Building on MacOSX fails

[luckypoem]

hi.

yudeMacBook-Air:redsocks brite$ ls
Makefile http-auth.h reddns.c
README http-connect.c redsocks.c
README.html http-relay.c redsocks.conf.example
base.c libc-compat.h redsocks.h
base.h libevent-compat.h redsocks.service
base64.c list.h redudp.c
base64.h log.c redudp.h
config.h log.h socks4.c
debian main.c socks5.c
dnstc.c main.h socks5.h
dnstc.h md5.c tools
doc md5.h utils.c
gen parser.c utils.h
http-auth.c parser.h version.h
yudeMacBook-Air:redsocks brite$ make
.depend:1: *** missing separator. Stop.
yudeMacBook-Air:redsocks brite$

how to fix it?tks

[realgtk]

vim Makefile and add SHELL = /bin/bash at first line. (because default shell is "/bin/sh" in OSX terminal)
or install coreutils and add export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH" to .bash_profile

[luckypoem]

hi.

redsocks.c:154:53: error: use of undeclared identifier 'INADDR_LOOPBACK'
/usr/include/sys/_endian.h:136:39: note: expanded from macro 'htonl'
#define htonl(x) __DARWIN_OSSwapInt32(x)
^
/usr/include/libkern/_OSByteOrder.h:75:76: note: expanded from macro
'__DARWIN_OSSwapInt32'
(__builtin_constant_p(x) ? _DARWIN_OSSwapConstInt32(x) : OSSwapInt32(x))
^
redsocks.c:473:25: warning: implicit declaration of function 'splice' is invalid
in C99 [-Wimplicit-function-declaration]
const ssize_t sent = splice(c->pisrc->read, NULL...
^
redsocks.c:473:72: error: use of undeclared identifier 'SPLICE_F_MOVE'
...ssize_t sent = splice(c->pisrc->read, NULL, out, NULL, avail, SPLICE_F_M...
^
redsocks.c:473:86: error: use of undeclared identifier 'SPLICE_F_NONBLOCK'
...= splice(c->pisrc->read, NULL, out, NULL, avail, SPLICE_F_MOVE|SPLICE_F...
^
redsocks.c:541:70: error: use of undeclared identifier 'SPLICE_F_MOVE'
...ssize_t got = splice(in, NULL, c->dst->write, NULL, pipesize, SPLICE_F_M...
^
redsocks.c:541:84: error: use of undeclared identifier 'SPLICE_F_NONBLOCK'
...= splice(in, NULL, c->dst->write, NULL, pipesize, SPLICE_F_MOVE|SPLICE_F...
^
redsocks.c:654:11: warning: implicit declaration of function 'pipe2' is invalid
in C99 [-Wimplicit-function-declaration]
error = pipe2(&pump->request.read, O_NONBLOCK);
^
redsocks.c:1019:8: warning: implicit declaration of function 'timerisset' is
invalid in C99 [-Wimplicit-function-declaration]
if (timerisset(&instance->accept_backoff.inserted)) {
^
redsocks.c:1024:5: warning: implicit declaration of function 'timersub' is
invalid in C99 [-Wimplicit-function-declaration]
timersub(&now, &instance->accept_backoff...
^
redsocks.c:1025:9: warning: implicit declaration of function 'timercmp' is
invalid in C99 [-Wimplicit-function-declaration]
if (timercmp(&min_accept_backoff, &time...
^
redsocks.c:1025:53: error: expected expression
...if (timercmp(&min_accept_backoff, &time_passed, <)) {
^
redsocks.c:1025:54: error: expected expression
...if (timercmp(&min_accept_backoff, &time_passed, <)) {
^
6 warnings and 18 errors generated.
make: *** [redsocks.o] Error 1
yudeMacBook-Air:redsocks brite$

too many errors.@realgtk ,did u ever compile redsocks successfully on mac?

[realgtk]

才发现你也是天朝的，我是在OSX下用搭建openwrt交叉编译成功的，可以运行在openwrt上。
回去测试下一下，OSX下直接编译同样的错误，可能是OSX下的一些库和标准的Linux库有区别，以前在编译其他linux程序的时候也发现过这种情况。目前没找到解决的办法……

[luckypoem]

hi.

