Search Results for sniproxy debian

Build SNIProxy Debian Package for EdgeRouter

SNIProxy的最新版0.4.0，上一次提交已经很久以前了，建议直接使用github库里的代码。官方github：https://github.com/dlundquist/sniproxy 我的fork：https://github.com/sskaje/sniproxy 如前文所说，Debian Wheezy已经LTS了，所以从依赖开始。不过，我没有去配交叉编译的环境，而是直接qemu装了两个虚拟机，一个mips（给EdgeRouter Lite），一个mipsel（给EdgeRouter X），具体方法可以参考之前的blog：Install Debian MIPS and Debian PowerPC on OSX。好处是，闭着眼睛就可以配构件环境；坏处是，慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢到死了。以mips为例，mipsel一模一样。构件环境不说了。先编译 libudns。 udns的官方包里没有debian的打包配置，所以我直接从debian官方包列表的链接里下载，下载地址在：https://packages.debian.org/source/sid/udns 三个文件都下，用到的是两个tarball。

# tar xvf udns-0.4.tar.gz 
# cd udns-0.4/
# tar xvf ../udns_0.4-1.debian.tar.gz 
# dpkg-buildpackage -us -uc

# tar xvf udns-0.4.tar.gz

# cd udns-0.4/

# tar xvf ../udns_0.4-1.debian.tar.gz

# dpkg-buildpackage -us -uc

按上述命令执行完之后，deb包会出现在上一级目录，生成的文件包括： libudns0_0.4-1_mips.deb libudns-dev_0.4-1_mips.deb udns-utils_0.4-1_mips.deb udns_0.4-1_mips.changes 其中，libudns-dev_0.4-1_mips.deb 直接安装在开发环境，libudns0_0.4-1_mips.deb 装在路由上。

dpkg -i libudns-dev_0.4-1_mips.deb

1	dpkg -i libudns-dev_0.4-1_mips.deb

然后编译sniproxy git clone 之后，同样进目录执行

dpkg-buildpackage -us -uc

1	dpkg-buildpackage -us -uc

Incoming search terms:labory99libudnspackages for edgerouterquietly4mjsniproxy debianubuntu systemd sniproxyLink to this post!

基于SNIProxy的路由端网络流量定制分发方案

标题感觉很高大上，其实写得乱七八糟。前序文章： SNIProxy Bind Outgoing Interface Build SNIProxy Debian Package for EdgeRouter Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy 不急，上边三篇可能会在本文内提及。首先，sniproxy不解释了，但是如标题所属，sniproxy的版本不支持我要的功能，所以我就fork然后改了。具体思路参考上述第一个链接。接下来，直接进入正题。按之前的玩法，我使用路由表来控制流量。这是一个很典型，也很正确的做法；但是也是一个很不好用的玩法。参考文章：Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite, EdgeOS PPTP VPN客户端配置 PS：我维护了一份自己的路由表，地址在 https://ip.rst.im/blocks/sskaje 为了让定制化程度高一些，我配了一个Socks代理，实际上是在vpn对端配置的，本地路由做了个DNAT，转发过去了。这样我就可以用firefox＋foxyproxy实现本地定制化规则。参考文章：UBNT VPN + Socks5 代理和 Set up dante-server on Ubuntu 后来考虑到上述用起来麻烦，又趁着回老家的时候，在家里的ac68u merlin上实践了下WPAD，不过没有在自己家里的edgerouter上搞。参考文章：Setup WPAD on Asus … Continue reading “基于SNIProxy的路由端网络流量定制分发方案”

