2011-02-25 09:40:11 +00:00
/***************************************************************************
libproxychains . c - description
- - - - - - - - - - - - - - - - - - -
begin : Tue May 14 2002
copyright : netcreature ( C ) 2002
email : netcreature @ users . sourceforge . net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/* GPL */
/***************************************************************************
* *
* This program is free software ; you can redistribute it and / or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation ; either version 2 of the License , or *
* ( at your option ) any later version . *
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2011-09-03 23:45:16 +00:00
# undef _GNU_SOURCE
2011-02-25 09:40:11 +00:00
# define _GNU_SOURCE
2011-09-03 23:45:16 +00:00
2011-02-25 09:40:11 +00:00
# include <stdio.h>
# include <unistd.h>
# include <stdlib.h>
2011-09-02 17:55:50 +00:00
# include <string.h>
2021-09-09 04:33:03 +00:00
# include <limits.h>
2020-09-21 10:31:52 +00:00
# include <ctype.h>
2011-02-25 09:40:11 +00:00
# include <errno.h>
2012-11-07 15:49:14 +00:00
# include <assert.h>
2011-02-25 09:40:11 +00:00
# include <netdb.h>
# include <netinet/in.h>
# include <arpa/inet.h>
# include <sys/types.h>
# include <sys/socket.h>
2011-09-02 17:55:50 +00:00
# include <fcntl.h>
2011-02-25 09:40:11 +00:00
# include <dlfcn.h>
2012-11-07 20:28:09 +00:00
# include <pthread.h>
2011-02-25 09:40:11 +00:00
# include "core.h"
2011-09-10 20:32:27 +00:00
# include "common.h"
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
# include "rdns.h"
2011-02-25 09:40:11 +00:00
2020-08-17 08:31:04 +00:00
# undef satosin
2011-02-25 09:40:11 +00:00
# define satosin(x) ((struct sockaddr_in *) &(x))
# define SOCKADDR(x) (satosin(x)->sin_addr.s_addr)
# define SOCKADDR_2(x) (satosin(x)->sin_addr)
# define SOCKPORT(x) (satosin(x)->sin_port)
# define SOCKFAMILY(x) (satosin(x)->sin_family)
2012-04-23 23:48:17 +00:00
# define MAX_CHAIN 512
2011-02-25 09:40:11 +00:00
2018-01-10 17:23:36 +00:00
# ifdef IS_SOLARIS
# undef connect
int __xnet_connect ( int sock , const struct sockaddr * addr , unsigned int len ) ;
connect_t true___xnet_connect ;
# endif
2013-01-21 00:54:45 +00:00
close_t true_close ;
2022-04-12 12:37:12 +00:00
close_range_t true_close_range ;
2012-07-07 22:16:00 +00:00
connect_t true_connect ;
gethostbyname_t true_gethostbyname ;
getaddrinfo_t true_getaddrinfo ;
freeaddrinfo_t true_freeaddrinfo ;
getnameinfo_t true_getnameinfo ;
gethostbyaddr_t true_gethostbyaddr ;
2015-01-23 16:14:28 +00:00
sendto_t true_sendto ;
2012-07-07 22:16:00 +00:00
2011-02-25 09:40:11 +00:00
int tcp_read_time_out ;
int tcp_connect_time_out ;
chain_type proxychains_ct ;
proxy_data proxychains_pd [ MAX_CHAIN ] ;
2011-09-03 23:45:16 +00:00
unsigned int proxychains_proxy_count = 0 ;
2013-06-23 05:13:40 +00:00
unsigned int proxychains_proxy_offset = 0 ;
2011-02-25 09:40:11 +00:00
int proxychains_got_chain_data = 0 ;
2011-09-03 23:45:16 +00:00
unsigned int proxychains_max_chain = 1 ;
2011-02-25 09:40:11 +00:00
int proxychains_quiet_mode = 0 ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
enum dns_lookup_flavor proxychains_resolver = DNSLF_LIBC ;
2011-02-25 15:16:58 +00:00
localaddr_arg localnet_addr [ MAX_LOCALNET ] ;
size_t num_localnet_addr = 0 ;
2020-05-05 21:33:42 +00:00
dnat_arg dnats [ MAX_DNAT ] ;
size_t num_dnats = 0 ;
2012-01-26 11:44:42 +00:00
unsigned int remote_dns_subnet = 224 ;
2011-02-25 15:16:58 +00:00
2012-04-23 20:14:04 +00:00
pthread_once_t init_once = PTHREAD_ONCE_INIT ;
2012-11-07 20:28:09 +00:00
2012-04-23 20:14:04 +00:00
static int init_l = 0 ;
2019-02-28 13:28:10 +00:00
static void get_chain_data ( proxy_data * pd , unsigned int * proxy_count , chain_type * ct ) ;
2011-02-25 09:40:11 +00:00
2022-04-12 12:37:12 +00:00
static void * load_sym ( char * symname , void * proxyfunc , int is_mandatory ) {
2012-07-07 22:27:46 +00:00
void * funcptr = dlsym ( RTLD_NEXT , symname ) ;
2014-07-21 11:18:20 +00:00
2022-04-12 12:37:12 +00:00
if ( is_mandatory & & ! funcptr ) {
2012-04-23 17:51:14 +00:00
fprintf ( stderr , " Cannot load symbol '%s' %s \n " , symname , dlerror ( ) ) ;
2011-02-25 09:40:11 +00:00
exit ( 1 ) ;
2022-04-12 12:37:12 +00:00
} else if ( ! funcptr ) {
return funcptr ;
2011-02-25 09:40:11 +00:00
} else {
2012-07-08 02:09:50 +00:00
PDEBUG ( " loaded symbol '%s' " " real addr %p wrapped addr %p \n " , symname , funcptr , proxyfunc ) ;
2011-02-25 09:40:11 +00:00
}
2012-07-07 22:27:46 +00:00
if ( funcptr = = proxyfunc ) {
2011-09-03 23:45:16 +00:00
PDEBUG ( " circular reference detected, aborting! \n " ) ;
abort ( ) ;
}
2012-07-07 22:27:46 +00:00
return funcptr ;
2012-04-23 17:51:14 +00:00
}
2012-01-27 16:55:37 +00:00
2012-04-23 20:14:04 +00:00
# define INIT() init_lib_wrapper(__FUNCTION__)
2012-07-07 22:27:46 +00:00
2012-11-07 15:49:14 +00:00
# include "allocator_thread.h"
2014-07-22 12:10:08 +00:00
const char * proxychains_get_version ( void ) ;
2021-12-12 18:20:59 +00:00
static void setup_hooks ( void ) ;
2015-12-02 12:14:58 +00:00
2022-04-12 12:37:12 +00:00
typedef struct {
unsigned int first , last , flags ;
} close_range_args_t ;
/* If there is some `close` or `close_range` system call before do_init,
we buffer it , and actually execute them in do_init . */
2016-05-26 18:01:14 +00:00
static int close_fds [ 16 ] ;
static int close_fds_cnt = 0 ;
