{"id":15107107,"url":"https://github.com/shadowsocks/redsocks","last_synced_at":"2025-09-27T05:31:41.251Z","repository":{"id":65979127,"uuid":"45719013","full_name":"shadowsocks/redsocks","owner":"shadowsocks","description":"transparent redirector of any TCP connection to proxy","archived":false,"fork":true,"pushed_at":"2019-03-29T04:13:00.000Z","size":772,"stargazers_count":93,"open_issues_count":0,"forks_count":92,"subscribers_count":15,"default_branch":"shadowsocks-android","last_synced_at":"2024-12-08T01:01:06.943Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://darkk.net.ru/redsocks","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"darkk/redsocks","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shadowsocks.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-07T02:21:01.000Z","updated_at":"2024-11-11T14:48:48.000Z","dependencies_parsed_at":"2023-02-19T18:46:18.574Z","dependency_job_id":null,"html_url":"https://github.com/shadowsocks/redsocks","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowsocks%2Fredsocks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowsocks%2Fredsocks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowsocks%2Fredsocks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadowsocks%2Fredsocks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shadowsocks","download_url":"https://codeload.github.com/shadowsocks/redsocks/tar.gz/refs/heads/shadowsocks-android","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234391381,"owners_count":18824810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-25T21:04:31.863Z","updated_at":"2025-09-27T05:31:35.869Z","avatar_url":"https://github.com/shadowsocks.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"This tool allows you to redirect any TCP connection to SOCKS or HTTPS\nproxy using your firewall, so redirection is system-wide.\n\nWhy is that useful? I can suggest following reasons:\n* you use tor[1] and don't want any TCP connection to leak.\n* you use DVB ISP and this ISP provides internet connectivity with some\n  special daemon that may be also called \"Internet accelerator\" and this\n  accelerator acts as proxy. Globax[2] is example of such an accelerator.\n\nLinux/iptables, OpenBSD/pf and FreeBSD/ipfw are supported.\nLinux/iptables is well-tested, other implementations may have bugs,\nyour bugreports are welcome.\n\nTransocks[3] is alike project but it has noticable performance penality.\n\nTranssocks_ev[4] is alike project too, but it has no HTTPS-proxy support\nand does not support authentication.\n\nSeveral Android apps also use redsocks under-the-hood: ProxyDroid[5][6] and\nsshtunnel[7][8]. And that's over 100'000 downloads! Wow!\n\n[1] http://www.torproject.org\n[2] http://www.globax.biz\n[3] http://transocks.sourceforge.net/\n[4] http://oss.tiggerswelt.net/transocks_ev/\n[5] http://code.google.com/p/proxydroid/\n[6] https://market.android.com/details?id=org.proxydroid\n[7] http://code.google.com/p/sshtunnel/\n[8] https://market.android.com/details?id=org.sshtunnel\n\n\nAnother related issue is DNS over TCP. Redsocks includes `dnstc' that is fake\nand really dumb DNS server that returns \"truncated answer\" to every query via\nUDP. RFC-compliant resolver should repeat same query via TCP in this case - so\nthe request can be redirected using usual redsocks facilities.\n\nKnown compliant resolvers are:\n * bind9 (server)\n * dig, nslookup (tools based on bind9 code)\nKnown non-compliant resolvers are:\n * eglibc resolver fails without any attempt to send request via TCP\n * powerdns-recursor can't properly startup without UDP connectivity as it\n   can't load root hints\n\nOn the other hand, DNS via TCP using bind9 may be painfully slow. If your bind9\nsetup is really slow, you have at least two options: pdnsd[9] caching server\ncan run in TCP-only mode, ttdnsd[10][11] has no cache but can be useful for same\npurpose.\n\n[9] http://www.phys.uu.nl/~rombouts/pdnsd.html\n[10] http://www.mulliner.org/collin/ttdnsd.php\n[11] https://gitweb.torproject.org/ioerror/ttdnsd.git\n\n\nFeatures\n========\n\nRedirect any TCP connection to SOCKS4, SOCKS5 or HTTPS (HTTP/CONNECT)\nproxy server.\n\nLogin/password authentication is supported for SOCKS5/HTTPS connections.\nSOCKS4 supports only username, password is ignored. for HTTPS, currently\nonly Basic and Digest scheme is supported.\n\nRedirect UDP packets via SOCKS5 proxy server. NB: UDP still goes via UDP, so\nyou can't relay UDP via OpenSSH.\n\nSends \"truncated reply\" as an answer to UDP DNS queries.\n\nRedirect any HTTP connection to proxy that does not support transparent\nproxying (e.g. old SQUID had broken `acl myport' for such connections).