SNIProxy Bind Outgoing Interface

这篇纯技术，没兴趣的别看。关于需求最早试图用路由器自带的功能去实现sni检测＋自动路由，结果发现edgerouter的dpi没开放太多资料。再又试图用squid去实现正向代理，绑定上行网络地址或者设备，虽然edgerouter自带squid以实现transparent proxy，但是自带版本SNI检测不支持（新版不知），绑定upstream的地址或者设备也没看到有人说支持。又考虑过haproxy，但是这个必须自己写backend（似乎可以haproxy + squid，没去实践过，至少haproxy的acl要写好长；而且这个组合里haproxy都可以直接被跳过，反正有DNAT也有DNS劫持）。从上边的方案思考过程，我觉得应该能看懂我想要什么。关于实现选用sniproxy，也算偶然。虽然之前vps上实验sni检测＋代理的时候，大概看了眼（但是最后还是选了haproxy）。不过最后选这个的重要原因就是好改 XD 官方github在https://github.com/dlundquist/sniproxy。先考虑的方案是，通过socket上联时绑定客户端IP。本身支持上行设置请求的源地址，大致实现代码在 connection.c：

    if (con->listener->source_address) {
        int on = 1;
        setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));

        int result = 0;
        int tries = 5;
        do {
            result = bind(sockfd,
                    address_sa(con->listener->source_address),
                    address_sa_len(con->listener->source_address));
        } while (tries-- > 0
                && result < 0
                && errno == EADDRINUSE
                && address_port(con->listener->source_address) == 0);
        if (result < 0) {
            err("bind failed: %s", strerror(errno));
            close(sockfd);
            abort_connection(con);
            return;
        }
    }

if (con->listener->source_address) {

int on = 1;

setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));

int result = 0;

int tries = 5;

do {

result = bind(sockfd,

address_sa(con->listener->source_address),

address_sa_len(con->listener->source_address));

} while (tries-- > 0

&& result < 0

&& errno == EADDRINUSE

&& address_port(con->listener->source_address) == 0);

if (result < 0) {

err("bind failed: %s", strerror(errno));

close(sockfd);

abort_connection(con);

return;

}

但是经过试验，配置source address后，数据包还是会根据路由上的路由表跳到域名解析IP该走的那个网络。所以，这个方案是不满足我的要求的。如果绑定IP不行，那就试试绑定设备。绑定IP的方案的可行性，很早以前跟同学Windows下讨论一个客户端设计的时候验证过；但是绑定设备的，完全没搞过。现查。然后查到了 SO_BINDTODEVICE。 SO_BINDTODEVICE Bind this socket to a particular device like “eth0”, as specified in the passed interface name. If the name is an empty string or the option length is zero, … Continue reading “SNIProxy Bind Outgoing Interface”

Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy

EdgerRouter Lite和EdgerRouter X使用的固件版本 1.9.0 是基于debian wheezy的，但是debian wheezy现在已经进入LTS了，mips和mipsel不在官方的维护架构里，以至于现在无法使用官方的apt更新debian-security，而且在ubnt的路由上，安装很多开发库都没法搞了。 EdgerRoute Lite 使用的是mips64，debian源里需要用 mips 的包；而 EdgeRoute X 使用的是mipsel。使用lscpu看CPU的信息： EdgeRouter Lite

Architecture:          mips64
Byte Order:            Big Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             2
L1d cache:             16K
L1i cache:             32K
L2 cache:              128K

Architecture: mips64

Byte Order: Big Endian

CPU(s): 2

On-line CPU(s) list: 0,1

Thread(s) per core: 1

Core(s) per socket: 1

Socket(s): 2

L1d cache: 16K

L1i cache: 32K

L2 cache: 128K

EdgeRouter X

Architecture:          mips
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1

Architecture: mips

Byte Order: Little Endian

CPU(s): 4

On-line CPU(s) list: 0-3

Thread(s) per core: 2

Core(s) per socket: 2

Socket(s): 1

准备编译libudns和sniproxy 待补充。我已经把构建好的包发到了 http://dl.sskaje.me/debian/。 SSH登录ER

ubnt@ubnt:~$ sudo su
root@ubnt:/home/ubnt# cd /tmp/
root@ubnt:/tmp#

ubnt@ubnt:~$ sudo su

root@ubnt:/home/ubnt# cd /tmp/

root@ubnt:/tmp#

下载软件 EdgeRouter Lite 请使用mips

# 下载编译好的mips库
wget http://dl.sskaje.me/debian/mips/libudns0_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/udns-utils_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/sniproxy_0.4.0_mips.deb
# 下载 libev4
wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mips.deb