2022-04-12 12:37:12 +00:00
static close_range_args_t close_range_buffer [ 16 ] ;
static int close_range_buffer_cnt = 0 ;
2016-05-26 18:01:14 +00:00
2021-05-14 14:10:14 +00:00
static unsigned get_rand_seed ( void ) {
# ifdef HAVE_CLOCK_GETTIME
struct timespec now ;
clock_gettime ( CLOCK_REALTIME , & now ) ;
return now . tv_sec ^ now . tv_nsec ;
# else
return time ( NULL ) ;
# endif
}
2012-04-23 20:14:04 +00:00
static void do_init ( void ) {
2021-05-14 14:10:14 +00:00
srand ( get_rand_seed ( ) ) ;
2012-11-07 20:28:09 +00:00
core_initialize ( ) ;
2014-07-21 11:18:20 +00:00
2012-04-23 17:51:14 +00:00
/* read the config file */
get_chain_data ( proxychains_pd , & proxychains_proxy_count , & proxychains_ct ) ;
2013-06-23 05:13:40 +00:00
DUMP_PROXY_CHAIN ( proxychains_pd , proxychains_proxy_count ) ;
2011-02-25 09:40:11 +00:00
2014-07-22 12:10:08 +00:00
proxychains_write_log ( LOG_PREFIX " DLL init: proxychains-ng %s \n " , proxychains_get_version ( ) ) ;
2014-07-21 11:18:20 +00:00
2015-12-02 12:14:58 +00:00
setup_hooks ( ) ;
2014-07-21 11:18:20 +00:00
2016-05-26 18:01:14 +00:00
while ( close_fds_cnt ) true_close ( close_fds [ - - close_fds_cnt ] ) ;
2022-04-12 12:37:12 +00:00
while ( close_range_buffer_cnt ) {
int i = - - close_range_buffer_cnt ;
true_close_range ( close_range_buffer [ i ] . first , close_range_buffer [ i ] . last , close_range_buffer [ i ] . flags ) ;
}
2011-02-25 09:40:11 +00:00
init_l = 1 ;
2020-09-20 16:03:54 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
rdns_init ( proxychains_resolver ) ;
2011-02-25 09:40:11 +00:00
}
2012-04-23 20:14:04 +00:00
static void init_lib_wrapper ( const char * caller ) {
# ifndef DEBUG
( void ) caller ;
# endif
if ( ! init_l ) PDEBUG ( " %s called from %s \n " , __FUNCTION__ , caller ) ;
pthread_once ( & init_once , do_init ) ;
}
/* if we use gcc >= 3, we can instruct the dynamic loader
* to call init_lib at link time . otherwise it gets loaded
* lazily , which has the disadvantage that there ' s a potential
* race condition if 2 threads call it before init_l is set
* and PTHREAD support was disabled */
# if __GNUC__ > 2
__attribute__ ( ( constructor ) )
static void gcc_init ( void ) {
INIT ( ) ;
}
# endif
2018-07-26 22:12:00 +00:00
typedef enum {
RS_PT_NONE = 0 ,
RS_PT_SOCKS4 ,
RS_PT_SOCKS5 ,
RS_PT_HTTP
} rs_proxyType ;
/*
proxy_from_string ( ) taken from rocksock network I / O library ( C ) rofl0r
valid inputs :
socks5 : //user:password@proxy.domain.com:port
socks5 : //proxy.domain.com:port
socks4 : //proxy.domain.com:port
http : //user:password@proxy.domain.com:port
http : //proxy.domain.com:port
supplying port number is obligatory .
user : pass @ part is optional for http and socks5 .
however , user : pass authentication is currently not implemented for http proxies .
return 1 on success , 0 on error .
*/
static int proxy_from_string ( const char * proxystring ,
char * type_buf ,
char * host_buf ,
int * port_n ,
char * user_buf ,
char * pass_buf )
{
const char * p ;
rs_proxyType proxytype ;
size_t next_token = 6 , ul = 0 , pl = 0 , hl ;
if ( ! proxystring [ 0 ] | | ! proxystring [ 1 ] | | ! proxystring [ 2 ] | | ! proxystring [ 3 ] | | ! proxystring [ 4 ] | | ! proxystring [ 5 ] ) goto inv_string ;
if ( * proxystring = = ' s ' ) {
switch ( proxystring [ 5 ] ) {
case ' 5 ' : proxytype = RS_PT_SOCKS5 ; break ;
case ' 4 ' : proxytype = RS_PT_SOCKS4 ; break ;
default : goto inv_string ;
}
} else if ( * proxystring = = ' h ' ) {
proxytype = RS_PT_HTTP ;
next_token = 4 ;
} else goto inv_string ;
if (
proxystring [ next_token + + ] ! = ' : ' | |
proxystring [ next_token + + ] ! = ' / ' | |
proxystring [ next_token + + ] ! = ' / ' ) goto inv_string ;
2019-04-21 00:48:35 +00:00
const char * at = strrchr ( proxystring + next_token , ' @ ' ) ;
2018-07-26 22:12:00 +00:00
if ( at ) {
if ( proxytype = = RS_PT_SOCKS4 )
return 0 ;
p = strchr ( proxystring + next_token , ' : ' ) ;
if ( ! p | | p > = at ) goto inv_string ;
const char * u = proxystring + next_token ;
ul = p - u ;
p + + ;
pl = at - p ;
if ( proxytype = = RS_PT_SOCKS5 & & ( ul > 255 | | pl > 255 ) )
return 0 ;
memcpy ( user_buf , u , ul ) ;
user_buf [ ul ] = 0 ;
memcpy ( pass_buf , p , pl ) ;
pass_buf [ pl ] = 0 ;
next_token + = 2 + ul + pl ;
} else {
user_buf [ 0 ] = 0 ;
pass_buf [ 0 ] = 0 ;
}
const char * h = proxystring + next_token ;
p = strchr ( h , ' : ' ) ;
if ( ! p ) goto inv_string ;
hl = p - h ;
if ( hl > 255 )
return 0 ;
memcpy ( host_buf , h , hl ) ;
host_buf [ hl ] = 0 ;
* port_n = atoi ( p + 1 ) ;
switch ( proxytype ) {
case RS_PT_SOCKS4 :
strcpy ( type_buf , " socks4 " ) ;
break ;
case RS_PT_SOCKS5 :
strcpy ( type_buf , " socks5 " ) ;
break ;
case RS_PT_HTTP :
strcpy ( type_buf , " http " ) ;
break ;
default :
return 0 ;
}
return 1 ;
inv_string :
return 0 ;
}
2019-02-28 14:07:08 +00:00
static const char * bool_str ( int bool_val ) {
if ( bool_val ) return " true " ;
return " false " ;
}
2018-07-26 22:12:00 +00:00
2020-09-21 10:31:52 +00:00
# define STR_STARTSWITH(P, LIT) (!strncmp(P, LIT, sizeof(LIT)-1))
2012-04-23 20:14:04 +00:00
/* get configuration from config file */
static void get_chain_data ( proxy_data * pd , unsigned int * proxy_count , chain_type * ct ) {
2012-01-27 17:59:44 +00:00
int count = 0 , port_n = 0 , list = 0 ;
2020-09-21 10:31:52 +00:00
char buf [ 1024 ] , type [ 1024 ] , host [ 1024 ] , user [ 1024 ] ;
char * buff , * env , * p ;
