搭配使用ipt2socks和naive遇到的一个问题 #236
Comments
|
调试naive代码后发现,这样改动下,上述问题消失 ----------------- src/net/socket/client_socket_pool_manager.cc -----------------
index ee4afbe41d..32fb54231c 100644
@@ -292,7 +292,7 @@ int InitSocketHandleForRawConnect2(const HostPortPair& endpoint,
CompletionOnceCallback callback) {
DCHECK(socket_handle);
return InitSocketPoolHelper(
- {"http", endpoint.host(), endpoint.port()}, request_load_flags,
+ {"http", endpoint.HostForURL(), endpoint.port()}, request_load_flags,
request_priority, session, proxy_info, ssl_config_for_origin,
ssl_config_for_proxy,
/*is_for_websockets=*/true, privacy_mode,这样改动的原因是用数据{"http", "2402:f000:1:405:166:111:5:99", 443}构造出的是个无效的url::SchemeHostPort对象, |
|
重新确认了一下,复现过程不用像上面那么麻烦,浏览器里设置sock5代理到naive,输入 https://[2402:f000:1:405:166:111:5:99]/ ,naive必定闪退(追踪与中断点陷阱 (核心已转储)),确定是naive的bug |
ghost
mentioned this issue
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
我用ipt2socks(https:/zfl9/ipt2socks )作为TPROXY前端,与naive的socks5代理搭配使用时都会遇到naive闪退
复现过程如下:
准备工作 (都是在本机的root权限下运行)
#创建ipv6 ipset
ipset create gfwlist_ipv6 hash:ip family inet6
#TPROXY端口
PORT=12345
#设置策略路由
ip -6 rule add fwmark 1 lookup 100
ip -6 route add local default dev lo table 100
#代理局域网设备
ip6tables -t mangle -N X_PREROUTING
ip6tables -t mangle -A X_PREROUTING -p tcp -m set --match-set gfwlist_ipv6 dst -j TPROXY --on-port $PORT --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j X_PREROUTING # 应用规则
#代理本机
ip6tables -t mangle -N X_OUTPUT
ip6tables -t mangle -A X_OUTPUT -j RETURN -m owner --uid-owner nobody # 直连 uid 为 nobody (naive 的 uid)的流量,此规则目的是避免代理本机流量出现回环问题
ip6tables -t mangle -A X_OUTPUT -p tcp -m set --match-set gfwlist_ipv6 dst -j MARK --set-mark 1 # 给 TCP 打标记,重路由
ip6tables -t mangle -A OUTPUT -j X_OUTPUT # 应用规则
#以网址https://iptv.tsinghua.edu.cn 为例,它对应的ipv6为2402:f000:1:405:166:111:5:99
ipset add gfwlist_ipv6 2402:f000:1:405:166:111:5:99
打开终端运行naive
#设置naive为以用户nobody的uid运行
chown nobody:nobody naive
chmod 06755 naive
setcap cap_net_raw+ep naive
./naive --proxy=${naive服务器} --listen=socks://0.0.0.0:1081
打开一个终端运行
./ipt2socks -s 127.0.0.1 -p 1081 -l 12345 -b 0.0.0.0
再打开一个终端
wget -6 https://iptv.tsinghua.edu.cn
结果
此时,wget终端显示
--2021-10-26 21:33:11-- https://iptv.tsinghua.edu.cn/
SSL_INIT
已载入 CA 证书“/etc/ssl/certs/ca-certificates.crt”
正在解析主机 iptv.tsinghua.edu.cn (iptv.tsinghua.edu.cn)... 2402:f000:1:405:166:111:5:99
正在连接 iptv.tsinghua.edu.cn (iptv.tsinghua.edu.cn)|2402:f000:1:405:166:111:5:99|:443... 已连接。
GnuTLS: 在 pull 函数中出错。
无法建立 SSL 连接。
ipt2soks终端显示
2021-10-26 21:27:59 INF: [main] server address: 127.0.0.1#1081
2021-10-26 21:27:59 INF: [main] listen address: 0.0.0.0#12345
2021-10-26 21:27:59 INF: [main] listen address: ::1#12345
2021-10-26 21:27:59 INF: [main] udp cache maximum size: 256
2021-10-26 21:27:59 INF: [main] udp socket idle timeout: 60
2021-10-26 21:27:59 INF: [main] number of worker threads: 1
2021-10-26 21:27:59 INF: [main] enable tcp transparent proxy
2021-10-26 21:27:59 INF: [main] enable udp transparent proxy
2021-10-26 21:33:11 ERR: [tcp_stream_payload_forward_cb] recv from socks5 stream: Connection reset by peer
naive闪退,并显示
追踪与中断点陷阱 (核心已转储)
The text was updated successfully, but these errors were encountered: