hev-socks5-server icon indicating copy to clipboard operation
hev-socks5-server copied to clipboard
verified publisher icon heiher

Traffic monitoring

Open vavrecan opened this issue 2 years ago • 9 comments

Hello,

I'm wondering if it's possible to track traffic and associate it with a username. For UDP, it's relatively straightforward, as the transferred size is in res variable of hev_socks5_udp_fwd_f / hev_socks5_udp_fwd_b.

However, for TCP, it presents a more challenging modification due to the task system performing a copy, and it doesn't expose the size of transferred data. Do you have any ideas on how to achieve this for TCP?

Thank you!

vavrecan avatar Jan 19 '24 01:01 vavrecan

Now we can mark upstream traffic for each user, so I think using iptables to count is a good way.

https://github.com/heiher/hev-socks5-server#authentication-file

heiher avatar Jan 19 '24 05:01 heiher

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

vavrecan avatar Jan 19 '24 11:01 vavrecan

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

Okay. I think you can override the splicer method of HevSocks5TCP/HevSocks5UDP in the HevSocks5Session, to use a custom splice with counting.

https://github.com/heiher/hev-socks5-core/blob/664beaa4e7df3f10dbb28f0ec90dfadc9bc4de76/src/hev-socks5-tcp.h#L26

Here is an example:

https://github.com/heiher/hev-socks5-tunnel/blob/master/src/hev-socks5-session-tcp.c#L350

heiher avatar Jan 19 '24 15:01 heiher

Does it make sense to implement tcp splitter from tunnel in tproxy?

On Fri, 19 Jan 2024 at 16:06, hev @.***> wrote:

There are some limitations when using iptables (nftables + dynamic property) to count data for both the user and destination. In examining the task system, the socks5 server utilizes task_io_splicer and retains wlen. However, it lacks a straightforward method for accessing it. Perhaps, task_io_splicer_init could incorporate a reference to the close/flush callback method for easier access?

Okay. I think you can override the splicer method of HevSocks5TCP/ HevSocks5UDP in the HevSocks5Session, to use a custom splice with counting.

https://github.com/heiher/hev-socks5-core/blob/664beaa4e7df3f10dbb28f0ec90dfadc9bc4de76/src/hev-socks5-tcp.h#L26

Here is an example:

https://github.com/heiher/hev-socks5-tunnel/blob/master/src/hev-socks5-session-tcp.c#L350

— Reply to this email directly, view it on GitHub https://github.com/heiher/hev-socks5-server/issues/43#issuecomment-1900591339, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUREIOPHNSR2VK42XS6FLYPKDXTAVCNFSM6AAAAABCBFLXSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBQGU4TCMZTHE . You are receiving this because you authored the thread.Message ID: @.***>

vavrecan avatar Jan 19 '24 16:01 vavrecan

@vavrecan tcp splitter?

heiher avatar Jan 19 '24 16:01 heiher

Yes - is there any reason tunnel is not using same tcp splitter as tproxy?

On Fri, 19 Jan 2024 at 17:12, hev @.***> wrote:

@vavrecan https://github.com/vavrecan tcp splitter?

— Reply to this email directly, view it on GitHub https://github.com/heiher/hev-socks5-server/issues/43#issuecomment-1900699886, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANUREOHUPIOEXHXCXB3T43YPKLQHAVCNFSM6AAAAABCBFLXSCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBQGY4TSOBYGY . You are receiving this because you were mentioned.Message ID: @.***>

vavrecan avatar Jan 19 '24 16:01 vavrecan

I am thinking about changing hev_task_io_splice adding two new parameters, size_t *sent, size_t *received and then just incrementing new variable in _HevTaskIOSplicer structurure (as it is using IO_SPLICE_SYSCALL - its more performer isn't it?

vavrecan avatar Jan 19 '24 16:01 vavrecan

I am thinking about changing hev_task_io_splice adding two new parameters, size_t *sent, size_t *received and then just incrementing new variable in _HevTaskIOSplicer structurure (as it is using IO_SPLICE_SYSCALL - its more performer isn't it?

Yeah. You need a custom splicer with counting.

heiher avatar Jan 20 '24 03:01 heiher

Here is an example: https://github.com/heiher/hev-socks5-server/commit/08be977439283616948662071f79944521fbba2a

heiher avatar Jan 21 '24 08:01 heiher