2021-09-09 04:33:03 +00:00
char local_addr_port [ 64 ] , local_addr [ 64 ] , local_netmask [ 32 ] ;
2020-05-05 21:33:42 +00:00
char dnat_orig_addr_port [ 32 ] , dnat_new_addr_port [ 32 ] ;
char dnat_orig_addr [ 32 ] , dnat_orig_port [ 32 ] , dnat_new_addr [ 32 ] , dnat_new_port [ 32 ] ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
char rdnsd_addr [ 32 ] , rdnsd_port [ 8 ] ;
2012-07-08 21:32:50 +00:00
FILE * file = NULL ;
2011-02-25 09:40:11 +00:00
if ( proxychains_got_chain_data )
2012-01-27 17:59:44 +00:00
return ;
2011-02-25 09:40:11 +00:00
2020-09-20 16:02:21 +00:00
PFUNC ( ) ;
2011-02-25 09:40:11 +00:00
//Some defaults
2012-01-27 17:59:44 +00:00
tcp_read_time_out = 4 * 1000 ;
tcp_connect_time_out = 10 * 1000 ;
2011-09-03 23:45:16 +00:00
* ct = DYNAMIC_TYPE ;
2014-07-21 11:18:20 +00:00
2020-09-21 10:31:52 +00:00
env = get_config_path ( getenv ( PROXYCHAINS_CONF_FILE_ENV_VAR ) , buf , sizeof ( buf ) ) ;
2013-04-30 08:06:36 +00:00
if ( ( file = fopen ( env , " r " ) ) = = NULL )
{
perror ( " couldnt read configuration file " ) ;
exit ( 1 ) ;
}
2012-01-27 16:55:37 +00:00
2012-01-24 07:26:37 +00:00
env = getenv ( PROXYCHAINS_QUIET_MODE_ENV_VAR ) ;
2012-01-27 17:59:44 +00:00
if ( env & & * env = = ' 1 ' )
proxychains_quiet_mode = 1 ;
2011-02-25 09:40:11 +00:00
2020-09-21 10:31:52 +00:00
while ( fgets ( buf , sizeof ( buf ) , file ) ) {
buff = buf ;
/* remove leading whitespace */
while ( isspace ( * buff ) ) buff + + ;
/* remove trailing '\n' */
if ( ( p = strrchr ( buff , ' \n ' ) ) ) * p = 0 ;
p = buff + strlen ( buff ) - 1 ;
/* remove trailing whitespace */
while ( p > = buff & & isspace ( * p ) ) * ( p - - ) = 0 ;
if ( ! * buff | | * buff = = ' # ' ) continue ; /* skip empty lines and comments */
if ( 1 ) {
2012-04-24 00:04:02 +00:00
/* proxylist has to come last */
2011-02-25 09:40:11 +00:00
if ( list ) {
2012-04-24 00:04:02 +00:00
if ( count > = MAX_CHAIN )
break ;
2014-07-21 11:18:20 +00:00
2011-09-02 17:55:50 +00:00
memset ( & pd [ count ] , 0 , sizeof ( proxy_data ) ) ;
2012-01-27 16:55:37 +00:00
2011-11-06 13:12:50 +00:00
pd [ count ] . ps = PLAY_STATE ;
port_n = 0 ;
2012-01-27 16:55:37 +00:00
2014-07-21 11:17:24 +00:00
int ret = sscanf ( buff , " %s %s %d %s %s " , type , host , & port_n , pd [ count ] . user , pd [ count ] . pass ) ;
if ( ret < 3 | | ret = = EOF ) {
2018-07-26 22:12:00 +00:00
if ( ! proxy_from_string ( buff , type , host , & port_n , pd [ count ] . user , pd [ count ] . pass ) ) {
inv :
fprintf ( stderr , " error: invalid item in proxylist section: %s " , buff ) ;
exit ( 1 ) ;
}
2014-07-21 11:17:24 +00:00
}
2012-01-27 16:55:37 +00:00
2015-08-10 15:59:31 +00:00
memset ( & pd [ count ] . ip , 0 , sizeof ( pd [ count ] . ip ) ) ;
pd [ count ] . ip . is_v6 = ! ! strchr ( host , ' : ' ) ;
pd [ count ] . port = htons ( ( unsigned short ) port_n ) ;
ip_type * host_ip = & pd [ count ] . ip ;
if ( 1 ! = inet_pton ( host_ip - > is_v6 ? AF_INET6 : AF_INET , host , host_ip - > addr . v6 ) ) {
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( * ct = = STRICT_TYPE & & proxychains_resolver > = DNSLF_RDNS_START & & count > 0 ) {
2019-02-28 14:07:08 +00:00
/* we can allow dns hostnames for all but the first proxy in the list if chaintype is strict, as remote lookup can be done */
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
rdns_init ( proxychains_resolver ) ;
2019-02-28 14:07:08 +00:00
ip_type4 internal_ip = at_get_ip_for_host ( host , strlen ( host ) ) ;
pd [ count ] . ip . is_v6 = 0 ;
host_ip - > addr . v4 = internal_ip ;
2020-09-23 16:00:16 +00:00
if ( internal_ip . as_int = = IPT4_INVALID . as_int )
2019-02-28 14:07:08 +00:00
goto inv_host ;
} else {
inv_host :
fprintf ( stderr , " proxy %s has invalid value or is not numeric \n " , host ) ;
fprintf ( stderr , " non-numeric ips are only allowed under the following circumstances: \n " ) ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
fprintf ( stderr , " chaintype == strict (%s), proxy is not first in list (%s), proxy_dns active (%s) \n \n " , bool_str ( * ct = = STRICT_TYPE ) , bool_str ( count > 0 ) , rdns_resolver_string ( proxychains_resolver ) ) ;
2019-02-28 14:07:08 +00:00
exit ( 1 ) ;
}
2013-05-02 11:40:56 +00:00
}
2012-01-27 16:55:37 +00:00
2012-01-27 17:59:44 +00:00
if ( ! strcmp ( type , " http " ) ) {
2011-11-06 13:12:50 +00:00
pd [ count ] . pt = HTTP_TYPE ;
2020-12-12 08:25:36 +00:00
} else if ( ! strcmp ( type , " raw " ) ) {
pd [ count ] . pt = RAW_TYPE ;
2012-01-27 17:59:44 +00:00
} else if ( ! strcmp ( type , " socks4 " ) ) {
2011-11-06 13:12:50 +00:00
pd [ count ] . pt = SOCKS4_TYPE ;
2012-01-27 17:59:44 +00:00
} else if ( ! strcmp ( type , " socks5 " ) ) {
2011-11-06 13:12:50 +00:00
pd [ count ] . pt = SOCKS5_TYPE ;
2012-01-27 16:55:37 +00:00
} else
2014-07-21 11:17:24 +00:00
goto inv ;
2012-01-27 16:55:37 +00:00
2015-08-10 15:59:31 +00:00
if ( port_n )
2012-04-24 00:04:02 +00:00
count + + ;
2012-01-27 17:59:44 +00:00
} else {
2020-09-21 10:31:52 +00:00
if ( ! strcmp ( buff , " [ProxyList] " ) ) {
2012-01-27 17:59:44 +00:00
list = 1 ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " random_chain " ) ) {
2012-01-27 17:59:44 +00:00
* ct = RANDOM_TYPE ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " strict_chain " ) ) {
2012-01-27 17:59:44 +00:00
* ct = STRICT_TYPE ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " dynamic_chain " ) ) {
