Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can resolvers add sock5 proxy mode #264

Open
liang-hiwin opened this issue Sep 7, 2022 · 12 comments
Open

Can resolvers add sock5 proxy mode #264

liang-hiwin opened this issue Sep 7, 2022 · 12 comments

Comments

@liang-hiwin
Copy link 

[resolvers.cloudflare-dot-1]
address = "1.1.1.1:853"
protocol = "dot"
sock5 = "127.0.0.1:1080"   

 ######1.1.1.1:853 All traffic is forwarded by the sock5 proxy, which can avoid use when 1.1.1.1 is blocked by the firewall
@folbricht
Copy link
Owner

Similar to the ask in #137 Adding SOCKS5 support should be relatively straightforward using https://pkg.go.dev/golang.org/x/net/internal/socks

@folbricht
Copy link
Owner

It's not actually that easy as it requires a change to an upstream library (https://pkg.go.dev/github.com/miekg/dns#Client). It currently requires a *net.Dialer and that would have to be replaced with an interface.

@liang-hiwin
Copy link
Author

It's not actually that easy as it requires a change to an upstream library (https://pkg.go.dev/github.com/miekg/dns#Client). It currently requires a *net.Dialer and that would have to be replaced with an interface.

Take the time to try it. thanks

@mosajjal
Copy link

@folbricht allowing the users to provide a custom Dialer as part of DNSClientOptions etc should do the trick right?

@folbricht
Copy link
Owner

Unfortunately not. The Dialer is then passed to https://pkg.go.dev/github.com/miekg/dns#Client which expects a *net.Dialer. An upstream PR I sent to turn that into an interface was rejected. But looking at it again, I might have a way to do it by simply re-implementing the dns.Client.Dial() function. That should work. I might be able to get a draft implementation of that next weekend perhaps.

Just to make sure we're on the same page with regards to SOCKS5 support. The goal is to use a SOCKS5 proxy to connect/query an upstream DNS server and not to use the proxy itself as resolver. I believe both are possible, but the 2nd one may not be as flexible.

@mosajjal
Copy link

yeah using SOCK5 as resolver is not the preferred way since it should only be used for web traffic. and your stub resolver is more generalized than that.

@folbricht
Copy link
Owner

Ran into another issue. The socks5 client implementation in the standard lib doesn't support UDP (https://cs.opensource.google/go/x/net/+/refs/tags/v0.11.0:internal/socks/socks.go;l=233-245). And I can't seem to find any other client implementations that support UDP. Do you know of any?

@alpominth
Copy link

alpominth commented Jun 18, 2023
edited

I know this project: https://github.com/txthinking/socks5

It doesn't support mTLS although, but supports UDP and IPv6.

@alpominth
Copy link

I have a suggestion: a possibility to implement support for HTTP proxies along with SOCKS5 ones.

I know that older HTTP proxies (1.1 and 2.0) don't support UDP, but it was implemented in the RFC 9298 .

There is implementations of HTTP/3 proxies (which supports UDP) across Github:

https://github.com/lucas-clemente/quic-go
https://github.com/liudanking/quic-proxy

There is also support for HTTP/2 in the Go ecosystem: https://godoc.org/golang.org/x/net/http2

And support fot HTTP1.0/1.1 in the Go's standart library: https://cs.opensource.google/go/x/net/+/refs/tags/v0.11.0:http/httpproxy/proxy.go

It's just a suggestion, maybe a good idea for implementing in the future if possible or relevant.

@mosajjal
Copy link

@folbricht while miekg's DNS doesn't support Dialer, but it does support using custom connections. I wrote a proxied one here https://github.com/mosajjal/dnsclient/blob/b6d3a062f749b68f4039faa99cae7b133ebd4b8c/classic.go#L49

so by creating a net.Conn through the custom dialer, you can unify that interface from the configuration perspective. it's the same for TLS DTLS etc.

This can potentially answer the UDP question too.

@folbricht folbricht mentioned this issue Jun 24, 2023
Merged
@folbricht
Copy link
Owner

Thank you both for the suggestions. Very useful.

I implemented a draft here: #317 At this point it only supports SOCKS5 for plain UDP or TCP resolvers. No DoT or DoH yet, but that'll come later.

I've only done basic testing using a simple example proxy from https://github.com/txthinking/socks5 If you have some real servers to test with that'd be great. There's still a lot to do (docs, doh, dot, ...) but the more testing the better.

@alpominth
Copy link

alpominth commented Jun 24, 2023
edited

@folbricht

There are a lot of sites across the web that provides free Shadowsocks accounts, it will be very easy to test as Shadowsocks has UDP support; I have two services here listed which they provides IPv6 connectivity as well.

Today I have a lot of things to do, but tomorrow I will try to make tests with your new PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@folbricht @mosajjal @liang-hiwin @alpominth