Prayer does not change God, but it changes him who prays.
nobles5e / cproxy Goto Github PK
View Code? Open in Web Editor NEWEasy per application transparent proxy built on cgroup.
License: GNU Affero General Public License v3.0
Easy per application transparent proxy built on cgroup.
License: GNU Affero General Public License v3.0
So that we can use a different dns server instead of /etc/resolv.conf
in the proxied process.
curl wget 无法正常支持
$ curl -x 127.0.0.1:8888 ip.sb
91.200.242.210
$ sudo ./cproxy --port 8888 -- curl ip.sb
Bad Request
$ sudo ./cproxy --port 8888 -- wget google.com
--2022-10-14 15:56:45-- http://google.com/
Resolving google.com (google.com)... 142.250.204.142, 2404:6800:4005:80e::200e
Connecting to google.com (google.com)|142.250.204.142|:80... connected.
HTTP request sent, awaiting response... 400 Bad Request
2022-10-14 15:56:45 ERROR 400: Bad Request.
Error info :
└─# ./.cargo/bin/cproxy --port 60080 --redirect-dns -- bash
iptables v1.8.5 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain nozomi_tproxy_out_2556086
Error: iptables -t nat -A nozomi_tproxy_out_2556086 -p tcp -m cgroup --path cproxy-2556086 -j REDIRECT --to-ports 60080 exit with 4
┌──(root💀kali)-[/home/kali]
└─# iptables -t nat -nvL 1 ⨯
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
465 106K DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
0 0 nozomi_tproxy_out_2556086 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain nozomi_tproxy_out_2556086 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 cgroup 2556086 redir ports 60080
my system info:
└─# uname -a
Linux kali 5.9.0-kali1-amd64 #1 SMP Debian 5.9.1-1kali2 (2020-10-29) x86_64 GNU/Linux
└─# ./.cargo/bin/cproxy --version
cproxy 4.1.2
└─# iptables --version
iptables v1.8.5 (nf_tables)
Thanks for this awesome repo! I wonder if this app support proxy on another machine, such as a router on the same lan?
It'll be like:
curl ifconfig.me --interface eth1
With cproxy1:
cproxy --interface eth1 -- curl ifconfig.me
跟clash的redir-port无法打通
clash的redir-port和tproxy是等同的吗?
I've encountered iptables errors recently:
$ cproxy mpv xxxx
Error: Running ["iptables", "-t", "nat", "-N", "nozomi_redirect_out_23962"] exited with error; status code: 111
It may be related to a change introduced in iptables 1.8.8, that iptables cannot be called by a setuid executable. See https://git.netfilter.org/iptables/commit/?id=ef7781eb1437a2d6fd37eb3567c599e3ea682b96
I'm not sure how to deal with it, but I think Linux capabilities is an option.
It seems that cproxy is not supporting IPv6 proxying?
$uname -a
Linux LightgrayBleak-VM 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$iptables -V
iptables v1.8.4 (legacy)
$ls /sys/fs/cgroup/
blkio cpuacct cpuset freezer memory net_cls,net_prio perf_event rdma unified
cpu cpu,cpuacct devices hugetlb net_cls net_prio pids systemd
$cproxy --port 59999 --mode tproxy -- curl 1.1.1.1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { kind: RemoveFailed, cause: Some(Os { code: 16, kind: ResourceBusy, message: "Resource busy" }) }', src/guards.rs:41:26
stack backtrace:
0: 0x7fb3eb0bfea0 - std::backtrace_rs::backtrace::libunwind::trace::hb16dbf761681cfc0
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
1: 0x7fb3eb0bfea0 - std::backtrace_rs::backtrace::trace_unsynchronized::h53bc5f57122de54d
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x7fb3eb0bfea0 - std::sys_common::backtrace::_print_fmt::h7e86959aa36cde43
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:67:5
3: 0x7fb3eb0bfea0 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hf42958820747a8ac
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:46:22
4: 0x7fb3eb0f96ac - core::fmt::write::h6f5ededa5074697e
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/fmt/mod.rs:1115:17
5: 0x7fb3eb0bd375 - std::io::Write::write_fmt::hdb84dc6c28fda870
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/io/mod.rs:1665:15
6: 0x7fb3eb0c21cb - std::sys_common::backtrace::_print::hbb646398d13d0dcb
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:49:5
7: 0x7fb3eb0c21cb - std::sys_common::backtrace::print::ha3796c9cf0c5a732
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:36:9
8: 0x7fb3eb0c21cb - std::panicking::default_hook::{{closure}}::hb85a09d7e9a16432
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:208:50
9: 0x7fb3eb0c1ca1 - std::panicking::default_hook::hdc924e74cb190bbb
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:225:9
10: 0x7fb3eb0c2894 - std::panicking::rust_panic_with_hook::hd63b080e78590a80
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:622:17
11: 0x7fb3eb0c2377 - std::panicking::begin_panic_handler::{{closure}}::h27bfba1f7e931f90
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:519:13
12: 0x7fb3eb0c033c - std::sys_common::backtrace::__rust_end_short_backtrace::h2cc025f6c95b1f82
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:141:18
13: 0x7fb3eb0c22d9 - rust_begin_unwind
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:515:5
14: 0x7fb3eaf32081 - core::panicking::panic_fmt::h9f5a85773697c5f5
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/panicking.rs:92:14
15: 0x7fb3eaf32173 - core::result::unwrap_failed::h43465fb8e3273283
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/result.rs:1599:5
16: 0x7fb3eaf33c3a - <cproxy::guards::CGroupGuard as core::ops::drop::Drop>::drop::he0f5772e67446932
17: 0x7fb3eaf723dd - core::ptr::drop_in_place<cproxy::guards::TProxyGuard>::h5bc32170f22a3d77
18: 0x7fb3eaf75398 - cproxy::main::h7becfa773d4442f6
19: 0x7fb3eaf77e53 - std::sys_common::backtrace::__rust_begin_short_backtrace::h51261908630a884f
20: 0x7fb3eaf65f9d - std::rt::lang_start::{{closure}}::h670ee57be18ae9fa
21: 0x7fb3eb0c2cf0 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h5edb75ac3af12064
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/ops/function.rs:259:13
22: 0x7fb3eb0c2cf0 - std::panicking::try::do_call::h4398f4e6da05592f
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:401:40
23: 0x7fb3eb0c2cf0 - std::panicking::try::h3fe03463ab3f9a9d
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:365:19
24: 0x7fb3eb0c2cf0 - std::panic::catch_unwind::h3f31a496b3e5f0e5
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panic.rs:434:14
25: 0x7fb3eb0c2cf0 - std::rt::lang_start_internal::{{closure}}::h24e3f631c8bb6bd5
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/rt.rs:45:48
26: 0x7fb3eb0c2cf0 - std::panicking::try::do_call::h9268f45ee0925288
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:401:40
27: 0x7fb3eb0c2cf0 - std::panicking::try::he93fcdbaacc3daf7
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:365:19
28: 0x7fb3eb0c2cf0 - std::panic::catch_unwind::hca9f2323bf3773b4
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panic.rs:434:14
29: 0x7fb3eb0c2cf0 - std::rt::lang_start_internal::hfee0032b3594c35b
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/rt.rs:45:20
30: 0x7fb3eaf75872 - main
举例局域网内已经有socks5代理 10.0.0.5:1080
是否可以增加选项使用局域网已有的这个socks5代理服务器?
例如使用格式是:
cproxy --ip 10.0.0.5 --port 1080 --redirect-dns --
谢谢!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.