2012-01-27 17:59:44 +00:00
* ct = DYNAMIC_TYPE ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " round_robin_chain " ) ) {
2013-06-23 05:13:40 +00:00
* ct = ROUND_ROBIN_TYPE ;
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " tcp_read_time_out " ) ) {
2012-01-26 11:44:42 +00:00
sscanf ( buff , " %s %d " , user , & tcp_read_time_out ) ;
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " tcp_connect_time_out " ) ) {
2012-01-26 11:44:42 +00:00
sscanf ( buff , " %s %d " , user , & tcp_connect_time_out ) ;
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " remote_dns_subnet " ) ) {
2016-12-09 04:42:55 +00:00
sscanf ( buff , " %s %u " , user , & remote_dns_subnet ) ;
2012-01-26 11:44:42 +00:00
if ( remote_dns_subnet > = 256 ) {
2012-01-27 17:59:44 +00:00
fprintf ( stderr ,
" remote_dns_subnet: invalid value. requires a number between 0 and 255. \n " ) ;
2012-01-26 11:44:42 +00:00
exit ( 1 ) ;
}
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " localnet " ) ) {
2021-09-09 04:33:03 +00:00
char colon , extra , right_bracket [ 2 ] ;
unsigned short local_port = 0 , local_prefix ;
int local_family , n , valid ;
if ( sscanf ( buff , " %s %53[^/]/%15s%c " , user , local_addr_port , local_netmask , & extra ) ! = 3 ) {
2011-03-22 14:04:52 +00:00
fprintf ( stderr , " localnet format error " ) ;
exit ( 1 ) ;
}
2021-09-09 04:33:03 +00:00
p = strchr ( local_addr_port , ' : ' ) ;
if ( ! p | | p = = strrchr ( local_addr_port , ' : ' ) ) {
local_family = AF_INET ;
n = sscanf ( local_addr_port , " %15[^:]%c%5hu%c " , local_addr , & colon , & local_port , & extra ) ;
valid = n = = 1 | | ( n = = 3 & & colon = = ' : ' ) ;
} else if ( local_addr_port [ 0 ] = = ' [ ' ) {
local_family = AF_INET6 ;
n = sscanf ( local_addr_port , " [%45[^][]%1[]]%c%5hu%c " , local_addr , right_bracket , & colon , & local_port , & extra ) ;
valid = n = = 2 | | ( n = = 4 & & colon = = ' : ' ) ;
} else {
local_family = AF_INET6 ;
valid = sscanf ( local_addr_port , " %45[^][]%c " , local_addr , & extra ) = = 1 ;
}
if ( ! valid ) {
fprintf ( stderr , " localnet address or port error \n " ) ;
exit ( 1 ) ;
}
if ( local_port ) {
PDEBUG ( " added localnet: netaddr=%s, port=%u, netmask=%s \n " ,
local_addr , local_port , local_netmask ) ;
2011-03-22 14:04:52 +00:00
} else {
2021-09-09 04:33:03 +00:00
PDEBUG ( " added localnet: netaddr=%s, netmask=%s \n " ,
local_addr , local_netmask ) ;
2011-03-22 14:04:52 +00:00
}
2012-01-27 17:59:44 +00:00
if ( num_localnet_addr < MAX_LOCALNET ) {
2021-09-09 04:33:03 +00:00
localnet_addr [ num_localnet_addr ] . family = local_family ;
localnet_addr [ num_localnet_addr ] . port = local_port ;
valid = 0 ;
if ( local_family = = AF_INET ) {
valid =
inet_pton ( local_family , local_addr ,
& localnet_addr [ num_localnet_addr ] . in_addr ) > 0 ;
} else if ( local_family = = AF_INET6 ) {
valid =
inet_pton ( local_family , local_addr ,
& localnet_addr [ num_localnet_addr ] . in6_addr ) > 0 ;
}
if ( ! valid ) {
2011-02-25 15:16:58 +00:00
fprintf ( stderr , " localnet address error \n " ) ;
exit ( 1 ) ;
}
2021-09-09 04:33:03 +00:00
if ( local_family = = AF_INET & & strchr ( local_netmask , ' . ' ) ) {
valid =
inet_pton ( local_family , local_netmask ,
& localnet_addr [ num_localnet_addr ] . in_mask ) > 0 ;
} else {
valid = sscanf ( local_netmask , " %hu%c " , & local_prefix , & extra ) = = 1 ;
if ( valid ) {
if ( local_family = = AF_INET & & local_prefix < = 32 ) {
localnet_addr [ num_localnet_addr ] . in_mask . s_addr =
htonl ( 0xFFFFFFFFu < < ( 32u - local_prefix ) ) ;
} else if ( local_family = = AF_INET6 & & local_prefix < = 128 ) {
localnet_addr [ num_localnet_addr ] . in6_prefix =
local_prefix ;
} else {
valid = 0 ;
}
}
}
if ( ! valid ) {
2011-03-22 14:04:52 +00:00
fprintf ( stderr , " localnet netmask error \n " ) ;
2011-02-25 15:16:58 +00:00
exit ( 1 ) ;
}
+ + num_localnet_addr ;
2012-01-27 17:59:44 +00:00
} else {
2011-02-25 15:16:58 +00:00
fprintf ( stderr , " # of localnet exceed %d. \n " , MAX_LOCALNET ) ;
}
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " chain_len " ) ) {
2012-01-27 17:59:44 +00:00
char * pc ;
int len ;
pc = strchr ( buff , ' = ' ) ;
2016-06-23 08:27:15 +00:00
if ( ! pc ) {
fprintf ( stderr , " error: missing equals sign '=' in chain_len directive. \n " ) ;
exit ( 1 ) ;
}
2012-01-27 17:59:44 +00:00
len = atoi ( + + pc ) ;
proxychains_max_chain = ( len ? len : 1 ) ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " quiet_mode " ) ) {
2012-01-27 17:59:44 +00:00
proxychains_quiet_mode = 1 ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " proxy_dns_old " ) ) {
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
proxychains_resolver = DNSLF_FORKEXEC ;
2020-09-21 10:31:52 +00:00
} else if ( ! strcmp ( buff , " proxy_dns " ) ) {
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
proxychains_resolver = DNSLF_RDNS_THREAD ;
} else if ( STR_STARTSWITH ( buff , " proxy_dns_daemon " ) ) {
struct sockaddr_in rdns_server_buffer ;
if ( sscanf ( buff , " %s %15[^:]:%5s " , user , rdnsd_addr , rdnsd_port ) < 3 ) {
fprintf ( stderr , " proxy_dns_daemon format error \n " ) ;
exit ( 1 ) ;
}
rdns_server_buffer . sin_family = AF_INET ;
int error = inet_pton ( AF_INET , rdnsd_addr , & rdns_server_buffer . sin_addr ) ;
if ( error < = 0 ) {
fprintf ( stderr , " bogus proxy_dns_daemon address \n " ) ;
exit ( 1 ) ;
}
