search

semigodking / redsocks

transparent redirector of any TCP/UDP connection to proxy
Apache License 2.0
1.17k stars 247 forks source link

commit c8e1e6c cause run Segmentation fault #199

Closed rampageX closed 5 months ago

rampageX commented 5 months ago

I try OpenSSL, PolarSSL, static or not, build native or cross compile in Alpine, all run with Segmentation fault, roll back to 0.67-36-g1951b49 is fine.

BTW: run redsocks2 -v is fine but not redsocks2 -c ....

System: Linux RT-AC5300 2.6.36.4brcmarm #8 SMP PREEMPT Sun May 19 13:36:50 CEST 2024 armv7l GNU/Linux OS: Tomato

semigodking commented 5 months ago

Can you please provide more details? On which platform with what kind of configuration.

On Wed, May 29, 2024, 19:46 rampageX @.***> wrote:

I try OpenSSL, PolarSSL, static or not, all run with Segmentation fault, roll back to 0.67-36-g1951b49 is fine.

BTW: run redsocks2 -v is fine but not redsocks2 -c ....

— Reply to this email directly, view it on GitHub https://github.com/semigodking/redsocks/issues/199, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAP2XD77NB63PZ2OCNXTSW3ZEW5YZAVCNFSM6AAAAABIOYN5DKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDGMJRGYZDKNA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

rampageX commented 5 months ago

It's a ASUS Router RT-AC5300 run on Tomato firmware, based on Linux kernel 2.6.36.

Config:

base {
    user = root;
    group = root;
    log_debug = off;
    log_info = off;
    log = stderr;
    daemon = on;
    redirector = iptables;
}

//Work with glider
redsocks {
    bind = "192.168.2.1:8095";
    relay = "192.168.2.20:7575";
    type = socks5;
    autoproxy = 0;
    timeout = 1;
}
//Work with glider automode
redsocks {
    bind = "192.168.2.1:8905";
    relay = "192.168.2.20:7575";
    type = socks5;
    autoproxy = 1;
    timeout = 1;
}
//Work with tor
redsocks {
    bind = "192.168.2.1:9040";
    relay = "192.168.2.20:9050";
    type = socks5;
    autoproxy = 0;
    timeout = 6;
}

autoproxy {
    no_quick_check_seconds = 3600; // Directly relay traffic to proxy if an IP
                                 // is found blocked in cache and it has been
                                 // added into cache no earlier than this
                                 // specified number of seconds. 3600
                                 // Set it to 0 if you do not want to perform
                                 // quick check when an IP is found in blocked
                                 // IP cache, thus the connection will be
                                 // redirected to proxy immediately.
    quick_connect_timeout = 1;   // Timeout value when performing quick
                                 // connection check if an IP is found blocked
                                 // in cache. 3
}

ipcache {
    // Configure IP cache
    cache_size = 16;   // Maximum number of IP's in 1K.
    stale_time = 86400; // Seconds to stale an IP in cache since it is added
                      // into cahce.
                      // Set it to 0 to disable cache stale.
    port_check = 1;   // Whether to distinguish port number in address
    cache_file = "/tmp/ipcache.txt"; // File used to store blocked IP's in cache.
    autosave_interval = 3600; // Interval for saving ip cache into file.
                              // Set it to 0 to disable autosave.
    // When autosave_interval and stale_time are both 0, IP cache behaves like
    // a static blacklist.
}
semigodking commented 5 months ago

Could you try not to compile with SSL? The change has nothing to do with SSL. Meanwhile, you config also is not relate with SSL.

rampageX commented 5 months ago

Could you try not to compile with SSL? The change has nothing to do with SSL. Meanwhile, you config also is not relate with SSL.

How to compile without SSL? As i know it will use OpenSSL or PolarSSL? Are you means HTTPS? I do compile without HTTPS but still got Segmentation fault.

make -j6 CC="distcc arm-linux-gcc" CXX="distcc arm-linux-g++" V=1 ENABLE_STATIC=true DISABLE_SHADOWSOCKS=true USE_CRYPTO_POLARSSL=true

semigodking commented 5 months ago

I compiled and runs on ARM without any problem. Maybe you could try make CC="distcc arm-linux-gcc" CXX="distcc arm-linux-g++" V=1 ENABLE_STATIC=true DISABLE_SHADOWSOCKS=true.

rampageX commented 5 months ago

I compiled and runs on ARM without any problem. Maybe you could try make CC="distcc arm-linux-gcc" CXX="distcc arm-linux-g++" V=1 ENABLE_STATIC=true DISABLE_SHADOWSOCKS=true.

I tied, still got no luck. Which toolchina are you use? I think it will be musl-libc problem because the native compile env on router and cross compile on Alpine all based on musl-libc.

I trid checkout the source of old working executable file commit version then compile again, not work. So it is very likely a problem with the musl toolchian, because the executable file that works is compiled under uClibc toolchian.

rampageX commented 5 months ago

I can confirm is musl-libc toolchian problem. I switch to uClibc toolchian then compile again, everything is woking now.

But there is still a question, many other programs have no problem compiling with musl, why here?

semigodking commented 5 months ago

Thank you for your support! I will investigate this. I recall it was compatible with musl. Not sure when it was broken.

semigodking commented 5 months ago

It works with MUSL. Maybe due to different kernel version. I compiled it in alpine.

The command below fails when build with make DISABLE_SHADOWSOCKS=1.

cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -o redsocks2 parser.o main.o redsocks.o log.o direct.o ipcache.o autoproxy.o http-connect.o socks4.o socks5.o http-relay.o base.o base64.o md5.o http-auth.o utils.o redudp.o socks5-udp.o tcpdns.o gen/version.o  -levent -lssl  -lcrypto -ldl

Just run it again like below:

cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -o redsocks2 parser.o main.o redsocks.o log.o direct.o ipcache.o autoproxy.o http-connect.o socks4.o socks5.o http-relay.o base.o base64.o md5.o http-auth.o utils.o redudp.o socks5-udp.o tcpdns.o gen/version.o  -levent -lssl

Then, the compile will success. I am able to run it with your config file.

/redsocks # ldd redsocks2
        /lib/ld-musl-aarch64.so.1 (0xffffb2006000)
        libevent-2.1.so.7 => /usr/lib/libevent-2.1.so.7 (0xffffb1f63000)
        libc.musl-aarch64.so.1 => /lib/ld-musl-aarch64.so.1 (0xffffb2006000)
/redsocks # ps
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/sh
  191 root      0:00 ./redsocks2 -c a.conf
  195 root      0:00 ps
/redsocks #
rampageX commented 5 months ago

Maybe the Tomato firmware linux kernel version 2.6.36 is too low.

Close for now, thanks for your help.