Search: “sniproxy debian”

We found 4 results for your search.

Build SNIProxy Debian Package for EdgeRouter

Post author By sskaje
Post date November 15, 2016
No Comments on Build SNIProxy Debian Package for EdgeRouter

SNIProxy的最新版0.4.0，上一次提交已经很久以前了，建议直接使用github库里的代码。官方github：https://github.com/dlundquist/sniproxy 我的fork：https://github.com/sskaje/sniproxy 如前文所说，Debian Wheezy已经LTS了，所以从依赖开始。不过，我没有去配交叉编译的环境，而是直接qemu装了两个虚拟机，一个mips（给EdgeRouter Lite），一个mipsel（给EdgeRouter X），具体方法可以参考之前的blog：Install Debian MIPS and Debian PowerPC on OSX。好处是，闭着眼睛就可以配构件环境；坏处是，慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢慢到死了。以mips为例，mipsel一模一样。构件环境不说了。先编译 libudns。 udns的官方包里没有debian的打包配置，所以我直接从debian官方包列表的链接里下载，下载地址在：https://packages.debian.org/source/sid/udns 三个文件都下，用到的是两个tarball。

# tar xvf udns-0.4.tar.gz 
# cd udns-0.4/
# tar xvf ../udns_0.4-1.debian.tar.gz 
# dpkg-buildpackage -us -uc

# tar xvf udns-0.4.tar.gz

# cd udns-0.4/

# tar xvf ../udns_0.4-1.debian.tar.gz

# dpkg-buildpackage -us -uc

按上述命令执行完之后，deb包会出现在上一级目录，生成的文件包括： libudns0_0.4-1_mips.deb libudns-dev_0.4-1_mips.deb udns-utils_0.4-1_mips.deb udns_0.4-1_mips.changes 其中，libudns-dev_0.4-1_mips.deb 直接安装在开发环境，libudns0_0.4-1_mips.deb 装在路由上。

dpkg -i libudns-dev_0.4-1_mips.deb

1	dpkg -i libudns-dev_0.4-1_mips.deb

然后编译sniproxy git clone 之后，同样进目录执行

dpkg-buildpackage -us -uc

1	dpkg-buildpackage -us -uc

Link to this post!

Tags debian, debian mips, debian mipsel, debian sniproxy, libudns, libudns mips, libudns mipsel, libudns0 mips, libudns0 mipsel, mips sniproxy, mipsel sniproxy, sniproxy, sniproxy debian, sniproxy mips, sniproxy mipsel, udns

Linux Network UBNT 工具、命令杂七杂八笔记路由、设备项目、研究

基于SNIProxy的路由端网络流量定制分发方案

标题感觉很高大上，其实写得乱七八糟。前序文章： SNIProxy Bind Outgoing Interface Build SNIProxy Debian Package for EdgeRouter Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy 不急，上边三篇可能会在本文内提及。首先，sniproxy不解释了，但是如标题所属，sniproxy的版本不支持我要的功能，所以我就fork然后改了。具体思路参考上述第一个链接。接下来，直接进入正题。按之前的玩法，我使用路由表来控制流量。这是一个很典型，也很正确的做法；但是也是一个很不好用的玩法。参考文章：Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite, EdgeOS PPTP VPN客户端配置 PS：我维护了一份自己的路由表，地址在 https://ip.rst.im/blocks/sskaje 为了让定制化程度高一些，我配了一个Socks代理，实际上是在vpn对端配置的，本地路由做了个DNAT，转发过去了。这样我就可以用firefox＋foxyproxy实现本地定制化规则。参考文章：UBNT VPN + Socks5 代理和 Set up dante-server on Ubuntu 后来考虑到上述用起来麻烦，又趁着回老家的时候，在家里的ac68u merlin上实践了下WPAD，不过没有在自己家里的edgerouter上搞。参考文章：Setup WPAD on Asus […]

Tags edgerouter, sniproxy, ubnt

Linux Network UBNT 工具、命令杂七杂八笔记路由、设备

SNIProxy Bind Outgoing Interface

Post author By sskaje
Post date November 18, 2016
No Comments on SNIProxy Bind Outgoing Interface

