diff --git a/Makefile b/Makefile index 4d6fc15..6ebb7af 100644 --- a/Makefile +++ b/Makefile @@ -24,9 +24,11 @@ kpx: ifeq (,$(wildcard incus-osd/kpx/)) git clone https://github.com/momiji/kpx incus-osd/kpx/ --depth 1 -b "v${KPX_VERSION}" else - (cd incus-osd/kpx && git fetch --depth 1 origin "v${KPX_VERSION}":refs/tags/"v${KPX_VERSION}" && git checkout "v${KPX_VERSION}") + (cd incus-osd/kpx && git reset --hard && git fetch --depth 1 origin "v${KPX_VERSION}":refs/tags/"v${KPX_VERSION}" && git checkout "v${KPX_VERSION}") endif + (cd incus-osd/kpx && patch -p1 < ../../patches/kpx-0001-Enable-IPv6-support.patch) + (cd incus-osd/kpx/cli && go build -o kpx -ldflags="-s -w -X github.com/momiji/kpx.AppVersion=${KPX_VERSION}") strip incus-osd/kpx/cli/kpx diff --git a/patches/kpx-0001-Enable-IPv6-support.patch b/patches/kpx-0001-Enable-IPv6-support.patch new file mode 100644 index 0000000..7325846 --- /dev/null +++ b/patches/kpx-0001-Enable-IPv6-support.patch @@ -0,0 +1,179 @@ +From 2813c930e1cacf4c6b72ad76b38027eb92e56d72 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Thu, 14 Aug 2025 01:50:10 -0400 +Subject: [PATCH] Enable IPv6 support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Stéphane Graber +--- + conn_test.go | 8 ++++---- + kerberos.go | 2 +- + process.go | 26 +++++++++++++------------- + proxy.go | 2 +- + 4 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/conn_test.go b/conn_test.go +index 36bbd98..f3d481d 100644 +--- a/conn_test.go ++++ b/conn_test.go +@@ -12,7 +12,7 @@ import ( + func TestClosedConnFailsOnWrite(t *testing.T) { + hp := "127.0.0.1:12345" + // create a fake server on random port +- l, err := net.Listen("tcp4", hp) ++ l, err := net.Listen("tcp", hp) + if err != nil { + t.Fatalf("error listen: %v", err) + } +@@ -24,7 +24,7 @@ func TestClosedConnFailsOnWrite(t *testing.T) { + }() + // create a connection to this random port + dialer := new(net.Dialer) +- c, err := dialer.Dial("tcp4", hp) ++ c, err := dialer.Dial("tcp", hp) + if err != nil { + t.Fatalf("error dial: %v", err) + } +@@ -66,7 +66,7 @@ func TestClosedConnFailsOnWrite(t *testing.T) { + func TestLostConnection(t *testing.T) { + hp := "127.0.0.1:12345" + // create a fake server on random port +- l, err := net.Listen("tcp4", hp) ++ l, err := net.Listen("tcp", hp) + if err != nil { + t.Fatalf("error listen: %v", err) + } +@@ -78,7 +78,7 @@ func TestLostConnection(t *testing.T) { + }() + // create a connection to this random port + dialer := new(net.Dialer) +- c, err := dialer.Dial("tcp4", hp) ++ c, err := dialer.Dial("tcp", hp) + if err != nil { + t.Fatalf("error dial: %v", err) + } +diff --git a/kerberos.go b/kerberos.go +index ae51dda..b313996 100644 +--- a/kerberos.go ++++ b/kerberos.go +@@ -104,7 +104,7 @@ func (k *Kerberos) explodeKdcs(realmKdcs []string) []string { + func (k *Kerberos) testConn(hostPort string) bool { + dialer := new(net.Dialer) + dialer.Timeout = time.Duration(k.config.conf.ConnectTimeout) * time.Second +- checkConn, err := dialer.Dial("tcp4", hostPort) ++ checkConn, err := dialer.Dial("tcp", hostPort) + if err != nil { + return false + } +diff --git a/process.go b/process.go +index 6255705..a29e47e 100644 +--- a/process.go ++++ b/process.go +@@ -221,13 +221,13 @@ func (p *Process) processChannel(clientChannel, proxyChannel *ProxyRequest) *Pro + case ProxyKerberos, ProxyBasic, ProxyAnonymous: + if firstProxy.Ssl { + tlsConfig := tls.Config{} +- conn, err = tls.DialWithDialer(dialer, "tcp4", firstHostPort, &tlsConfig) ++ conn, err = tls.DialWithDialer(dialer, "tcp", firstHostPort, &tlsConfig) + } else if clientChannel.header.isConnect || clientChannel.header.directToConnect { +- conn, err = dialer.Dial("tcp4", firstHostPort) ++ conn, err = dialer.Dial("tcp", firstHostPort) + } else { + // may reuse a http connection from pool + var reused bool +- reused, pooledConnInfo, err = p.proxy.newPooledConn(dialer, "tcp4", firstHostPort, clientChannel.header.host, authorizationContext, p.reqId) ++ reused, pooledConnInfo, err = p.proxy.newPooledConn(dialer, "tcp", firstHostPort, clientChannel.header.host, authorizationContext, p.reqId) + conn = pooledConnInfo.conn + if reused && *firstProxy.Type == ProxyKerberos { + // reused connection is already authenticated +@@ -248,7 +248,7 @@ func (p *Process) processChannel(clientChannel, proxyChannel *ProxyRequest) *Pro + } + } + var socks netproxy.Dialer +- socks, err = netproxy.SOCKS5("tcp4", firstHostPort, authz, dialer) ++ socks, err = netproxy.SOCKS5("tcp", firstHostPort, authz, dialer) + if err == nil { + hostPort := clientChannel.header.hostPort + h, p := splitHostPort(hostPort, "", "", false) +@@ -256,7 +256,7 @@ func (p *Process) processChannel(clientChannel, proxyChannel *ProxyRequest) *Pro + h2, p2 := splitHostPort(*rule.Dns, h, p, false) + hostPort = h2 + ":" + p2 + } +- conn, err = socks.Dial("tcp4", hostPort) ++ conn, err = socks.Dial("tcp", hostPort) + } + case ProxyDirect: + simulateConnect = clientChannel.header.isConnect +@@ -268,12 +268,12 @@ func (p *Process) processChannel(clientChannel, proxyChannel *ProxyRequest) *Pro + } + if firstProxy.Ssl { + tlsConfig := tls.Config{} +- conn, err = tls.DialWithDialer(dialer, "tcp4", hostPort, &tlsConfig) ++ conn, err = tls.DialWithDialer(dialer, "tcp", hostPort, &tlsConfig) + } else if clientChannel.header.isConnect || clientChannel.header.directToConnect { +- conn, err = dialer.Dial("tcp4", hostPort) ++ conn, err = dialer.Dial("tcp", hostPort) + } else { + // may reuse a http connection from pool +- _, pooledConnInfo, err = p.proxy.newPooledConn(dialer, "tcp4", hostPort, clientChannel.header.host, authorizationContext, p.reqId) ++ _, pooledConnInfo, err = p.proxy.newPooledConn(dialer, "tcp", hostPort, clientChannel.header.host, authorizationContext, p.reqId) + conn = pooledConnInfo.conn + } + } +@@ -795,7 +795,7 @@ func (p *Process) findFirstProxy(rule *ConfRule, proxies []*ConfProxy) (*ConfPro + // try to connect to host + dialer := new(net.Dialer) + dialer.Timeout = time.Duration(p.config.conf.ConnectTimeout) * time.Second +- checkConn, err := dialer.Dial("tcp4", hostPort) ++ checkConn, err := dialer.Dial("tcp", hostPort) + if err != nil { + // on failure, try next host + if debug { +@@ -1044,7 +1044,7 @@ func (p *Process) processSocks(request *socks5.Request) { + } + } + var socks netproxy.Dialer +- socks, err = netproxy.SOCKS5("tcp4", firstHostPort, authz, dialer) ++ socks, err = netproxy.SOCKS5("tcp", firstHostPort, authz, dialer) + if err == nil { + hostPort := requestHostPort + h, p := splitHostPort(hostPort, "", "", false) +@@ -1052,7 +1052,7 @@ func (p *Process) processSocks(request *socks5.Request) { + h2, p2 := splitHostPort(*rule.Dns, h, p, false) + hostPort = h2 + ":" + p2 + } +- conn, err = socks.Dial("tcp4", hostPort) ++ conn, err = socks.Dial("tcp", hostPort) + } + case ProxyDirect: + hostPort := requestHostPort +@@ -1063,9 +1063,9 @@ func (p *Process) processSocks(request *socks5.Request) { + } + if firstProxy.Ssl { + tlsConfig := tls.Config{} +- conn, err = tls.DialWithDialer(dialer, "tcp4", hostPort, &tlsConfig) ++ conn, err = tls.DialWithDialer(dialer, "tcp", hostPort, &tlsConfig) + } else { +- conn, err = dialer.Dial("tcp4", hostPort) ++ conn, err = dialer.Dial("tcp", hostPort) + } + } + // if err == nil and pi>0 or pj>0, update last usage +diff --git a/proxy.go b/proxy.go +index bbf27b4..e130140 100644 +--- a/proxy.go ++++ b/proxy.go +@@ -268,7 +268,7 @@ func (p *Proxy) run() error { + + // start http server + if config.conf.Port != 0 { +- ln, err := net.Listen("tcp4", fmt.Sprint(config.conf.Bind, ":", config.conf.Port)) ++ ln, err := net.Listen("tcp", fmt.Sprint(config.conf.Bind, ":", config.conf.Port)) + if err != nil { + return stacktrace.Propagate(err, "unable to listen on %s:%d", config.conf.Bind, config.conf.Port) + } +-- +2.47.2 +