debian/0000755000000000000000000000000012235670720007172 5ustar debian/init.d0000644000000000000000000000737312235665340010316 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: redsocks # Required-Start: $network $local_fs $remote_fs # Required-Stop: $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: redsocks TCP connection-to-SOCKS redirector # Description: # <...> # <...> ### END INIT INFO # Author: Apollon Oikonomopoulos # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC=redsocks # Introduce a short description here NAME=redsocks # Introduce the short server's name here DAEMON=/usr/sbin/redsocks # Introduce the server's location here DAEMON_ARGS="" # Arguments to run the daemon with PIDFILE=/run/$NAME/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x $DAEMON ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Take care of pidfile permissions USER=$(egrep '\buser\s*=' $CONFFILE | sed -r 's/.*\buser\s+=\s*(.*);/\1/') mkdir /run/$NAME 2>/dev/null || true chown "$USER" /run/$NAME # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ -c "$CONFFILE" -p $PIDFILE \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : debian/redsocks.80000644000000000000000000000356112235666476011122 0ustar .\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH REDSOCKS 8 "November 14, 2011" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME redsocks \- redirect any TCP connection to a SOCKS or HTTP proxy .SH SYNOPSIS .B redsocks .RI [ options ] .SH DESCRIPTION \fBredsocks\fP is a daemon running on the local system, that will transparently tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It uses the system firewall's redirection facility to intercept TCP connections, thus the redirection is system-wide, with fine-grained control, and does not depend on LD_PRELOAD libraries. .PP Redsocks supports tunneling TCP connections and UDP packets. It has authentication support for both, SOCKS and HTTP proxies. .PP Also included is a small DNS server returning answers with the "truncated" flag set for any UDP query, forcing the resolver to use TCP. .SH OPTIONS .TP .B \-p pidfile Write the process ID to \fIpidfile\fP. .TP .B \-c config Use \fIconfig\fP as configuration file. .TP .B \-t Test configuration file syntax. .SH SEE ALSO .BR iptables (8), /etc/redsocks.conf, /usr/share/doc/redsocks/README.gz .br .SH AUTHOR redsocks was written by Leonid Evdokimov .PP This manual page was written by Apollon Oikonomopoulos , for the Debian project (and may be used by others). debian/postrm0000644000000000000000000000200412234701512010426 0ustar #!/bin/sh # postrm script for redsocks # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge) deluser --system redsocks || true delgroup --system redsocks || true ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/patches/0000755000000000000000000000000012234701635010620 5ustar debian/patches/fix_default_config_location.patch0000644000000000000000000000101212234701632017337 0ustar Description: change the default config file location redsocks by default looks for ./redsocks.conf. Change this to /etc/redsocks.conf for a more deterministic behaviour. Author: Apollon Oikonomopoulos Forwared: no Last-Update: 2013-04-23 --- a/main.c +++ b/main.c @@ -39,7 +39,7 @@ &dnstc_subsys, }; -static const char *confname = "redsocks.conf"; +static const char *confname = "/etc/redsocks.conf"; static const char *pidfile = NULL; static void terminate(int sig, short what, void *_arg) debian/patches/series0000644000000000000000000000017512234701632012035 0ustar 0001-Fix-bug-in-DNS-resolution-results-were-ignored-since.patch add_external_diagram_links fix_default_config_location.patch debian/patches/0001-Fix-bug-in-DNS-resolution-results-were-ignored-since.patch0000644000000000000000000000376512234701512024137 0ustar From 290f19972e9f7b74f818ae211cb535e32f1f314f Mon Sep 17 00:00:00 2001 From: Leonid Evdokimov Date: Tue, 10 Apr 2012 00:57:26 +0400 Subject: [PATCH] Fix bug in DNS resolution - results were ignored (since 8179a1ff). --- parser.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/parser.c b/parser.c index 85d3533..6198828 100644 --- a/parser.c +++ b/parser.c @@ -295,22 +295,22 @@ static int vp_in_addr(parser_context *context, void *addr, const char *token) memcpy(addr, &ia, sizeof(ia)); } else { - struct addrinfo *addr, hints; + struct addrinfo *ainfo, hints; int err; memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; /* IPv4-only */ hints.ai_socktype = SOCK_STREAM; /* I want to have one address once and ONLY once, that's why I specify socktype and protocol */ hints.ai_protocol = IPPROTO_TCP; hints.ai_flags = AI_ADDRCONFIG; /* I don't need IPv4 addrs without IPv4 connectivity */ - err = getaddrinfo(token, NULL, &hints, &addr); + err = getaddrinfo(token, NULL, &hints, &ainfo); if (err == 0) { int count, taken; struct addrinfo *iter; struct sockaddr_in *resolved_addr; - for (iter = addr, count = 0; iter; iter = iter->ai_next, ++count) + for (iter = ainfo, count = 0; iter; iter = iter->ai_next, ++count) ; taken = rand() % count; - for (iter = addr; taken > 0; iter = iter->ai_next, --taken) + for (iter = ainfo; taken > 0; iter = iter->ai_next, --taken) ; resolved_addr = (struct sockaddr_in*)iter->ai_addr; assert(resolved_addr->sin_family == iter->ai_family && iter->ai_family == AF_INET); @@ -318,7 +318,7 @@ static int vp_in_addr(parser_context *context, void *addr, const char *token) log_error(LOG_WARNING, "%s resolves to %d addresses, using %s", token, count, inet_ntoa(resolved_addr->sin_addr)); memcpy(addr, &resolved_addr->sin_addr, sizeof(ia)); - freeaddrinfo(addr); + freeaddrinfo(ainfo); } else { if (err == EAI_SYSTEM) -- 1.7.10 debian/patches/add_external_diagram_links0000644000000000000000000000343212234701635016063 0ustar Description: replace non-free images with external references The images in doc where of unknown origin. We replace references to them with links to equivalent wikimedia-commons images. Author: Apollon Oikonomopoulos Forwarded: no Last-Update: 2013-04-23 =================================================================== --- redsocks.orig/README 2012-05-24 15:50:03.000000000 +0300 +++ redsocks/README 2012-05-25 11:47:15.000000000 +0300 @@ -150,7 +150,7 @@ luser$ sg socksified -c "firefox" # If you want to configure socksifying router, you should look at -# doc/iptables-packet-flow.png and doc/iptables-packet-flow-ng.png +# http://commons.wikimedia.org/wiki/File:Netfilter-packet-flow.svg # Note, you should have proper `local_ip' value to get external packets with # redsocks, default 127.0.0.1 will not go. See iptables(8) manpage regarding # REDIRECT target for details. Index: redsocks/README.html =================================================================== --- redsocks.orig/README.html 2012-05-24 15:50:03.000000000 +0300 +++ redsocks/README.html 2012-05-25 11:48:10.000000000 +0300 @@ -152,7 +152,7 @@ luser$ sg socksified -c "firefox" # If you want to configure socksifying router, you should look at -# doc/iptables-packet-flow.png and doc/iptables-packet-flow-ng.png +# this netfilter packet flow diagram. # Note, you should have proper `local_ip' value to get external packets with # redsocks, default 127.0.0.1 will not go. See iptables(8) manpage regarding # REDIRECT target for details. debian/rules0000755000000000000000000000020012235660276010247 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ --with systemd debian/source/0000755000000000000000000000000012234701512010463 5ustar debian/source/format0000644000000000000000000000001412234701512011671 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000000211112235670714011042 0ustar redsocks (0.4+dfsg-2) unstable; urgency=low * Bump standards version to 3.9.5 + no changes needed * Add systemd support * /etc/default/redsocks: start redsocks by default * debian/copyright: migrate to Debian copyright format 1.0 * Change the default config file location to /etc/redsocks.conf (LP: #1047937) * Add DEP3 headers to patches * Manpage fixes -- Apollon Oikonomopoulos Fri, 01 Nov 2013 12:34:17 +0200 redsocks (0.4+dfsg-1) unstable; urgency=low * New upstream release. Fixes a busy-wait triggered on fd exhaustion. * Fix debian/watch to properly detect upstream versions. * Include upstream commmit 290f19 which fixes a DNS resolution bug. * Bump debhelper compat to 9. * Remove source doc/ subdirectory as it includes non-DFSG-free RFCs, and files of unspecified origin and copyright. -- Apollon Oikonomopoulos Thu, 24 May 2012 16:00:05 +0300 redsocks (0.2-1) unstable; urgency=low * Initial release (Closes: #649309) -- Apollon Oikonomopoulos Mon, 14 Nov 2011 14:42:55 +0200 debian/redsocks.default0000644000000000000000000000013112235665320012350 0ustar # # This is a POSIX shell fragment # # Configuration file CONFFILE="/etc/redsocks.conf" debian/postinst0000644000000000000000000000210512234701512010767 0ustar #!/bin/sh # postinst script for redsocks # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) adduser --system --disabled-password --disabled-login --home /var/run/redsocks \ --no-create-home --quiet --group redsocks ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/NEWS0000644000000000000000000000114412235666165007701 0ustar redsocks (0.4+dfsg-2) unstable; urgency=low As of 0.4+dsfg-2, redsocks will look for /etc/redsocks.conf by default. Prior versions would look for $(pwd)/redsocks.conf. If you relied on this behavior, make sure to pass the appropriate config file location using the -c flag. Also beginning with 0.4+dfsg-2, redsocks is started by default upon installation. The START option is no longer available in /etc/default/redsocks, and system service management commands should be used instead (e.g. update-rc.d, systemctl). -- Apollon Oikonomopoulos Mon, 04 Nov 2013 10:22:55 +0200 debian/redsocks.conf0000644000000000000000000000457712235660276011700 0ustar base { // debug: connection progress & client list on SIGUSR1 log_debug = off; // info: start and end of client session log_info = on; /* possible `log' values are: * stderr * "file:/path/to/file" * syslog:FACILITY facility is any of "daemon", "local0"..."local7" */ log = "syslog:daemon"; // detach from console