我用brew install redsocks可以安装redsocks,不过用brew install iptables来安装iptables,提示没iptables这个包。于是试图编译之：
我在mac上编译iptables,遇到错误（在make这一步）：
wget http://www.netfilter.org/projects/iptables/files/iptables-1.6.0.tar.bz2
tar jxvf iptables-1.6.0.tar.bz2
cd iptables-1.6.0
./configure
make (在make这步遇到错误）

../include/linux/types.h:4:10: fatal error: 'asm/types.h' file not found
#include <asm/types.h>
^
1 error generated.
make[2]: *** [libip4tc.lo] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
yudeMacBook-Air:iptables-1.6.0 brite$

在google里搜索了fatal error: 'asm/types.h' file not found，始终未找到解决办法。
你可以在你的mac上，尝试编译iptables吗？看看是否也遇到我这样的错误？
非常感谢你的回复！
或者试试交叉编译？
我之所以要编译iptables,是看到此文http://blog.zhuli.name/archives/6690，想在mac上用socks代理（比如
shadowsocks) 实现全局代理，可惜遇到错误：
yudeMacBook-Air:~ brite$ redsocks -c /etc/redsocks.conf
file parsing error at line 8: invalid redirector set
file parsing error at line 8: section->onexit failed
yudeMacBook-Air:~ brite$ cat /etc/redsocks.conf
base {
log_debug = off;
log_info = on;
log = "file:/tmp/redsocks.log";

    daemon = on; 
    redirector = iptables; 

}

redsocks {
local_ip = 127.0.0.1;
local_port = 12345;

    ip = 127.0.0.1; 
    port = 1080; 
    type = socks5;

}
yudeMacBook-Air:~ brite$

搞了好久，我在mac上还是未成功编译iptables

[darkk]

I'm sorry, I have no way to run tests on Mac. Is there some easy way to get root-shell at MacOSX box without buying Mac? Does Apple offer free development environment nowadays?

Builds are broken at least since splice() feature was introduced.

P.S.: I hope google translate is good enough for Chinese → English language pair :-)

[realgtk]

#brew修改了Makefile，使用以下配置可以在OSX下编译成功，但是OSX的核心是BSD，使用的是ipfw。问题是10.10下ipfw也被取消了，取而代之的是pfctl（暂未研究过），如果只是要翻墙的话方法很多，没必要硬在OSX下折腾。

OBJS := parser.o main.o redsocks.o log.o http-connect.o socks4.o socks5.o http-relay.o base.o base64.o md5.o http-auth.o utils.o redudp.o dnstc.o gen/version.o
SRCS := $(OBJS:.o=.c)
CONF := config.h
DEPS := .depend
OUT := redsocks
VERSION := 0.4

LIBS := -levent
CFLAGS += -g -O2
override CFLAGS += -std=gnu99 -Wall

all: $(OUT)

.PHONY: all clean distclean

tags: *.c *.h
ctags -R

$(CONF):
@case uname in
Linux_)
echo "#define USE_IPTABLES" >$(CONF)
;;
OpenBSD)
echo "#define USE_PF" >$(CONF)
;;
*)
echo "Unknown system, only generic firewall code is compiled" 1>&2;
echo "/_ Unknown system, only generic firewall code is compiled /" >$(CONF)
;;
esac
gen/version.c: *.c *.h gen/.build
rm -f [email protected]
echo '/ this file is auto-generated during build /' > [email protected]
echo '#include "../version.h"' >> [email protected]
echo 'const char redsocks_version = ' >> [email protected]
if [ -d .git ]; then
echo '"redsocks.git/'git describe --tags'"';
if [ git status --porcelain | grep -v -c '^??' != 0 ]; then
echo '"-unclean"';
fi
else
echo '"redsocks/$(VERSION)"';
fi >> [email protected]
echo ';' >> [email protected]
mv -f [email protected] $@

gen/.build:
mkdir -p gen
touch $@

base.c: $(CONF)