rdns_server_buffer . sin_port = htons ( atoi ( rdnsd_port ) ) ;
proxychains_resolver = DNSLF_RDNS_DAEMON ;
rdns_set_daemon ( & rdns_server_buffer ) ;
2020-09-21 10:31:52 +00:00
} else if ( STR_STARTSWITH ( buff , " dnat " ) ) {
2020-05-05 21:33:42 +00:00
if ( sscanf ( buff , " %s %21[^ ] %21s \n " , user , dnat_orig_addr_port , dnat_new_addr_port ) < 3 ) {
fprintf ( stderr , " dnat format error " ) ;
exit ( 1 ) ;
}
/* clean previously used buffer */
memset ( dnat_orig_port , 0 , sizeof ( dnat_orig_port ) / sizeof ( dnat_orig_port [ 0 ] ) ) ;
memset ( dnat_new_port , 0 , sizeof ( dnat_new_port ) / sizeof ( dnat_new_port [ 0 ] ) ) ;
( void ) sscanf ( dnat_orig_addr_port , " %15[^:]:%5s " , dnat_orig_addr , dnat_orig_port ) ;
( void ) sscanf ( dnat_new_addr_port , " %15[^:]:%5s " , dnat_new_addr , dnat_new_port ) ;
if ( num_dnats < MAX_DNAT ) {
int error ;
error =
inet_pton ( AF_INET , dnat_orig_addr ,
& dnats [ num_dnats ] . orig_dst ) ;
if ( error < = 0 ) {
fprintf ( stderr , " dnat original destination address error \n " ) ;
exit ( 1 ) ;
}
error =
inet_pton ( AF_INET , dnat_new_addr ,
& dnats [ num_dnats ] . new_dst ) ;
if ( error < = 0 ) {
fprintf ( stderr , " dnat effective destination address error \n " ) ;
exit ( 1 ) ;
}
if ( dnat_orig_port [ 0 ] ) {
dnats [ num_dnats ] . orig_port =
( short ) atoi ( dnat_orig_port ) ;
} else {
dnats [ num_dnats ] . orig_port = 0 ;
}
if ( dnat_new_port [ 0 ] ) {
dnats [ num_dnats ] . new_port =
( short ) atoi ( dnat_new_port ) ;
} else {
dnats [ num_dnats ] . new_port = 0 ;
}
PDEBUG ( " added dnat: orig-dst=%s orig-port=%d new-dst=%s new-port=%d \n " , dnat_orig_addr , dnats [ num_dnats ] . orig_port , dnat_new_addr , dnats [ num_dnats ] . new_port ) ;
+ + num_dnats ;
} else {
fprintf ( stderr , " # of dnat exceed %d. \n " , MAX_DNAT ) ;
}
2011-02-25 09:40:11 +00:00
}
}
}
}
2016-02-04 12:49:43 +00:00
# ifndef BROKEN_FCLOSE
2011-02-25 09:40:11 +00:00
fclose ( file ) ;
2016-02-04 12:49:43 +00:00
# endif
2014-07-21 10:37:01 +00:00
if ( ! count ) {
fprintf ( stderr , " error: no valid proxy found in config \n " ) ;
exit ( 1 ) ;
}
2011-09-03 23:45:16 +00:00
* proxy_count = count ;
proxychains_got_chain_data = 1 ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
PDEBUG ( " proxy_dns: %s \n " , rdns_resolver_string ( proxychains_resolver ) ) ;
2011-02-25 09:40:11 +00:00
}
2012-04-23 20:14:04 +00:00
/******* HOOK FUNCTIONS *******/
2011-02-25 09:40:11 +00:00
2021-12-12 17:59:17 +00:00
# define EXPAND( args...) args
2021-12-12 18:20:59 +00:00
# ifdef MONTEREY_HOOKING
# define HOOKFUNC(R, N, args...) R pxcng_ ## N ( EXPAND(args) )
# else
2021-12-12 17:59:17 +00:00
# define HOOKFUNC(R, N, args...) R N ( EXPAND(args) )
2021-12-12 18:20:59 +00:00
# endif
2021-12-12 17:59:17 +00:00
HOOKFUNC ( int , close , int fd ) {
2016-05-26 09:48:32 +00:00
if ( ! init_l ) {
2016-05-26 18:01:14 +00:00
if ( close_fds_cnt > = ( sizeof close_fds / sizeof close_fds [ 0 ] ) ) goto err ;
close_fds [ close_fds_cnt + + ] = fd ;
errno = 0 ;
return 0 ;
2016-05-26 09:48:32 +00:00
}
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver ! = DNSLF_RDNS_THREAD ) return true_close ( fd ) ;
2020-09-20 16:03:54 +00:00
2013-01-21 00:54:45 +00:00
/* prevent rude programs (like ssh) from closing our pipes */
if ( fd ! = req_pipefd [ 0 ] & & fd ! = req_pipefd [ 1 ] & &
fd ! = resp_pipefd [ 0 ] & & fd ! = resp_pipefd [ 1 ] ) {
return true_close ( fd ) ;
}
2016-05-26 18:01:14 +00:00
err :
2014-01-08 05:38:59 +00:00
errno = EBADF ;
2013-01-21 00:54:45 +00:00
return - 1 ;
}
2015-09-15 20:16:20 +00:00
static int is_v4inv6 ( const struct in6_addr * a ) {
2018-01-09 13:30:02 +00:00
return ! memcmp ( a - > s6_addr , " \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \xff \xff " , 12 ) ;
2015-09-15 20:16:20 +00:00
}
2021-12-12 17:59:17 +00:00
2022-04-12 23:51:17 +00:00
static void intsort ( int * a , int n ) {
int i , j , s ;
for ( i = 0 ; i < n ; + + i )
for ( j = i + 1 ; j < n ; + + j )
if ( a [ j ] < a [ i ] ) {
s = a [ i ] ;
a [ i ] = a [ j ] ;
a [ j ] = s ;
}
2022-04-12 12:37:12 +00:00
}
2022-04-12 23:51:17 +00:00
2022-04-12 12:37:12 +00:00
/* Warning: Linux manual says the third arg is `unsigned int`, but unistd.h says `int`. */
HOOKFUNC ( int , close_range , unsigned first , unsigned last , int flags ) {
if ( true_close_range = = NULL ) {
fprintf ( stderr , " Calling close_range, but this platform does not provide this system call. " ) ;
return - 1 ;
}
if ( ! init_l ) {
/* push back to cache, and delay the execution. */
if ( close_range_buffer_cnt > = ( sizeof close_range_buffer / sizeof close_range_buffer [ 0 ] ) ) {
errno = ENOMEM ;
return - 1 ;
}
int i = close_range_buffer_cnt + + ;
close_range_buffer [ i ] . first = first ;
close_range_buffer [ i ] . last = last ;
close_range_buffer [ i ] . flags = flags ;
return errno = 0 ;
}
if ( proxychains_resolver ! = DNSLF_RDNS_THREAD ) return true_close_range ( first , last , flags ) ;
/* prevent rude programs (like ssh) from closing our pipes */
int res = 0 , uerrno = 0 , i ;
int protected_fds [ ] = { req_pipefd [ 0 ] , req_pipefd [ 1 ] , resp_pipefd [ 0 ] , resp_pipefd [ 1 ] } ;
2022-04-12 23:51:17 +00:00
intsort ( protected_fds , 4 ) ;
2022-04-12 12:37:12 +00:00
/* We are skipping protected_fds while calling true_close_range()
* If protected_fds cut the range into some sub - ranges , we close sub - ranges BEFORE cut point in the loop .
