Commit Graph

94 Commits

Author SHA1 Message Date
rofl0r
0a4daa62d6 using qsort for 4 ints is overkill
replace it with custom mini sort routine.
2022-04-12 23:51:17 +00:00
Recolic Keghart
0000000062 Add hook to close_range function, solves #439. |0! 2022-04-12 20:37:05 +08:00
rofl0r
07c15a02f6 add configure check for non-POSIX compliant getnameinfo signature
- glibc < 2.14 uses "unsigned" instead of "int" for flags
- openbsd and freebsd use "size_t" instead of socklen_t for servlen
  and nodelen, while still using socklen_t for salen.

closes #430
2022-01-25 15:42:55 +00:00
Eero Häkkinen
2739fb5416 support IPv6 localnets
closes #218
2022-01-03 14:52:06 +00:00
rofl0r
4a013fe6a5 preliminary support for new DYLD hooking method for OSX Monterey
there's currently no build system support yet. after ./configure
was executed, add -DMONTEREY_HOOKING to CFLAGS/CPPFLAGS in config.mak
to activate this.

addressing #409

special thanks go to @yicong2007 and @YangshengLu for helping to
figure out this new technique.
2021-12-14 12:49:27 +00:00
rofl0r
d415d8a5ed introduce HOOKFUNC macro to mark all libc hook functions
this is currently a NO-OP, but it's already useful in that it
clearly marks our hook functions that override libc.
this in preparation of adding support for MacOS 12.0.1 "Monterey",
which apparently requires a new dynlinker hooking method.
2021-12-12 17:59:17 +00:00
rofl0r
063ac681da remove 10 year old workaround for wrong glibc getnameinfo signature
in ce655fdac8 the getnameinfo function
was factored into a separate TU to prevent its POSIX signature from
colliding with GLIBC's wrong prototype. since this has been fixed
in GLIBC 10 years ago, it should be safe by now.
undoing the workaround has the advantage that all hooked functions
are now available in the same place, which is a prerequisite for
a change i'm about to commit.

if it turns out there's still systems in use that use the old GLIBC
version with the wrong prototype, we can add a configure check
dealing with it.
2021-12-12 17:51:25 +00:00
rofl0r
092d7042e0 initialize rand seed with nano-second granularity
in scenarios where one is to spin up several processes with the same
proxy list in random mode, all processes started in the same second
would pick the same proxy due to using the same srand() seed.

closes #380
2021-05-14 14:10:14 +00:00
rofl0r
6c029fdf47 fix compiler parentheses warning in dnat code 2021-01-08 17:45:35 +00:00
Alexandre Viau
159ab94635
support 'raw' proxy type (#348) 2020-12-12 08:25:36 +00:00
rofl0r
7fe8139496 experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.

it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.

the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).

[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 22:14:39 +01:00
rofl0r
1e00b9ac1e get rid of ip_type.c 2020-09-23 17:00:16 +01:00
rofl0r
1221c5e93a get_chain_data: fix strstr() config parsing
using strstr() is a very error-prone way for config parsing.

for example if "proxy_dns" is being tested for the line "proxy_dns_old",
it would return true.

we fix this by removing leading and trailing whitespace from the line
to parse and use strcmp/strncmp() instead.

the if(1) has been inserted so we can keep the same indentation level
and not spam the commit with whitespace changes.
2020-09-21 11:31:52 +01:00
rofl0r
2ab631918d add support for "proxy_dns_old" to use old 3.1 DNS lookup method
some lamer on IRC by the name of annoner/R3M0RS3/penis was complaining
that 3.1 is a lot better than proxychains-ng, because it happens to
work with the browser he's interested in.
since this wasn't the first time this is requested, let's give this
those lamers what they want: lame code!
2020-09-20 22:11:17 +01:00
rofl0r
3a5050bec2 initialize allocator thread from get_chain_data if needed
since we caved in to demands that it should be possible to allow
hostnames in the proxy list section, we now got to deal with the
fallout. the code was calling at_get... assuming that the allocator
thread is always used.
2020-09-20 18:18:31 +01:00
rofl0r
3dfda493d8 only start allocator thread if proxy_dns is requested
this should fix problems with programs that do whacky
non-async-signal-safe stuff.
2020-09-20 18:17:51 +01:00
rofl0r
12e5da1b90 get_chain_data: print debug info 2020-09-20 17:02:21 +01:00
Ethan F
0ee5db605b
Add Haiku support (#340) 2020-08-17 09:31:04 +01:00
tom gilon
bf2ef2ce38 dnat: add rule precedence logic 2020-07-08 19:35:18 +03:00
tom gilon
de31961349 Add option to change tcp destination port and ip before sending to proxy server 2020-05-06 01:07:57 +03:00
rofl0r
067885694d proxy url parser: look for @ from the right side
fixes usernames with @ in them.
this is only relevant for support of new url-style proxy addresses.
2019-04-21 01:48:38 +01:00
rofl0r
b8cdfe842c allow non-numeric proxy ips under certain circumstances
conditions that need to be met are:
1) chaintype strict
2) proxy_dns on
3) not the first proxy in the list

if these conditions are met, the dns name can be passed to be
receiving proxy and be resolved there.

addressing https://github.com/rofl0r/proxychains-ng/issues/246#issuecomment-468222637
2019-02-28 14:07:08 +00:00
rofl0r
dbec605e2c get_chain_data(): no need for inline 2019-02-28 13:28:10 +00:00
rofl0r
50c079d4b4 don't try to connect to null-routed ips 2019-02-28 13:08:02 +00:00
rofl0r
2213afb6f0 debug mode: display whether proxy_dns is on or off 2018-12-02 13:46:55 +00:00
rofl0r
1c8f8e4e7e alternatively allow specifying proxy addresses via URL-style strings
e.g. socks5://user:pass@ip:port

code taken from my library "rocksock"[0].

