From 894978e8ccd881f9f7bc320f03d49df9b304c34a Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Tue, 7 May 2013 17:00:38 -0700 Subject: [PATCH 01/14] Fix void function returning a value in the configure script --- configure | 2 +- configure.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index cf8c8e3..06610fb 100755 --- a/configure +++ b/configure @@ -4297,7 +4297,7 @@ cat >>conftest.$ac_ext <<_ACEOF void init_routine() { - return(0); + return; } main() { diff --git a/configure.in b/configure.in index 432d812..01ebe89 100644 --- a/configure.in +++ b/configure.in @@ -152,7 +152,7 @@ if test "$thread" != "no"; then void init_routine() { - return(0); + return; } main() { From 68fba54be00175f2416ea287c89e15b55680dddb Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Tue, 7 May 2013 17:08:40 -0700 Subject: [PATCH 02/14] use allow_severity/deny_severity on Solaris, too --- main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.c b/main.c index fd84591..12df284 100644 --- a/main.c +++ b/main.c @@ -59,7 +59,7 @@ int same_interface = 0; #ifdef HAVE_LIBWRAP int use_tcpwrap = 0; # include -# ifdef LINUX +# if defined(LINUX) || defined(SOLARIS) int allow_severity = LOG_AUTH|LOG_INFO; int deny_severity = LOG_AUTH|LOG_NOTICE; # endif /* LINUX */ From f42f2bf9a205921d44a05f5c5a66bb21205475ae Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Tue, 7 May 2013 17:11:07 -0700 Subject: [PATCH 03/14] allow SIGINT in foreground mode --- main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/main.c b/main.c index 12df284..2c165c6 100644 --- a/main.c +++ b/main.c @@ -169,7 +169,8 @@ int serv_loop() #ifdef USE_THREAD if (threading) { blocksignal(SIGHUP); - blocksignal(SIGINT); + if (!fg) + blocksignal(SIGINT); blocksignal(SIGUSR1); } #endif @@ -651,7 +652,10 @@ int main(int ac, char **av) } setsignal(SIGHUP, reload); - setsignal(SIGINT, SIG_IGN); + if (fg) + setsignal(SIGINT, cleanup); + else + setsignal(SIGINT, SIG_IGN); setsignal(SIGQUIT, SIG_IGN); setsignal(SIGILL, SIG_IGN); setsignal(SIGTRAP, SIG_IGN); From 15c4e3739cf1ee03e981909849ace6daf46d5252 Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Tue, 7 May 2013 17:14:00 -0700 Subject: [PATCH 04/14] break in wrong place in lookup_tbl --- socks.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/socks.c b/socks.c index 2af027e..01543fb 100644 --- a/socks.c +++ b/socks.c @@ -1534,9 +1534,10 @@ int lookup_tbl(SOCKS_STATE *state) if ( addr.atype != proxy_tbl[i].dest.atype ) continue; if (addr_comp(&addr, &(proxy_tbl[i].dest), - proxy_tbl[i].mask) == 0) + proxy_tbl[i].mask) == 0) { match++; - break; + break; + } } if ( match ) break; From b149bad0c90aeb5e610c9406128c6b4284351ecb Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Wed, 8 May 2013 13:38:24 -0700 Subject: [PATCH 05/14] syslog adds a newline if one is not present, msg_out should do the same when output is not going to syslog --- get-bind.c | 12 ++++++------ main.c | 13 ++++++++----- readconf.c | 2 +- util.c | 3 +++ 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/get-bind.c b/get-bind.c index ee1123c..8abc5f2 100644 --- a/get-bind.c +++ b/get-bind.c @@ -423,7 +423,7 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", h->nlmsg_pid, h->nlmsg_seq); */ len = h->nlmsg_len; @@ -437,11 +437,11 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) /* if (tb[RTA_DST]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_DST]), str, sizeof(str)); - msg_out(norm, "DST %s\n", str); + msg_out(norm, "DST %s", str); } if (tb[RTA_GATEWAY]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_GATEWAY]), str, sizeof(str)); - msg_out(norm, "GW %s\n", str); + msg_out(norm, "GW %s", str); } */ if (tb[RTA_OIF]) { @@ -501,7 +501,7 @@ int get_ifconf(int index, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", h->nlmsg_pid, h->nlmsg_seq); */ while (NLMSG_OK(h, status)) { @@ -519,7 +519,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* char str[128]; inet_ntop(AF_INET, RTA_DATA(tb[IFA_ADDRESS]), str, sizeof(str)); - msg_out(norm, "ADDRESS %s\n", str); + msg_out(norm, "ADDRESS %s", str); */ ba->ai_family = AF_INET; /* IPv4 */ ba->ai_socktype = SOCK_STREAM; @@ -533,7 +533,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* if (tb[IFA_LOCAL]) { unsigned *d = RTA_DATA(tb[IFA_LOCAL]); - msg_out(norm, "LOCAL %08x\n", *d); + msg_out(norm, "LOCAL %08x", *d); } */ } diff --git a/main.c b/main.c index 2c165c6..4f4ff08 100644 --- a/main.c +++ b/main.c @@ -419,7 +419,7 @@ int main(int ac, char **av) /* create service socket table (malloc) */ if (serv_init(NULL) < 0) { - msg_out(crit, "cannot malloc: %m\n"); + msg_out(crit, "cannot malloc: %m"); exit(-1); } @@ -444,7 +444,7 @@ int main(int ac, char **av) if ( uid != 0 ) { /* process does not started by root */ msg_out(warn, "uid == %d (!=0)," - "user/pass auth will not work, ignored.