\n\n\nLicense\n=======\n\nAll source code is licensed under Apache 2.0 license.\nYou can get a copy at http://www.apache.org/licenses/LICENSE-2.0.html\n\n\nPackages\n========\n * Archlinux: https://aur.archlinux.org/packages/redsocks-git\n * Debian: http://packages.debian.org/search?searchon=names\u0026keywords=redsocks\n * Gentoo (pentoo overlay): https://code.google.com/p/pentoo/source/browse/portage/trunk/net-proxy/redsocks\n * Gentoo (theebuilds overlay): http://code.google.com/p/theebuilds/source/browse/trunk/net-misc/redsocks\n * Gentoo (zugaina overlay): http://gpo.zugaina.org/net-proxy/redsocks\n * Ubuntu: http://packages.ubuntu.com/search?searchon=names\u0026keywords=redsocks\n\n\nCompilation\n===========\n\nlibevent-2.0.x[5] is required.\n\ngcc and clang are supported right now, other compilers can be used\nbut may require some code changes.\n\nCompilation is as easy as running `make', there is no `./configure' magic.\n\nGNU Make works, other implementations of make were not tested.\n\n[5] http://libevent.org/ || http://www.monkey.org/~provos/libevent/\n\n\nRunning\n=======\n\nProgram has following command-line options:\n -c   sets proper path to config file (\"./redsocks.conf\" is default one)\n -t   tests config file syntax\n -p   set a file to write the getpid() into\n\nFollowing signals are understood:\nSIGUSR1 dumps list of connected clients to log\nSIGTERM and SIGINT terminates daemon, all active connections are closed\n\nYou can see configuration file example in redsocks.conf.example\n\n\niptables example\n================\n\nYou have to build iptables with connection tracking and REDIRECT target.\n\n# Create new chain\nroot# iptables -t nat -N REDSOCKS\n\n# Ignore LANs and some other reserved addresses.\n# See http://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses\n# and http://tools.ietf.org/html/rfc5735 for full list of reserved networks.\nroot# iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN\nroot# iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN\n\n# Anything else should be redirected to port 12345\nroot# iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345\n\n# Any tcp connection made by `luser' should be redirected.\nroot# iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner luser -j REDSOCKS\n\n# You can also control that in more precise way using `gid-owner` from\n# iptables.\nroot# groupadd socksified\nroot# usermod --append --groups socksified luser\nroot# iptables -t nat -A OUTPUT -p tcp -m owner --gid-owner socksified -j REDSOCKS\n\n# Now you can launch your specific application with GID `socksified` and it\n# will be... socksified. See following commands (numbers may vary).\n# Note: you may have to relogin to apply `usermod` changes.\nluser$ id\nuid=1000(luser) gid=1000(luser) groups=1000(luser),1001(socksified)\nluser$ sg socksified -c id\nuid=1000(luser) gid=1001(socksified) groups=1000(luser),1001(socksified)\nluser$ sg socksified -c \"firefox\"\n\n# If you want to configure socksifying router, you should look at\n# doc/iptables-packet-flow.png, doc/iptables-packet-flow-ng.png and\n# https://en.wikipedia.org/wiki/File:Netfilter-packet-flow.svg\n# Note, you should have proper `local_ip' value to get external packets with\n# redsocks, default 127.0.0.1 will not go. See iptables(8) manpage regarding\n# REDIRECT target for details.\n# Depending on your network configuration iptables conf. may be as easy as:\nroot# iptables -t nat -A PREROUTING --in-interface eth_int -p tcp -j REDSOCKS\n\nNote about GID-based redirection\n========\nKeep in mind, that changed GID affects filesystem permissions, so if your\napplication creates some files, the files will be created with luser:socksified\nowner/group. So, if you're not the only user in the group `socksified` and your\numask allows to create group-readable files and your directory permissions, and\nso on, blah-blah, etc. THEN you may expose your files to another user.\nOk, you have been warned.\n\nHomepage\n========\n\nhttp://darkk.net.ru/redsocks/\n\nMailing list: redsocks@librelist.com\n\nMailing list also has archives[1].\n\n[1] http://librelist.com/browser/redsocks/\n\n\nTODO\n====\n\nTest OpenBSD (pf) and FreeBSD (ipfw) and write setup examples for those\nfirewall types.\n\n\nAuthor\n======\nThis program was written by Leonid Evdokimov \u003cleon@darkk.net.ru\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadowsocks%2Fredsocks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshadowsocks%2Fredsocks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadowsocks%2Fredsocks/lists"}