mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Add a new config option TestSocks so people can see if their
applications are using socks4, socks4a, socks5-with-ip, or socks5-with-hostname. This way they don't have to keep mucking with tcpdump and wondering if something got cached somewhere. svn:r5399
This commit is contained in:
parent
83d6b0387b
commit
c4aa9e7941
@ -888,10 +888,13 @@ fetch_from_buf_http(buf_t *buf,
|
||||
* If you want to specify the socks reply, write it into <b>req->reply</b>
|
||||
* and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
|
||||
*
|
||||
* If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
|
||||
* the connection is possibly leaking DNS requests locally or not.
|
||||
*
|
||||
* If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are undefined.
|
||||
*/
|
||||
int
|
||||
fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype)
|
||||
{
|
||||
unsigned char len;
|
||||
char tmpbuf[INET_NTOA_BUF_LEN];
|
||||
@ -924,7 +927,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
req->reply[1] = '\xFF'; /* reject all methods */
|
||||
return -1;
|
||||
}
|
||||
buf_remove_from_front(buf,2+nummethods);/* remove packet from buf */
|
||||
buf_remove_from_front(buf,2+nummethods); /* remove packet from buf */
|
||||
|
||||
req->replylen = 2; /* 2 bytes of response */
|
||||
req->reply[0] = 5; /* socks5 reply */
|
||||
@ -982,6 +985,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
req->address[len] = 0;
|
||||
req->port = ntohs(get_uint16(buf->cur+5+len));
|
||||
buf_remove_from_front(buf, 5+len+2);
|
||||
if (log_sockstype)
|
||||
notice(LD_APP, "Your application (using socks5 on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
|
||||
return 1;
|
||||
default: /* unsupported */
|
||||
warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",*(buf->cur+3));
|
||||
@ -1055,6 +1060,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
return -1;
|
||||
}
|
||||
tor_assert(next < buf->cur+buf->datalen);
|
||||
if (log_sockstype)
|
||||
notice(LD_APP, "Your application (using socks4a on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
|
||||
}
|
||||
debug(LD_APP,"socks4: Everything is here. Success.");
|
||||
strlcpy(req->address, startaddr ? startaddr : tmpbuf,
|
||||
|
@ -191,6 +191,7 @@ static config_var_t _option_vars[] = {
|
||||
VAR("StrictEntryNodes", BOOL, StrictEntryNodes, "0"),
|
||||
VAR("StrictExitNodes", BOOL, StrictExitNodes, "0"),
|
||||
VAR("SysLog", LINELIST_S, OldLogOptions, NULL),
|
||||
VAR("TestSocks", BOOL, TestSocks, "0"),
|
||||
VAR("TrackHostExits", CSV, TrackHostExits, NULL),
|
||||
VAR("TrackHostExitsExpire",INTERVAL, TrackHostExitsExpire, "30 minutes"),
|
||||
OBSOLETE("TrafficShaping"),
|
||||
|
@ -923,7 +923,8 @@ connection_ap_handshake_process_socks(connection_t *conn)
|
||||
socks_request_t *socks;
|
||||
int sockshere;
|
||||
hostname_type_t addresstype;
|
||||
int tor_should_handle_stream = !get_options()->LeaveStreamsUnattached;
|
||||
or_options_t *options = get_options();
|
||||
int tor_should_handle_stream = !options->LeaveStreamsUnattached;
|
||||
|
||||
tor_assert(conn);
|
||||
tor_assert(conn->type == CONN_TYPE_AP);
|
||||
@ -933,7 +934,7 @@ connection_ap_handshake_process_socks(connection_t *conn)
|
||||
|
||||
debug(LD_APP,"entered.");
|
||||
|
||||
sockshere = fetch_from_buf_socks(conn->inbuf, socks);
|
||||
sockshere = fetch_from_buf_socks(conn->inbuf, socks, options->TestSocks);
|
||||
if (sockshere == 0) {
|
||||
if (socks->replylen) {
|
||||
connection_write_to_buf(socks->reply, socks->replylen, conn);
|
||||
@ -1072,7 +1073,7 @@ connection_ap_handshake_process_socks(connection_t *conn)
|
||||
rep_hist_note_used_port(socks->port, time(NULL)); /* help predict this next time */
|
||||
control_event_stream_status(conn, STREAM_EVENT_NEW);
|
||||
}
|
||||
if (get_options()->LeaveStreamsUnattached) {
|
||||
if (!tor_should_handle_stream) {
|
||||
conn->state = AP_CONN_STATE_CONTROLLER_WAIT;
|
||||
} else {
|
||||
conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
|
||||
|
@ -1307,6 +1307,8 @@ typedef struct {
|
||||
#define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? LOG_WARN : LOG_INFO)
|
||||
int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
|
||||
* protocol, is it a warn or an info in our logs? */
|
||||
int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
|
||||
* log whether it was DNS-leaking or not? */
|
||||
int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
|
||||
* acceleration where available? */
|
||||
int UseHelperNodes; /**< Boolean: Do we try to enter from a smallish number
|
||||
@ -1379,7 +1381,7 @@ int fetch_from_buf_http(buf_t *buf,
|
||||
char **headers_out, size_t max_headerlen,
|
||||
char **body_out, size_t *body_used, size_t max_bodylen,
|
||||
int force_complete);
|
||||
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req);
|
||||
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype);
|
||||
int fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
|
||||
char **body_out, int check_for_v1);
|
||||
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);
|
||||
|
Loading…
Reference in New Issue
Block a user