\n", + "user/pass auth will not work, ignored.", uid); break; } @@ -481,7 +481,7 @@ int main(int ac, char **av) case 'i': if (optarg != NULL) { if (serv_init(optarg) < 0) { - msg_out(warn, "cannot init server socket(-i %s): %m\n", optarg); + msg_out(warn, "cannot init server socket(-i %s): %m", optarg); break; } } @@ -565,6 +565,9 @@ int main(int ac, char **av) ac -= optind; av += optind; + if (fg && !forcesyslog && isatty(fileno(stderr))) + setvbuf(stderr, NULL, _IOLBF, 0); + if ((fp = fopen(config, "r")) != NULL) { if (readconf(fp) != 0) { /* readconf error */ @@ -585,7 +588,7 @@ int main(int ac, char **av) if (serv_sock_ind == 0) { /* no valid ifs yet */ if (serv_init(":") < 0) { /* use default */ /* fatal */ - msg_out(crit, "cannot open server socket\n"); + msg_out(crit, "cannot open server socket"); exit(1); } } @@ -594,7 +597,7 @@ int main(int ac, char **av) if ( ! threading ) { #endif if (queue_init() != 0) { - msg_out(crit, "cannot init signal queue\n"); + msg_out(crit, "cannot init signal queue"); exit(1); } #ifdef USE_THREAD diff --git a/readconf.c b/readconf.c index be9ab00..8fedcd6 100644 --- a/readconf.c +++ b/readconf.c @@ -339,7 +339,7 @@ void add_entry(ROUTE_INFO *r, ROUTE_INFO *t, int ind) void parse_err(int sev, int line, char *msg) { - msg_out(sev, "%s: line %d: %s\n", CONFIG, line, msg); + msg_out(sev, "%s: line %d: %s", CONFIG, line, msg); } int str_to_addr(char *addr, bin_addr *dest) diff --git a/util.c b/util.c index cc86532..a76f2ec 100644 --- a/util.c +++ b/util.c @@ -66,6 +66,9 @@ void msg_out(int severity, const char *fmt, ...) va_start(ap, fmt); if (fg && !forcesyslog && isatty(fileno(stderr))) { vfprintf(stderr, fmt, ap); + /* syslog adds a newline if one is not present, do the same here */ + if (fmt[strlen(fmt) - 1] != '\n') + putc('\n', stderr); } else { vsyslog(priority, fmt, ap); } From 7fa0692b9fd638250ad867d0c498d5875bddcccf Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Wed, 8 May 2013 15:05:52 -0700 Subject: [PATCH 06/14] bump max number of threads to 128 --- srelay.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srelay.h b/srelay.h index ae19b30..9716533 100644 --- a/srelay.h +++ b/srelay.h @@ -165,7 +165,7 @@ extern int threading; # else # define THREAD_LIMIT 1 /* wooo !!! */ # endif -# define MAX_THREAD (THREAD_LIMIT > 64 ? 64 : THREAD_LIMIT) +# define MAX_THREAD (THREAD_LIMIT > 128 ? 128 : THREAD_LIMIT) # define MUTEX_LOCK(mutex) \ if (threading) { \ From c9c0faa40cbcbebe36bddd68a0d8f2fc7d0c2bf5 Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Wed, 8 May 2013 15:08:43 -0700 Subject: [PATCH 07/14] fix typo --- socks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/socks.c b/socks.c index 01543fb..59dfb65 100644 --- a/socks.c +++ b/socks.c @@ -559,7 +559,7 @@ int proxy_connect(SOCKS_STATE *state) /* relay method must not be DIRECT */ /* forward socket should not be connected yet */ if (state->rtbl.rl_meth < 1 || state->r >= 0) { - /* shoud not be here */ + /* should not be here */ GEN_ERR_REP(state->s, state->sr.ver); return(-1); } From eaf9942c51d693380c5faa76254b2c21b9f924b0 Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Wed, 8 May 2013 15:09:16 -0700 Subject: [PATCH 08/14] don't ignore SIGBUS/SIGSEGV/SIGFPE --- main.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/main.c b/main.c index 4f4ff08..06ca168 100644 --- a/main.c +++ b/main.c @@ -666,9 +666,6 @@ int main(int ac, char **av) #ifdef SIGEMT setsignal(SIGEMT, SIG_IGN); #endif - setsignal(SIGFPE, SIG_IGN); - setsignal(SIGBUS, SIG_IGN); - setsignal(SIGSEGV, SIG_IGN); setsignal(SIGSYS, SIG_IGN); setsignal(SIGPIPE, SIG_IGN); setsignal(SIGALRM, SIG_IGN); From 3b2b0ff7eb22c61b5465db1a2dfe9b9d814ab046 Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Thu, 27 Jun 2013 12:43:06 -0700 Subject: [PATCH 09/14] Create README.md --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..1945199 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +Srelay - the SOCKS proxy and Relay +================================== + +Imported from [sourceforge](http://socks-relay.sourceforge.net/). + +What is it? +============ + +* Srelay is a socks 4/5 protocol proxy server. +* Supports socks connect/bind request in the protocol v4, v4a, and v5. +* Supports socks server chaining with both v4 and v5 servers. +* Supports Username/Password authentication in v5 (not recommended). +* Testing on FreeBSD 8.1R, Solaris 8, 10, Linux-i386, MacOS 10.5. +* Supports IPv6 as well as IPv4. +* Srelay is Free. + +Documents +========= + +Config Sample: [basic config](http://socks-relay.sourceforge.net/samples.html) + +References +========== +(These document links do not assure the compliancy of this software. Yeah, indeed.) +[SOCKS Protocol Version 4](http://socks-relay.sourceforge.net/socks4.protocol.txt) +[SOCKS Protocol Version 4A socks 4a](http://socks-relay.sourceforge.net/socks4a.protocol.txt) +SOCKS Protocol Version 5 [RFC 1928](http://www.ietf.org/rfc/rfc1928.txt) +Username/Password Authentication for SOCKS V5 [RFC 1929](http://www.ietf.org/rfc/rfc1929.txt) From c94ee9e4ac07ecfa3bec2ebae145281b3fa30194 Mon Sep 17 00:00:00 2001 From: Greg Onufer Date: Thu, 27 Jun 2013 12:43:46 -0700 Subject: [PATCH 10/14] Update README.md --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1945199..0b5afe7 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,8 @@ Config Sample: [basic config](http://socks-relay.sourceforge.net/samples.html) References ========== (These document links do not assure the compliancy of this software. Yeah, indeed.) -[SOCKS Protocol Version 4](http://socks-relay.sourceforge.net/socks4.protocol.txt) -[SOCKS Protocol Version 4A socks 4a](http://socks-relay.sourceforge.net/socks4a.protocol.txt) -SOCKS Protocol Version 5 [RFC 1928](http://www.ietf.org/rfc/rfc1928.txt) -Username/Password Authentication for SOCKS V5 [RFC 1929](http://www.ietf.org/rfc/rfc1929.txt) + +* [SOCKS Protocol Version 4](http://socks-relay.sourceforge.net/socks4.protocol.txt) +* [SOCKS Protocol Version 4A socks 4a](http://socks-relay.sourceforge.net/socks4a.protocol.txt) +* SOCKS Protocol Version 5 [RFC 1928](http://www.ietf.org/rfc/rfc1928.txt) +* Username/Password