$(DEPS): $(SRCS)
gcc -MM $(SRCS) 2&gt;/dev/null &gt;$(DEPS) ||
(
for I in $(wildcard .h); do
export $${I//[-.]/}DEPS="sed '/^#[ \t]_include \?"(._)"._/!d;s//\1/' $$I";
done;
echo -n >$(DEPS);
for SRC in $(SRCS); do
echo -n "$${SRC%.c}.o: " >>$(DEPS);
export SRC_DEPS="sed '/#[ \t]_include \?"(._)".*/!d;s//\1/' $$SRC | sort";
while true; do
export SRC_DEPS_OLD="$$SRC_DEPS";
export SRC_DEEP_DEPS="";
for HDR in $$SRC_DEPS; do
eval export SRC_DEEP_DEPS=""$$SRC_DEEP_DEPS $$$${HDR//[-.]/}_DEPS"";
done;
export SRC_DEPS="echo $$SRC_DEPS $$SRC_DEEP_DEPS | sed 's/ */\n/g' | sort -u";
test "$$SRC_DEPS" = "$$SRC_DEPS_OLD" && break;
done;
echo $$SRC $$SRC_DEPS >>$(DEPS);
done;
)

-include $(DEPS)

$(OUT): $(OBJS)
$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(LIBS)

clean:
$(RM) $(OUT) $(CONF) $(OBJS)

distclean: clean
$(RM) tags $(DEPS)
$(RM) -r gen

[zhovner]

Any updates here?
Build is still fails on MacOS 10.12.

@darkk you can run MacOS on virtual machine.
Here is the magnet link with preinstalled MacOS image
magnet:?xt=urn:btih:77a8c16b8a4131069e52da40769c9ce7097b94a7&dn=EC%2010.11.0.iso&tr=http%3a%2f%2fbt3.t-ru.org%2fann%3fmagnet

Installation notice for VirtualBox http://dumpz.org/2489669/text/
If you have no time to mess with virtualbox I can give root shell to my virtual machine.

[ilovezfs]

ping on this

[darkk]

If you have no time to mess with virtualbox I can give root shell to my virtual machine.

@zhovner

1. is the offer still alive after 14 months? :-)
2. was redsocks ever working on MacOS? I've not heard any success stories so far.
3. do you know how to configure MacOS firewall to redirect TCP and UDP traffic to redsocks?

[zhovner]

Here is the VNC credentials encrypted with your PGP key.
It's a latest macOS High Sierra 10.13.3 with developers tools installed.
Feel free to do anything you need, even completely broke the system, I have a snapshot of it.
I will try to keep it online for few days.

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.76
Comment: https://keybase.io/crypto

wcFMA80b4tgdCKCcARAAqf+jcSaud4BczYKkWZMEktEhzgZdVKrt9ZObN+8RpzR8
d0csP8ospfy0WRVH6q0oyj06Kr2jJIAHTiiIVRdDtKbkjcCj3LHHkwmwhjVWsM9q
kfLa0JqDKng8zdNs4AFRIzmozsb2U05qMyLo687Qc4dwqdl/v6+RWn6rTOfu4i0f
tp99E+EvB5DfPZMZnEVdSuMOVq2uXDAYCbanYCt6S9CvmMxl891o4PXw4tHPUSSt
OPlDnWk9p1bXNA3JSEPmj/54kDbluyuhIuXFP8HfRI/W9//jgaXbN+Z+7bAmRKTF
DWhUtrxliPjjVyGuPQLPwiP4ZaJCD9hxsAG88yA+MlQcgHuNniK0T2RMIP90TX82
8PjKYs0nvYqcw+8/7GtEd1T+dz+a5moc7OofklKktXKqVrUKb1lDH2JSEj8JlThO
HrwJCy5poWZYwzP3ZeZoMdReLzXv7CzIZWBbAZhHQS+aBd/Bo/JzgQqdHh5/1/rh
ddXQBxKmYfBhj0AVQxpfdkHbdAW6p3aLJ2pn8vrZqKo65IYEZ0RG9GZn0UYURPHK
ae33dwzzzmY25Cf9x3VYEhTi9N71XG1oXDMEeCgLQu3enFO4RHhVAKDWO5ndUt3Y
4oOx0tUbkEOoljr0mfH/5bAijWfjAhADKJ4wgiMNeygrR93YrepM0nUXWYG2snjS
wB8BT9AYHMm7rwhtLdxuHp/0fetVFuGpoMrkGa3MoF3k8debmtX47MA+FLl4iDkW
gn3OeUlClFJW4A4DtCy7LMHa/xLDllkFuHKLv7/qCU/VWgKHzZHi6Cao+QinNPxP
k6Kk6KMw+TBeYYZHAbSdvj3cTpOJRqGuHf2z6bScuZUL3Gr70YnZ5kHmxIWJKbuS
WUUH/gdt0AeB+4Gm8DFwh3NgucA3mZ6nzvq9AVpDtCajxy545umvfIzjIVrX299Q
L5qWpyjnDVQ5hIlMXAVTWQuPBWgFT2yfkJ8tz17YEEp3
=c5FY
-----END PGP MESSAGE-----