* [ first , cut1 - 1 ] , [ cut1 + 1 , cut2 - 1 ] , [ cut2 + 1 , cut3 - 1 ]
* Finally , we delete the remaining sub - range , outside the loop . [ cut3 + 1 , tail ]
*/
int next_fd_to_close = first ;
2022-04-12 23:51:17 +00:00
for ( i = 0 ; i < 4 ; + + i ) {
2022-04-12 12:37:12 +00:00
if ( protected_fds [ i ] < first | | protected_fds [ i ] > last )
continue ;
int prev = ( i = = 0 | | protected_fds [ i - 1 ] < first ) ? first : protected_fds [ i - 1 ] + 1 ;
if ( prev ! = protected_fds [ i ] ) {
if ( - 1 = = true_close_range ( prev , protected_fds [ i ] - 1 , flags ) ) {
res = - 1 ;
uerrno = errno ;
}
}
next_fd_to_close = protected_fds [ i ] + 1 ;
}
if ( next_fd_to_close < = last ) {
if ( - 1 = = true_close_range ( next_fd_to_close , last , flags ) ) {
res = - 1 ;
uerrno = errno ;
}
}
errno = uerrno ;
return res ;
}
2021-12-12 17:59:17 +00:00
HOOKFUNC ( int , connect , int sock , const struct sockaddr * addr , unsigned int len ) {
2015-06-14 10:16:59 +00:00
INIT ( ) ;
2012-11-07 15:49:14 +00:00
PFUNC ( ) ;
2015-06-14 10:16:59 +00:00
2012-01-27 17:59:44 +00:00
int socktype = 0 , flags = 0 , ret = 0 ;
2011-09-03 23:45:16 +00:00
socklen_t optlen = 0 ;
2011-11-06 13:12:50 +00:00
ip_type dest_ip ;
2015-06-14 09:53:33 +00:00
DEBUGDECL ( char str [ 256 ] ) ;
2011-02-25 15:16:58 +00:00
struct in_addr * p_addr_in ;
2015-08-10 15:59:31 +00:00
struct in6_addr * p_addr_in6 ;
2020-07-08 16:35:18 +00:00
dnat_arg * dnat = NULL ;
2011-03-22 14:04:52 +00:00
unsigned short port ;
2011-02-25 15:16:58 +00:00
size_t i ;
2012-03-03 06:24:05 +00:00
int remote_dns_connect = 0 ;
2012-01-27 17:59:44 +00:00
optlen = sizeof ( socktype ) ;
2015-08-10 15:59:31 +00:00
sa_family_t fam = SOCKFAMILY ( * addr ) ;
2012-01-27 17:59:44 +00:00
getsockopt ( sock , SOL_SOCKET , SO_TYPE , & socktype , & optlen ) ;
2015-08-10 15:59:31 +00:00
if ( ! ( ( fam = = AF_INET | | fam = = AF_INET6 ) & & socktype = = SOCK_STREAM ) )
2012-01-27 17:59:44 +00:00
return true_connect ( sock , addr , len ) ;
2011-02-25 15:16:58 +00:00
2015-08-10 15:59:31 +00:00
int v6 = dest_ip . is_v6 = fam = = AF_INET6 ;
2012-01-27 17:59:44 +00:00
p_addr_in = & ( ( struct sockaddr_in * ) addr ) - > sin_addr ;
2015-08-10 15:59:31 +00:00
p_addr_in6 = & ( ( struct sockaddr_in6 * ) addr ) - > sin6_addr ;
port = ! v6 ? ntohs ( ( ( struct sockaddr_in * ) addr ) - > sin_port )
: ntohs ( ( ( struct sockaddr_in6 * ) addr ) - > sin6_port ) ;
2015-09-15 20:16:20 +00:00
struct in_addr v4inv6 ;
if ( v6 & & is_v4inv6 ( p_addr_in6 ) ) {
2018-01-09 13:30:02 +00:00
memcpy ( & v4inv6 . s_addr , & p_addr_in6 - > s6_addr [ 12 ] , 4 ) ;
2015-09-15 20:16:20 +00:00
v6 = dest_ip . is_v6 = 0 ;
p_addr_in = & v4inv6 ;
}
2019-02-28 13:08:02 +00:00
if ( ! v6 & & ! memcmp ( p_addr_in , " \0 \0 \0 \0 " , 4 ) ) {
errno = ECONNREFUSED ;
return - 1 ;
}
2011-02-25 15:16:58 +00:00
2012-01-27 17:59:44 +00:00
// PDEBUG("localnet: %s; ", inet_ntop(AF_INET,&in_addr_localnet, str, sizeof(str)));
// PDEBUG("netmask: %s; " , inet_ntop(AF_INET, &in_addr_netmask, str, sizeof(str)));
2015-12-06 12:57:45 +00:00
PDEBUG ( " target: %s \n " , inet_ntop ( v6 ? AF_INET6 : AF_INET , v6 ? ( void * ) p_addr_in6 : ( void * ) p_addr_in , str , sizeof ( str ) ) ) ;
2011-09-03 23:45:16 +00:00
PDEBUG ( " port: %d \n " , port ) ;
2012-03-03 06:24:05 +00:00
// check if connect called from proxydns
2015-08-10 15:59:31 +00:00
remote_dns_connect = ! v6 & & ( ntohl ( p_addr_in - > s_addr ) > > 24 = = remote_dns_subnet ) ;
2012-03-03 06:24:05 +00:00
2020-07-08 16:35:18 +00:00
// more specific first
if ( ! v6 ) for ( i = 0 ; i < num_dnats & & ! remote_dns_connect & & ! dnat ; i + + )
2021-01-08 17:45:35 +00:00
if ( dnats [ i ] . orig_dst . s_addr = = p_addr_in - > s_addr )
2020-07-08 16:35:18 +00:00
if ( dnats [ i ] . orig_port & & ( dnats [ i ] . orig_port = = port ) )
dnat = & dnats [ i ] ;
if ( ! v6 ) for ( i = 0 ; i < num_dnats & & ! remote_dns_connect & & ! dnat ; i + + )
if ( dnats [ i ] . orig_dst . s_addr = = p_addr_in - > s_addr )
if ( ! dnats [ i ] . orig_port )
dnat = & dnats [ i ] ;
if ( dnat ) {
p_addr_in = & dnat - > new_dst ;
if ( dnat - > new_port )
port = dnat - > new_port ;
2020-05-05 21:33:42 +00:00
}
2021-09-09 04:33:03 +00:00
for ( i = 0 ; i < num_localnet_addr & & ! remote_dns_connect ; i + + ) {
if ( localnet_addr [ i ] . port & & localnet_addr [ i ] . port ! = port )
continue ;
if ( localnet_addr [ i ] . family ! = ( v6 ? AF_INET6 : AF_INET ) )
continue ;
if ( v6 ) {
size_t prefix_bytes = localnet_addr [ i ] . in6_prefix / CHAR_BIT ;
size_t prefix_bits = localnet_addr [ i ] . in6_prefix % CHAR_BIT ;
