[v3] slirp: add SOCKS5 support

[Qemu-devel] [PATCH v3 0/1] slirp: add SOCKS5 support

Laurent Vivier posted 1 patch 7 years ago

Diff against v1 v2 v4 v5
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20170403235636.5647-1-laurent@vivier.eu

Test checkpatch failed

Test docker failed

Test s390x passed

There is a newer version of this series

net/slirp.c         |  39 ++++++-
qapi-schema.json    |   9 ++
qemu-options.hx     |  11 ++
slirp/Makefile.objs |   2 +-
slirp/ip_icmp.c     |   2 +-
slirp/libslirp.h    |   3 +
slirp/slirp.c       |  68 ++++++++++-
slirp/slirp.h       |   6 +
slirp/socket.h      |   4 +
slirp/socks5.c      | 328 ++++++++++++++++++++++++++++++++++++++++++++++++++++
slirp/socks5.h      |  24 ++++
slirp/tcp_subr.c    |  22 +++-
slirp/udp.c         |   9 ++
slirp/udp6.c        |   8 ++
14 files changed, 524 insertions(+), 11 deletions(-)
create mode 100644 slirp/socks5.c
create mode 100644 slirp/socks5.h

Expand all Fold all

[Qemu-devel] [PATCH v3 0/1] slirp: add SOCKS5 support

Posted by Laurent Vivier 7 years ago

This patch implements the SOCKS5 client part for "-net user" backend.

It allows to route all internet traffic of the virtual machine
to a SOCKS5 server.

But all the local traffic (to the host) is sent to the host.
It is needed because this SOCKS5 client doesn't route UDP traffic,
and this allows to use the host DNS server.

I've tested this using public SOCKS5 proxy list found on the WEB, and
using TOR server on my host.

Used with TOR, all the TCP connections are sent to the TOR network and
this allows to insert a virtual machine directly in the TOR network
without needing more configuration in the virtual machine.

But be aware that all DNS requests will be sent to the host that can
forward them to internet with its own IP address. So confidentiality
will not be as good as with the TOR browser which hides in the TOR
network all the DNS requests.

If you want to test this:

- with a public SOCKS5 server, ask google for "socks5 proxy address"
  and start QEMU with, for instance:

  qemu-system-x86_64 -net nic,model=e1000 -net user,proxy-server=46.105.121.37:63066 ...

  if needed, you can provide user/password using secret objects framework:
  "-object secret,id=sec0,data=password,format=raw \
   -net user,...,proxy-user=user,proxy-secretid=sec0"

- with a local TOR proxy:

  sudo systemctl start tor
  qemu-system-x86_64 -net nic,model=e1000 -net user,proxy-server=localhost:9050 ...

You can check your IP address is the one of the proxy by connecting
to http://check.torproject.org with a browser inside the VM.

v3:
  - rewrite SOCKS5 functions from scratch and drop code from nmap/ncat
  - don't drop the IPv6 UDP local traffic
  - don't pass to the proxy the IPv6 TCP local traffic
  - add some comments...

v2:
  - use secret objects framework to provide password
  - add documentation for new parameters in qapi-schema.json
  - s/passwd/password/g
  - I didn't move proxy paramaters to a substruct as I didn't
    find a way to set them from the command line :(

Laurent Vivier (1):
  slirp: add SOCKS5 support

 net/slirp.c         |  39 ++++++-
 qapi-schema.json    |   9 ++
 qemu-options.hx     |  11 ++
 slirp/Makefile.objs |   2 +-
 slirp/ip_icmp.c     |   2 +-
 slirp/libslirp.h    |   3 +
 slirp/slirp.c       |  68 ++++++++++-
 slirp/slirp.h       |   6 +
 slirp/socket.h      |   4 +
 slirp/socks5.c      | 328 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 slirp/socks5.h      |  24 ++++
 slirp/tcp_subr.c    |  22 +++-
 slirp/udp.c         |   9 ++
 slirp/udp6.c        |   8 ++
 14 files changed, 524 insertions(+), 11 deletions(-)
 create mode 100644 slirp/socks5.c
 create mode 100644 slirp/socks5.h

-- 
2.9.3

Re: [Qemu-devel] [PATCH v3 0/1] slirp: add SOCKS5 support

Posted by no-reply@patchew.org 7 years ago

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v3 0/1] slirp: add SOCKS5 support
Type: series
Message-id: 20170403235636.5647-1-laurent@vivier.eu

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
50a5735 slirp: add SOCKS5 support

=== OUTPUT BEGIN ===
Checking PATCH 1/1: slirp: add SOCKS5 support...
ERROR: suspect code indent for conditional statements (4, 6)
#741: FILE: slirp/tcp_subr.c:428:
+    if (so->so_proxy_state) {
+      ret = socks5_connect(s, slirp->proxy_server, slirp->proxy_port,

total: 1 errors, 0 warnings, 687 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org