[zhovner]

do you know how to configure MacOS firewall to redirect TCP and UDP traffic to redsocks?

macOS has almost original pf firewall, so it should works the same as OpenBSD's.

[wych42]

@darkk Make redsocks works in Mac OSX is a hard job.

1. need add Darwin section in $(CONF) to enable USE_PF.
2. OSX missing net/pfvar.h net/radix.h libkern/tree.h, but we can copy from apple/darwin-xnu project.
3. Sitll got bunch of compile errors.

#define LIST_HEAD(name) \
        ^
/usr/include/sys/queue.h:417:9: note: previous definition is here
#define LIST_HEAD(name, type)                                           \
        ^
base.c:178:11: error: no member named 'v4' in 'struct pf_addr'
        nl.saddr.v4.s_addr = client->sin_addr.s_addr;
        ~~~~~~~~ ^
base.c:179:5: error: no member named 'sport' in 'struct pfioc_natlook'; did you mean 'sxport'?
        nl.sport = client->sin_port;
           ^~~~~
           sxport
./net/pfvar.h:1777:23: note: 'sxport' declared here
        union pf_state_xport    sxport;
                                ^
base.c:179:11: error: assigning to 'union pf_state_xport' from incompatible type 'const in_port_t' (aka 'const unsigned short')
        nl.sport = client->sin_port;
                 ^ ~~~~~~~~~~~~~~~~
base.c:180:11: error: no member named 'v4' in 'struct pf_addr'
        nl.daddr.v4.s_addr = bindaddr->sin_addr.s_addr;
        ~~~~~~~~ ^
base.c:181:5: error: no member named 'dport' in 'struct pfioc_natlook'; did you mean 'dxport'?
        nl.dport = bindaddr->sin_port;
           ^~~~~
           dxport
./net/pfvar.h:1778:23: note: 'dxport' declared here
        union pf_state_xport    dxport;
                                ^
base.c:181:11: error: assigning to 'union pf_state_xport' from incompatible type 'const in_port_t' (aka 'const unsigned short')
        nl.dport = bindaddr->sin_port;
                 ^ ~~~~~~~~~~~~~~~~~~
base.c:198:26: error: no member named 'rdport' in 'struct pfioc_natlook'; did you mean 'rdxport'?
        destaddr->sin_port = nl.rdport;
                                ^~~~~~
                                rdxport
./net/pfvar.h:1780:23: note: 'rdxport' declared here
        union pf_state_xport    rdxport;
                                ^
base.c:198:21: error: assigning to 'in_port_t' (aka 'unsigned short') from incompatible type 'union pf_state_xport'
        destaddr->sin_port = nl.rdport;
                           ^ ~~~~~~~~~
base.c:199:33: error: no member named 'v4' in 'struct pf_addr'
        destaddr->sin_addr = nl.rdaddr.v4;
                             ~~~~~~~~~ ^
base.c:211:31: error: no member named 'sport' in 'struct pfioc_natlook'; did you mean 'sxport'?
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                                   ^~~~~
                                                   sxport
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                                             ^
/usr/include/libkern/_OSByteOrder.h:72:40: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                       ^
./net/pfvar.h:1777:23: note: 'sxport' declared here
        union pf_state_xport    sxport;
                                ^
base.c:211:31: error: no member named 'sport' in 'struct pfioc_natlook'; did you mean 'sxport'?
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                                   ^~~~~
                                                   sxport
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                                             ^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                                                      ^
/usr/include/libkern/_OSByteOrder.h:44:34: note: expanded from macro '__DARWIN_OSSwapConstInt16'
    ((__uint16_t)((((__uint16_t)(x) & 0xff00) >> 8) | \
                                 ^
./net/pfvar.h:1777:23: note: 'sxport' declared here
        union pf_state_xport    sxport;
                                ^
