[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Add a new config option TestSocks so people can see if their
Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or
Modified Files:
buffers.c config.c connection_edge.c or.h
Log Message:
Add a new config option TestSocks so people can see if their
applications are using socks4, socks4a, socks5-with-ip, or
socks5-with-hostname. This way they don't have to keep mucking
with tcpdump and wondering if something got cached somewhere.
Index: buffers.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/buffers.c,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -d -r1.178 -r1.179
--- buffers.c 29 Oct 2005 18:19:37 -0000 1.178
+++ buffers.c 16 Nov 2005 23:37:35 -0000 1.179
@@ -888,10 +888,13 @@
* If you want to specify the socks reply, write it into <b>req->reply</b>
* and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
*
+ * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
+ * the connection is possibly leaking DNS requests locally or not.
+ *
* If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are undefined.
*/
int
-fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
+fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype)
{
unsigned char len;
char tmpbuf[INET_NTOA_BUF_LEN];
@@ -924,7 +927,7 @@
req->reply[1] = '\xFF'; /* reject all methods */
return -1;
}
- buf_remove_from_front(buf,2+nummethods);/* remove packet from buf */
+ buf_remove_from_front(buf,2+nummethods); /* remove packet from buf */
req->replylen = 2; /* 2 bytes of response */
req->reply[0] = 5; /* socks5 reply */
@@ -982,6 +985,8 @@
req->address[len] = 0;
req->port = ntohs(get_uint16(buf->cur+5+len));
buf_remove_from_front(buf, 5+len+2);
+ if (log_sockstype)
+ notice(LD_APP, "Your application (using socks5 on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
return 1;
default: /* unsupported */
warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",*(buf->cur+3));
@@ -1055,6 +1060,8 @@
return -1;
}
tor_assert(next < buf->cur+buf->datalen);
+ if (log_sockstype)
+ notice(LD_APP, "Your application (using socks4a on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
}
debug(LD_APP,"socks4: Everything is here. Success.");
strlcpy(req->address, startaddr ? startaddr : tmpbuf,
Index: config.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.446
retrieving revision 1.447
diff -u -d -r1.446 -r1.447
--- config.c 11 Nov 2005 22:41:07 -0000 1.446
+++ config.c 16 Nov 2005 23:37:35 -0000 1.447
@@ -191,6 +191,7 @@
VAR("StrictEntryNodes", BOOL, StrictEntryNodes, "0"),
VAR("StrictExitNodes", BOOL, StrictExitNodes, "0"),
VAR("SysLog", LINELIST_S, OldLogOptions, NULL),
+ VAR("TestSocks", BOOL, TestSocks, "0"),
VAR("TrackHostExits", CSV, TrackHostExits, NULL),
VAR("TrackHostExitsExpire",INTERVAL, TrackHostExitsExpire, "30 minutes"),
OBSOLETE("TrafficShaping"),
Index: connection_edge.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.361
retrieving revision 1.362
diff -u -d -r1.361 -r1.362
--- connection_edge.c 14 Nov 2005 04:13:43 -0000 1.361
+++ connection_edge.c 16 Nov 2005 23:37:35 -0000 1.362
@@ -923,7 +923,8 @@
socks_request_t *socks;
int sockshere;
hostname_type_t addresstype;
- int tor_should_handle_stream = !get_options()->LeaveStreamsUnattached;
+ or_options_t *options = get_options();
+ int tor_should_handle_stream = !options->LeaveStreamsUnattached;
tor_assert(conn);
tor_assert(conn->type == CONN_TYPE_AP);
@@ -933,7 +934,7 @@
debug(LD_APP,"entered.");
- sockshere = fetch_from_buf_socks(conn->inbuf, socks);
+ sockshere = fetch_from_buf_socks(conn->inbuf, socks, options->TestSocks);
if (sockshere == 0) {
if (socks->replylen) {
connection_write_to_buf(socks->reply, socks->replylen, conn);
@@ -1072,7 +1073,7 @@
rep_hist_note_used_port(socks->port, time(NULL)); /* help predict this next time */
control_event_stream_status(conn, STREAM_EVENT_NEW);
}
- if (get_options()->LeaveStreamsUnattached) {
+ if (!tor_should_handle_stream) {
conn->state = AP_CONN_STATE_CONTROLLER_WAIT;
} else {
conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.732
retrieving revision 1.733
diff -u -d -r1.732 -r1.733
--- or.h 11 Nov 2005 19:25:30 -0000 1.732
+++ or.h 16 Nov 2005 23:37:35 -0000 1.733
@@ -1307,6 +1307,8 @@
#define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? LOG_WARN : LOG_INFO)
int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
* protocol, is it a warn or an info in our logs? */
+ int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
+ * log whether it was DNS-leaking or not? */
int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
* acceleration where available? */
int UseHelperNodes; /**< Boolean: Do we try to enter from a smallish number
@@ -1379,7 +1381,7 @@
char **headers_out, size_t max_headerlen,
char **body_out, size_t *body_used, size_t max_bodylen,
int force_complete);
-int fetch_from_buf_socks(buf_t *buf, socks_request_t *req);
+int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype);
int fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
char **body_out, int check_for_v1);
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);