compilation

[capslock66]

Hi.
I work since 3 months on a reverse tethering program for android.

I have problem with the redsocks program .I want to forward UDP (DNS)
The packet send from redsocks is well received in my java program. (rfc1928-socks5.txt -> UDP ASSOCIATE)
I decode the stream (reserved2 frag1 addrType1 adrN port2 dataN) send by redsocks to remove the header and pass the buffer to my host .
Host respond correctly (with dns answer),
I add an header (reserved2 frag1 addrType1 adrN port2 dataN) and send back to redsocks.

I got this error in redsock log :
1320607466.643320 redudp.c:471 redudp_pkt_from_socks(...) [192.168.1.2:62473->127.0.0.1:9500]: Got packet from unexpected address 127.0.0.1:9500.

It seams that redudp_pkt_from_socks() don't parse the header correctly

if (memcmp(&udprelayaddr, &client->udprelayaddr, sizeof(udprelayaddr)) != 0) {
    char buf[INET6_ADDRSTRLEN];
    const char *addr = inet_ntop(udprelayaddr.sin_family, &udprelayaddr.sin_addr, buf, sizeof(buf));
    redudp_log_error(client, LOG_NOTICE, "Got packet from unexpected address %s:%u.",
                     addr ? addr : "?", ntohs(udprelayaddr.sin_port));
    return;
} 

So I would like to compile the library to add traces (client->udprelayaddr) to understand the problem.

The question is how to compile redsocks (for android) ???
I am a basically a windows developper.

I installed kunbuntu on a virtual machine to compile, but when I run 'make' I have this error :
utils.h:6:19: fatal error: event.h: No such file or directory

Libevent is required. Do I need to add an "include" tag somewhere with the correct path ?
Do I have to compile libevent first and how ?

Any help ???
Thanks in adance

[darkk]

First of all, I would like to mention, that when you forward UDP over Socks5 you still work via UDP.
TCP is used only as management channel in Socks5. Do you understand that?

Second. You'll need cross-compiler to compile redsocks for android. It includes gcc/binutils toolchain (it's probably shipped with android SDK) and headers for libevent.
I know, that http://code.google.com/p/sshtunnel/ did that, but they have not sent any patches to build redsocks for android as easy as "make".
You'll probably also have to build libevent using cross-compilation toolchain too.

Third. As soon as it does not look like bug in redsocks, it may be more productive to discuss the issue in mailing list - someone else beside me will be able to answer your questions. :)

[capslock66]

I think to well understand the Socks5 protocol.
TCP is not used here because only the DNS is forwarded to redsocks. No Tcp proxy server is started

here is the configuration file :
redudp {
local_ip = 127.0.0.1;
local_port = 8123;

// ip' andport' of socks5 proxy server.
ip = 127.0.0.1;
port = 1984;

dest_ip = 127.0.0.1;
dest_port = 9500;
}

This is the flow :

1. udp 53 is forwarded by iptables to redsock (port 8123) :
   iptables -t nat -A TETHER -p udp --dport 53 -j REDIRECT --to 8123
2. redsock first discuss with an Proxyserver (UDP port 1984) that returns the udp server port (udp port 9500) waiting for messages.
3. redsocks send the message to the real udp server (9500) wrapped with an header (reserved2 frag1 addrType1 adrN port2 dataN)
4. I send the message without the wrapper to the usb (TCP), processed by the host
5. Host resolve the query and return the answer to the USB and give it to the udp server
6. Udp server send message with header to redsocks (port xxx)
7. redsocks write an error to log : Got packet from unexpected address 127.0.0.1:9500

I am not sure is a bug or not, but what is correct adress/port ? :1984 or :9500 or :8123 in my case ?
Someone can build an android version that display "expected adress" ? ....

I will see how to use binutils toochain. That work on windows ?

I will also try to use the dnstc
dnstc {
local_ip = 127.0.0.1;
local_port = 5300;
}

I suppose that I have to forward udp 53 to redsocks port 5300 in place of 8123?
iptables -t nat -A TETHER -p udp --dport 53 -j REDIRECT --to 5300

Android should use TCP 53 after some times ?

[darkk]

Ok, my best guess is that your UDP ASSOCIATE reply is wrong.
Can you show me the code of your UDP ASSOCIATE reply?