base.c:211:22: error: operand of type 'union pf_state_xport' where arithmetic or pointer type is required
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                          ^~~~~~~~~~~~~~~
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^~~
/usr/include/sys/_endian.h:132:18: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                        ^~~~~~~~~~~~~~~~~~~~~~~
/usr/include/libkern/_OSByteOrder.h:72:45: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/libkern/_OSByteOrder.h:44:33: note: expanded from macro '__DARWIN_OSSwapConstInt16'
    ((__uint16_t)((((__uint16_t)(x) & 0xff00) >> 8) | \
                                ^~~
base.c:211:31: error: no member named 'sport' in 'struct pfioc_natlook'; did you mean 'sxport'?
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                                   ^~~~~
                                                   sxport
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                                             ^
/usr/include/libkern/_OSByteOrder.h:72:71: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                                                      ^
/usr/include/libkern/_OSByteOrder.h:45:32: note: expanded from macro '__DARWIN_OSSwapConstInt16'
                (((__uint16_t)(x) & 0x00ff) << 8)))
                               ^
./net/pfvar.h:1777:23: note: 'sxport' declared here
        union pf_state_xport    sxport;
                                ^
base.c:211:22: error: operand of type 'union pf_state_xport' where arithmetic or pointer type is required
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                          ^~~~~~~~~~~~~~~
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^~~
/usr/include/sys/_endian.h:132:18: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                        ^~~~~~~~~~~~~~~~~~~~~~~
/usr/include/libkern/_OSByteOrder.h:72:45: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/libkern/_OSByteOrder.h:45:31: note: expanded from macro '__DARWIN_OSSwapConstInt16'
                (((__uint16_t)(x) & 0x00ff) << 8)))
                              ^~~
base.c:211:31: error: no member named 'sport' in 'struct pfioc_natlook'
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                                ~~ ^
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^~~
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                                             ^
/usr/include/libkern/_OSByteOrder.h:72:89: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                                                                        ^
base.c:211:62: error: no member named 'dport' in 'struct pfioc_natlook'; did you mean 'dxport'?
                          clientaddr_str, ntohs(nl.sport), bindaddr_str, ntohs(nl.dport));
                                                                                  ^~~~~
                                                                                  dxport
./log.h:8:86: note: expanded from macro 'log_errno'
#define log_errno(prio, msg...) _log_write(__FILE__, __LINE__, __func__, 1, prio, ## msg)
                                                                                     ^
/usr/include/sys/_endian.h:132:39: note: expanded from macro 'ntohs'
#define ntohs(x)        __DARWIN_OSSwapInt16(x)
                                             ^
/usr/include/libkern/_OSByteOrder.h:72:40: note: expanded from macro '__DARWIN_OSSwapInt16'
    ((__uint16_t)(__builtin_constant_p(x) ? __DARWIN_OSSwapConstInt16(x) : _OSSwapInt16(x)))
                                       ^
./net/pfvar.h:1778:23: note: 'dxport' declared here
        union pf_state_xport    dxport;
                                ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
1 warning and 20 errors generated.
make: *** [base.o] Error 1```

[sonywork]

redsocks works well with pf in mac os.but I use redsocks2

[wych42]

@kuleyang I don't think you're helping this thread.