[0]: https://github.com/rofl0r/rocksock
2018-07-26 23:13:15 +01:00
rofl0r
1a62ec60af support solaris X/Open connect call too
solaris curiously defines connect to point to __xnet_connect when
_XOPEN_SOURCE is defined 600.
that means some programs use the real connect symbol, while others
use __xnet_connect.

thanks to @Low-power for testing.

https://github.com/nxmirrors/onnv/blob/master/usr/src/lib/libsocket/socket/socket.c
https://github.com/nxmirrors/onnv/blob/master/usr/src/uts/common/sys/socket.h#L486
2018-01-10 17:36:39 +00:00
rofl0r
2f3d33dd47 remove usage of s6_addr16 and s6_addr32
it turns out that those macros are not portable at all. rather than
adding workarounds to make it work for every single platform, just
use plain s6_addr instead.
2018-01-09 13:30:02 +00:00
Carlos Maddela
167780ce36 Fix format ‘%p’ expects argument of type ‘void *’ warning. 2016-12-13 20:12:15 +00:00
Carlos Maddela
4b413c902f Fix format specifier for unsigned int. 2016-12-13 20:11:37 +00:00
rofl0r
e527b9ee64 print error message instead of segfaulting for invalid chain_len
closes #126
2016-06-23 09:27:15 +01:00
rofl0r
f1e5f2ba01 don't call dlsym() from close() hook
it turned out that calling dlsym() may call malloc() in turn,
so we end up with the same deadlock described in the latest commit.

we thus now put all the fds passed to close pre-init into a list
and close them at init time.

this may finally fix #119.
2016-05-26 19:11:18 +01:00
rofl0r
8870140ff0 don't call INIT() from close hook
it was observed that it is a bad idea to initialize the entire
infrastructure used by proxychains from the close hook,
because the following scenario will lead to a deadlock:

- it is possible that the dynlinker executes the initializer code of
  other shared libs first
- if that code directly or indirectly calls malloc()
- which calls close() if it decided to use an mmap based allocation
- will now call our close(), which does
- call pthread_once which requires a lock
- creates a thread which calls malloc()
- which in turn calls our close() another time
- and our close is still in locked state.

so it seems the only save thing to do is to just get the address
of the original close function, and call that when we're in a
pre-init state.
this may hold for other functions that do lazy initialization as well,
however for those just calling the original function is probably
undesired since that could result in unproxified connections.
it will be needed to analyze on a per-function basis what the best
thing to do is, and finally rely only on the execution of the init
function from the gcc initializer.

should fix #119
2016-05-26 10:48:32 +01:00
rofl0r
b64c89e0e4 add check for broken OpenBSD fclose()
http://marc.info/?l=openbsd-bugs&m=145280872431093&w=2

closes #95
2016-02-04 12:49:49 +00:00
rofl0r
672bf7661d getnameinfo: support ipv6 as well 2015-12-06 13:01:56 +00:00
rofl0r
0e0e35927c mute warning in debug mode 2015-12-06 12:57:45 +00:00
rofl0r
205004fa2a factor out setup_hooks() 2015-12-02 12:14:58 +00:00
rofl0r
32df7ff152 connect(): handle ipv4-mapped ipv6 addresses
if an ipv4-mapped ipv6 address is detected, the ip is converted
into v4 format because it may actually be one of our remote dns ips.
it was reported that a program called "maven", when getting handed our
fake ips in the remote dns subnet, converts the ip to v6 prior to calling
connect():
[proxychains] Strict chain ... 127.0.0.1:1080 ... ::ffff:224.0.0.1:443
<--socket error or timeout!

fixes #77
2015-09-15 21:19:51 +01:00
rofl0r
2237749567 preliminary ipv6 support
only basic testing was done (with 2 socks5 proxies listening on ::1)
but seems to work as intended.

ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 17:00:26 +01:00
rofl0r
d900b090fe put INIT() call consistently at beginning of hooked funcs 2015-06-14 11:16:59 +01:00
rofl0r
afe6171cad clean up some debug ifdefs 2015-06-14 10:53:33 +01:00
rofl0r
51b2eb91ce remove commented-out code [2] 2015-06-14 10:27:41 +01:00
rofl0r
2182eff358 fix segfault in DNS mapping lookup code
the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.

closes #66
closes #31

thanks to @ravomavain for tracking down the issue.
2015-06-06 11:43:53 +01:00
Aleksey Filippov
4e986caa2a support MSG_FASTOPEN on old kernels 2015-02-17 15:30:43 +01:00
Aleksey Filippov
8dd08e2cd2 add sendto hook to handle MSG_FASTOPEN flag 2015-01-23 17:14:37 +01:00
rofl0r
cd4aee1997 print proxychains version on DLL init
framework to print version stolen from musl
2014-07-22 14:10:11 +02:00
rofl0r
7852269282 libproxychains.c: whitespace cleanup 2014-07-21 13:18:20 +02:00
rofl0r
d3586380bd get_chain_data: reject invalid entries in proxylist section 2014-07-21 13:17:24 +02:00
rofl0r
5168bc4eed bail out when no proxy was configured 2014-07-21 12:37:01 +02:00
David
ecbd735508 Chromium tried to close our pipes and falls into infinity loop.
If return value of close() is -1, chromium will fall into infinity loop.
2014-01-08 13:38:59 +08:00