# 下载编译好的mips库

wget http://dl.sskaje.me/debian/mips/libudns0_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/udns-utils_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/sniproxy_0.4.0_mips.deb

# 下载 libev4

wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mips.deb

EdgeRouter X 请使用mipsel

# 下载编译好的mipsel库
wget http://dl.sskaje.me/debian/mipsel/libudns0_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/udns-utils_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/sniproxy_0.4.0_mipsel.deb
# 下载 libev4 
wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mipsel.deb

# 下载编译好的mipsel库

wget http://dl.sskaje.me/debian/mipsel/libudns0_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/udns-utils_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/sniproxy_0.4.0_mipsel.deb

# 下载 libev4

wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mipsel.deb

安装

root@ubnt:/tmp# dpkg -i *.deb
(Reading database ... 37513 files and directories currently installed.)
Preparing to replace libev4 1:4.11-1 (using libev4_4.11-1_mips.deb) ...
Unpacking replacement libev4 ...
Selecting previously unselected package libudns0:mips.
Unpacking libudns0:mips (from libudns0_0.4-1_mips.deb) ...
Selecting previously unselected package sniproxy.
Unpacking sniproxy (from sniproxy_0.4.0_mips.deb) ...
Selecting previously unselected package udns-utils.
Unpacking udns-utils (from udns-utils_0.4-1_mips.deb) ...
Setting up libev4 (1:4.11-1) ...
Setting up libudns0:mips (0.4-1) ...
Setting up sniproxy (0.4.0) ...
Setting up udns-utils (0.4-1) ...

root@ubnt:/tmp# dpkg -i *.deb

(Reading database ... 37513 files and directories currently installed.)

Preparing to replace libev4 1:4.11-1 (using libev4_4.11-1_mips.deb) ...

Unpacking replacement libev4 ...

Selecting previously unselected package libudns0:mips.

Unpacking libudns0:mips (from libudns0_0.4-1_mips.deb) ...

Selecting previously unselected package sniproxy.

Unpacking sniproxy (from sniproxy_0.4.0_mips.deb) ...

Selecting previously unselected package udns-utils.

Unpacking udns-utils (from udns-utils_0.4-1_mips.deb) ...

Setting up libev4 (1:4.11-1) ...

Setting up libudns0:mips (0.4-1) ...

Setting up sniproxy (0.4.0) ...

Setting up udns-utils (0.4-1) ...

配置请参考官方文档。按我的需求，官方的功能没法满足，所以我对官方的源码做了一些改动，具体可见 https://github.com/sskaje/sniproxy。使用首先修改 /etc/default/sniproxy，这样才可以使用init的脚本启动

# Defaults for sniproxy initscript

# This file has two functions:
# 1) to completely disable starting sniproxy,
# 2) to select an alternative config file
#    by setting DAEMON_ARGS to -c <file>

# Additional options that are passed to the Daemon.
DAEMON_ARGS="-c /etc/sniproxy.conf"

# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.
ENABLED=1

# Defaults for sniproxy initscript

# This file has two functions:

# 1) to completely disable starting sniproxy,

# 2) to select an alternative config file

# by setting DAEMON_ARGS to -c <file>

# Additional options that are passed to the Daemon.

DAEMON_ARGS="-c /etc/sniproxy.conf"

# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.

ENABLED=1

启动

/etc/init.d/sniproxy start

1	/etc/init.d/sniproxy start

Incoming search terms:ubnt edgerouter x串口edgerouter教學wireguard ubiquitirock1j2rangejpenewsphqmomenttlaincludev86finestlsqfierce97zfellow2oqasznledgerouter … Continue reading “Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy”