[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Tue, 09 Jul 2019 11:18:00 +0000
Autocrypt: addr=nusenu-lists@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABzSBudXNlbnUgPG51 c2VudS1saXN0c0ByaXNldXAubmV0PsLBfQQTAQgAJwUCWPneBQIbAwUJBaOagAULCQgHAgYV CAkKCwIEFgIDAQIeAQIXgAAKCRCtYTjCRc1Cfq/kD/sHx+mnL6OLwJvBj1rVTyoHJYJARajz Go0yRlbrZSH6Z05OD3SDR9UVpWOZeY8JyFoTyCFQjAbIVjKifj0uSmi0j1iahrAgGGfik0cN XUkCxrW6jcJQ37EbvYWu4PryqLuC7IeQW1wCcB1ioyGYKkm2K6LZ9rzZPVYSmPohJ+gVI0Jt EdlNZl4JuZot9eA5w/22uvcStQHzXDsUxfqK8OAJpU8E3iBBdNpLPMDWpFz4g2yw5PD6jZ+K Q39PYMUFULaKe4YCw1O+0MFhZJI4KEcRYHuVy1b3cJjxzgVfEyFctLDsO1sh07vBhoVKUi8W e00pvGtv8QYxxMYIA3iACbsjGEr69GvvZ2pAnu9vT9OUCaES4riDCxbkMxK/Cbwk8F6mo0eq HDQ7sOZWQv81ncdG9ovlA7Pj96cEXgdtbbllF1aUZ8sAmT14YjGzhArGv7kyJ1imH5tX3OXk hBGA9JTk2mDNjEpFaTEajSvDiKyeEhWNTLm15siWkpg1124yjUkhQ3OCkw7aUDMiVn8+DQHo J2pP/84uUvngbhm1jV7nk8mxTUFgppUePkb5hhnRRzeK72QY00EwRdn7qnpNgijMJ3Fpjfy2 EeCEl3nNdcB7U0F+0ijA6P/+DROldxNr4eiP50RvV8XiW/yi2IkKBk50GNB87yYnDETxxx/c 2i00AM7BTQRY+d4FARAAwJZ6U7UT8uB1WCfLK3AOR1Wa9bzOAghlTR4WXbHB4ajQKG7/Fzud 99bnwD0V3/AOVz/SbGDyHe+7HMvd1A0Ll4NgyH6OpxY7wOwCXAYTAbcXLpM7eKTjjsb9A9XG 3FcIGvjcy76OkaewqhiABaShlStEYcPkRusHZuecXtCnfCjJKihU/kinWpBO9gY6SrF2KFCw aeS4r37brXQ9y8uy3gZ168QFuIa5AKfL0r5YN3k4StNSA2p5Z/pufWXMN3B03QC+3fireiz3 dinlHK6XjUW8oWSdNxJhexT/lUw+episNuWTQruy7PD+HeohYGXqjggmPUiWc171Sewb2f8H CHViHMee8QXqo/LSRkYVrtsx0HUSMKsVQOma/u2By03ucroIkQJQQfqX3YpK1i3EpUO2L0/m E8UpBvUm1vrst54EFym4tYNJTj9reVffFKh2cczmPVN5o8v3RrdTF96mGtcb9EJbGV4277ZE LqUspviEBXynqU3yZ48JhIWHj22/ha6TeBpapYZDOJ8lePed8E34J/GYE2YXl65LhpXAKvWz O3KiByGMysb9Li6zqZ9/BYQtg5CA6Q8Oo7pBxK4iiDH3GX2WvymmLoaOBpOaIYdvKr39fajE mzfbg7TdZKXxqp2KDrbw7vUJLDyrmPWpxHyhKHItzoi1Y59wzYSq3h0AEQEAAcLBZQQYAQgA DwUCWPneBQIbDAUJBaOagAAKCRCtYTjCRc1CfpfgEAC3tXZzhgKbF6fx5gMNDp/9MBpialvu k69UaGL3HUqM0/ytiT4FjYUmOK2mk37iop46GivsOC50PykG9gjbg9/QKUqgsZzJ8LJ+ldY4 /GKtiP5JoO59Obj8MJJ5Ta8yPfZiiNx/I8ydqd18E4PmQUCPlEKhett81t3+8R/mGwG72TaA hHwDjZAEjiXdnXh+z0AKpflCnYQafq0V73ofzuw4KovpJWMk/WPs5oSHhuV4TZ8nRkF6BR4y rEvs1kq8Y6DuNqQGwY3yilpnmqfMzzlWo7MlY657domU54bhGOsvNuZZsFDlcBczQo6h9OKq ckkVHUMAw38pX+EghzEfhYVWYmLNv5G9TA/M2s3frO3aN7ukNDq7CKIwfVz71/VfPaLQMY7/ jirzp9yIBZEi4E+PwP38FAGiD+nxzuUJv1rvxf6koqUGoHRvdppju2JLrC2nKW0La7RX7uZJ esCVkamT/XaXPROBTrZZqwbIXh2uSMzgXkC2mE1dsBf2rdsJ4y73+0DYq7YE52OV9MNoCYLH vpkapmD00svsP4sskRsrquPHkBBVCJa22lTaS8Oow9hGQe7BDjEhsVoPol889F0mbTRb3klv mGQ6/B/HA0pGWR9wISY8a7D40/qz6eE6+Yg22mtN1T8FFlNbyVmtBj0R/2HfJYhGBElLPefH jhF0TA==
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Jul 2019 07:19:17 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1562671142; bh=vVvU3SSJvN6N38tif6vbpm0JMK4yHMkmiVxKWlJIUsk=; h=To:References:From:Subject:Date:In-Reply-To:From; b=I8oq4qgqnuMBDW99eJ/d3vQp/u7Gf8GZI8J8hZMPwRZTPuiVdKGBJyKmbyuqH3K8U qhwO/DL9+Kdecj8XIR4JumAbW+Q4kKR8NoBQmqissG60h1fm0vP/29fRQwClMsszSe YtjYlm/Xet4+vbUmTHCbwetuir4g4S86jsdyPHOk=
In-reply-to: <19E1935F-1B16-4303-91F2-333916F6E0C1@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <23be77d3-3473-7d8c-ce7a-b90b58a22e9e@riseup.net> <19E1935F-1B16-4303-91F2-333916F6E0C1@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Thanks this is very useful information.

>>> # Tor defines a new command value, \x0f, that is used for
>> domain
>>> # resolution.
>>> 
>>> self._send_all("\x05\xf0\x00\x03%s%s%s" % (chr(domain_len),
>>> domain, "\x00\x00"))
> 

> Exitmap uses the SOCKS 5, resolve, DNS command: See page 4 of
> https://www.ietf.org/rfc/rfc1928.txt The SOCKS request is formed as
> follows:
> 
> +----+-----+-------+------+----------+----------+ |VER | CMD |  RSV
> | ATYP | DST.ADDR | DST.PORT | 
> +----+-----+-------+------+----------+----------+ | 1  |  1  | X'00'
> |  1   | Variable |    2     | 
> +----+-----+-------+------+----------+----------+

so in above python code the values are:

ver = \x05
cmd = \xf0 ("RESOLVE") - custom tor extension not in RFC
rsv = \x00
atyp = \x03 (domain)
dst.addr = domain variable
dst.port = \x00\x00


from https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt#n49
> 2. Name lookup
> 
> As an extension to SOCKS4A and SOCKS5, Tor implements a new command
> value, "RESOLVE" [F0].  When Tor receives a "RESOLVE" SOCKS command,
> it initiates a remote lookup of the hostname provided as the target
> address in the SOCKS request.  The reply is either an error (if the
> address couldn't be resolved) or a success response.  In the case of
> success, the address is stored in the portion of the SOCKS response
> reserved for remote IP address.
> 
> (We support RESOLVE in SOCKS4 too, even though it is unnecessary.)
> 
> For SOCKS5 only, we support reverse resolution with a new command
> value, "RESOLVE_PTR" [F1]. In response to a "RESOLVE_PTR" SOCKS5
> command with an IPv4 address as its target, Tor attempts to find the
> canonical hostname for that IPv4 record, and returns it in the
> "server bound address" portion of the reply. (This command was not
> supported before Tor 0.1.2.2-alpha.)

The spec leaves multiple open questions:

- What does "initiates a remote lookup of the hostname" mean?
The spec could be improved by saying "A" or/and "AAAA" DNS lookup is performed.

- There is no information about the response in torspec.git/tree/socks-extensions.txt at all?

> Resolve can return an IPv4 or IPv6 response, but Exitmap ignores the
> address type, and turns the first 4 bytes of the response into an
> IPv4 address.

I modified exitmap to print the entire response in case the ATYP field is set to 04 (meaning the
response contains an IPv6 address) but
the response is not any longer and contains only the first 4 bytes of the IPv6 address.

Running tor 0.3.5.8.

Has this bug been fixed in later versions of tor or current master?

 


-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
  - From: nusenu
- Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
  - From: nusenu

References:
- [tor-dev] exitmap/RESOLVE control command limitations
  - From: nusenu
- Re: [tor-dev] exitmap/RESOLVE control command limitations
  - From: teor

Prev by Author: Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
Next by Author: [tor-dev] resolving DNS TXT records?
Previous by thread: Re: [tor-dev] exitmap/RESOLVE control command limitations
Next by thread: Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
Index(es):
- Author
- Thread