UDP proxy with Proxy Protocol and mmproxy support

Overview

udppp Build Status ChatOnDiscord Crate

UDP proxy with Proxy Protocol and mmproxy support.

Features

  • Async
  • Support Proxy Protocol V2
  • SOCKET preserve client IP addresses in L7 proxies(mmproxy)
  • Single executable

Build & Run

$> cargo build --release

Installation

$> cargo install udppp

Usage

Usage: udppp -m MODE [-b BIND_ADDR] -l LOCAL_PORT -h REMOTE_ADDR -r REMOTE_PORT -p

Options:
    -m, --mode MODE     1 : reverse proxy mode , 2 : mmproxy mode
    -l, --local-port LOCAL_PORT
                        The local port to which udppp should bind to
    -r, --remote-port REMOTE_PORT
                        The remote port to which UDP packets should be
                        forwarded
    -h, --host REMOTE_ADDR
                        The remote address to which packets will be forwarded
    -b, --bind BIND_ADDR
                        The address on which to listen for incoming requests
    -p, --proxyprotocol
                        enable proxy-protocol
    -s, --slient        disable print log

mmproxy

The idea comes from a creative paper, thanks to the author.

mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies

However, cloudflare has not officially implemented mmproxy that supports udp. This project makes up for this shortcoming.

image

Run Proxy (proxy server)

Suppose the udp reverse proxy service port is 8000 , upstream server is 192.168.0.2:8001

./udppp -m 1 -b 0.0.0.0 -l 8000 -h 192.168.0.2 -r 8001 -p

Routing setup (upstream server)

Route all traffic originating from loopback back to loopback

ip rule add from 127.0.0.1/8 iif lo table 123
ip route add local 0.0.0.0/0 dev lo table 123

Normally, response packets coming from the application are routed to the Internet - via a default gateway. We do this by totally abusing the AnyIP trick and assigning 0.0.0.0/0 to "local" - meaning that entire internet shall be treated as belonging to our machine.

Run mmproxy (upstream server)

Suppose the port of the application server is 127.0.0.1:8001

./udppp -m 2 -b 0.0.0.0 -l 8000 -h 127.0.0.1 -r 8001 -p

Benchmark

load test tool : https://github.com/b23r0/udppp/tree/main/test/udpbench

Test Envoriment

Envoriment Value
OS Ubuntu20.04
CPU Intel Xeon(Cascade Lake) Platinum 8269
CPU Cores 4
Memory 8G
Network LAN (0.2 Gbps)
Test Count 1k

Test Result

Project Language Base Take Time
udppp Rust Async-std 86 ms
nginx C Multi-Thread 56 ms
go-proxy Golang Goroutine 64 ms

Take Time is take the average of 10 times.

(Test Date : 21 Feb 2022)

You might also like...
SOCKS5 implement library, with some useful utilities such as dns-query, socks5-server, dns2socks, udp-client, etc.

socks5-impl Fundamental abstractions and async read / write functions for SOCKS5 protocol and Relatively low-level asynchronized SOCKS5 server impleme

Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

web3-proxy Web3-proxy is a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers. Signed transactions (eth_sendRawTrans

Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Sentry Tunnel This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provide

Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

📡 TCP over HTTP 🥦 The Questions 🪃 What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] --TCP-- [Exit No

A high performence Socks5 proxy server with bind/reverse support implementation by Rust.

rsocx A high performence Socks5 proxy server with bind/reverse support implementation by Rust Features Async-std No unsafe code Single executable Linu

A rust implementation of websock/socket proxy. Support noVNC

websockify-rs: WebSockets support for any application/server This is a rust implement of the websockify-js, which is part of the noVNC project. At the

A minimalistic encryption protocol for rust async streams/packets, based on noise protocol and snow.

Snowstorm A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow. Quickstart Snowstorm allows you to se

A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption
A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

Comments
  • support minecraft java server / minecraft bedrock server?

    support minecraft java server / minecraft bedrock server?

    I have launched mmproxy with the following parameters: ./go-mmproxy -l 10.228.228.2:25565 the game server is running on 192.168.0.215, 10.228.228.2 is the ip wireguard 10.228.228.1 is on vds 10.228.228.2 on home pc. how do I configure mmproxy to log in to a server with the proxy-protocol function enabled in nginx? home pc: 207705132-cc6c10a2-6dd4-4cd9-a461-5a7f60e728ed 207705136-629cb68b-533b-4add-b2de-6cf46e6ffbf1 207705403-14c8e9e9-ea5e-4583-a667-48bc93fe1c26 207704909-e1157baa-16fe-4d2e-8c52-2d17db713eba 207704911-6a4ff728-817d-4b6f-8380-badd81eed3d1 (server minecraft run on 192.168.0.215) How can I do so that I can log in to the server with the proxy-protocol in nginx option?

    opened by lootoos 0
  • Panic: NetworkUnreachable

    Panic: NetworkUnreachable

    Hey - it seems like the "MMProxy" part is not working as expected.

