[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Add a new config option TestSocks so people can see if their



Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or

Modified Files:
	buffers.c config.c connection_edge.c or.h 
Log Message:
Add a new config option TestSocks so people can see if their
applications are using socks4, socks4a, socks5-with-ip, or
socks5-with-hostname. This way they don't have to keep mucking
with tcpdump and wondering if something got cached somewhere.


Index: buffers.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/buffers.c,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -d -r1.178 -r1.179
--- buffers.c	29 Oct 2005 18:19:37 -0000	1.178
+++ buffers.c	16 Nov 2005 23:37:35 -0000	1.179
@@ -888,10 +888,13 @@
  * If you want to specify the socks reply, write it into <b>req->reply</b>
  *   and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
  *
+ * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
+ * the connection is possibly leaking DNS requests locally or not.
+ *
  * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are undefined.
  */
 int
-fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
+fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype)
 {
   unsigned char len;
   char tmpbuf[INET_NTOA_BUF_LEN];
@@ -924,7 +927,7 @@
           req->reply[1] = '\xFF'; /* reject all methods */
           return -1;
         }
-        buf_remove_from_front(buf,2+nummethods);/* remove packet from buf */
+        buf_remove_from_front(buf,2+nummethods); /* remove packet from buf */
 
         req->replylen = 2; /* 2 bytes of response */
         req->reply[0] = 5; /* socks5 reply */
@@ -982,6 +985,8 @@
           req->address[len] = 0;
           req->port = ntohs(get_uint16(buf->cur+5+len));
           buf_remove_from_front(buf, 5+len+2);
+          if (log_sockstype)
+            notice(LD_APP, "Your application (using socks5 on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
           return 1;
         default: /* unsupported */
           warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",*(buf->cur+3));
@@ -1055,6 +1060,8 @@
           return -1;
         }
         tor_assert(next < buf->cur+buf->datalen);
+        if (log_sockstype)
+          notice(LD_APP, "Your application (using socks4a on port %d) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good.", req->port);
       }
       debug(LD_APP,"socks4: Everything is here. Success.");
       strlcpy(req->address, startaddr ? startaddr : tmpbuf,

Index: config.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.446
retrieving revision 1.447
diff -u -d -r1.446 -r1.447
--- config.c	11 Nov 2005 22:41:07 -0000	1.446
+++ config.c	16 Nov 2005 23:37:35 -0000	1.447
@@ -191,6 +191,7 @@
   VAR("StrictEntryNodes",    BOOL,     StrictEntryNodes,     "0"),
   VAR("StrictExitNodes",     BOOL,     StrictExitNodes,      "0"),
   VAR("SysLog",              LINELIST_S, OldLogOptions,      NULL),
+  VAR("TestSocks",           BOOL,     TestSocks,            "0"),
   VAR("TrackHostExits",      CSV,      TrackHostExits,       NULL),
   VAR("TrackHostExitsExpire",INTERVAL, TrackHostExitsExpire, "30 minutes"),
   OBSOLETE("TrafficShaping"),

Index: connection_edge.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.361
retrieving revision 1.362
diff -u -d -r1.361 -r1.362
--- connection_edge.c	14 Nov 2005 04:13:43 -0000	1.361
+++ connection_edge.c	16 Nov 2005 23:37:35 -0000	1.362
@@ -923,7 +923,8 @@
   socks_request_t *socks;
   int sockshere;
   hostname_type_t addresstype;
-  int tor_should_handle_stream = !get_options()->LeaveStreamsUnattached;
+  or_options_t *options = get_options();
+  int tor_should_handle_stream = !options->LeaveStreamsUnattached;
 
   tor_assert(conn);
   tor_assert(conn->type == CONN_TYPE_AP);
@@ -933,7 +934,7 @@
 
   debug(LD_APP,"entered.");
 
-  sockshere = fetch_from_buf_socks(conn->inbuf, socks);
+  sockshere = fetch_from_buf_socks(conn->inbuf, socks, options->TestSocks);
   if (sockshere == 0) {
     if (socks->replylen) {
       connection_write_to_buf(socks->reply, socks->replylen, conn);
@@ -1072,7 +1073,7 @@
       rep_hist_note_used_port(socks->port, time(NULL)); /* help predict this next time */
       control_event_stream_status(conn, STREAM_EVENT_NEW);
     }
-    if (get_options()->LeaveStreamsUnattached) {
+    if (!tor_should_handle_stream) {
       conn->state = AP_CONN_STATE_CONTROLLER_WAIT;
     } else {
       conn->state = AP_CONN_STATE_CIRCUIT_WAIT;

Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.732
retrieving revision 1.733
diff -u -d -r1.732 -r1.733
--- or.h	11 Nov 2005 19:25:30 -0000	1.732
+++ or.h	16 Nov 2005 23:37:35 -0000	1.733
@@ -1307,6 +1307,8 @@
 #define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? LOG_WARN : LOG_INFO)
   int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
                          * protocol, is it a warn or an info in our logs? */
+  int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
+                  * log whether it was DNS-leaking or not? */
   int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
                       * acceleration where available? */
   int UseHelperNodes; /**< Boolean: Do we try to enter from a smallish number
@@ -1379,7 +1381,7 @@
                         char **headers_out, size_t max_headerlen,
                         char **body_out, size_t *body_used, size_t max_bodylen,
                         int force_complete);
-int fetch_from_buf_socks(buf_t *buf, socks_request_t *req);
+int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype);
 int fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
                             char **body_out, int check_for_v1);
 int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);