Closed v20z closed 3 years ago
Here is the problem when compiling for FreeBSD: struct natLookup is for IPv4. bindaddr is defined as struct sockaddr_storage. To solve this problem, you need to statically cast bindaddr to struct sockaddr_in. Like:
natLookup.nl_inport = ((struct sockaddr_in *)bindaddr)->sin_port;
By changes like above, at least, you should be able to compile redsocks2 and make it work for IPv4 in FreeBSD.
Hello and thanks for rerply.
So I've pathed base.c file ike this:
--- base.c.bak 2020-07-05 14:40:16.000000000 +0500
+++ base.c 2020-10-26 17:56:13.239275000 +0500
@@ -146,10 +146,10 @@
obj.ipfo_offset = 0;
#endif
- natLookup.nl_inport = bindaddr->sin_port;
- natLookup.nl_outport = client->sin_port;
- natLookup.nl_inip = bindaddr->sin_addr;
- natLookup.nl_outip = client->sin_addr;
+ natLookup.nl_inport = ((struct sockaddr_in *)bindaddr)->sin_port;
+ natLookup.nl_outport = ((struct sockaddr_in *)client)->sin_port;
+ natLookup.nl_inip = ((struct sockaddr_in *)bindaddr)->sin_addr;
+ natLookup.nl_outip = ((struct sockaddr_in *)client)->sin_addr;
natLookup.nl_flags = IPN_TCP;
#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
x = ioctl(natfd, SIOCGNATL, &obj);
@@ -173,9 +173,9 @@
log_errno(LOG_WARNING, "ioctl(SIOCGNATL)\n");
return -1;
} else {
- destaddr->sin_family = AF_INET;
- destaddr->sin_port = natLookup.nl_realport;
- destaddr->sin_addr = natLookup.nl_realip;
+ ((struct sockaddr_in *)destaddr)->sin_family = AF_INET;
+ ((struct sockaddr_in *)destaddr)->sin_port = natLookup.nl_realport;
+ ((struct sockaddr_in *)destaddr)->sin_addr = natLookup.nl_realip;
return 0;
}
}
@@ -198,9 +198,9 @@
char clientaddr_str[INET6_ADDRSTRLEN], bindaddr_str[INET6_ADDRSTRLEN];
memset(&nl, 0, sizeof(struct pfioc_natlook));
- nl.saddr.v4addr.s_addr = client->sin_addr.s_addr;
+ nl.saddr.v4.s_addr = client->sin_addr.s_addr;
nl.sport = client->sin_port;
- nl.daddr.v4addr.s_addr = bindaddr->sin_addr.s_addr;
+ nl.daddr.v4.s_addr = bindaddr->sin_addr.s_addr;
nl.dport = bindaddr->sin_port;
nl.af = AF_INET;
nl.proto = IPPROTO_TCP;
@@ -217,9 +217,9 @@
goto fail;
}
}
- destaddr->sin_family = AF_INET;
+ ((struct sockaddr_in *)destaddr)->sin_family = AF_INET;
destaddr->sin_port = nl.rdport;
- destaddr->sin_addr = nl.rdaddr.v4addr;
+ destaddr->sin_addr = nl.rdaddr.v4;
return 0;
fail:
And then it compiles but tsarting with simpliest config:
base {
daemon = off;
log_info = on;
log_debug = on;
log = stderr;
redirector = generic;
}
redsocks {
bind = "127.0.0.1:1080";
relay = "127.0.0.1:11080";
type = socks5;
timeout = 10;
autoproxy = 0;
}
Fails with message
err redsocks.c:1011 redsocks_init_instance(...) bind: Invalid argument
@semigodking same here , after compiling with modified base.c , it doesn't work
redsocks_init_instance(...) bind: Invalid argument
For quite a long time, i have been not using FreeBSD. I will try it out when i have time.
I create a temporary fix. Could anyone try it out and report back? It is in freebsd branch. See commit 57296470b1c864c0c58e6170f2609f34c77d6323. If it does not work, try to config redsocks2 to use 'generic' as "redirector".
Hello Gentlemen.
Dear semigodking thanks for your attention.
Yes, I've downloaded freebsd branch and it now builds smoothly without patches and other fixes as it comes.
But when trying to start the result is the same, compiled executable exits immediately with the same message:
1606062984.453030 err redsocks.c:1011 redsocks_init_instance(...) bind: Invalid argument
The config still like mentioned earlier and redirector = generic;
now it can start, but again,i do not know if it work.
Yes, it works now with specified config for 1-2 days.
Please commit those changes to the main branch or merge branches later so that we can download directly from the main.
Thanks for your attention.
Great. I will merge those changes later. I appreciate if you could help me to update README for instructions to configure PF on FreeBSD for transparent proxy. Thank you.
I've used original redsocks on Mac in the past (before they retired ipfw in favor of pf) while visiting China to bypass GFW. Later I've switched to your version because you keep developing and additional features like autoproxy. Now I'm using it from time to time as a ready-made well configured solution. Then I usually redirect to stunnel to disguise requests to socks (name/password authorizing) server as plane https traffic.
I will also note that I'm building redsocks2 against LibreSSL because it is not compiling with OpenSSL 1.1 (maybe someday you will add support).
Configuration is trivial:
base {
daemon = on;
log_info = off;
log_debug = off;
user = redsocks;
group = redsocks;
redirector = generic;
}
redsocks {
bind = "127.0.0.1:1080";
relay = "127.0.0.1:11080";
type = socks5;
timeout = 10;
autoproxy = 1;
}
IPFW rule:
ipfw add fwd 127.0.0.1,1080 tcp from any to any not uid redsocks out via ext0
Where ext0 is outgoing inteface. Username/uid is used to distinguish already redirected traffic. 1080 is listen port and 11080 is stunnel port (which wraps into https and unwraps back).
stunnel local side:
[forward-socks-server]
client = yes
sni = socks-server
accept = localhost:11080
connect = IP.ADD.RE.SS:https
stunnel server side:
[TLS]
client = no
transparent = none
accept = IP.ADD.RE.SS:https
connect = localhost:http
...
[socks-server]
client = no
transparent = none
sni = TLS:socks-server
connect = localhost:socks
socks server (remote, dante with pam auth by name/pass):
debug: 0
errorlog: /var/opt/dante/sockd.err
logoutput: /var/opt/dante/sockd.log
internal: localhost port=1080
external: IP.ADD.RE.SS
user.privileged: root
user.notprivileged: nobody
clientmethod: none
socksmethod: pam.username
client pass {
from: 0/0 to: 0/0
log: error
}
socks pass {
from: 0/0 to: 0/0
log: connect disconnect error
}
Thank you for your continued development and support.
Hello dear Semigodking.
Please take a look. Latest GIT repo cause failure building on FreeBSD 12.2:
Thank You.