-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UDP Support #30
Comments
Will HTTP/3 implementations in browsers use UDP ASSOCIATE? And is WireProxy going to support FullCone (endpoint independent NAT mapping and filtering, RFC 4787)? |
This depends on what browser or what proxy plugin you're using on your browser. I haven't investigated this so I'll have to give it a look.
Part of the challenge in supporting UDP proxying is picking a proper NAT mapping. Full-cone NAT is the easiest to implement so I might pick this one, but at the same time it can quickly exhaust ports if there are a lot of proxied UDP traffic from different ports. I think I'll implement full cone NAT first, see how it works out, and implement other NAT types if it proves to be insufficient. |
And... When will UDP support arrive? |
A mainstream program qBitTorrent supports µTP, which is a UDP based torrent protocol. You can set it to only accept µTP connections through connection settings, and try downloading something popular like Ubuntu. Right now with wireproxy, setting it to µTP only with the SOCKS5 proxy set up stalls all torrents forever, it's a great way to test. |
Related: #37 |
Today Discord was blocked in Russia. I tried to use your project to make a local proxy and selectively send traffic through wireguard (make some of the traffic go through wireguard, and the other part as usual) using PAC script. And everything works successfully, all sites work, but Discord voice chats don't work. I suspect this is because you don't have UDP support, so I'd like to see UDP support as soon as possible. Maybe there are some other solutions, how can I selectively route traffic through wireguard? |
Wireproxy currently uses things-go/go-socks5 as a SOCKS5 library. It supports UDP associate, but it replies wrong address for UDP associate request (things-go/go-socks5#64). I and another user proposed different fixes, but neither is merged for now. |
Currently wireproxy doesn't have UDP support at all. There is no support for UDP Associate in SOCKS5, and UDP tunnels have not been implemented.
Challenges:
While a lot of existing socks5 server implementation supports UDP ASSOCIATE, actual applications that uses UDP ASSOCIATE is extremely rare. Without an established application that uses UDP ASSOCIATE, I cannot confidently test the feature in wireproxy.
UDP tunnels need to be implemented carefully. UDP itself is stateless so we would need to keep state of which UDP addresses correlate to which UDP connection. Measures also have to be taken to prevent exhausting UDP sockets file descriptors in case of a flood of incoming UDP packets from different IPs.
The text was updated successfully, but these errors were encountered: