Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SO_MARK support #33

Closed
ghost opened this issue Jan 14, 2020 · 19 comments
Closed

SO_MARK support #33

ghost opened this issue Jan 14, 2020 · 19 comments

Comments

@ghost
Copy link

ghost commented Jan 14, 2020

Hi, can u add option to mark wstunnel packets as realized in v2ray?
@erebe
Copy link
Owner

erebe commented Jan 15, 2020

Hello,

Sorry but I don't understand your question :'(
What is v2ray ?

@ghost
Copy link
Author

ghost commented Jan 15, 2020

v2ray is software to bypass China firewall. I want use your wstunnel, but need SO_MARK option. In C or Golang I can add SO_MARK to socket via setsockopt and routing it via ip rule. I cant find method to add it in Haskell, maybe u can help.

@erebe
Copy link
Owner

erebe commented Jan 16, 2020

It is not available in Haskell as it is dependent of the platform, SO_MARK exist only in Linux.
I can look if there is custom bypass, but I am not sure.

Out of curiosity how does v2ray works ? Why do you need ip rule to route the traffic ?

@ghost
Copy link
Author

ghost commented Jan 16, 2020

I combined VPN+v2ray on Android phone. Android use fwmark for internal routing and if I set v2ray fwmark to 0x20000 it can bypass Android VPN Service and connect directly to server. My VPN client connect via v2ray to destination server and all work.
VPN-Client -> v2ray-client -> (websocket traffic via Internet) -> v2ray-server -> VPN-Server

@erebe
Copy link
Owner

erebe commented Jan 16, 2020

Ok Thanks for the explanation :)
I will to look this week-end if it is possible to add SO_MARK

@erebe
Copy link
Owner

erebe commented Jan 20, 2020

I have a proto working, can you tell for which arch do you need the binary ? {x86, armv7, aarch64}

@ghost
Copy link
Author

ghost commented Jan 20, 2020

aarch64 :)

@erebe
Copy link
Owner

erebe commented Jan 21, 2020

ack, I will do a release tonight or tomorrow as I have to spawn somewhere an aarch64

@erebe
Copy link
Owner

erebe commented Jan 21, 2020

here we are, would you mind testing this release ?
https://github.com/erebe/wstunnel/releases/download/SO_MARK/wstunnel

@ghost
Copy link
Author

ghost commented Jan 21, 2020

@erebe sorry, i check commits and cant find where i need to set custom mark value, maybe commandline args or something else

@erebe
Copy link
Owner

erebe commented Jan 21, 2020
edited
Loading

it is on by default, so nothing to do normally if it is supported by the kernel. Your packet should be marked without anything extra

@ghost
Copy link
Author

ghost commented Jan 21, 2020

it need to be configured with some custom value, and via ip rule it will be detected by mark value and routed

@ghost
Copy link
Author

ghost commented Jan 21, 2020 

SO_MARK (since Linux 2.6.25)
              Set the mark for each packet sent through this socket (similar
              to the netfilter MARK target but socket-based).  Changing the
              mark can be used for mark-based routing without netfilter or
              for packet filtering.

@erebe
Copy link
Owner

erebe commented Jan 21, 2020
edited
Loading

The mark should be 1 for now (that's the value I passed to setSocketOption), before making it confirgurable I would like to see if it is even working on arm ;x

P.s: Sorry for the lack of explanation ;c

@ghost
Copy link
Author

ghost commented Jan 21, 2020

Tested now, think all work good. I set ip rule add pref 9000 from all fwmark 0x0/0x1 iif lo lookup wlan0 on my Android phone and your wstunnel+WireGuard working good, without ip rule it not working. In Android packets market 0x20000 can bypass Android VPN without routing rule add, so can u set it to 0x20000 (131072 in decimal) or add command line arg to set value (its preferable).
And one more feature request: in Haskell can you change SNI in ClientHello packet? If i need simulate connection to site whose domain is not mine i need modify my hosts file or inject DNS. It will be good if domain name can be set separated from wstunnel server IP.
Thanks 👍

@erebe
Copy link
Owner

erebe commented Jan 22, 2020

Going to add an option to configure the value.
Regarding the SNI, it has been asked several times already but I won't do it as it is too low lvl in the library I use, so I don't have access to it.
I can done if I fork the lib, but I would rather avoid doing that?

@erebe
Copy link
Owner

erebe commented Jan 22, 2020

Here we are, https://github.com/erebe/wstunnel/releases/download/v3.0/wstunnel-aarch64
You now have an option --soMark where you can put the value you want :)

If it is working for you, I would be glad if you have time to write a short page about your setup, so I can link it in the readme

@erebe
Copy link
Owner

erebe commented Feb 13, 2020

Ping @B1ohazard regarding à little explanation of your interesting setup. Just à paragraphe or 2 would be enough, I am sure it can be appreciated by à lot of other people :)

@erebe erebe closed this as completed Feb 24, 2020
@mokhtarabadi
Copy link

more information here https://stackoverflow.com/a/38764232
but this method needs root access on android devices, I have plan to develop a VPN based on wstunnel for android devices and I need some changes in wsocket I'll create an issue for that in the future (currently I don't know Haskell!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erebe @mokhtarabadi