouldn't be hard to modify bind option to take a delimited list of addresses to listen on
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rofl0r/microsocks/issues/39#issuecomment-894571231, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ5KIIZQZWKB3NZX4CESFB3T3RZLXANCNFSM5BWPKZKA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
olili
commented
3 years ago spent some more time for investigations. I'm running 4 VPSs (deb9, OVZ, different providers) and one deb10 bare ,etal machine. On all systems I face the following problems.
Listening to 0.0.0.0 seems not work . Listening to ipv4 or ipv6 secified with -i paramter is okay Listnenig to DNS (with A and AAAA record) only binds to ipv4 or ipv6, but not on both
"-b"-Binding to destination is on all my machines not working correctly. In most cases the b-Parameter is ignored and mostly the "receiving" address is re-used.
Oliver
rofl0r
commented
3 years ago Listening to 0.0.0.0 seems not work .
that's a bit vague.
can you show strace log of starting microsocks with -i 0.0.0.0 including one try to connect to it and what's visible in netstat -ltan | grep port (where "port" is whatever port number you requested)
olili
commented
3 years ago sure. Here you are:; ok, first I make the positiv probe with NOT-0.0.0.0 bound:
strace ./microsocks -i 2001:41d0:1:777c:200:c0a8:6695:0 and challenging with curl -6 -x socks5h://[2001:41d0:1:777c:200:c0a8:6695:0] from outside is working as expexted:
STRACE:
root@11456:~/microsocks# strace ./microsocks -i 2001:41d0:1:777c:200:c0a8:6695:0
execve("./microsocks", ["./microsocks", "-i", "2001:41d0:1:777c:200:c0a8:6695:0"], [/* 16 vars */]) = 0
brk(0) = 0x24a4000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f88d6581000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=70510, ...}) = 0
mmap(NULL, 70510, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f88d6563000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320n\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137384, ...}) = 0
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f88d6133000
mprotect(0x7f88d614b000, 2093056, PROT_NONE) = 0
mmap(0x7f88d634a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f88d634a000
mmap(0x7f88d634c000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f88d634c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0
mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f88d5d83000
mprotect(0x7f88d5f24000, 2097152, PROT_NONE) = 0
mmap(0x7f88d6124000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7f88d6124000
mmap(0x7f88d612a000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f88d612a000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f88d6580000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f88d657f000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f88d657e000
arch_prctl(ARCH_SET_FS, 0x7f88d657f700) = 0
mprotect(0x7f88d6124000, 16384, PROT_READ) = 0
mprotect(0x7f88d634a000, 4096, PROT_READ) = 0
mprotect(0x7f88d657b000, 4096, PROT_READ) = 0
munmap(0x7f88d6563000, 70510) = 0
set_tid_address(0x7f88d657f9d0) = 23423
set_robust_list(0x7f88d657f9e0, 24) = 0
rt_sigaction(SIGRTMIN, {0x7f88d61399b0, [], SA_RESTORER|SA_SIGINFO, 0x7f88d6142890}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f88d6139a40, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f88d6142890}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM64_INFINITY}) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTORER|SA_RESTART, 0x7f88d5db80e0}, {SIG_DFL, [], 0}, 8) = 0
brk(0) = 0x24a4000
brk(0x24c5000) = 0x24c5000
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(3, {sa_family=AF_INET6, sin6_port=htons(1080), inet_pton(AF_INET6, "2001:41d0:1:777c:200:c0a8:6695:0", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
listen(3, 128) = 0
accept(3, {sa_family=AF_INET6, sin6_port=htons(62510), inet_pton(AF_INET6, "2a02:8070:2180:f000:d0f2:ebba:e812:a065", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 4
mmap(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f88d6573000
mprotect(0x7f88d6573000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f88d6579ff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f88d657a9d0, tls=0x7f88d657a700, child_tidptr=0x7f88d657a9d0) = 23424
accept(3, client[4] 2a02:8070:2180:f000:d0f2:ebba:e812:a065: connected to ident.me:80root@11456:~# netstat -ltan | grep :1080
tcp6 0 0 2001:41d0:1:777c:2:1080 :::* LISTENWith binding to 0.0.0.0 and with curl -6 -x socks5h://[2001:41d0:1:777c:200:c0a8:6695:0] I get the following bahvior:
