{"id":15565170,"url":"https://github.com/textshell/peersock","last_synced_at":"2025-03-20T06:16:13.508Z","repository":{"id":225716048,"uuid":"760859905","full_name":"textshell/peersock","owner":"textshell","description":"QUIC+ICE meets magic-wormhole: p2p socket forwarding using an pastable connection code","archived":false,"fork":false,"pushed_at":"2024-03-23T18:26:23.000Z","size":91,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-25T07:41:24.243Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/textshell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-20T20:35:15.000Z","updated_at":"2024-02-22T03:25:19.000Z","dependencies_parsed_at":"2024-03-09T23:26:10.640Z","dependency_job_id":"cca54d3c-dc69-41f9-9fb8-43b36d327357","html_url":"https://github.com/textshell/peersock","commit_stats":null,"previous_names":["textshell/peersock"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/textshell%2Fpeersock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/textshell%2Fpeersock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/textshell%2Fpeersock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/textshell%2Fpeersock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/textshell","download_url":"https://codeload.github.com/textshell/peersock/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244560394,"owners_count":20472220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-02T16:51:27.691Z","updated_at":"2025-03-20T06:16:13.481Z","avatar_url":"https://github.com/textshell.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"peersock\n========\n\npeersock extends the idea of [Magic Wormhole](https://github.com/magic-wormhole/magic-wormhole) from file transfer\nto bidirectional reliable connections.\n\nIn tcp forwarding mode, one side listens on a port, tunnels the data via ICE to the other side which then connects\nto a tcp port and thus makes a bidirectional connecting between processes in potentially completely different\nfire-walled/NAT·ed networks.\n\nIt also supports similar operation on stdin/stdout and local (unix) sockets support is planned.\n\npeersock is in early development and currently depends on the unmerged openssl quic server branch.\n\nSecurity and principle\n----------------------\n\npeersock uses the ICE protocol to connect both sides.\nThe connection is opened and secured using a connection code that the parties to the connections must transfer\nin a secure out of band way (e.g. via instant messaging or a voice connection).\n\nThe connection is bootstrapped using a numeric \"nameplate\" and a rendevouz-server (using the magic-wormhole\nrendezvous-server protocol).\nThis might expose ICE candidate and connection information to third parties (the magic-wormhole server uses\nunencrypted websockets).\n\nOne the ICE connection is established, the actual data connection is built on top of it, using the QUIC protocol.\nQUIC uses TLS 1.3 to encrypt the connection. The TLS 1.3 handshake is done using hardcoded keys and certificates,\nbecause there is no good way to encode enough entropy in the connection code for real keys.\n\nThe resulting QUIC connection is than authenticated using\n[Socialist Millionaires' Protocol](https://en.wikipedia.org/wiki/Socialist_millionaire_problem)\n(as implemented by [libotr](https://github.com/off-the-record/libotr/)) and channel binding (Using\n[RFC5705 style exporters from RFC8446](https://www.rfc-editor.org/rfc/rfc8446.html#section-7.5)).\n\nFor this authentication the full connection code is used as a password.\n\npeersock currently uses the following hard coded external services:\n* relay.magic-wormhole.io for ICE data exchange via nameplates.\n\nAnd the following default services:\n* freestun.org as STUN/TURN server\n\nUsage\n-----\n\nThe connection process is based on a \"connection code\" that contains information to match connection attempts as\nwell as to secure the connection. One side generates a connection code and the other side needs to use that\ncode to complete the connection. You can pick which side generates the code as is convinient.\n\nBoth sides need to use opposite peersock subcommands for the connection to work.\nFor example \"listen\" and \"connect\" match for TCP connections.\nMixing should mostly work for example \"listen\" matches with \"stdio-a\".\n\n```\nUsage: peersock listen port [connect code]\n       peersock connect host:port [connect code]\n       peersock stdio-a [connect code]\n       peersock stdio-b [connect code]\n```\n\nExample\n-------\n\nTo give access to a locally running VNC server listening on port 5900:\n```\nalice$ peersock connect localhost:5900\nConnection Code is: 8-lab-name-blanket\n\nbob$ peersock listen 5900 8-lab-name-blanket\nAuth success\n```\n\nNow a connection to localhost port 5900 on host bob will be forwarded to port 5900 on host alice.\n\nConfiguration\n-------------\n\nConfiguration is read from $XDG_CONFIG_DIR/peersock.conf (e.g. $HOME/.config/peersock.conf).\n\nIf the file does not exist or a value is not set, a default is used.\n\nExample:\n\n```\n[ice]\nstun=freestun.net\nstun-port=3479\n\nturn=freestun.net\nturn-port=3479\nturn-user=free\nturn-password=free\n```\n\nBuilding\n--------\n\nFirst install dependencies. On a debian based system this should be a good start:\n\n```\n$ apt install build-essential git meson ninja-build pkg-config libglib2.0-dev libfmt-dev nlohmann-json3-dev libotr5-dev libsoup2.4-dev libnice-dev\n```\n\nThis software needs a version of openssl with QUIC server support.\nCurrently this is only supported in a unmerged branch of openssl, see\n[Pull Request #23334](https://github.com/openssl/openssl/pull/23334).\n\nSo first you need to build this branch:\n```\n$ PEERSOCK_BASEDIR=$PWD\n$ git clone https://github.com/hlandau/openssl.git -b quic-server-api-impl-4\n$ cd openssl\n$ ./Configure --prefix=$PEERSOCK_BASEDIR/openssl-prefix\n$ make -j10\n$ make -j10 install\n$ cd ..\n```\n\nThen checkout and build peersock\n```\n$ git clone https://github.com/textshell/peersock\n$ cd peersock\n$ PKG_CONFIG_PATH=$PEERSOCK_BASEDIR/openssl-prefix/lib64/pkgconfig/ meson setup _build\n$ ninja -C _build/\n```\nThe build executable will be in _build/peersock\n\nIf you encounter the following error:\n\n\u003e libsoup2 symbols detected. Using libsoup2 and libsoup3 in the same process is not supported.\n\nTry building with the following change:\n```\n$ PKG_CONFIG_PATH=$PEERSOCK_BASEDIR/openssl-prefix/lib64/pkgconfig/ meson setup _build -Davoidsoup3=true\n```\n\nThanks\n------\n\nThanks to:\n* magic wormhole for inspiring this project\n* libotr for the Socialist Millionaires' Protocol implementation\n* libnice for ICE support\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftextshell%2Fpeersock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftextshell%2Fpeersock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftextshell%2Fpeersock/lists"}