Authentication for SOCKS V5 [RFC 1929](http://www.ietf.org/rfc/rfc1929.txt) From 37164ebe0b5b3e293eeb796b10aadf645e873fa2 Mon Sep 17 00:00:00 2001 From: phoeagon Date: Thu, 15 Jan 2015 20:06:10 +0800 Subject: [PATCH 11/14] add prioritized & randomized downstream balancing when multiple rules apply --- Changes | 8 +---- INSTALL | 2 +- Makefile.in | 2 +- auth-pwd.c | 2 +- configure | 2 +- configure.in | 4 +-- get-bind.c | 14 ++++---- init.c | 2 +- main.c | 48 +++++++++++++++------------- readconf.c | 4 +-- relay.c | 2 +- scripts/rc.srelay | 2 +- scripts/srelay.sh | 2 +- scripts/svc-srelay | 2 +- socks.c | 80 +++++++++++++++++++++++++++++++++++++++++----- srelay.8 | 2 +- srelay.conf | 17 +++------- srelay.h | 7 ++-- srelay.passwd | 2 +- util.c | 31 +++++++----------- v6defs.h | 2 +- 21 files changed, 141 insertions(+), 96 deletions(-) diff --git a/Changes b/Changes index 89e219c..161eb02 100644 --- a/Changes +++ b/Changes @@ -1,13 +1,7 @@ # # Changes -# $Id$ +# $Id: Changes,v 1.16 2010/10/30 03:02:38 bulkstream Exp $ # - -0.4.8b6 (2013/03/11) - + An option '-q' (be quiet) added. - + from now, config address pattern '*' matches any address, regardless of - address type (i.e. IPv4, IPv6, FQDN). - 0.4.8b3 (2010/10/30) + initial UDP support 0.4.8b1 (2010/10/18) diff --git a/INSTALL b/INSTALL index f4f8c46..0895732 100644 --- a/INSTALL +++ b/INSTALL @@ -1,5 +1,5 @@ The srelay Installation Tips. - $Id$ + $Id: INSTALL,v 1.4 2009/09/04 08:29:40 bulkstream Exp $ o How to build and install diff --git a/Makefile.in b/Makefile.in index bf770e9..71bd59c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,6 +1,6 @@ # # Makefile -# $Id$ +# $Id: Makefile.in,v 1.6 2009/12/08 08:38:38 bulkstream Exp $ # SHELL = /bin/sh diff --git a/auth-pwd.c b/auth-pwd.c index e21849b..0bff2e6 100644 --- a/auth-pwd.c +++ b/auth-pwd.c @@ -1,6 +1,6 @@ /* auth-pwd.c - $Id$ + $Id: auth-pwd.c,v 1.13 2010/10/18 05:17:51 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. diff --git a/configure b/configure index 06610fb..cf8c8e3 100755 --- a/configure +++ b/configure @@ -4297,7 +4297,7 @@ cat >>conftest.$ac_ext <<_ACEOF void init_routine() { - return; + return(0); } main() { diff --git a/configure.in b/configure.in index 01ebe89..9db3625 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id$ +dnl $Id: configure.in,v 1.10 2010/12/20 14:11:14 bulkstream Exp $ AC_INIT(main.c) AC_CONFIG_HEADER(config.h) AC_CANONICAL_TARGET @@ -152,7 +152,7 @@ if test "$thread" != "no"; then void init_routine() { - return; + return(0); } main() { diff --git a/get-bind.c b/get-bind.c index 8abc5f2..a604203 100644 --- a/get-bind.c +++ b/get-bind.c @@ -1,6 +1,6 @@ /* get-bind.c: - $Id$ + $Id: get-bind.c,v 1.10 2010/10/18 05:17:51 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -423,7 +423,7 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", h->nlmsg_pid, h->nlmsg_seq); */ len = h->nlmsg_len; @@ -437,11 +437,11 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) /* if (tb[RTA_DST]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_DST]), str, sizeof(str)); - msg_out(norm, "DST %s", str); + msg_out(norm, "DST %s\n", str); } if (tb[RTA_GATEWAY]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_GATEWAY]), str, sizeof(str)); - msg_out(norm, "GW %s", str); + msg_out(norm, "GW %s\n", str); } */ if (tb[RTA_OIF]) { @@ -501,7 +501,7 @@ int get_ifconf(int index, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", h->nlmsg_pid, h->nlmsg_seq); */ while (NLMSG_OK(h, status)) { @@ -519,7 +519,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* char str[128]; inet_ntop(AF_INET, RTA_DATA(tb[IFA_ADDRESS]), str, sizeof(str)); - msg_out(norm, "ADDRESS %s", str); + msg_out(norm, "ADDRESS %s\n", str); */ ba->ai_family = AF_INET; /* IPv4 */ ba->ai_socktype = SOCK_STREAM; @@ -533,7 +533,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* if (tb[IFA_LOCAL]) { unsigned *d = RTA_DATA(tb[IFA_LOCAL]); - msg_out(norm, "LOCAL %08x", *d); + msg_out(norm, "LOCAL %08x\n", *d); } */ } diff --git a/init.c b/init.c index 5dbdb3d..235d7c6 100644 --- a/init.c +++ b/init.c @@ -1,6 +1,6 @@ /* init.c - $Id$ + $Id: init.c,v 1.10 2010/12/20 14:12:00 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. diff --git a/main.c b/main.c index 06ca168..4965dae 100644 --- a/main.c +++ b/main.c @@ -1,6 +1,6 @@ /* main.c: - $Id$ + $Id: main.c,v 1.22 2010/12/20 14:12:00 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -59,13 +59,15 @@ int same_interface = 0; #ifdef HAVE_LIBWRAP int use_tcpwrap = 0; # include -# if defined(LINUX) || defined(SOLARIS) +# ifdef LINUX int allow_severity = LOG_AUTH|LOG_INFO; int deny_severity = LOG_AUTH|LOG_NOTICE; # endif /* LINUX */ extern int hosts_ctl __P((char *, char *, char *, char *)); #endif /* HAVE_LIBWRAP */ +int prioritize_downstreams = 0; /* If multiple apply, pick by priorities.