if ( prefix_bytes & & memcmp ( p_addr_in6 - > s6_addr , localnet_addr [ i ] . in6_addr . s6_addr , prefix_bytes ) ! = 0 )
continue ;
if ( prefix_bits & & ( p_addr_in6 - > s6_addr [ prefix_bytes ] ^ localnet_addr [ i ] . in6_addr . s6_addr [ prefix_bytes ] ) > > ( CHAR_BIT - prefix_bits ) )
continue ;
} else {
if ( ( p_addr_in - > s_addr ^ localnet_addr [ i ] . in_addr . s_addr ) & localnet_addr [ i ] . in_mask . s_addr )
continue ;
2011-02-25 15:16:58 +00:00
}
2021-09-09 04:33:03 +00:00
PDEBUG ( " accessing localnet using true_connect \n " ) ;
return true_connect ( sock , addr , len ) ;
2011-02-25 15:16:58 +00:00
}
2011-11-06 13:12:50 +00:00
flags = fcntl ( sock , F_GETFL , 0 ) ;
2011-02-25 09:40:11 +00:00
if ( flags & O_NONBLOCK )
2012-01-27 17:59:44 +00:00
fcntl ( sock , F_SETFL , ! O_NONBLOCK ) ;
2012-01-27 16:55:37 +00:00
2015-08-10 15:59:31 +00:00
memcpy ( dest_ip . addr . v6 , v6 ? ( void * ) p_addr_in6 : ( void * ) p_addr_in , v6 ? 16 : 4 ) ;
2012-01-27 16:55:37 +00:00
2012-01-27 17:59:44 +00:00
ret = connect_proxy_chain ( sock ,
dest_ip ,
2015-08-10 15:59:31 +00:00
htons ( port ) ,
2012-01-27 17:59:44 +00:00
proxychains_pd , proxychains_proxy_count , proxychains_ct , proxychains_max_chain ) ;
2012-01-27 16:55:37 +00:00
2011-02-25 09:40:11 +00:00
fcntl ( sock , F_SETFL , flags ) ;
2011-11-06 13:12:50 +00:00
if ( ret ! = SUCCESS )
2012-01-27 17:59:44 +00:00
errno = ECONNREFUSED ;
2011-02-25 09:40:11 +00:00
return ret ;
}
2018-01-10 17:23:36 +00:00
# ifdef IS_SOLARIS
2021-12-12 17:59:17 +00:00
HOOKFUNC ( int , __xnet_connect , int sock , const struct sockaddr * addr , unsigned int len )
2018-01-10 17:23:36 +00:00
return connect ( sock , addr , len ) ;
}
# endif
2012-07-15 23:05:28 +00:00
static struct gethostbyname_data ghbndata ;
2021-12-12 17:59:17 +00:00
HOOKFUNC ( struct hostent * , gethostbyname , const char * name ) {
2012-04-23 20:14:04 +00:00
INIT ( ) ;
2012-01-27 17:59:44 +00:00
PDEBUG ( " gethostbyname: %s \n " , name ) ;
2012-01-27 16:55:37 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver = = DNSLF_FORKEXEC )
2020-09-20 21:11:17 +00:00
return proxy_gethostbyname_old ( name ) ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
else if ( proxychains_resolver = = DNSLF_LIBC )
2011-02-25 09:40:11 +00:00
return true_gethostbyname ( name ) ;
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
else
return proxy_gethostbyname ( name , & ghbndata ) ;
2012-01-27 16:55:37 +00:00
2011-02-25 09:40:11 +00:00
return NULL ;
}
2011-09-03 23:45:16 +00:00
2021-12-12 17:59:17 +00:00
HOOKFUNC ( int , getaddrinfo , const char * node , const char * service , const struct addrinfo * hints , struct addrinfo * * res ) {
2012-04-23 20:14:04 +00:00
INIT ( ) ;
2012-11-08 00:18:19 +00:00
PDEBUG ( " getaddrinfo: %s %s \n " , node ? node : " null " , service ? service : " null " ) ;
2012-01-27 16:55:37 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver ! = DNSLF_LIBC )
2015-06-14 10:16:59 +00:00
return proxy_getaddrinfo ( node , service , hints , res ) ;
2011-02-25 09:40:11 +00:00
else
2015-06-14 10:16:59 +00:00
return true_getaddrinfo ( node , service , hints , res ) ;
2011-02-25 09:40:11 +00:00
}
2011-09-03 23:45:16 +00:00
2021-12-12 17:59:17 +00:00
HOOKFUNC ( void , freeaddrinfo , struct addrinfo * res ) {
2012-04-23 20:14:04 +00:00
INIT ( ) ;
2016-12-09 04:40:51 +00:00
PDEBUG ( " freeaddrinfo %p \n " , ( void * ) res ) ;
2012-01-27 16:55:37 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver = = DNSLF_LIBC )
2011-02-25 09:40:11 +00:00
true_freeaddrinfo ( res ) ;
2012-07-15 23:05:28 +00:00
else
proxy_freeaddrinfo ( res ) ;
2011-02-25 09:40:11 +00:00
}
2012-01-27 17:59:44 +00:00
2021-12-12 17:59:17 +00:00
HOOKFUNC ( int , getnameinfo , const struct sockaddr * sa , socklen_t salen ,
2022-01-25 14:51:27 +00:00
char * host , GN_NODELEN_T hostlen , char * serv ,
GN_SERVLEN_T servlen , GN_FLAGS_T flags )
2011-02-25 09:40:11 +00:00
{
2012-04-23 20:14:04 +00:00
INIT ( ) ;
2012-12-17 21:17:00 +00:00
PFUNC ( ) ;
2012-01-27 16:55:37 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver = = DNSLF_LIBC ) {
2015-06-14 10:16:59 +00:00
return true_getnameinfo ( sa , salen , host , hostlen , serv , servlen , flags ) ;
2011-02-25 09:40:11 +00:00
} else {
2015-12-06 13:01:56 +00:00
if ( ! salen | | ! ( SOCKFAMILY ( * sa ) = = AF_INET | | SOCKFAMILY ( * sa ) = = AF_INET6 ) )
return EAI_FAMILY ;
int v6 = SOCKFAMILY ( * sa ) = = AF_INET6 ;
if ( salen < ( v6 ? sizeof ( struct sockaddr_in6 ) : sizeof ( struct sockaddr_in ) ) )
2012-12-17 22:21:58 +00:00
return EAI_FAMILY ;
2012-01-27 19:00:22 +00:00
if ( hostlen ) {
2015-12-06 13:01:56 +00:00
unsigned char v4inv6buf [ 4 ] ;