[sonywork]

@RichardW42

1. The last redsocks(not redsocks2) source use splice function,there is nothing for it in Mac OS

redsocks.c

//need to do

2. v4 in pfvar.h is changed to v4addr(the dnsmasq source 's ipset function has the same problem in Mac OS)
   base.c

	nl.saddr.v4addr.s_addr = client->sin_addr.s_addr;
	nl.sport = client->sin_port;
	nl.daddr.v4addr.s_addr = bindaddr->sin_addr.s_addr;
	nl.dport = bindaddr->sin_port;
	nl.af = AF_INET;
	nl.proto = IPPROTO_TCP;
	nl.direction = PF_OUT;

	if (ioctl(pffd, DIOCNATLOOK, &nl) != 0) {
		if (errno == ENOENT) {
			nl.direction = PF_IN; // required to redirect local packets
			if (ioctl(pffd, DIOCNATLOOK, &nl) != 0) {
				goto fail;
			}
		}
		else {
			goto fail;
		}
	}
	destaddr->sin_family = AF_INET;
	destaddr->sin_port = nl.rdport;
	destaddr->sin_addr = nl.rdaddr.v4addr;

3. MSG_FASTOPEN is not available in Mac OS

dnsu2t.c

//need to do
#ifdef MSG_FASTOPEN
		// MSG_FASTOPEN is available since Linux 3.6 released on 30 Sep 2012
		sent = sendto(event_get_fd(&self->relay_rd), &in, pktlen, MSG_FASTOPEN,
			(struct sockaddr*)&self->config.relayaddr, sizeof(self->config.relayaddr));
#endif

4. there is no tdestroy function in Mac os

#ifdef _APPLE_
//need to do
void tdestroy(void *root, void (*free_node)(void *nodep)) { }
#endif

[wych42]

@kuleyang so how do you make

redsocks works well with pf in mac os

as said above?

[sonywork]

@RichardW42
yes,thanks to @darkk

redsocks works well without splice function.
the source code need add some code for Mac OS

in redsocks.c

#ifdef _APPLE_
/* 		
 * Even though Mac OS X does not support the splice implementation of		
 * Linux, define the associated flags to avoid undeclared identifier 		
 * errors.		
 */		
#ifndef SPLICE_F_MOVE		
#define SPLICE_F_MOVE           0x01		
#endif		
#ifndef SPLICE_F_NONBLOCK		
#define SPLICE_F_NONBLOCK       0x02		
#endif		
#ifndef SPLICE_F_MORE		
#define SPLICE_F_MORE           0x04		
#endif		
#ifndef SPLICE_F_GIFT		
#define SPLICE_F_GIFT           0x08		
#endif	
int pipe2(int pipefd[2], int flags){return 0;}//unused
ssize_t splice(int fd_in, off_t *off_in, int fd_out,
                      off_t *off_out, size_t len, unsigned int flags){return 0;}	//unused
#endif

+#ifdef _APPLE_
+	instance->config.use_splice = false;
+#else
	instance->config.use_splice = is_splice_good();
+#endif

but dnsu2t not work in Mac OS

[taesiri]

Any update on this?

[luckypoem]

@sonywork
你说“redsocks works well with pf in mac os。”，看了你上面的评论，要修改redsocks的很多代码。你可否fork本项目,然后修改代码，放到https://github.com/sonywork下面呢？（好让其他渴望在mac上使用redsocks的人使用你的代码翻墙）
非常感谢你抽空弄一下。

[sonywork]

我一直在用了，用了一年多了，redsocks+v2ray/shadowsocks+dnsmasq+chinadns很稳定，支持根据国外IP或GFW列表,当时我没fork了，主要是配置PF规则

[luckypoem]

@sonywork ,那么怎么配置PF规则？可以详细说说吗

[sonywork]

# Init
# Init for proxy.
martians = "{!0/8,!10/8,!100.64/10,!127/8,!169.254/16,!172.16/12,192/24,!192.0.2/24,!192.168/16,!198.18/15,!198.51.100/24,!203.0.113/24,!224/4,240/4,!255.255.255.255/32}"
sshosts = "{!<你的第二个代理IP>/32,!<你的第二个代理IP>/32}"
tcpdns = "{8.8.8.8,8.8.4.4}"
table <gfwlist> persist $tcpdns file "/etc/gfwiplist"
table <notmartianslist> const {0/0 $martians}

# ProxyInChina2
# Outgoing not china Lan traffic by shadowsocks server.
table <notchinaiplist> persist {0/0 $martians $sshosts} file "/etc/chinaiplist"
rdr pass log on lo0 inet proto tcp to <notmartianslist> -> 127.0.0.1 port 2081
rdr pass log on en0 inet proto tcp from en0:network to <notchinaiplist> -> 127.0.0.1 port 2081
pass out on en0 route-to lo0 inet proto tcp from en0 to <notchinaiplist>