*/ +int random_downstream = 0; /* If multiple rules apply, pick a random one. */ int max_child; int cur_child; @@ -99,6 +101,8 @@ void usage() "\t-a np\tauth methods n: no, p:pass\n" "\t-u file\tsrelay password file\n" "\t-f\trun into foreground\n" + "\t-P\tmaintain priority list of downstreams when multiple apply, implies -R\n" + "\t-R\tpick a random downstream if multiply fits\n" "\t-r\tresolve client name in log\n" "\t-s\tforce logging to syslog\n" "\t-t\tdisable threading\n" @@ -108,7 +112,6 @@ void usage() "\t-w\tuse tcp_wrapper access control\n" #endif /* HAVE_LIBWRAP */ "\t-I\tinetd mode\n" - "\t-q\twill be quiet\n" "\t-v\tshow version and exit\n" "\t-h\tshow this help and exit\n"); exit(1); @@ -169,8 +172,7 @@ int serv_loop() #ifdef USE_THREAD if (threading) { blocksignal(SIGHUP); - if (!fg) - blocksignal(SIGINT); + blocksignal(SIGINT); blocksignal(SIGUSR1); } #endif @@ -419,7 +421,7 @@ int main(int ac, char **av) /* create service socket table (malloc) */ if (serv_init(NULL) < 0) { - msg_out(crit, "cannot malloc: %m"); + msg_out(crit, "cannot malloc: %m\n"); exit(-1); } @@ -432,7 +434,7 @@ int main(int ac, char **av) openlog(ident, LOG_PID | LOG_NDELAY, SYSLOGFAC); - while((ch = getopt(ac, av, "a:c:i:J:m:o:p:u:frstbwgIqvh?")) != -1) + while((ch = getopt(ac, av, "a:c:i:J:m:o:p:u:fRPrstbwgIvh?")) != -1) switch (ch) { case 'a': if (optarg != NULL) { @@ -444,7 +446,7 @@ int main(int ac, char **av) if ( uid != 0 ) { /* process does not started by root */ msg_out(warn, "uid == %d (!=0)," - "user/pass auth will not work, ignored.", + "user/pass auth will not work, ignored.\n", uid); break; } @@ -466,6 +468,15 @@ int main(int ac, char **av) bind_restrict = 0; break; + case 'P': + prioritize_downstreams = 1; + random_downstream = 1; + break; + + case 'R': + random_downstream = 1; + break; + case 'c': if (optarg != NULL) { config = strdup(optarg); @@ -481,7 +492,7 @@ int main(int ac, char **av) case 'i': if (optarg != NULL) { if (serv_init(optarg) < 0) { - msg_out(warn, "cannot init server socket(-i %s): %m", optarg); + msg_out(warn, "cannot init server socket(-i %s): %m\n", optarg); break; } } @@ -548,10 +559,6 @@ int main(int ac, char **av) inetd_mode = 1; break; - case 'q': - be_quiet = 1; - break; - case 'v': show_version(); exit(1); @@ -565,9 +572,6 @@ int main(int ac, char **av) ac -= optind; av += optind; - if (fg && !forcesyslog && isatty(fileno(stderr))) - setvbuf(stderr, NULL, _IOLBF, 0); - if ((fp = fopen(config, "r")) != NULL) { if (readconf(fp) != 0) { /* readconf error */ @@ -588,7 +592,7 @@ int main(int ac, char **av) if (serv_sock_ind == 0) { /* no valid ifs yet */ if (serv_init(":") < 0) { /* use default */ /* fatal */ - msg_out(crit, "cannot open server socket"); + msg_out(crit, "cannot open server socket\n"); exit(1); } } @@ -597,7 +601,7 @@ int main(int ac, char **av) if ( ! threading ) { #endif if (queue_init() != 0) { - msg_out(crit, "cannot init signal queue"); + msg_out(crit, "cannot init signal queue\n"); exit(1); } #ifdef USE_THREAD @@ -655,10 +659,7 @@ int main(int ac, char **av) } setsignal(SIGHUP, reload); - if (fg) - setsignal(SIGINT, cleanup); - else - setsignal(SIGINT, SIG_IGN); + setsignal(SIGINT, SIG_IGN); setsignal(SIGQUIT, SIG_IGN); setsignal(SIGILL, SIG_IGN); setsignal(SIGTRAP, SIG_IGN); @@ -666,6 +667,9 @@ int main(int ac, char **av) #ifdef SIGEMT setsignal(SIGEMT, SIG_IGN); #endif + setsignal(SIGFPE, SIG_IGN); + setsignal(SIGBUS, SIG_IGN); + setsignal(SIGSEGV, SIG_IGN); setsignal(SIGSYS, SIG_IGN); setsignal(SIGPIPE, SIG_IGN); setsignal(SIGALRM, SIG_IGN); diff --git a/readconf.c b/readconf.c index 8fedcd6..5aed3f1 100644 --- a/readconf.c +++ b/readconf.c @@ -1,6 +1,6 @@ /* readconf.c: - $Id$ + $Id: readconf.c,v 1.16 2010/11/05 02:13:12 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -339,7 +339,7 @@ void add_entry(ROUTE_INFO *r, ROUTE_INFO *t, int ind) void parse_err(int sev, int line, char *msg) { - msg_out(sev, "%s: line %d: %s", CONFIG, line, msg); + msg_out(sev, "%s: line %d: %s\n", CONFIG, line, msg); } int str_to_addr(char *addr, bin_addr *dest) diff --git a/relay.c b/relay.c index 112b22b..e73cf16 100644 --- a/relay.c +++ b/relay.c @@ -1,6 +1,6 @@ /* relay.c: - $Id$ + $Id: relay.c,v 1.20 2010/11/05 02:13:12 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. diff --git a/scripts/rc.srelay b/scripts/rc.srelay index 2983b9f..e3ef865 100755 --- a/scripts/rc.srelay +++ b/scripts/rc.srelay @@ -1,7 +1,7 @@ #!/bin/bash # startup script for srelay # Tomo.M -# $Id$ +# $Id: rc.srelay,v 1.1 2009/09/02 13:41:40 bulkstream Exp $ # chkconfig: 345 99 0 # description: Srelay is a SOCKS proxy. diff --git a/scripts/srelay.sh b/scripts/srelay.sh index 1f1bbac..7df377b 100755 --- a/scripts/srelay.sh +++ b/scripts/srelay.sh @@ -1,7 +1,7 @@ #!/bin/sh # startup script for srelay # srelay_enable="Yes" in /etc/rc.conf needed for enable. -# $Id$ +# $Id: srelay.sh,v 1.1 2009/09/02 13:41:40 bulkstream Exp $ # Tomo.M # PROVIDE: srelay diff --git a/scripts/svc-srelay b/scripts/svc-srelay index b693431..21d47b9 100755 --- a/scripts/svc-srelay +++ b/scripts/svc-srelay @@ -1,6 +1,6 @@ #!/bin/sh # startup script for srelay -# $Id$ +# $Id: svc-srelay,v 1.1 2009/09/02 13:41:40 bulkstream Exp $ # Tomo.M name="srelay" diff --git a/socks.c b/socks.c index 59dfb65..1b70ba8 100644 --- a/socks.c +++ b/socks.c @@ -1,6 +1,6 @@ /* socks.c: - $Id$ + $Id: socks.c,v 1.27 2010/11/05 02:13:12 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -34,6 +34,13 @@ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "srelay.h" +extern int prioritize_downstreams; +extern int random_downstream; + +static int * tbl_priority = NULL; +#define DEFAULT_PRIORITY (512) +#define MAX_PRIORITY (1024) + #define TIMEOUTSEC 30 #define GEN_ERR_REP(s, v) \ @@ -190,9 +197,21 @@ int proto_socks(SOCKS_STATE *state) state->si->prs.len = len; } + if (prioritize_downstreams) { + // increase priority + tbl_priority[state->tbl_ind]++; + if (tbl_priority[state->tbl_ind] > MAX_PRIORITY) + tbl_priority[state->tbl_ind] = MAX_PRIORITY; + } return(0); /* 0: OK */ } /* error */ + if (prioritize_downstreams) { + // half priority + tbl_priority[state->tbl_ind] /= 2; + if (tbl_priority[state->tbl_ind] == 0) + tbl_priority[state->tbl_ind] = 1; + } if (state->r >= 0) { close(state->r); } @@ -559,7 +578,7 @@ int proxy_connect(SOCKS_STATE *state) /* relay method must not be DIRECT */ /* forward socket should not be connected yet */ if (state->rtbl.rl_meth < 1 || state->r >= 0) { - /* should not be here */ + /* shoud not be here */ GEN_ERR_REP(state->s, state->sr.ver); return(-1); } @@ -1473,8 +1492,25 @@ int lookup_tbl(SOCKS_STATE *state) struct sockaddr_in *sa; struct sockaddr_in6 *sa6; + #define MAX_CANDIDATE (32) + int candidates[MAX_CANDIDATE]; + #define ADD(i) do { \ + if (match < MAX_CANDIDATE) \ + candidates[ match ++ ] = i;\ + }while(0) + if (prioritize_downstreams && !tbl_priority) { + // init priority list + tbl_priority = malloc(proxy_tbl_ind * sizeof(int)); + int y; + for (y = 0; y < proxy_tbl_ind; ++y) + tbl_priority[y] = DEFAULT_PRIORITY; + } + match = 0; for (i=0; i < proxy_tbl_ind; i++) { + /* check atype */ + if ( state->sr.dest.atype != proxy_tbl[i].dest.atype ) + continue; /* check IP PROTO */ if ( (state->sr.req == S5REQ_UDPA && proxy_tbl[i].proto == TCP) || (state->sr.req != S5REQ_UDPA && proxy_tbl[i].proto == UDP)) @@ -1486,8 +1522,9 @@ int lookup_tbl(SOCKS_STATE *state) if (addr_comp(&(state->sr.dest), &(proxy_tbl[i].dest), proxy_tbl[i].mask) == 0) { - match++; - break; + ADD(i); + if (!random_downstream) + break; } } @@ -1534,12 +1571,12 @@ int lookup_tbl(SOCKS_STATE *state) if ( addr.atype != proxy_tbl[i].dest.atype ) continue; if (addr_comp(&addr, &(proxy_tbl[i].dest), - proxy_tbl[i].mask) == 0) { - match++; + proxy_tbl[i].mask) == 0) + ADD(i); + if (!random_downstream) break; - } } - if ( match ) + if ( match && !random_downstream) break; } freeaddrinfo(res0); @@ -1549,6 +1586,33 @@ int lookup_tbl(SOCKS_STATE *state) memset(&(state->rtbl), 0, sizeof(ROUTE_INFO)); if (match) { + if ( random_downstream && match > 1 ) { + if (!prioritize_downstreams) { + i = candidates[rand() % match]; + } else { + int priority_vector[MAX_CANDIDATE]; + int y; + for (y = 0 ; y < match; ++y) + priority_vector[y] = tbl_priority[candidates[y]]; + for (y = 1 ; y < match; ++y) + priority_vector[y] += priority_vector[y - 1]; + int pivot = rand() % priority_vector[match - 1]; + // binary search the point + int l = 0, r = match-1; + i = 0; + while (l<=r) { + int m = (l + r) / 2; + if ( priority_vector[m] >= pivot ) { + r = m - 1; + i = m; + } else { + l = m + 1; + } + } + i = candidates[i]; + // Now i is the selected server + } + } memcpy(&(state->rtbl), &(proxy_tbl[i]), sizeof(ROUTE_INFO)); state->tbl_ind = i; } else diff --git a/srelay.8 b/srelay.8 index 07fc140..a590307 100644 --- a/srelay.8 +++ b/srelay.8 @@ -1,7 +1,7 @@ '\" .\" Copyright (C) 2001-2010, Tomo.M .\" All Rights Reserved -.\" $Id$ +.\" $Id: srelay.8,v 1.6 2010/10/15 13:40:47 bulkstream Exp $ .TH srelay 8 "27 Mar 2003" .if n .tr \-- .SH NAME diff --git a/srelay.conf b/srelay.conf index 24282b9..c9fd3d3 100644 --- a/srelay.conf +++ b/srelay.conf @@ -1,23 +1,14 @@ # # srelay.conf -# $Id$ +# $Id: srelay.conf,v 1.5 2009/12/09 04:07:53 bulkstream Exp $ # # dest[/mask] port proxy proxy-port ; intranet 172.16.1.0/24 - 192.168.1.1 123.123.123.0/255.255.255.248 any 192.168.1.3 -# some IPv6 destination should go through 10.1.1.1:1080 -2001:111:1:21::/64 1024- 10.1.1.1 -# some IPv6 ftp/ssh/telnet should go 2001::240:2ff:fe3e:b2 socks +2001:111:1:21::/64 1080 10.1.1.1 :: 21-23 2001::240:2ff:fe3e:b2 -# dest host matches c-wind.com should go host x:1080 c-wind.com - x -# to reach the Intra subnet 10.1.1.0/25, first contact fw2:socks, -# then firewall:http-proxy, -# then 100.100.100.100:1111 socks. 10.1.1.0/25 any 100.100.100.100 1111 firewall 8080/H fw2 1080 -# other IPv4 destination will be reached through fiewall 8080 http-proxy, -# and test2 socks. -0.0.0.0 any test 1080 firewall 8080/H -# rest of any FQDN (and IPv6) destination should go 192.168.1.5 socks. -* any 192.168.1.5 1080 \ No newline at end of file +0.0.0.0 any test 1080 test2 firewall/H +#0.0.0.0 - diff --git a/srelay.h b/srelay.h index 9716533..31111fa 100644 --- a/srelay.h +++ b/srelay.h @@ -1,6 +1,6 @@ /* srelay.h: - $Id$ + $Id: srelay.h,v 1.30 2010/12/20 14:12:00 bulkstream Exp $ common definitions. Copyright (C) 2001-2010 Tomo.M (author). @@ -103,7 +103,7 @@ typedef u_int32_t socklen_t; # endif #endif -#define version "srelay 0.4.8b6 2013/03/11 (Tomo.M)" +#define version "srelay 0.4.8b5 2010/12/20 (Tomo.M)" #ifndef SYSCONFDIR # define SYSCONFDIR "/usr/local/etc" @@ -165,7 +165,7 @@ extern int threading; # else # define THREAD_LIMIT 1 /* wooo !!! */ # endif -# define MAX_THREAD (THREAD_LIMIT > 128 ? 128 : THREAD_LIMIT) +# define MAX_THREAD (THREAD_LIMIT > 64 ? 