[Feature Request] Support UDS and vsock

[ghost]

 -proxy string
        Use this proxy [protocol://]host[:port]

Request for support where host[:port] is optionally a unix domain socket path.

socks5 being served over uds (ex. tor socks5 uds mode)

this will allow the creation of fully isolated network namespaces that have a tun0 interface forced through socks5 (over uds) and no other routing possible even with human error.

Request for support where host[:port] is optionally a vsock:cid:port serving socks5 from a host to a guest vm. vm guest turns socks5 service provided over vsock by host

https://github.com/mdlayher/vsock

current workaround which involves additional latency and cpu cycles (additional userland<->kernel context switches) is socat: http://www.dest-unreach.org/socat/doc/socat.html

[xjasonlyu]

Hi, does UDS+vsock support socks5/UDP transport?

[ghost]

Hi, does UDS+vsock support socks5/UDP transport?

Both UDS and vsock have datagram variants, but I do not believe this should be relevant here because socks5 apparently makes UDP requests only when requested over TCP first - socks5 servers are not listening on UDP unless requested, and requests can be not granted.

When a client wants to relay UDP traffic over the SOCKS5 proxy, the client makes a UDP associate request over the TCP. SOCKS5 server then returns an available UDP port to the client to send UDP packages to.

Client then starts sending the UDP packages that needs to be relayed to the new UDP port that is available on SOCKS5 server. SOCKS5 server redirects these UDP packages to the remote server and redirects the UDP packages coming from the remote server back to the client.

When client wants to terminate the connection, it sends a FIN package over the TCP. The SOCKS5 server then terminates the UDP connection created for the client and then terminates the TCP connection.

https://stackoverflow.com/questions/14043348/how-can-i-send-udp-packets-over-socks-proxy

So it seems like there is probably no way to get UDP to work over a UDS socks5 proxy. Not unless both the server and the client modify the protocol to accept UDS datagram paths instead of ip:port when it comes to handling UDP, which is on no one's todo.

[xjasonlyu]

Correct, socks5 TCP implementation in UDS is feasible, but UDP support seems not quite possible.

Is there any SOCKS5 servers that support UDS except tor?

[ghost]

This appears like a niche usecase for a service which bridges socks5 locally to some remote location over a non-socks5 protocol. And is of a mind to support UDS. I'm aware of only tor. Though even services which don't support UDS natively can be redirected to UDS using third party software to achieve security via filesystem permissions.

The same can be also be done to tun2socks, native support would merely avoid additional overhead.

[xjasonlyu]

Let me see what I can do

[xjasonlyu]

I can't figure out how to enable UDS socks for tor in macOS, do you have any ideas?

[ghost]

My familiarity with Apple is non-existent, but I know the kernel is forked from some old BSD so it must have UDS and a brief search found this:

http://www.golangdevops.com/2021/01/27/uds-unix-domain-socket-packages/

Maybe it will help.

[xjasonlyu]

OK, I mean, is there any way to enable UDS for tor. I don't see any args or config or manual something...

[ghost]

Oh I misread my bad It's in the torrc manual: https://2019.www.torproject.org/docs/tor-manual.html.en

SOCKSPort unix:/path/to/uds  WorldWritable
ControlPort unix:/path/to/uds WorldWritable RelaxDirModeCheck

If this doesn't work this means the tor project doesn't support UDS on OSX.

[xjasonlyu]

Oh, I see.

[xjasonlyu]

Experimental socks5 over UDS support: https://github.com/xjasonlyu/tun2socks/commit/07ce5e64224fac62d5430ea9dbb6c474ab4ecf15