Subversion http protocol through SOCKS 5 server (with authentication)
984 views
Skip to first unread message
Øyvind 'bolt' Hvidsten
Jul 19, 2013, 3:44:05 AM7/19/13
to us...@subversion.apache.org
I am trying to access several subversion repositories from behind a
socks proxy. Client machine runs Debian Linux. I use tsocks to stuff svn
into the proxy. I can do "tsocks svn co svn://blah.." just fine through
the proxy, but "tsocks svn co http://blah.." hangs for a long time and
then says "Could not read status line: connection was closed by server".
I also tried from an unrestricted network, with ssh -D to localhost to
set up a quick socks proxy. Same error when using tsocks. Without the
proxy, the repo works fine.
I can see in wireshark that with tsocks it asks for OPTIONS, as without
a proxy, gets the OPTIONS back, as without a proxy, and then it just
sits there, sending no further data until the error apprears and it exits.
In the restricted network, the SOCKS proxy is dante, but as I mentioned,
the same situation occurs with a simple ssh -D proxy.
I've tested that in both cases, "tsocks wget ...." works perfectly.
Using http://opkg.googlecode.com/svn/trunk/ for testing, but I've tried
several others too.
Any ideas?
socks proxy. Client machine runs Debian Linux. I use tsocks to stuff svn
into the proxy. I can do "tsocks svn co svn://blah.." just fine through
the proxy, but "tsocks svn co http://blah.." hangs for a long time and
then says "Could not read status line: connection was closed by server".
I also tried from an unrestricted network, with ssh -D to localhost to
set up a quick socks proxy. Same error when using tsocks. Without the
proxy, the repo works fine.
I can see in wireshark that with tsocks it asks for OPTIONS, as without
a proxy, gets the OPTIONS back, as without a proxy, and then it just
sits there, sending no further data until the error apprears and it exits.
In the restricted network, the SOCKS proxy is dante, but as I mentioned,
the same situation occurs with a simple ssh -D proxy.
I've tested that in both cases, "tsocks wget ...." works perfectly.
Using http://opkg.googlecode.com/svn/trunk/ for testing, but I've tried
several others too.
Any ideas?
Øyvind 'bolt' Hvidsten
Jul 19, 2013, 3:56:16 AM7/19/13
to us...@subversion.apache.org
Testcase:
------------------------------------------------------------------------------
apt-get install tsocks
export TSOCKS_CONF_FILE="$HOME/.tsocks.conf"
cat - >"$HOME/.tsocks.conf" <<EOF
server = 127.0.0.1
server_port = 1080
server_type = 5
local = 192.168.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 10.0.0.0/255.0.0.0
EOF
ssh localhost -D 1080
<start tcpdump on favorite network interface>
tsocks svn co http://opkg.googlecode.com/svn/trunk/
------------------------------------------------------------------------------
------------------------------------------------------------------------------
apt-get install tsocks
export TSOCKS_CONF_FILE="$HOME/.tsocks.conf"
cat - >"$HOME/.tsocks.conf" <<EOF
server = 127.0.0.1
server_port = 1080
server_type = 5
local = 192.168.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 10.0.0.0/255.0.0.0
EOF
ssh localhost -D 1080
<start tcpdump on favorite network interface>
tsocks svn co http://opkg.googlecode.com/svn/trunk/
------------------------------------------------------------------------------
Øyvind 'bolt' Hvidsten
Jul 20, 2013, 2:47:26 AM7/20/13
to us...@subversion.apache.org
For future reference, in case anyone is interested, switching out tsocks
for the more complicated dante-client makes svn http:// through socks 5
run perfectly.
for the more complicated dante-client makes svn http:// through socks 5
run perfectly.
Bert Huijben
Jul 20, 2013, 9:56:32 AM7/20/13
to Øyvind 'bolt' Hvidsten, us...@subversion.apache.org
> -----Original Message-----
> From: Øyvind 'bolt' Hvidsten [mailto:bo...@dhampir.no]
> Sent: zaterdag 20 juli 2013 08:47
> To: us...@subversion.apache.org
> Subject: Re: Subversion http protocol through SOCKS 5 server (with
> authentication)
>
> For future reference, in case anyone is interested, switching out tsocks
> for the more complicated dante-client makes svn http:// through socks 5
> run perfectly.
report the problem at the tsocks project?
tsocks works by replacing some standard socket functions with its own
implementation, which then magically adds socks supports. Subversion
switched to using the serf library in 1.8 and I would guess that library
uses functions not mapped by tsocks. (Guess: poll support)
The only thing I could offer is that we open a feature request to directly
support socks servers, without such a library. But as this is an open source
project and the number of requests for this feature is (up until now) rather
low I don't expect any of the core committers to spend much time on it.
Isn't there a http/https proxy that you can use with Subversion. We do have
standard support for those.
Bert
Andreas Krey
Jul 20, 2013, 12:56:32 PM7/20/13
to Øyvind 'bolt' Hvidsten, us...@subversion.apache.org
On Fri, 19 Jul 2013 09:44:05 +0000, �yvind 'bolt' Hvidsten wrote:
...
a SOCKS5 proxy to access the internet (polipo may be a candidate).
If you only need to access a specific SVN host you may also
run a port forwarder that can use SOCKS5. Or do 'ssh -L
localport:desthost:destport helperhost' when you have something
ourside you can ssh to, and use netcat as a proxy command to
get through the socks proxy.
tsocks is by definition a hack that can't work in all circumstances.
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
...
> In the restricted network, the SOCKS proxy is dante, but as I mentioned,
> the same situation occurs with a simple ssh -D proxy.
You may want to run a simple local http proxy that itself can use
> the same situation occurs with a simple ssh -D proxy.
a SOCKS5 proxy to access the internet (polipo may be a candidate).
If you only need to access a specific SVN host you may also
run a port forwarder that can use SOCKS5. Or do 'ssh -L
localport:desthost:destport helperhost' when you have something
ourside you can ssh to, and use netcat as a proxy command to
get through the socks proxy.
tsocks is by definition a hack that can't work in all circumstances.
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
Øyvind 'bolt' Hvidsten
Jul 21, 2013, 4:33:47 PM7/21/13
to us...@subversion.apache.org
To clarify, svn worked fine through socks 5 using dante-client, which
provides the socksify script which does pretty much the same as tsocks.
I would have filed a bug against tsocks, but from what I can see the
last commit on that project was in 2002. Thus, it seems dante-client is
the way to go.
�yvind
provides the socksify script which does pretty much the same as tsocks.
I would have filed a bug against tsocks, but from what I can see the
last commit on that project was in 2002. Thus, it seems dante-client is
the way to go.
�yvind
Reply all
Reply to author
Forward
0 new messages