SO_MARK support about wstunnel HOT 19 CLOSED

Hello,

Sorry but I don't understand your question :'(
What is v2ray ?

from wstunnel.

v2ray is software to bypass China firewall. I want use your wstunnel, but need SO_MARK option. In C or Golang I can add SO_MARK to socket via setsockopt and routing it via ip rule. I cant find method to add it in Haskell, maybe u can help.

from wstunnel.

It is not available in Haskell as it is dependent of the platform, SO_MARK exist only in Linux.
I can look if there is custom bypass, but I am not sure.

Out of curiosity how does v2ray works ? Why do you need ip rule to route the traffic ?

from wstunnel.

I combined VPN+v2ray on Android phone. Android use fwmark for internal routing and if I set v2ray fwmark to 0x20000 it can bypass Android VPN Service and connect directly to server. My VPN client connect via v2ray to destination server and all work.
VPN-Client -> v2ray-client -> (websocket traffic via Internet) -> v2ray-server -> VPN-Server

from wstunnel.

Ok Thanks for the explanation :)
I will to look this week-end if it is possible to add SO_MARK

from wstunnel.

I have a proto working, can you tell for which arch do you need the binary ? {x86, armv7, aarch64}

from wstunnel.

aarch64 :)

from wstunnel.

ack, I will do a release tonight or tomorrow as I have to spawn somewhere an aarch64

from wstunnel.

here we are, would you mind testing this release ?
https://github.com/erebe/wstunnel/releases/download/SO_MARK/wstunnel

from wstunnel.

@erebe sorry, i check commits and cant find where i need to set custom mark value, maybe commandline args or something else

from wstunnel.

it is on by default, so nothing to do normally if it is supported by the kernel. Your packet should be marked without anything extra

from wstunnel.

it need to be configured with some custom value, and via ip rule it will be detected by mark value and routed

from wstunnel.

SO_MARK (since Linux 2.6.25)
              Set the mark for each packet sent through this socket (similar
              to the netfilter MARK target but socket-based).  Changing the
              mark can be used for mark-based routing without netfilter or
              for packet filtering.

from wstunnel.

The mark should be 1 for now (that's the value I passed to setSocketOption), before making it confirgurable I would like to see if it is even working on arm ;x

P.s: Sorry for the lack of explanation ;c

from wstunnel.

Tested now, think all work good. I set ip rule add pref 9000 from all fwmark 0x0/0x1 iif lo lookup wlan0 on my Android phone and your wstunnel+WireGuard working good, without ip rule it not working. In Android packets market 0x20000 can bypass Android VPN without routing rule add, so can u set it to 0x20000 (131072 in decimal) or add command line arg to set value (its preferable).
And one more feature request: in Haskell can you change SNI in ClientHello packet? If i need simulate connection to site whose domain is not mine i need modify my hosts file or inject DNS. It will be good if domain name can be set separated from wstunnel server IP.
Thanks 👍

from wstunnel.

Going to add an option to configure the value.
Regarding the SNI, it has been asked several times already but I won't do it as it is too low lvl in the library I use, so I don't have access to it.
I can done if I fork the lib, but I would rather avoid doing that?

from wstunnel.

Here we are, https://github.com/erebe/wstunnel/releases/download/v3.0/wstunnel-aarch64
You now have an option --soMark where you can put the value you want :)

If it is working for you, I would be glad if you have time to write a short page about your setup, so I can link it in the readme

from wstunnel.

Ping @B1ohazard regarding à little explanation of your interesting setup. Just à paragraphe or 2 would be enough, I am sure it can be appreciated by à lot of other people :)

from wstunnel.

more information here https://stackoverflow.com/a/38764232
but this method needs root access on android devices, I have plan to develop a VPN based on wstunnel for android devices and I need some changes in wsocket I'll create an issue for that in the future (currently I don't know Haskell!)

from wstunnel.