const void * ip = v6 ? ( void * ) & ( ( struct sockaddr_in6 * ) sa ) - > sin6_addr
: ( void * ) & ( ( struct sockaddr_in * ) sa ) - > sin_addr ;
unsigned scopeid = 0 ;
if ( v6 ) {
if ( is_v4inv6 ( & ( ( struct sockaddr_in6 * ) sa ) - > sin6_addr ) ) {
2018-01-09 13:30:02 +00:00
memcpy ( v4inv6buf , & ( ( struct sockaddr_in6 * ) sa ) - > sin6_addr . s6_addr [ 12 ] , 4 ) ;
2015-12-06 13:01:56 +00:00
ip = v4inv6buf ;
v6 = 0 ;
} else
scopeid = ( ( struct sockaddr_in6 * ) sa ) - > sin6_scope_id ;
}
if ( ! inet_ntop ( v6 ? AF_INET6 : AF_INET , ip , host , hostlen ) )
2012-12-17 21:41:51 +00:00
return EAI_OVERFLOW ;
2015-12-06 13:01:56 +00:00
if ( scopeid ) {
size_t l = strlen ( host ) ;
if ( snprintf ( host + l , hostlen - l , " %%%u " , scopeid ) > = hostlen - l )
return EAI_OVERFLOW ;
}
2012-12-17 21:41:51 +00:00
}
if ( servlen ) {
if ( snprintf ( serv , servlen , " %d " , ntohs ( SOCKPORT ( * sa ) ) ) > = servlen )
return EAI_OVERFLOW ;
2012-01-27 19:00:22 +00:00
}
2011-02-25 09:40:11 +00:00
}
2015-06-14 10:16:59 +00:00
return 0 ;
2011-02-25 09:40:11 +00:00
}
2011-02-25 15:16:58 +00:00
2021-12-12 17:59:17 +00:00
HOOKFUNC ( struct hostent * , gethostbyaddr , const void * addr , socklen_t len , int type ) {
2015-06-14 10:16:59 +00:00
INIT ( ) ;
PDEBUG ( " TODO: proper gethostbyaddr hook \n " ) ;
2011-09-03 23:45:16 +00:00
static char buf [ 16 ] ;
static char ipv4 [ 4 ] ;
2012-01-27 17:59:44 +00:00
static char * list [ 2 ] ;
2012-11-04 03:58:48 +00:00
static char * aliases [ 1 ] ;
2011-09-03 23:45:16 +00:00
static struct hostent he ;
2012-01-27 16:55:37 +00:00
experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 21:00:29 +00:00
if ( proxychains_resolver = = DNSLF_LIBC )
2012-01-27 17:59:44 +00:00
return true_gethostbyaddr ( addr , len , type ) ;
2011-09-03 23:45:16 +00:00
else {
2012-01-27 16:55:37 +00:00
2011-09-04 00:03:47 +00:00
PDEBUG ( " len %u \n " , len ) ;
2012-01-27 17:59:44 +00:00
if ( len ! = 4 )
return NULL ;
2011-09-03 23:45:16 +00:00
he . h_name = buf ;
memcpy ( ipv4 , addr , 4 ) ;
list [ 0 ] = ipv4 ;
list [ 1 ] = NULL ;
he . h_addr_list = list ;
he . h_addrtype = AF_INET ;
2012-11-04 03:58:48 +00:00
aliases [ 0 ] = NULL ;
he . h_aliases = aliases ;
2011-09-03 23:45:16 +00:00
he . h_length = 4 ;
2012-01-27 17:59:44 +00:00
pc_stringfromipv4 ( ( unsigned char * ) addr , buf ) ;
2011-09-03 23:45:16 +00:00
return & he ;
}
2011-02-25 09:40:11 +00:00
return NULL ;
}
2015-01-23 16:14:28 +00:00
2015-02-17 14:27:01 +00:00
# ifndef MSG_FASTOPEN
# define MSG_FASTOPEN 0x20000000
# endif
2021-12-12 17:59:17 +00:00
HOOKFUNC ( ssize_t , sendto , int sockfd , const void * buf , size_t len , int flags ,
2015-01-23 16:14:28 +00:00
const struct sockaddr * dest_addr , socklen_t addrlen ) {
2015-06-14 10:16:59 +00:00
INIT ( ) ;
PFUNC ( ) ;
2015-01-23 16:14:28 +00:00
if ( flags & MSG_FASTOPEN ) {
if ( ! connect ( sockfd , dest_addr , addrlen ) & & errno ! = EINPROGRESS ) {
return - 1 ;
}
dest_addr = NULL ;
addrlen = 0 ;
flags & = ~ MSG_FASTOPEN ;
}
return true_sendto ( sockfd , buf , len , flags , dest_addr , addrlen ) ;
}
2021-12-12 18:20:59 +00:00
# ifdef MONTEREY_HOOKING
# define SETUP_SYM(X) do { if (! true_ ## X ) true_ ## X = &X; } while(0)
2022-04-12 12:37:12 +00:00
# define SETUP_SYM_OPTIONAL(X)
2021-12-12 18:20:59 +00:00
# else
2022-04-12 12:37:12 +00:00
# define SETUP_SYM_IMPL(X, IS_MANDATORY) do { if (! true_ ## X ) true_ ## X = load_sym( # X, X, IS_MANDATORY ); } while(0)
# define SETUP_SYM(X) SETUP_SYM_IMPL(X, 1)
# define SETUP_SYM_OPTIONAL(X) SETUP_SYM_IMPL(X, 0)
2021-12-12 18:20:59 +00:00
# endif
static void setup_hooks ( void ) {
SETUP_SYM ( connect ) ;
SETUP_SYM ( sendto ) ;
SETUP_SYM ( gethostbyname ) ;
SETUP_SYM ( getaddrinfo ) ;
SETUP_SYM ( freeaddrinfo ) ;
SETUP_SYM ( gethostbyaddr ) ;
SETUP_SYM ( getnameinfo ) ;
# ifdef IS_SOLARIS
SETUP_SYM ( __xnet_connect ) ;
# endif
SETUP_SYM ( close ) ;
2022-04-12 12:37:12 +00:00
SETUP_SYM_OPTIONAL ( close_range ) ;
2021-12-12 18:20:59 +00:00
}
# ifdef MONTEREY_HOOKING
# define DYLD_INTERPOSE(_replacement,_replacee) \
__attribute__ ( ( used ) ) static struct { const void * replacement ; const void * replacee ; } _interpose_ # # _replacee \
__attribute__ ( ( section ( " __DATA,__interpose " ) ) ) = { ( const void * ) ( unsigned long ) & _replacement , ( const void * ) ( unsigned long ) & _replacee } ;
# define DYLD_HOOK(F) DYLD_INTERPOSE(pxcng_ ## F, F)
DYLD_HOOK ( connect ) ;
DYLD_HOOK ( sendto ) ;
DYLD_HOOK ( gethostbyname ) ;
DYLD_HOOK ( getaddrinfo ) ;
DYLD_HOOK ( freeaddrinfo ) ;
DYLD_HOOK ( gethostbyaddr ) ;
DYLD_HOOK ( getnameinfo ) ;
DYLD_HOOK ( close ) ;
# endif