    I'm getting the below panic.

    Using https://github.com/path-network/go-mmproxy it works as expected, so the issue is only in the -m 2 code not -m 1.

    I would much prefer using udppp as Go's GC pauses are not desirable for my usecase.

    Happy to help investigate and fix this further, but would need some guidance as I'm very unfamiliar with Rust :slightly_smiling_face:

    $ sudo $HOME/.cargo/bin/udppp -m 2 -b 0.0.0.0 -l 27016 -h 127.0.0.1 -r 27018 -p
    2022-11-22T01:34:14.255Z INFO [udppp::mmproxy] listen mmproxy to 0.0.0.0:27016
    2022-11-22T01:34:14.255Z INFO [udppp::mmproxy] listen mmproxy to 0.0.0.0:27016
    2022-11-22T01:34:19.058Z INFO [udppp::mmproxy] recv from [92.232.X.X:44130] size : 51
    2022-11-22T01:34:19.058Z INFO [udppp::mmproxy] bind new forwarding address [0.0.0.0:40403]
    2022-11-22T01:34:19.058Z INFO [udppp::mmproxy] send to upstream [127.0.0.1:27018] real address [192.168.Y.Y:27005] size : 23
    thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 101, kind: NetworkUnreachable, message: "Network is unreachable" }', /home/mark/.cargo/registry/src/github.com-1ecc6299db9ec823/udppp-0.4.0/src/mmproxy.rs:101:84
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Any { .. }', /home/mark/.cargo/registry/src/github.com-1ecc6299db9ec823/udppp-0.4.0/src/main.rs:126:43
    

    Related proxy command for mode 1 udppp -m 1 -b 0.0.0.0 -l 27016 -h 77.68.X.X -r 27016 -p

    Server and client can simply be nc -ul 127.0.0.1 27018 and nc -u proxy-host 27016 respectively

    Note that it seems to work when -m 1 is also running on the same host as -m 2 and the server - but of course this is not practical.

    opened by markus-wa 0
Owner
b23r0
If the code cant run , thats not what i wrote.
b23r0
A transparent QUIC to SOCKSv5 proxy on Linux, UDP/QUIC verison of moproxy.

quproxy A transparent QUIC to SOCKSv5 proxy on Linux, UDP/QUIC verison of moproxy. ?? WORKING IN PROGRESS ?? Features: Transparent forward QUIC to ups

Shell Chen 4 Dec 15, 2022
Tachyon is a performant and highly parallel reliable udp library that uses a nack based model

Tachyon Tachyon is a performant and highly parallel reliable udp library that uses a nack based model. Strongly reliable Reliable fragmentation Ordere

Chris Ochs 47 Oct 15, 2022
Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Phantun A lightweight and fast UDP to TCP obfuscator. Table of Contents Phantun Latest release Overview Usage 1. Enable Kernel IP forwarding 2. Add re

Datong Sun 782 Dec 30, 2022
A small holepunching implementation written in Rust (UDP)

rust-udp-holepunch A small holepunching implementation written in Rust (UDP) Prerequisites Your rendezvous server must lay in a network which doesn't

Amit Katz 8 Dec 26, 2022
Fast User-Space TCP/UDP Stack

Catnip Catnip is a TCP/IP stack that focuses on being an embeddable, low-latency solution for user-space networking. Building and Running 1. Clone Thi

Demikernel 79 Sep 9, 2022
Test the interception/filter of UDP 53 of your local networks or hotspots.

udp53_lookup Test the interception/filter of UDP 53 of your local networks or hotspots. Inspired by BennyThink/UDP53-Filter-Type . What's the purpose?

null 1 Dec 6, 2021
Stream API for tokio-udp.

UDPflow Stream API for tokio-udp. TCP-like UDP stream use tokio::net::UdpSocket; use tokio::io::{AsyncReadExt, AsyncWriteExt}; use udpflow::{UdpListen

zephyr 5 Dec 2, 2022
Aggressively reliable delivery layer. Above UDP. Nothing else.

Aggressively reliable delivery layer. Above UDP. Nothing else.

IchHabeKeineNamen 2 Jun 5, 2022
Quick Peer-To-Peer UDP file transfer

qft QFT is a small application for Quick (and really reliable) Peer-To-Peer UDP file transfer. If a friend sent you here... ...look at the "Releases"

Daniel H. 99 Jan 7, 2023
🦀 A bit more reliable UDP written in Rust

AckUDP [EXPERIMENTAL] A bit more reliable version of UDP written in Rust. How to use? use std::{io, thread, time::Duration}; use ack_udp::AckUdp; #[

Ivan Davydov 3 May 9, 2023