daemon = on; /* Change uid, gid and root directory, these options require root * privilegies on startup. * Note, your chroot may requre /etc/localtime if you write log to syslog. * Log is opened before chroot & uid changing. */ user = redsocks; group = redsocks; // chroot = "/var/chroot"; /* possible `redirector' values are: * iptables - for Linux * ipf - for FreeBSD * pf - for OpenBSD * generic - some generic redirector that MAY work */ redirector = iptables; } redsocks { /* `local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. * `local_*' are used as port to redirect to. */ local_ip = 127.0.0.1; local_port = 12345; // `ip' and `port' are IP and tcp-port of proxy-server // You can also use hostname instead of IP, only one (random) // address of multihomed host will be used. ip = 127.0.0.1; port = 1080; // known types: socks4, socks5, http-connect, http-relay type = socks5; // login = "foobar"; // password = "baz"; } redudp { // `local_ip' should not be 0.0.0.0 as it's also used for outgoing // packets that are sent as replies - and it should be fixed // if we want NAT to work properly. local_ip = 127.0.0.1; local_port = 10053; // `ip' and `port' of socks5 proxy server. ip = 192.0.2.1; port = 1080; login = username; password = pazzw0rd; // kernel does not give us this information, so we have to duplicate it // in both iptables rules and configuration file. By the way, you can // set `local_ip' to 127.45.67.89 if you need more than 65535 ports to // forward ;-) // This limitation may be relaxed in future versions using contrack-tools. dest_ip = 192.0.2.2; dest_port = 53; udp_timeout = 30; udp_timeout_stream = 180; } dnstc { // fake and really dumb DNS server that returns "truncated answer" to // every query via UDP, RFC-compliant resolver should repeat same query // via TCP in this case. local_ip = 127.0.0.1; local_port = 5300; } // you can add more `redsocks' and `redudp' sections if you need. debian/compat0000644000000000000000000000000212234701512010361 0ustar 9 debian/copyright0000644000000000000000000000566712234701626011142 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: redsocks Source: http://darkk.net.ru/redsocks/ Files: * Copyright: 2007-2011 Leonid Evdokimov License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian systems, the complete text of the Apache License 2.0 can be found in "/usr/share/common-licenses/Apache-2.0" Files: md5.* Copyright: 1999-2000, 2002 Aladdin Enterprises License: zlib/libpng This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: . 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Files: base64.* Copyright: 2006 Ryan Martell License: LGPL-2.1+ FFmpeg is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . FFmpeg is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with FFmpeg; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL". Files: debian/* Copyright: 2011-2013 Apollon Oikonomopoulos License: Copying and distribution of this package, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. debian/watch0000644000000000000000000000025012234701512010211 0ustar version=3 # Use githubredir.debian.net for the time being opts=dversionmangle=s/\+dfsg$// \ http://githubredir.debian.net/github/darkk/redsocks /release-(.*).tar.gz debian/redsocks.docs0000644000000000000000000000002312234701512011645 0ustar README README.html debian/redsocks.service0000644000000000000000000000042612235663073012376 0ustar [Unit] Description=Redsocks transparent SOCKS proxy redirector After=network.target [Service] Type=forking EnvironmentFile=/etc/default/redsocks ExecStartPre=/usr/sbin/redsocks -t -c ${CONFFILE} ExecStart=/usr/sbin/redsocks -c ${CONFFILE} [Install] WantedBy=multi-user.target debian/redsocks.install0000644000000000000000000000005512234701512012370 0ustar redsocks /usr/sbin debian/redsocks.conf /etc debian/control0000644000000000000000000000223512235660276010604 0ustar Source: redsocks Section: net Priority: extra Maintainer: Apollon Oikonomopoulos Build-Depends: debhelper (>= 9), libevent-dev, dh-systemd (>= 1.5) Standards-Version: 3.9.5 Homepage: http://darkk.net.ru/redsocks/ Vcs-Git: git://anonscm.debian.org/collab-maint/redsocks.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/redsocks.git;a=summary Package: redsocks Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Enhances: tor Description: arbitrary TCP connection redirector to a SOCKS or HTTPS proxy server Redsocks is a daemon running on the local system, that will transparently tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It uses the system firewall's redirection facility to intercept TCP connections, thus the redirection is system-wide, with fine-grained control, and does not depend on LD_PRELOAD libraries. . Redsocks supports tunneling TCP connections and UDP packets. It has authentication support for both, SOCKS and HTTP proxies. . Also included is a small DNS server returning answers with the "truncated" flag set for any UDP query, forcing the resolver to use TCP. debian/redsocks.manpages0000644000000000000000000000002212234701512012507 0ustar debian/redsocks.8