64 : THREAD_LIMIT) # define MUTEX_LOCK(mutex) \ if (threading) { \ @@ -416,7 +416,6 @@ extern u_long idle_timeout; /* from util.c */ extern int forcesyslog; -extern int be_quiet; /* from socks.c */ diff --git a/srelay.passwd b/srelay.passwd index d851ead..bd04a26 100644 --- a/srelay.passwd +++ b/srelay.passwd @@ -1,6 +1,6 @@ # # srelay proxy passwd. -# $Id$ +# $Id: srelay.passwd,v 1.2 2002/12/06 02:15:01 bulkstream Exp $ # # proxy user passwd 192.168.1.1 hogahoge %"aXhe diff --git a/util.c b/util.c index a76f2ec..0346ac6 100644 --- a/util.c +++ b/util.c @@ -1,6 +1,6 @@ /* util.c: - $Id$ + $Id: util.c,v 1.12 2010/12/20 14:12:00 bulkstream Exp $ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -38,18 +38,12 @@ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "srelay.h" int forcesyslog = 0; -int be_quiet = 0; void msg_out(int severity, const char *fmt, ...) { va_list ap; int priority; - if ( be_quiet > 0 ) { - /* do not log anything */ - return; - } - switch (severity) { case crit: priority = SYSLOGFAC|LOG_ERR; @@ -66,9 +60,6 @@ void msg_out(int severity, const char *fmt, ...) va_start(ap, fmt); if (fg && !forcesyslog && isatty(fileno(stderr))) { vfprintf(stderr, fmt, ap); - /* syslog adds a newline if one is not present, do the same here */ - if (fmt[strlen(fmt) - 1] != '\n') - putc('\n', stderr); } else { vsyslog(priority, fmt, ap); } @@ -98,20 +89,18 @@ int addr_comp(bin_addr *a1, bin_addr *a2, int mask) inaddr_any.s_addr = INADDR_ANY; + if (a1->atype != a2->atype) + return -1; /* address type mismatched */ + /* - if a2 entry is fqdn wildcard(*), everything is matched. + if a2 entry is wildcard, everything is matched. if mask == 0, the mask could not be set in conf or, meaning-less setting. I'd rather guess former. - */ - - if (a2->atype == S5ATFQDN - && strncmp((char *)a2->fqdn, "*", strlen("*")) == 0) - return 0; - - if (a1->atype != a2->atype) - return -1; /* address type mismatched */ + */ + switch (a1->atype) { + case S5ATIPV4: if (memcmp(a2->v4_addr, &inaddr_any, sizeof inaddr_any) == 0) { /* wild card */ @@ -174,6 +163,10 @@ int addr_comp(bin_addr *a1, bin_addr *a2, int mask) break; case S5ATFQDN: + if (strncmp((char *)a2->fqdn, "*", strlen("*")) == 0) { /* wild card */ + ret = 0; + break; + } if ( a1->len_fqdn >= a2->len_fqdn ) { ret = strncasecmp((char *)a2->fqdn, (char *)(&(a1->fqdn[a1->len_fqdn - a2->len_fqdn])), diff --git a/v6defs.h b/v6defs.h index e2dd6cf..59fc020 100644 --- a/v6defs.h +++ b/v6defs.h @@ -1,6 +1,6 @@ /* v6defs.h: - $Id$ + $Id: v6defs.h,v 1.4 2010/10/15 13:40:48 bulkstream Exp $ IPv6 related definisions mainly for old Solaris. Copyright (C) 2003-2010 Tomo.M (author). From e3002327d00a04a7db7775dc31ad0e1de1838145 Mon Sep 17 00:00:00 2001 From: phoeagon Date: Thu, 15 Jan 2015 20:09:49 +0800 Subject: [PATCH 12/14] fixed README --- README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0b5afe7..7138609 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,23 @@ -Srelay - the SOCKS proxy and Relay -================================== +Srelay - the SOCKS proxy and Relay (with Randomized Balancing) +============================================================== +phoeagon -Imported from [sourceforge](http://socks-relay.sourceforge.net/). +Added *randomized* downstream balancing: when multiple rules apply, choose any +in a random way. +Added *prioritized random* downstreaming: when multiple downstreams available, +maintain a list of priorities of each downstream. Penalize a downstream if +a connection to it fails. Choose a random downstream in prioritized way. (Useful +for load-balancing multiple SOCKS5 proxy server). + +Eg: + + srelay -i 0.0.0.0:9999 \ # Listen on 9999 port + -P -R \ # Randomized, prioritized + -c config.conf \ # Choose a config file + -f # Stay forground. + +The original repo was imported from +[sourceforge](http://socks-relay.sourceforge.net/). What is it? ============ From 6a9484f37310e71a57499f944ec01993596564ff Mon Sep 17 00:00:00 2001 From: phoeagon Date: Thu, 15 Jan 2015 20:15:50 +0800 Subject: [PATCH 13/14] reverting files --- Changes | 8 +++++++- INSTALL | 2 +- Makefile.in | 2 +- auth-pwd.c | 2 +- configure | 2 +- configure.in | 4 ++-- get-bind.c | 14 +++++++------- init.c | 2 +- readconf.c | 4 ++-- srelay.8 | 2 +- srelay.conf | 17 +++++++++++++---- srelay.passwd | 2 +- util.c | 31 +++++++++++++++++++------------ v6defs.h | 2 +- 14 files changed, 58 insertions(+), 36 deletions(-) diff --git a/Changes b/Changes index 161eb02..89e219c 100644 --- a/Changes +++ b/Changes @@ -1,7 +1,13 @@ # # Changes -# $Id: Changes,v 1.16 2010/10/30 03:02:38 bulkstream Exp $ +# $Id$ # + +0.4.8b6 (2013/03/11) + + An option '-q' (be quiet) added. + + from now, config address pattern '*' matches any address, regardless of + address type (i.e. IPv4, IPv6, FQDN). + 0.4.8b3 (2010/10/30) + initial UDP support 0.4.8b1 (2010/10/18) diff --git a/INSTALL b/INSTALL index 0895732..f4f8c46 100644 --- a/INSTALL +++ b/INSTALL @@ -1,5 +1,5 @@ The srelay Installation Tips. - $Id: INSTALL,v 1.4 2009/09/04 08:29:40 bulkstream Exp $ + $Id$ o How to build and install diff --git a/Makefile.in b/Makefile.in index 71bd59c..bf770e9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,6 +1,6 @@ # # Makefile -# $Id: Makefile.in,v 1.6 2009/12/08 08:38:38 bulkstream Exp $ +# $Id$ # SHELL = /bin/sh diff --git a/auth-pwd.c b/auth-pwd.c index 0bff2e6..e21849b 100644 --- a/auth-pwd.c +++ b/auth-pwd.c @@ -1,6 +1,6 @@ /* auth-pwd.c - $Id: auth-pwd.c,v 1.13 2010/10/18 05:17:51 bulkstream Exp $ + $Id$ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. diff --git a/configure b/configure index cf8c8e3..06610fb 100755 --- a/configure +++ b/configure @@ -4297,7 +4297,7 @@ cat >>conftest.