[tor-bugs] #8043 [Torsocks]: various torsocks/ttdnsd errors and discrepancies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 23 14:45:25 UTC 2013
#8043: various torsocks/ttdnsd errors and discrepancies
----------------------+-----------------------------------------------------
Reporter: mr-4 | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Torsocks | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
For the past two weeks I have been trying to integrate ttdnsd/torsocks
combo into my system, allowing for proper DNS resolution to take place
over Tor - all this was prompted by my report on bug #7797. Unfortunately,
I've hit a brick wall.
In a nutshell, I have found a few discrepancies/errors in both torsocks
and ttdnsd and I also have a problem trying to force torsocks to talk to
tor.
Since in the "Component" section on this report form there is no place to
select ttdnsd, I am doing this report for torsocks, as well as ttdnsd.
1. Torsocks config file environment variable: ttdnsd expects that to be
defined in TSOCKS_CONF_FILE, while torsocks also have 2 different
definitions of it: TORSOCKS_CONFFILE (torsocks.8) and TORSOCKS_CONF_FILE
(the binary .so file). The latter, when specified, works.
Also, that environment variable is only honoured BEFORE chroot (so the
full path to this file MUST be specified) - something not mentioned in
either of torsocks or ttdnsd man pages.
2. Even though I am using all 3 environment variables, pointing to the
right torsocks.conf file, I still can't make it work. Here is my config:
torsocks.conf
=============
local = 127.0.0.0/255.0.0.0
local = 10.0.0.0/255.0.0.0
server = 127.0.0.1
server_port = 19050
ttdnsd.conf
===========
8.8.8.8
torrc (relevant parts only are included)
========================================
SocksPort 19050
SocksListenAddress 127.0.0.1:19050
DNSPort 53
DNSListenAddress 127.0.0.3:53
SocksPolicy accept 127.0.0.1:* # localhost
SocksPolicy accept 127.0.0.2:* # localhost
SocksPolicy accept 127.0.0.3:* # localhost
SocksPolicy accept 10.0.0.0/8:*
SocksPolicy reject *:*
My tor proxy service is running on 127.0.0.1:19050. TTDNSD is running on
127.0.0.2:53, while tor's own DNS is running on 127.0.0.3:53.
When not using TORSOCKS_DEBUG during ttdnsd start, after the initial setup
I get the following message when a DNS request is sent to ttdnsd from the
command line (using dig):
07:37:32 libtorsocks(2507): Call to connect received on completed request
4
07:37:32 libtorsocks(2507): sendto: Connection is a UDP or ICMP stream,
may be a DNS request or other form of leak: rejecting.
When TORSOCKS_DEBUG=1 is used, I get this:
libtorsocks: Got connection request
libtorsocks: Intercepted call to getpeername
libtorsocks: Intercepted call to poll
libtorsocks: Intercepted call to poll
libtorsocks: Got connection request
libtorsocks: Call to connect received on completed request 4
libtorsocks: Got sendto request
libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS
request or other form of leak: rejecting.
libtorsocks: Got sendto request
libtorsocks: sendto: Connection is a UDP or ICMP stream, may be a DNS
request or other form of leak: rejecting.
[...ad nauseum...]
When I increase the debug level (TORSOCKS_DEBUG=255) I get a different
message, though the effect is the same:
07:40:43 libtorsocks(2611): No requests waiting, calling real close
07:40:43 libtorsocks(2611): No requests waiting, calling real close
07:41:01 libtorsocks(2611): Got connection request
07:41:01 libtorsocks(2611): sin_family: 2
07:41:01 libtorsocks(2611): sockopt: 1
07:41:01 libtorsocks(2611): checking if address: 8.8.8.8 is local
07:41:01 libtorsocks(2611): localnet addr: 255.255.0.0
07:41:01 libtorsocks(2611): localip addr: 192.168.0.0
[...]
07:41:01 libtorsocks(2611): address: 8.8.8.8 is not local
07:41:01 libtorsocks(2611): Intercepted call to getpeername
07:41:01 libtorsocks(2611): Call to getpeername for fd 4
07:41:01 libtorsocks(2611): Got connection request for socket 4 to 8.8.8.8
07:41:01 libtorsocks(2611): Picking appropriate server for 8.8.8.8
07:41:01 libtorsocks(2611): Picked server 127.0.0.1 for connection
07:41:01 libtorsocks(2611): checking if address: 127.0.0.1 is local
[...]
07:41:01 libtorsocks(2611): address: 127.0.0.0 is local
07:41:01 libtorsocks(2611): Beginning handle loop for socket 4
07:41:01 libtorsocks(2611): In request handle loop for socket 4, current
state of request is 0
07:41:01 libtorsocks(2611): Connecting to 127.0.0.1 port 19050
07:41:01 libtorsocks(2611): Connect returned -1, errno is 115
07:41:01 libtorsocks(2611): Error 2 attempting to connect to SOCKS server
(No such file or directory)
07:41:01 libtorsocks(2611): Handle loop completed for socket 4 in state
14, returning 2
connect status: No such file or directory
We've loaded 8.8.8.8 as a nameserver.
1 nameservers loaded
tsocks_conf: torsocks.conf
log init...
log file opened: ttdnsd.log
log file opened as fd: 4
duping fds... check ttdnsd.log from here on out...
dup2 says: 1
dup2 says: 2
closing original fd: 4...
starting server...
watching 1 file descriptors
1 file descriptors became ready
received request of 37 bytes, id = 4927
adding new request (id=4927)
new request added at pos: 436
using request slot 436
updating id: 16147
selecting peer
peer selected: -1
connecting to 8.8.8.8 on port 53
watching 2 file descriptors
1 file descriptors became ready
peer 8.8.8.8 in bad state 0
watching 2 file descriptors
1 file descriptors became ready
peer 8.8.8.8 in bad state 0
watching 2 file descriptors
[...ad nauseum...]
I have absolutely no idea what the above errors mean exactly!
The connection attempts were made from 127.0.0.1:XXXXX (dig) to
127.0.0.2:53 (ttdnsd) using UDP, and then I could see from
/proc/net/nf_conntrack that a separate connection was indeed made (status
is ASSURED) to the tor proxy (127.0.0.1:19050) from torsocks
(127.0.0.2:XXXXX) using TCP.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8043>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list