Android NDK works on windows: http://developer.android.com/sdk/ndk/index.html

Dnstc will not probably work in your case, I'm almost sure that android will not fallback to TCP on truncated reply.
You can also try http://www.mulliner.org/collin/ttdnsd.php to wrap DNS requests into more sane form.

[capslock66]

Thanks for the suggestion. The UDP ASSOCIATE reply was wrong !!!! ,see step H)

For other peoples that want to understand how socks client - server work, here are some steps I followed :

STEP A) resocks parameter file. Only redudp section is interresting. I don't use redsocks section for now

base {
log_debug = on;
log_info = on;
log = "file:/data/data/service.tracetool/app_bin/log.txt";
daemon = on;
redirector = iptables;
}

redudp {
local_ip = 127.0.0.1;
local_port = 8123;

// ip' andport' of socks5 proxy server.
ip = 127.0.0.1;
port = 1984;

dest_ip = 127.0.0.1;
dest_port = 9500;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 8124;
ip = 127.0.0.1;
port = 1985;
type = socks5;
}

//dnstc {
// local_ip = 127.0.0.1;
// local_port = 5300;
//}

STEP B) Iptables

iptables -t nat -N TETHER

iptables -t nat -A TETHER -j LOG --log-uid --log-level debug --log-prefix "MYPREROUTING " --log-ip-options

iptables -t nat -A TETHER -p udp --dport 53 -j REDIRECT --to 8123

iptables -t nat -A OUTPUT -j TETHER

DNS is then send to redudp port 8123

STEP C) DNS send a query

redudp receive it on port 8123

STEP D) resocks connect to my TCP server (not udp) on port 1984.

Local port is random (58148)

STEP E) resocks send first packet (startSession)

data : 05 01 00

-> VER5 , 1 method , method 0

STEP F) server response

data : 05 00

-> VER5 , use method 0 (AuthenticatorNone)

STEP G) resocks send SOCKS_CMD_UDP_ASSOCIATE

data : 05 03 00 01 00 00 00 00 00 00

-> VER5 , Command3 (UDP_ASSOCIATE) , reserved0 , addrType1 , adress (00 00 00 00) , port (00 00)
from rfc1928-socks5 : The DST.ADDR and DST.PORT fields contain the address and port that the client expects
to use to send UDP datagrams on for the association.
So I think that resocks sould reply later dns result to 0.0.0.0:0
Strange ?

STEP H) My server send the UDP relay adress

from rfc1928-socks5 :In the reply to a UDP ASSOCIATE request, the BND.PORT and BND.ADDR
fields indicate the port number/address where the client MUST send
UDP request messages to be relayed.
data : 05 00 00 01 00 00 00 00 25 1C
-> VER5 , SOCKS_SUCCESS(0) , reserved0 , adress (0.0.0.0), port (9500)

-> This was my error : I used the 0.0.0.0 adress
Here is the good one :
data : 05 00 00 01 7F 00 00 01 25 1C

->VER5 , SOCKS_SUCCESS(0) , reserved0 , adress (127.0.0.1), port (9500)

STEP I) redsocks send the datagram with an header

Data : 00 00 00 01 7F 00 00 01 25 1C 01 95 01 00 00 01 00 00 00 00 00 00 03 77 77 77 06 67 6F 6F ...
-> reserved (00 00) , frag (00) , addrType (1) , adress (127.0.0.1) , port (9500) , data (dns query)

STEP J) relay process the DNS query and replay to resocks

Data : 00 00 00 01 7F 00 00 01 25 1C 01 95 81 80 00 01 00 07 00 00 00 00 03 77 77 77 06 67 6F 6F ...
-> reserved (00 00) , frag (00) , addrType (1) , adress (127.0.0.1) , port (9500) , data (dns query)

from rfc1928-socks5 :When a UDP relay server receives a reply datagram from a remote host, it
MUST encapsulate that datagram using the above UDP request header,
and any authentication-method-dependent encapsulation.

I am not sure what to put in adress and port, so I put the same value as the request. Just the data is different.

[darkk]

That's great that you've learned some bits of Socks5 protocol, but... I think, it is easier to rely on conntrack to do address rewriting and REDIRECT UDP packet directly to your application, that implements DNS over USB :)

Just FYI.