其中 2081是redsocks的透明代理端口, /etc/chinaiplist里是带!的中国IP段

...
!39.96.0.0/13
!39.104.0.0/14
!39.108.0.0/16
!39.128.0.0/10
!40.72.0.0/15
!40.125.128.0/17
!40.126.64.0/18
!42.0.0.0/22
!42.0.8.0/21
!42.0.16.0/21
!42.0.24.0/22
!42.0.32.0/19
!42.0.128.0/17
!42.1.0.0/19
...

en0是你正在使用的网卡接口

[sonywork]

https://github.com/semigodking/redsocks
PF GUI:
https://github.com/sonywork/Brick

[luckypoem]

@sonywork
你的mac机器上的redsocks是怎么安装的？我是用brew install redsocks来安装的，我的配置文件为：
cat /usr/local/etc/redsocks/redsocks.conf

base {
log_debug = off;
log_info = off;
daemon = on;
redirector = pf;
}

redsocks {
local_ip = 127.0.0.1;
local_port = 31338;

ip = 127.0.0.1;
port = 1080;
type = socks5;
}

然后，我运行
redsocks -c /usr/local/etc/redsocks/redsocks.conf
显示：
file parsing error at line 6: invalid redirector set
file parsing error at line 6: section->onexit failed

怎么解决？

[sonywork]

https://github.com/semigodking/redsocks

1. brew install openssl libevent
2. make DISABLE_SHADOWSOCKS=true

And check redsocks.conf.example

[luckypoem]

to sony yang:
你说的那样，我曾经做过，不过make DISABLE_SHADOWSOCKS=true这步遇错：
base.c:41:11: fatal error: 'net/pfvar.h' file not found

include <net/pfvar.h>

      ^

1 error generated.
make: *** [base.o] Error 1

怎么解决这错误？

[sonywork]

Makefile 里面有几个文件没下载下来
ifeq ($(OS), Darwin)
$(OSX_HEADERS_PATH)/net/pfvar.h:
mkdir -p $(OSX_HEADERS_PATH)/net &amp;&amp; curl -o $(OSX_HEADERS_PATH)/net/pfvar.h https://raw.githubusercontent.com/apple/darwin-xnu/master/bsd/net/pfvar.h
$(OSX_HEADERS_PATH)/net/radix.h:
mkdir -p $(OSX_HEADERS_PATH)/net &amp;&amp; curl -o $(OSX_HEADERS_PATH)/net/radix.h https://raw.githubusercontent.com/apple/darwin-xnu/master/bsd/net/radix.h
$(OSX_HEADERS_PATH)/libkern/tree.h:
mkdir -p $(OSX_HEADERS_PATH)/libkern &amp;&amp; curl -o $(OSX_HEADERS_PATH)/libkern/tree.h https://raw.githubusercontent.com/apple/darwin-xnu/master/libkern/libkern/tree.h
endif

[luckypoem]

to sony yang:
我在Makefile 里面插入了你写的那几行代码，然后运行
make DISABLE_SHADOWSOCKS=true
显示：
Compile with OpenSSL by default. To compile with PolarSSL, run 'make USE_CRYPTO_POLARSSL=true' instead.

yudeMacBook-Air:redsocks-by-semigodking brite$ make DISABLE_SHADOWSOCKS=true
Compile with OpenSSL by default. To compile with PolarSSL, run 'make USE_CRYPTO_POLARSSL=true' instead.
yudeMacBook-Air:redsocks-by-semigodking brite$

我在redsocks-by-semigodking目录里面看了一下，没看见有生成可执行文件redsocks或redsocks2.怎么回事呢？make失败了吗

[luckypoem]

to sony yang:
兄弟，可以回复吗？
非常感谢你

[sonywork]

你哪份代码啊
https://github.com/semigodking/redsocks
把这份代码克隆下来
直接跑这个命令
make DISABLE_SHADOWSOCKS=true

你按照他的README.md来，应该不会有问题