$ac_ext <<_ACEOF void init_routine() { - return(0); + return; } main() { diff --git a/configure.in b/configure.in index 9db3625..01ebe89 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.10 2010/12/20 14:11:14 bulkstream Exp $ +dnl $Id$ AC_INIT(main.c) AC_CONFIG_HEADER(config.h) AC_CANONICAL_TARGET @@ -152,7 +152,7 @@ if test "$thread" != "no"; then void init_routine() { - return(0); + return; } main() { diff --git a/get-bind.c b/get-bind.c index a604203..8abc5f2 100644 --- a/get-bind.c +++ b/get-bind.c @@ -1,6 +1,6 @@ /* get-bind.c: - $Id: get-bind.c,v 1.10 2010/10/18 05:17:51 bulkstream Exp $ + $Id$ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -423,7 +423,7 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", h->nlmsg_pid, h->nlmsg_seq); */ len = h->nlmsg_len; @@ -437,11 +437,11 @@ int get_bind_addr(bin_addr *dest, struct addrinfo *ba) /* if (tb[RTA_DST]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_DST]), str, sizeof(str)); - msg_out(norm, "DST %s\n", str); + msg_out(norm, "DST %s", str); } if (tb[RTA_GATEWAY]) { inet_ntop(AF_INET, RTA_DATA(tb[RTA_GATEWAY]), str, sizeof(str)); - msg_out(norm, "GW %s\n", str); + msg_out(norm, "GW %s", str); } */ if (tb[RTA_OIF]) { @@ -501,7 +501,7 @@ int get_ifconf(int index, struct addrinfo *ba) close(s); /* - msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d\n", + msg_out(norm,"nlmsg_pid: %d, nlmsg_seq: %d", h->nlmsg_pid, h->nlmsg_seq); */ while (NLMSG_OK(h, status)) { @@ -519,7 +519,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* char str[128]; inet_ntop(AF_INET, RTA_DATA(tb[IFA_ADDRESS]), str, sizeof(str)); - msg_out(norm, "ADDRESS %s\n", str); + msg_out(norm, "ADDRESS %s", str); */ ba->ai_family = AF_INET; /* IPv4 */ ba->ai_socktype = SOCK_STREAM; @@ -533,7 +533,7 @@ int get_ifconf(int index, struct addrinfo *ba) /* if (tb[IFA_LOCAL]) { unsigned *d = RTA_DATA(tb[IFA_LOCAL]); - msg_out(norm, "LOCAL %08x\n", *d); + msg_out(norm, "LOCAL %08x", *d); } */ } diff --git a/init.c b/init.c index 235d7c6..5dbdb3d 100644 --- a/init.c +++ b/init.c @@ -1,6 +1,6 @@ /* init.c - $Id: init.c,v 1.10 2010/12/20 14:12:00 bulkstream Exp $ + $Id$ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. diff --git a/readconf.c b/readconf.c index 5aed3f1..8fedcd6 100644 --- a/readconf.c +++ b/readconf.c @@ -1,6 +1,6 @@ /* readconf.c: - $Id: readconf.c,v 1.16 2010/11/05 02:13:12 bulkstream Exp $ + $Id$ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -339,7 +339,7 @@ void add_entry(ROUTE_INFO *r, ROUTE_INFO *t, int ind) void parse_err(int sev, int line, char *msg) { - msg_out(sev, "%s: line %d: %s\n", CONFIG, line, msg); + msg_out(sev, "%s: line %d: %s", CONFIG, line, msg); } int str_to_addr(char *addr, bin_addr *dest) diff --git a/srelay.8 b/srelay.8 index a590307..07fc140 100644 --- a/srelay.8 +++ b/srelay.8 @@ -1,7 +1,7 @@ '\" .\" Copyright (C) 2001-2010, Tomo.M .\" All Rights Reserved -.\" $Id: srelay.8,v 1.6 2010/10/15 13:40:47 bulkstream Exp $ +.\" $Id$ .TH srelay 8 "27 Mar 2003" .if n .tr \-- .SH NAME diff --git a/srelay.conf b/srelay.conf index c9fd3d3..24282b9 100644 --- a/srelay.conf +++ b/srelay.conf @@ -1,14 +1,23 @@ # # srelay.conf -# $Id: srelay.conf,v 1.5 2009/12/09 04:07:53 bulkstream Exp $ +# $Id$ # # dest[/mask] port proxy proxy-port ; intranet 172.16.1.0/24 - 192.168.1.1 123.123.123.0/255.255.255.248 any 192.168.1.3 -2001:111:1:21::/64 1080 10.1.1.1 +# some IPv6 destination should go through 10.1.1.1:1080 +2001:111:1:21::/64 1024- 10.1.1.1 +# some IPv6 ftp/ssh/telnet should go 2001::240:2ff:fe3e:b2 socks :: 21-23 2001::240:2ff:fe3e:b2 +# dest host matches c-wind.com should go host x:1080 c-wind.com - x +# to reach the Intra subnet 10.1.1.0/25, first contact fw2:socks, +# then firewall:http-proxy, +# then 100.100.100.100:1111 socks. 10.1.1.0/25 any 100.100.100.100 1111 firewall 8080/H fw2 1080 -0.0.0.0 any test 1080 test2 firewall/H -#0.0.0.0 - +# other IPv4 destination will be reached through fiewall 8080 http-proxy, +# and test2 socks. +0.0.0.0 any test 1080 firewall 8080/H +# rest of any FQDN (and IPv6) destination should go 192.168.1.5 socks. +* any 192.168.1.5 1080 \ No newline at end of file diff --git a/srelay.passwd b/srelay.passwd index bd04a26..d851ead 100644 --- a/srelay.passwd +++ b/srelay.passwd @@ -1,6 +1,6 @@ # # srelay proxy passwd. -# $Id: srelay.passwd,v 1.2 2002/12/06 02:15:01 bulkstream Exp $ +# $Id$ # # proxy user passwd 192.168.1.1 hogahoge %"aXhe diff --git a/util.c b/util.c index 0346ac6..a76f2ec 100644 --- a/util.c +++ b/util.c @@ -1,6 +1,6 @@ /* util.c: - $Id: util.c,v 1.12 2010/12/20 14:12:00 bulkstream Exp $ + $Id$ Copyright (C) 2001-2010 Tomo.M (author). All rights reserved. @@ -38,12 +38,18 @@ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "srelay.h" int forcesyslog = 0; +int be_quiet = 0; void msg_out(int severity, const char *fmt, ...) { va_list ap; int priority; + if ( be_quiet > 0 ) { + /* do not log anything */ + return; + } + switch (severity) { case crit: priority = SYSLOGFAC|LOG_ERR; @@ -60,6 +66,9 @@ void msg_out(int severity, const char *fmt, ...) va_start(ap, fmt); if (fg && !forcesyslog && isatty(fileno(stderr))) { vfprintf(stderr, fmt, ap); + /* syslog adds a newline if one is not present, do the same here */ + if (fmt[strlen(fmt) - 1] != '\n') + putc('\n', stderr); } else { vsyslog(priority, fmt, ap); } @@ -89,18 +98,20 @@ int addr_comp(bin_addr *a1, bin_addr *a2, int mask) inaddr_any.s_addr = INADDR_ANY; - if (a1->atype != a2->atype) - return -1; /* address type mismatched */ - /* - if a2 entry is wildcard, everything is matched. + if a2 entry is fqdn wildcard(*), everything is matched. if mask == 0, the mask could not be set in conf or, meaning-less setting. I'd rather guess former. - */ - - switch (a1->atype) { + if (a2->atype == S5ATFQDN + && strncmp((char *)a2->fqdn, "*", strlen("*")) == 0) + return 0; + + if (a1->atype != a2->atype) + return -1; /* address type mismatched */ + + switch (a1->atype) { case S5ATIPV4: if (memcmp(a2->v4_addr, &inaddr_any, sizeof