On 14 Jan (16:25:17), Tim Ruehsen wrote:
Upps, I made a last second failure...
Here is the amended (and working) patch.
Hey!
Sorry for the delayed response, too many things at once! :)
I've done some fixes on the patch that I'll be merging in a jiffy, I've outlined them to you below. (mostly syntax thingy...)
Tim
On Wednesday 14 January 2015 14:55:58 Tim Ruehsen wrote:
Hi,
no answer yet, so I created a first 'works for me' patch to let torified TFO aware clients not leak silently.
(I hope I am on the right list here)
Please review and apply|comment.
On Tuesday 13 January 2015 15:25:35 Tim Ruehsen wrote:
Hi,
I tried to torify my wget-like application (https://github.com/rockdaboot/mget) and after some struggling I found that TFO is enabled by default (where available).
I guess, the problem is TFO not using connect() but sendto().
Please enlighten me, what I can do (despite turning off TFO).
Is it worth a patch or do you think patching libtorsocks has pitfalls or unwanted side-effects ?
From 3a775bf43d970c01fb955d7169f0da98be0a297c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= tim.ruehsen@gmx.de Date: Wed, 14 Jan 2015 14:48:37 +0100 Subject: [PATCH] Allow TCP Fast Open clients go through tor.
This patch prevents TFO clients to silently leak when torified. TFO uses sendto() instead of connect()/send().
src/lib/Makefile.am | 2 +- src/lib/sendto.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/lib/torsocks.h | 19 +++++++++++++- 3 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 src/lib/sendto.c
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index d64b3f6..6e137f3 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -9,6 +9,6 @@ lib_LTLIBRARIES = libtorsocks.la libtorsocks_la_SOURCES = torsocks.c torsocks.h \ connect.c gethostbyname.c getaddrinfo.c close.c \ getpeername.c socket.c syscall.c socketpair.c recv.c \
exit.c accept.c listen.c fclose.c
exit.c accept.c listen.c fclose.c sendto.c
libtorsocks_la_LIBADD = $(top_builddir)/src/common/libcommon.la diff --git a/src/lib/sendto.c b/src/lib/sendto.c new file mode 100644 index 0000000..af2550a --- /dev/null +++ b/src/lib/sendto.c @@ -0,0 +1,75 @@ +/*
- Copyright (C) 2015 - Tim R?hsen tim.ruehsen@gmx.de
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License, version 2 only, as
- published by the Free Software Foundation.
- This program is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- more details.
- You should have received a copy of the GNU General Public License along with
- this program; if not, write to the Free Software Foundation, Inc., 51
- Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+#include <assert.h>
+#include <common/log.h> +#include <common/utils.h>
+#include "torsocks.h"
+/*
- Using TCP Fast Open (TFO) uses sendto() instead of connect() with 'flags'
- set to MSG_FASTOPEN. Without this code, using TFO simply bypasses TOR
- without letting the user know.
- This solution simply ignores TFO and falls back to connect().
- At the time the TOR server supports TFO, socks5.c (client code) could
- implement it in send_data() and connect_socks5().
Could you simply clarify this for me meaning what's needed in socks5 code for TFO to be supported? (no need for an extra comments, just how would I do that :)
- */
+/* sendto(2)
- args: int sockfd, const void *buf, size_t len, int flags,
const struct sockaddr *dest_addr, socklen_t addrlen
- */
+TSOCKS_LIBC_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+/*
- Torsocks call for sendto(2).
- */
+LIBC_SENDTO_RET_TYPE tsocks_sendto(LIBC_SENDTO_SIG) +{ +#ifdef MSG_FASTOPEN
- int ret;
- if ((flags&MSG_FASTOPEN) == 0) {
/* No TFO, fallback to libc sendto() */
goto libc_sendto;
- }
- DBG("TFO Sendto catched on fd %d", sockfd);
- ret = connect(sockfd, dest_addr, addrlen);
- if (ret == 0) {
/* connection established, send payload */
ret = send(sockfd, buf, len, flags&~MSG_FASTOPEN);
- }
- return ret;
+libc_sendto: +#endif /* ifdef MSG_FASTOPEN */
- return tsocks_libc_sendto(LIBC_SENDTO_ARGS);
That symbol needs to be looked up (dlsym()) before you can use it so I did that in the function below. See accept.c how we do that.
Big thanks for that! Really appreciated and one less leak also! :)
Cheers! David