net-reflow / reflow Goto Github PK

I have been experimenting with tokio-async-await in the last few days. Async/await works now. Existing futures combinators can be replaced with async blocks incrementally. It makes the control flow much clearer and some implementations of Future can be replaced with a simple async fn. I'm working to convert most of usage of combinators in this crate to async/await. A pull request should be ready in a few days.

if connect to shadowsocks directly using chrome, it works, but if using this config, not work

egress privacyproxy = socks5 127.0.0.1:1080

relay {
 rule=mytrafficrule
 listen=socks5 127.0.0.1:1081
 resolver=udp 1.1.1.1:53
}

rule mytrafficrule= any[
    cond domain {
      secret-sites => privacyproxy
      adservers => reset
    }
    direct
]

I'm using socks5 proxy exported by Tor, which use remote DNS resolution under normal situation.
But I can't use the DNS service provided by Tor in reflow config.

ERROR reflow::relay::listen::socks: error handling client No address found for domain deepdothh3xqavqx.onion

win10 64bit 1803

Remove dependency on tun2socks when replacing default gateway

Also make it possible to enable routing by source IP. Currently, when tun2socks is used, the source IP is usually 127.0.0.1

hi, I got an error when I want to access google:
ERROR reflow::relay::listen::socks: error handling client Error resolving www.google.com: No connections available

And the content of config file is:

# declare a socks5 proxy called shadowsocks
egress shadowsocks = socks5 127.0.0.1:1081

# you can configure a dns proxy that will forward queries to different upstream servers depending on what domain name is being queried
dns{
   # use this address as your DNS server
   listen=udp 127.0.0.1:53
   forward= {
       # if a domain name is in the zone "blacklist"
       # connect to the upstream server 8.8.8.8 via a socks5 proxy defined earlier
       blacklist => shadowsocks|udp 8.8.8.8:53
       # use the dnspod dns server for everything else
       else => udp 119.29.29.29:53
   }
}

# you can configure one or more relays
relay {
 rule=breakwall
 listen=socks5 0.0.0.0:1080
 # you can optionally set a dns server
 # it will use 8.8.8.8 by default if the option is omitted
 resolver=udp 127.0.0.1:53
}

# a decision tree named breakwall
rule breakwall= any[ # rules enclosed in "any[ ]" will be tried one by one util a rule matches
    # first look at the domain name
    cond domain {
      whitelist => direct
    }
    
    # next look at ip addresses
    cond ip {
        whitelist => direct
    }
    
    # catch-all rule for everything else
    shadowsocks
]

www.google.com is in my blacklist name zone, I think the dns request will be sent to 8.8.8.8 through
a socks server named shadowsocks when I want to access www.google.com, but I got the aforementioned error. Is reflow configured incorrectly?

With hostname extraction and tcp forwarding already implemented, with a little work it can be made to proxy web services.
Add a new type of relay named tcp. It appears as a single endpoint to clients. While with the already-implemented socks5 proxy, clients get to choose where to connect.
Rules can be configured in the same way, though of the existing conditional rules, it seems only cond domain makes sense here. In the future, if we can write rules concerning client ip addresses, it may also be useful.
Add a new type of egress that's also just a single endpoint. It can be called tcp. Though actually it's kind of redundant, we can't forward tcp connections to anything other than tcp sockets.

hi，

yudeMacBook-Air:reflow-by-net-reflow brite$ ls
Cargo.lock README.md src
Cargo.toml asocks5 test
yudeMacBook-Air:reflow-by-net-reflow brite$ cargo build --release
warning: unused manifest key: package.edition
warning: unused manifest key: dependencies.futures01.package
warning: unused manifest key: package.edition
Updating registry https://github.com/rust-lang/crates.io-index
error: no matching package named futures_01 found (required by futures-util-preview)
location searched: registry https://github.com/rust-lang/crates.io-index
version required: ^0.1.25
yudeMacBook-Air:reflow-by-net-reflow brite$

怎么解决？

It should be possible to use a HTTPS proxy with CONNECT support as egress.

This would allow reflow to be used with a wider variety of corporate proxies.