inaddr_any) == 0) { /* wild card */ @@ -163,10 +174,6 @@ int addr_comp(bin_addr *a1, bin_addr *a2, int mask) break; case S5ATFQDN: - if (strncmp((char *)a2->fqdn, "*", strlen("*")) == 0) { /* wild card */ - ret = 0; - break; - } if ( a1->len_fqdn >= a2->len_fqdn ) { ret = strncasecmp((char *)a2->fqdn, (char *)(&(a1->fqdn[a1->len_fqdn - a2->len_fqdn])), diff --git a/v6defs.h b/v6defs.h index 59fc020..e2dd6cf 100644 --- a/v6defs.h +++ b/v6defs.h @@ -1,6 +1,6 @@ /* v6defs.h: - $Id: v6defs.h,v 1.4 2010/10/15 13:40:48 bulkstream Exp $ + $Id$ IPv6 related definisions mainly for old Solaris. Copyright (C) 2003-2010 Tomo.M (author). From a9e4e451686b745734e4a5587760ffeedacf34d4 Mon Sep 17 00:00:00 2001 From: phoeagon Date: Fri, 16 Jan 2015 03:07:24 +0800 Subject: [PATCH 14/14] can work --- relay.c | 30 +++++++++++++++++++++++++----- socks.c | 55 ++++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 67 insertions(+), 18 deletions(-) diff --git a/relay.c b/relay.c index e73cf16..454b9a8 100644 --- a/relay.c +++ b/relay.c @@ -61,6 +61,14 @@ int decode_socks_udp __P((UDP_ATTR *, u_char *)); void relay_tcp __P((SOCKS_STATE *)); void relay_udp __P((SOCKS_STATE *)); int log_transfer __P((SOCK_INFO *, LOGINFO *)); +void soft_penal(int index); +void encourage(int index, int delta); + +int mathlog( int x ){ + int r = 0; + while (x >0) { r++; x/=2; } + return r; +} void readn(rlyinfo *ri) { @@ -314,33 +322,38 @@ void relay_tcp(SOCKS_STATE *state) ri.from = state->r; ri.to = state->s; ri.flags = 0; if ((wc = forward(&ri)) <= 0) done++; - else + else { li.bc += wc; li.dnl += wc; - + } FD_CLR(state->r, &rfds); } if (FD_ISSET(state->r, &xfds)) { ri.from = state->r; ri.to = state->s; ri.flags = MSG_OOB; if ((wc = forward(&ri)) <= 0) done++; - else + else { li.bc += wc; li.dnl += wc; + } + if ( wc < 0 ) + soft_penal(state->tbl_ind); FD_CLR(state->r, &xfds); } if (FD_ISSET(state->s, &rfds)) { ri.from = state->s; ri.to = state->r; ri.flags = 0; if ((wc = forward(&ri)) <= 0) done++; - else + else { li.bc += wc; li.upl += wc; + } FD_CLR(state->s, &rfds); } if (FD_ISSET(state->s, &xfds)) { ri.from = state->s; ri.to = state->r; ri.flags = MSG_OOB; if ((wc = forward(&ri)) <= 0) done++; - else + else { li.bc += wc; li.upl += wc; + } FD_CLR(state->s, &xfds); } if (done > 0) @@ -356,6 +369,13 @@ void relay_tcp(SOCKS_STATE *state) } } } + fprintf(stderr, " proxy %d: up=%d, down=%d\n", state->tbl_ind, li.upl, li.dnl); + if (li.dnl < 10 && li.upl > 100) { + // Error: Timeout or something + soft_penal(state->tbl_ind); + } else if ( li.dnl > li.upl ) { + encourage(state->tbl_ind, (li.dnl/(li.upl+1)) * 64); + } gettimeofday(&li.end, &tz); log_transfer(state->si, &li); diff --git a/socks.c b/socks.c index 1b70ba8..7d7d375 100644 --- a/socks.c +++ b/socks.c @@ -125,6 +125,38 @@ int lookup_tbl __P((SOCKS_STATE *)); int resolv_host __P((bin_addr *, u_int16_t, struct host_info *)); int log_request __P((SOCKS_STATE *)); +void print_priority() { + int y; + for (y = 0; y < proxy_tbl_ind; ++y) + fprintf(stderr, "%d ", tbl_priority[y]); + fprintf(stderr, "\n"); +} +void soft_penal(int index) { + if (!prioritize_downstreams) return; + tbl_priority[index] *= 0.8; + if (tbl_priority[index] == 0) + tbl_priority[index] = 1; + fprintf(stderr, "Soft Penal #%d out of %d\n", index, proxy_tbl_ind); + print_priority(); +} +void hard_penal(int index) { + if (!prioritize_downstreams) return; + // half priority + tbl_priority[index] /= 2; + if (tbl_priority[index] == 0) + tbl_priority[index] = 1; + fprintf(stderr, "Hard Penal #%d out of %d\n", index, proxy_tbl_ind); + print_priority(); +} +void encourage(int index, int delta) { + if (!prioritize_downstreams) return; + // increase priority + tbl_priority[index] += delta; + if (tbl_priority[index] > MAX_PRIORITY) + tbl_priority[index] = MAX_PRIORITY; + fprintf(stderr, "Encourage #%d out of %d, delta=%d\n", index, proxy_tbl_ind, delta); + print_priority(); +} /* proto_socks: @@ -197,21 +229,11 @@ int proto_socks(SOCKS_STATE *state) state->si->prs.len = len; } - if (prioritize_downstreams) { - // increase priority - tbl_priority[state->tbl_ind]++; - if (tbl_priority[state->tbl_ind] > MAX_PRIORITY) - tbl_priority[state->tbl_ind] = MAX_PRIORITY; - } + encourage(state->tbl_ind, 1); return(0); /* 0: OK */ } /* error */ - if (prioritize_downstreams) { - // half priority - tbl_priority[state->tbl_ind] /= 2; - if (tbl_priority[state->tbl_ind] == 0) - tbl_priority[state->tbl_ind] = 1; - } + hard_penal(state->tbl_ind); if (state->r >= 0) { close(state->r); } @@ -802,6 +824,9 @@ int socks_proxy_reply(int v, SOCKS_STATE *state) switch (v) { /* server socks version */ case 4: /* server v:4 */ + // Test if success + if ( buf[1] != S4AGRANTED ) + soft_penal(state->tbl_ind); if ( r < 8 ) { /* from v4 spec, r should be 8 */ /* cannot read server reply */ r = -1; @@ -835,6 +860,9 @@ int socks_proxy_reply(int v, SOCKS_STATE *state) r = -1; break; } + // Test if success + if ( buf[1] != S5AGRANTED ) + soft_penal(state->tbl_ind); switch (state->sr.ver) { /* client ver */ case 4: /* translate reply v5->v4 */ @@ -1500,7 +1528,8 @@ int lookup_tbl(SOCKS_STATE *state) }while(0) if (prioritize_downstreams && !tbl_priority) { // init priority list - tbl_priority = malloc(proxy_tbl_ind * sizeof(int)); + tbl_priority = malloc((1 + proxy_tbl_ind) * sizeof(int)); + // Leave proxy_tbl_ind to be an accessible index so as to avoid boundary check int y; for (y = 0; y < proxy_tbl_ind; ++y) tbl_priority[y] = DEFAULT_PRIORITY;