[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] [PATCH] torify/torsocks and TCP Fast Open

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] [PATCH] torify/torsocks and TCP Fast Open
From: Tim Ruehsen <tim.ruehsen@xxxxxx>
Date: Wed, 14 Jan 2015 14:55:58 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Jan 2015 09:02:21 -0500
In-reply-to: <12692970.1PIi2Jmkmn@blitz-lx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <12692970.1PIi2Jmkmn@blitz-lx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: KMail/4.14.2 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; )

Hi,

no answer yet, so I created a first 'works for me' patch to let torified TFO
aware clients not leak silently.

(I hope I am on the right list here)

Please review and apply|comment.

Tim

On Tuesday 13 January 2015 15:25:35 Tim Ruehsen wrote:
> Hi,
>
> I tried to torify my wget-like application
> (https://github.com/rockdaboot/mget) and after some struggling I found that
> TFO is enabled by default (where available).
>
> I guess, the problem is TFO not using connect() but sendto().
>
> Please enlighten me, what I can do (despite turning off TFO).
>
> Is it worth a patch or do you think patching libtorsocks has pitfalls or
> unwanted side-effects ?
>
> Tim

From 495105d6d0049893e210e9a26af29fc048ecdf1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim RÃhsen?= <tim.ruehsen@xxxxxx>
Date: Wed, 14 Jan 2015 14:48:37 +0100
Subject: [PATCH] Allow TCP Fast Open clients go through tor.

This patch prevents TFO clients to silently leak when torified.
TFO uses sendto() instead of connect()/send().
---
 src/lib/Makefile.am |  2 +-
 src/lib/sendto.c    | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/lib/torsocks.h  | 19 +++++++++++++-
 3 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 src/lib/sendto.c

diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index d64b3f6..6e137f3 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -9,6 +9,6 @@ lib_LTLIBRARIES = libtorsocks.la
 libtorsocks_la_SOURCES = torsocks.c torsocks.h \
                          connect.c gethostbyname.c getaddrinfo.c close.c \
                          getpeername.c socket.c syscall.c socketpair.c recv.c \
-                         exit.c accept.c listen.c fclose.c
+                         exit.c accept.c listen.c fclose.c sendto.c

 libtorsocks_la_LIBADD = $(top_builddir)/src/common/libcommon.la
diff --git a/src/lib/sendto.c b/src/lib/sendto.c
new file mode 100644
index 0000000..fed67dd
--- /dev/null
+++ b/src/lib/sendto.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 - Tim Rü<tim.ruehsen@xxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License, version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+
+#include <common/log.h>
+#include <common/utils.h>
+
+#include "torsocks.h"
+
+/*
+ * Using TCP Fast Open (TFO) uses sendto() instead of connect() with 'flags'
+ * set to MSG_FASTOPEN. Without this code, using TFO simply bypasses TOR
+ * without letting the user know.
+ *
+ * This solution simply ignores TFO and falls back to connect().
+ * At the time the TOR server supports TFO, socks5.c (client code) could
+ * implement it in send_data() and connect_socks5().
+ */
+
+/* sendto(2)
+ * args: int sockfd, const void *buf, size_t len, int flags,
+ *       const struct sockaddr *dest_addr, socklen_t addrlen
+ */
+TSOCKS_LIBC_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+
+/*
+ * Torsocks call for sendto(2).
+ */
+LIBC_SENDTO_RET_TYPE tsocks_sendto(LIBC_SENDTO_SIG)
+{
+#ifdef TCP_FASTOPEN
+	int ret;
+
+	if ((flags&MSG_FASTOPEN) == 0) {
+		/* No TFO, fallback to libc sendto() */
+		goto libc_sendto;
+	}
+
+	DBG("TFO Sendto catched on fd %d", sockfd);
+
+	ret = connect(sockfd, dest_addr, addrlen);
+	if (ret == 0) {
+		/* connection established, send payload */
+		ret = send(sockfd, buf, len, flags&~MSG_FASTOPEN);
+	}
+
+	return ret;
+
+libc_sendto:
+#endif /* ifdef MSG_FASTOPEN */
+	return tsocks_libc_sendto(LIBC_SENDTO_ARGS);
+}
+
+/*
+ * Libc hijacked symbol sendto(2).
+ */
+LIBC_SENDTO_DECL
+{
+	return tsocks_sendto(LIBC_SENDTO_ARGS);
+}
diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h
index 6ded557..3b9cda2 100644
--- a/src/lib/torsocks.h
+++ b/src/lib/torsocks.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000-2008 - Shaun Clowes <delius@xxxxxxxxxxx>
+ * Copyright (C) 2000-2008 - Shaun Clowes <delius@xxxxxxxxxxx>
  * 				 2008-2011 - Robert Hogan <robert@xxxxxxxxxxxxxxx>
  * 				 	  2013 - David Goulet <dgoulet@xxxxxxxxx>
  *
@@ -170,6 +170,7 @@ struct hostent **result, int *h_errnop
 	int sockfd, struct sockaddr *addr, socklen_t *addrlen
 #define LIBC_GETPEERNAME_ARGS  sockfd, addr, addrlen

+/* recvmsg(2) */
 #define LIBC_RECVMSG_NAME recvmsg
 #define LIBC_RECVMSG_NAME_STR XSTR(LIBC_RECVMSG_NAME)
 #define LIBC_RECVMSG_RET_TYPE ssize_t
@@ -178,6 +179,16 @@ struct hostent **result, int *h_errnop
 #define LIBC_RECVMSG_ARGS \
 	sockfd, msg, flags

+/* sendto(2) */
+#define LIBC_SENDTO_NAME sendto
+#define LIBC_SENDTO_NAME_STR XSTR(LIBC_SENDTO_NAME)
+#define LIBC_SENDTO_RET_TYPE ssize_t
+#define LIBC_SENDTO_SIG \
+	int sockfd, const void *buf, size_t len, int flags,\
+	const struct sockaddr *dest_addr, socklen_t addrlen
+#define LIBC_SENDTO_ARGS \
+	sockfd, buf, len, flags, dest_addr, addrlen
+
 /* accept(2) */
 #define LIBC_ACCEPT_NAME accept
 #define LIBC_ACCEPT_NAME_STR XSTR(LIBC_ACCEPT_NAME)
@@ -277,6 +288,12 @@ TSOCKS_DECL(recvmsg, LIBC_RECVMSG_RET_TYPE, LIBC_RECVMSG_SIG)
 #define LIBC_RECVMSG_DECL \
 		LIBC_RECVMSG_RET_TYPE LIBC_RECVMSG_NAME(LIBC_RECVMSG_SIG)

+/* sendto(2) */
+extern TSOCKS_LIBC_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+TSOCKS_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+#define LIBC_SENDTO_DECL \
+		LIBC_SENDTO_RET_TYPE LIBC_SENDTO_NAME(LIBC_SENDTO_SIG)
+
 /* socket(2) */
 extern TSOCKS_LIBC_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
 TSOCKS_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
--
2.1.4

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] [PATCH] torify/torsocks and TCP Fast Open
  - From: Tim Ruehsen

References:
- [tor-dev] torify/torsocks and TCP Fast Open
  - From: Tim Ruehsen

Prev by Author: [tor-dev] torify/torsocks and TCP Fast Open
Next by Author: Re: [tor-dev] [PATCH] torify/torsocks and TCP Fast Open
Previous by thread: Re: [tor-dev] torify/torsocks and TCP Fast Open
Next by thread: Re: [tor-dev] [PATCH] torify/torsocks and TCP Fast Open
Index(es):
- Author
- Thread