这篇纯技术，没兴趣的别看。关于需求最早试图用路由器自带的功能去实现sni检测＋自动路由，结果发现edgerouter的dpi没开放太多资料。再又试图用squid去实现正向代理，绑定上行网络地址或者设备，虽然edgerouter自带squid以实现transparent proxy，但是自带版本SNI检测不支持（新版不知），绑定upstream的地址或者设备也没看到有人说支持。又考虑过haproxy，但是这个必须自己写backend（似乎可以haproxy + squid，没去实践过，至少haproxy的acl要写好长；而且这个组合里haproxy都可以直接被跳过，反正有DNAT也有DNS劫持）。从上边的方案思考过程，我觉得应该能看懂我想要什么。关于实现选用sniproxy，也算偶然。虽然之前vps上实验sni检测＋代理的时候，大概看了眼（但是最后还是选了haproxy）。不过最后选这个的重要原因就是好改 XD 官方github在https://github.com/dlundquist/sniproxy。先考虑的方案是，通过socket上联时绑定客户端IP。本身支持上行设置请求的源地址，大致实现代码在 connection.c：

    if (con->listener->source_address) {
        int on = 1;
        setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));

        int result = 0;
        int tries = 5;
        do {
            result = bind(sockfd,
                    address_sa(con->listener->source_address),
                    address_sa_len(con->listener->source_address));
        } while (tries-- > 0
                && result < 0
                && errno == EADDRINUSE
                && address_port(con->listener->source_address) == 0);
        if (result < 0) {
            err("bind failed: %s", strerror(errno));
            close(sockfd);
            abort_connection(con);
            return;
        }
    }

if (con->listener->source_address) {

int on = 1;

setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));

int result = 0;

int tries = 5;

do {

result = bind(sockfd,

address_sa(con->listener->source_address),

address_sa_len(con->listener->source_address));

} while (tries-- > 0

&& result < 0

&& errno == EADDRINUSE

&& address_port(con->listener->source_address) == 0);

if (result < 0) {

err("bind failed: %s", strerror(errno));

close(sockfd);

abort_connection(con);

return;

}

但是经过试验，配置source address后，数据包还是会根据路由上的路由表跳到域名解析IP该走的那个网络。所以，这个方案是不满足我的要求的。如果绑定IP不行，那就试试绑定设备。绑定IP的方案的可行性，很早以前跟同学Windows下讨论一个客户端设计的时候验证过；但是绑定设备的，完全没搞过。现查。然后查到了 SO_BINDTODEVICE。 SO_BINDTODEVICE Bind this socket to a particular device like “eth0”, as specified in the passed interface name. If the name is an empty string or the option length is zero, […]

Tags IP_SENDIF, sniproxy, SO_BINDTODEVICE

Hadoop相关 Linux Network UBNT 工具、命令路由、设备

Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy

Post author By sskaje
Post date November 15, 2016
No Comments on Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy

EdgerRouter Lite和EdgerRouter X使用的固件版本 1.9.0 是基于debian wheezy的，但是debian wheezy现在已经进入LTS了，mips和mipsel不在官方的维护架构里，以至于现在无法使用官方的apt更新debian-security，而且在ubnt的路由上，安装很多开发库都没法搞了。 EdgerRoute Lite 使用的是mips64，debian源里需要用 mips 的包；而 EdgeRoute X 使用的是mipsel。使用lscpu看CPU的信息： EdgeRouter Lite

Architecture:          mips64
Byte Order:            Big Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             2
L1d cache:             16K
L1i cache:             32K
L2 cache:              128K

Architecture: mips64

Byte Order: Big Endian

CPU(s): 2

On-line CPU(s) list: 0,1

Thread(s) per core: 1

Core(s) per socket: 1

Socket(s): 2

L1d cache: 16K

L1i cache: 32K

L2 cache: 128K

EdgeRouter X

Architecture:          mips
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1

Architecture: mips

Byte Order: Little Endian

CPU(s): 4

On-line CPU(s) list: 0-3

Thread(s) per core: 2

Core(s) per socket: 2

Socket(s): 1

准备编译libudns和sniproxy 待补充。我已经把构建好的包发到了 http://dl.sskaje.me/debian/。 SSH登录ER

ubnt@ubnt:~$ sudo su
root@ubnt:/home/ubnt# cd /tmp/
root@ubnt:/tmp#

ubnt@ubnt:~$ sudo su

root@ubnt:/home/ubnt# cd /tmp/

root@ubnt:/tmp#

下载软件 EdgeRouter Lite 请使用mips

# 下载编译好的mips库
wget http://dl.sskaje.me/debian/mips/libudns0_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/udns-utils_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/sniproxy_0.4.0_mips.deb
# 下载 libev4
wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mips.deb

# 下载编译好的mips库

wget http://dl.sskaje.me/debian/mips/libudns0_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/udns-utils_0.4-1_mips.deb http://dl.sskaje.me/debian/mips/sniproxy_0.4.0_mips.deb

# 下载 libev4

wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mips.deb

EdgeRouter X 请使用mipsel

# 下载编译好的mipsel库
wget http://dl.sskaje.me/debian/mipsel/libudns0_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/udns-utils_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/sniproxy_0.4.0_mipsel.deb
# 下载 libev4 
wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mipsel.deb

# 下载编译好的mipsel库

wget http://dl.sskaje.me/debian/mipsel/libudns0_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/udns-utils_0.4-1_mipsel.deb http://dl.sskaje.me/debian/mipsel/sniproxy_0.4.0_mipsel.deb

# 下载 libev4

wget https://ftp2.cn.debian.org/debian/pool/main/libe/libev/libev4_4.11-1_mipsel.deb

安装

root@ubnt:/tmp# dpkg -i *.deb
(Reading database ... 37513 files and directories currently installed.)
Preparing to replace libev4 1:4.11-1 (using libev4_4.11-1_mips.deb) ...
Unpacking replacement libev4 ...
Selecting previously unselected package libudns0:mips.
Unpacking libudns0:mips (from libudns0_0.4-1_mips.deb) ...
Selecting previously unselected package sniproxy.
Unpacking sniproxy (from sniproxy_0.4.0_mips.deb) ...
Selecting previously unselected package udns-utils.
Unpacking udns-utils (from udns-utils_0.4-1_mips.deb) ...
Setting up libev4 (1:4.11-1) ...
Setting up libudns0:mips (0.4-1) ...
Setting up sniproxy (0.4.0) ...
Setting up udns-utils (0.4-1) ...

root@ubnt:/tmp# dpkg -i *.deb

(Reading database ... 37513 files and directories currently installed.)

Preparing to replace libev4 1:4.11-1 (using libev4_4.11-1_mips.deb) ...

Unpacking replacement libev4 ...

Selecting previously unselected package libudns0:mips.

Unpacking libudns0:mips (from libudns0_0.4-1_mips.deb) ...

Selecting previously unselected package sniproxy.

Unpacking sniproxy (from sniproxy_0.4.0_mips.deb) ...

Selecting previously unselected package udns-utils.

Unpacking udns-utils (from udns-utils_0.4-1_mips.deb) ...

Setting up libev4 (1:4.11-1) ...

Setting up libudns0:mips (0.4-1) ...

Setting up sniproxy (0.4.0) ...

Setting up udns-utils (0.4-1) ...

配置请参考官方文档。按我的需求，官方的功能没法满足，所以我对官方的源码做了一些改动，具体可见 https://github.com/sskaje/sniproxy。使用首先修改 /etc/default/sniproxy，这样才可以使用init的脚本启动

# Defaults for sniproxy initscript

# This file has two functions:
# 1) to completely disable starting sniproxy,
# 2) to select an alternative config file
#    by setting DAEMON_ARGS to -c <file>

# Additional options that are passed to the Daemon.
DAEMON_ARGS="-c /etc/sniproxy.conf"

# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.
ENABLED=1

# Defaults for sniproxy initscript

# This file has two functions:

# 1) to completely disable starting sniproxy,

# 2) to select an alternative config file

# by setting DAEMON_ARGS to -c <file>

# Additional options that are passed to the Daemon.

DAEMON_ARGS="-c /etc/sniproxy.conf"

# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.

ENABLED=1

启动

/etc/init.d/sniproxy start

1	/etc/init.d/sniproxy start

Incoming search terms:adult2sychosenvgredgerouter sniproxyfather8v7flies8stluckrcfqueenn3nsafeibatears72uunknowngx9Link to this […]