root@11456:~/microsocks# strace ./microsocks -i 0.0.0.0
execve("./microsocks", ["./microsocks", "-i", "0.0.0.0"], [/* 16 vars */]) = 0
brk(0) = 0x1bf2000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6cd572f000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=70510, ...}) = 0
mmap(NULL, 70510, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6cd570b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320n\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137384, ...}) = 0
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6cd52db000
mprotect(0x7f6cd52f3000, 2093056, PROT_NONE) = 0
mmap(0x7f6cd54f2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f6cd54f2000
mmap(0x7f6cd54f4000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6cd54f4000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0
mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f6cd4f2b000
mprotect(0x7f6cd50cc000, 2097152, PROT_NONE) = 0
mmap(0x7f6cd52cc000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7f6cd52cc000
mmap(0x7f6cd52d2000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6cd52d2000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6cd572e000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6cd572d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6cd572c000
arch_prctl(ARCH_SET_FS, 0x7f6cd572d700) = 0
mprotect(0x7f6cd52cc000, 16384, PROT_READ) = 0
mprotect(0x7f6cd54f2000, 4096, PROT_READ) = 0
mprotect(0x7f6cd5723000, 4096, PROT_READ) = 0
munmap(0x7f6cd570b000, 70510) = 0
set_tid_address(0x7f6cd572d9d0) = 23433
set_robust_list(0x7f6cd572d9e0, 24) = 0
rt_sigaction(SIGRTMIN, {0x7f6cd52e19b0, [], SA_RESTORER|SA_SIGINFO, 0x7f6cd52ea890}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f6cd52e1a40, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f6cd52ea890}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM64_INFINITY}) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTORER|SA_RESTART, 0x7f6cd4f600e0}, {SIG_DFL, [], 0}, 8) = 0
brk(0) = 0x1bf2000
brk(0x1c13000) = 0x1c13000
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(1080), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3, 128) = 0
accept(3,C:\Users\Oli\Desktop\curl>curl -6 -x socks5h://[2001:41d0:1:777c:200:c0a8:6695:0
] ident.me
curl: (7) Failed to connect to 2001:41d0:1:777c:200:c0a8:6695:0 port 1080 after
1078 ms: Connection refused
netstat -ltan | grep :1080 is delivering a listing "0.0.0.0"
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN
add. informaton:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop state DOWN
link/void
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 02:00:c0:a8:66:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.149/24 scope global eth0
inet6 2001:41d0:1:777c:200:c0a8:6695:0/112 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c0ff:fea8:6695/64 scope link
valid_lft forever preferred_lft forever
thanks for info. can you try each of those addresses for -i parameter and report back what's visible in netstat ? (also whether you can connect to v4 and v6 each).
::ffff:0.0.0.0 and ::.
if none of those work, we might want to experiment with setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 0)
olili
commented
3 years ago thx. "-i ::" provides a working binding to "0.0.0.0". So the listen issue is for me resolved with that. (By the way "::ffff:0.0.0.0" behaves like "0.0.0.0" and is not working.)
But I have still problems with the target binding/address. "-b ipv4" is not considered and ignored. Microsocks is still using the IPV6 port.
Any hint? Shall I provide for this issue some traces as well?
Add. Info -i :: netstat -ltan | grep :1080 tcp6 0 0 :::1080 :::* LISTEN -> Working as ecpected
-i ::ffff:0.0.0.0 netstat -ltan | grep :1080 tcp6 0 0 0.0.0.0:1080 :::* LISTEN -> not working, behaves like "-i 0.0.0.0"
rofl0r
commented
3 years ago -> Working as ecpected
means you can connect through both ipv4 and v6 ?
olili
commented
3 years ago yes. For deb9 and deb10 the "-i ::" is working. But as I wrote "-b IPv4" is still ignored. O.
Am Mo., 9. Aug. 2021 um 18:12 Uhr schrieb rofl0r @.***>:
-> Working as ecpected
means you can connect through both ipv4 and v6 ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rofl0r/microsocks/issues/39#issuecomment-895353147, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ5KII3H5PGL2DVKHRELRMTT375ABANCNFSM5BWPKZKA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
First of all great tool .
Is it possible to listen on 2 addresses at the same time? Eg. ipv4 and ipv6? Maybe even resolved by DNS (A and AAAA record)?
Thx. Oliver