[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #8043 [Torsocks]: various torsocks/ttdnsd errors and discrepancies

To: undisclosed-recipients:;
Subject: [tor-bugs] #8043 [Torsocks]: various torsocks/ttdnsd errors and discrepancies
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 23 Jan 2013 14:45:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 23 Jan 2013 09:45:35 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8043: various torsocks/ttdnsd errors and discrepancies
----------------------+-----------------------------------------------------
 Reporter:  mr-4      |          Owner:     
     Type:  defect    |         Status:  new
 Priority:  normal    |      Milestone:     
Component:  Torsocks  |        Version:     
 Keywords:            |         Parent:     
   Points:            |   Actualpoints:     
----------------------+-----------------------------------------------------
 For the past two weeks I have been trying to integrate ttdnsd/torsocks
 combo into my system, allowing for proper DNS resolution to take place
 over Tor - all this was prompted by my report on bug #7797. Unfortunately,
 I've hit a brick wall.

 In a nutshell, I have found a few discrepancies/errors in both torsocks
 and ttdnsd and I also have a problem trying to force torsocks to talk to
 tor.

 Since in the "Component" section on this report form there is no place to
 select ttdnsd, I am doing this report for torsocks, as well as ttdnsd.

 1. Torsocks config file environment variable: ttdnsd expects that to be
 defined in TSOCKS_CONF_FILE, while torsocks also have 2 different
 definitions of it: TORSOCKS_CONFFILE (torsocks.8) and TORSOCKS_CONF_FILE
 (the binary .so file). The latter, when specified, works.

 Also, that environment variable is only honoured BEFORE chroot (so the
 full path to this file MUST be specified) - something not mentioned in
 either of torsocks or ttdnsd man pages.

 2. Even though I am using all 3 environment variables, pointing to the
 right torsocks.conf file, I still can't make it work. Here is my config:

 torsocks.conf
 =============
 local       = 127.0.0.0/255.0.0.0
 local       = 10.0.0.0/255.0.0.0
 server      = 127.0.0.1
 server_port = 19050

 ttdnsd.conf
 ===========
 8.8.8.8

 torrc (relevant parts only are included)
 ========================================
 SocksPort 19050
 SocksListenAddress 127.0.0.1:19050
 DNSPort 53
 DNSListenAddress 127.0.0.3:53

 SocksPolicy accept 127.0.0.1:* # localhost
 SocksPolicy accept 127.0.0.2:* # localhost
 SocksPolicy accept 127.0.0.3:* # localhost
 SocksPolicy accept 10.0.0.0/8:*
 SocksPolicy reject *:*

 My tor proxy service is running on 127.0.0.1:19050. TTDNSD is running on
 127.0.0.2:53, while tor's own DNS is running on 127.0.0.3:53.

 When not using TORSOCKS_DEBUG during ttdnsd start, after the initial setup
 I get the following message when a DNS request is sent to ttdnsd from the
 command line (using dig):

 07:37:32 libtorsocks(2507): Call to connect received on completed request
 4
 07:37:32 libtorsocks(2507): sendto: Connection is a UDP or ICMP stream,
 may be a DNS request or other form of leak: rejecting.

 When TORSOCKS_DEBUG=1 is used, I get this:

 libtorsocks: Got connection request
 libtorsocks: Intercepted call to getpeername
 libtorsocks: Intercepted call to poll
 libtorsocks: Intercepted call to poll
 libtorsocks: Got connection request
 libtorsocks: Call to connect received on completed request 4
 libtorsocks: Got sendto request
 libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS
 request or other form of leak: rejecting.
 libtorsocks: Got sendto request
 libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS
 request or other form of leak: rejecting.
 [...ad nauseum...]

 When I increase the debug level (TORSOCKS_DEBUG=255) I get a different
 message, though the effect is the same:

 07:40:43 libtorsocks(2611): No requests waiting, calling real close
 07:40:43 libtorsocks(2611): No requests waiting, calling real close
 07:41:01 libtorsocks(2611): Got connection request
 07:41:01 libtorsocks(2611): sin_family: 2
 07:41:01 libtorsocks(2611): sockopt: 1
 07:41:01 libtorsocks(2611): checking if address: 8.8.8.8 is local
 07:41:01 libtorsocks(2611): localnet addr: 255.255.0.0
 07:41:01 libtorsocks(2611): localip addr: 192.168.0.0
 [...]
 07:41:01 libtorsocks(2611): address: 8.8.8.8 is not local
 07:41:01 libtorsocks(2611): Intercepted call to getpeername
 07:41:01 libtorsocks(2611): Call to getpeername for fd 4
 07:41:01 libtorsocks(2611): Got connection request for socket 4 to 8.8.8.8
 07:41:01 libtorsocks(2611): Picking appropriate server for 8.8.8.8
 07:41:01 libtorsocks(2611): Picked server 127.0.0.1 for connection
 07:41:01 libtorsocks(2611): checking if address: 127.0.0.1 is local
 [...]
 07:41:01 libtorsocks(2611): address: 127.0.0.0 is local
 07:41:01 libtorsocks(2611): Beginning handle loop for socket 4
 07:41:01 libtorsocks(2611): In request handle loop for socket 4, current
 state of request is 0
 07:41:01 libtorsocks(2611): Connecting to 127.0.0.1 port 19050
 07:41:01 libtorsocks(2611): Connect returned -1, errno is 115
 07:41:01 libtorsocks(2611): Error 2 attempting to connect to SOCKS server
 (No such file or directory)
 07:41:01 libtorsocks(2611): Handle loop completed for socket 4 in state
 14, returning 2
 connect status: No such file or directory
 We've loaded 8.8.8.8 as a nameserver.
 1 nameservers loaded
 tsocks_conf: torsocks.conf
 log init...
 log file opened: ttdnsd.log
 log file opened as fd: 4
 duping fds... check ttdnsd.log from here on out...
 dup2 says: 1
 dup2 says: 2
 closing original fd: 4...
 starting server...
 watching 1 file descriptors
 1 file descriptors became ready
 received request of 37 bytes, id = 4927
 adding new request (id=4927)
 new request added at pos: 436
 using request slot 436
 updating id: 16147
 selecting peer
 peer selected: -1
 connecting to 8.8.8.8 on port 53
 watching 2 file descriptors
 1 file descriptors became ready
 peer 8.8.8.8 in bad state 0
 watching 2 file descriptors
 1 file descriptors became ready
 peer 8.8.8.8 in bad state 0
 watching 2 file descriptors
 [...ad nauseum...]

 I have absolutely no idea what the above errors mean exactly!

 The connection attempts were made from 127.0.0.1:XXXXX (dig) to
 127.0.0.2:53 (ttdnsd) using UDP, and then I could see from
 /proc/net/nf_conntrack that a separate connection was indeed made (status
 is ASSURED) to the tor proxy (127.0.0.1:19050) from torsocks
 (127.0.0.2:XXXXX) using TCP.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8043>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8042 [Tor]: Reloaded md never be purged for platforms with unsigned time_t
Next by Author: Re: [tor-bugs] #7797 [Tor]: tor DNS resolver unable to handle/return SRV type DNS records
Previous by thread: Re: [tor-bugs] #8042 [Tor]: Reloaded md never be purged for platforms with unsigned time_t
Next by thread: Re: [tor-bugs] #5980 [Ooni]: mobile ooni-probe client
Index(es):
- Author
- Thread