Commit Graph

69 Commits

Author SHA1 Message Date
rofl0r
1c8f8e4e7e alternatively allow specifying proxy addresses via URL-style strings
e.g. socks5://user:pass@ip:port

code taken from my library "rocksock"[0].

[0]: https://github.com/rofl0r/rocksock
2018-07-26 23:13:15 +01:00
rofl0r
1a62ec60af support solaris X/Open connect call too
solaris curiously defines connect to point to __xnet_connect when
_XOPEN_SOURCE is defined 600.
that means some programs use the real connect symbol, while others
use __xnet_connect.

thanks to @Low-power for testing.

https://github.com/nxmirrors/onnv/blob/master/usr/src/lib/libsocket/socket/socket.c
https://github.com/nxmirrors/onnv/blob/master/usr/src/uts/common/sys/socket.h#L486
2018-01-10 17:36:39 +00:00
rofl0r
2f3d33dd47 remove usage of s6_addr16 and s6_addr32
it turns out that those macros are not portable at all. rather than
adding workarounds to make it work for every single platform, just
use plain s6_addr instead.
2018-01-09 13:30:02 +00:00
Carlos Maddela
167780ce36 Fix format ‘%p’ expects argument of type ‘void *’ warning. 2016-12-13 20:12:15 +00:00
Carlos Maddela
4b413c902f Fix format specifier for unsigned int. 2016-12-13 20:11:37 +00:00
rofl0r
e527b9ee64 print error message instead of segfaulting for invalid chain_len
closes #126
2016-06-23 09:27:15 +01:00
rofl0r
f1e5f2ba01 don't call dlsym() from close() hook
it turned out that calling dlsym() may call malloc() in turn,
so we end up with the same deadlock described in the latest commit.

we thus now put all the fds passed to close pre-init into a list
and close them at init time.

this may finally fix #119.
2016-05-26 19:11:18 +01:00
rofl0r
8870140ff0 don't call INIT() from close hook
it was observed that it is a bad idea to initialize the entire
infrastructure used by proxychains from the close hook,
because the following scenario will lead to a deadlock:

- it is possible that the dynlinker executes the initializer code of
  other shared libs first
- if that code directly or indirectly calls malloc()
- which calls close() if it decided to use an mmap based allocation
- will now call our close(), which does
- call pthread_once which requires a lock
- creates a thread which calls malloc()
- which in turn calls our close() another time
- and our close is still in locked state.

so it seems the only save thing to do is to just get the address
of the original close function, and call that when we're in a
pre-init state.
this may hold for other functions that do lazy initialization as well,
however for those just calling the original function is probably
undesired since that could result in unproxified connections.
it will be needed to analyze on a per-function basis what the best
thing to do is, and finally rely only on the execution of the init
function from the gcc initializer.

should fix #119
2016-05-26 10:48:32 +01:00
rofl0r
b64c89e0e4 add check for broken OpenBSD fclose()
http://marc.info/?l=openbsd-bugs&m=145280872431093&w=2

closes #95
2016-02-04 12:49:49 +00:00
rofl0r
672bf7661d getnameinfo: support ipv6 as well 2015-12-06 13:01:56 +00:00
rofl0r
0e0e35927c mute warning in debug mode 2015-12-06 12:57:45 +00:00
rofl0r
205004fa2a factor out setup_hooks() 2015-12-02 12:14:58 +00:00
rofl0r
32df7ff152 connect(): handle ipv4-mapped ipv6 addresses
if an ipv4-mapped ipv6 address is detected, the ip is converted
into v4 format because it may actually be one of our remote dns ips.
it was reported that a program called "maven", when getting handed our
fake ips in the remote dns subnet, converts the ip to v6 prior to calling
connect():
[proxychains] Strict chain ... 127.0.0.1:1080 ... ::ffff:224.0.0.1:443
<--socket error or timeout!

fixes #77
2015-09-15 21:19:51 +01:00
rofl0r
2237749567 preliminary ipv6 support
only basic testing was done (with 2 socks5 proxies listening on ::1)
but seems to work as intended.

ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
2015-08-10 17:00:26 +01:00
rofl0r
d900b090fe put INIT() call consistently at beginning of hooked funcs 2015-06-14 11:16:59 +01:00
rofl0r
afe6171cad clean up some debug ifdefs 2015-06-14 10:53:33 +01:00
rofl0r
51b2eb91ce remove commented-out code [2] 2015-06-14 10:27:41 +01:00
rofl0r
2182eff358 fix segfault in DNS mapping lookup code
the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.

closes #66
closes #31

thanks to @ravomavain for tracking down the issue.
2015-06-06 11:43:53 +01:00
Aleksey Filippov
4e986caa2a support MSG_FASTOPEN on old kernels 2015-02-17 15:30:43 +01:00
Aleksey Filippov
8dd08e2cd2 add sendto hook to handle MSG_FASTOPEN flag 2015-01-23 17:14:37 +01:00
rofl0r
cd4aee1997 print proxychains version on DLL init
framework to print version stolen from musl
2014-07-22 14:10:11 +02:00
rofl0r
7852269282 libproxychains.c: whitespace cleanup 2014-07-21 13:18:20 +02:00
rofl0r
d3586380bd get_chain_data: reject invalid entries in proxylist section 2014-07-21 13:17:24 +02:00
rofl0r
5168bc4eed bail out when no proxy was configured 2014-07-21 12:37:01 +02:00
David
ecbd735508 Chromium tried to close our pipes and falls into infinity loop.
If return value of close() is -1, chromium will fall into infinity loop.
2014-01-08 13:38:59 +08:00
rofl0r
fa0f355ce8 add missing INIT() to close hook
this caused a crash when the gcc initializer was not called first.
2013-08-30 23:44:27 +02:00
crass
f603e50cb3 Add support for round robin mode. 2013-06-26 12:22:11 +02:00
rofl0r
64a7cd26dc fix case where proxy was using a DNS name or non-dotted ipv4
it is generally invalid to use a DNS name since DNS subsystem
is only available once connected to the proxy; because
DNS is done server-side.

closes #19
2013-05-02 13:44:49 +02:00
mancha
2aba83087e libproxychains.c: fix NULL pointer dereference after fopen().
if a configuration file can be accessed by proxychains but there is a
mandatory access control (or other) block on the target appication's
ability to read that file, fopen() creates a NULL pointer that will
cause a segfault in fgets().

closes #17

Signed-off-by: mancha <mancha1@hush.com>
2013-04-30 04:06:36 -04:00
rofl0r
1da09e49e5 hook close() to prevent rude programs like ssh to close our pipes
those pipes are needed to talk with the dns-name allocator thread.

closes #9
2013-01-21 01:54:45 +01:00
rofl0r
1c265b9628 getnameinfo: check size and family of salen 2012-12-17 23:21:58 +01:00
rofl0r
346474a43b getnameinfo: return error if buffers are too small 2012-12-17 22:41:51 +01:00
rofl0r
ce655fdac8 fix the never-ending issues with the wrong glibc prototype of getnameinfo
this bug was fixed shortly before 2.14 release, so we checked for that.
however some distros decided to backport this fix to earlier versions,
breaking our compiletime check.

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e4ecafe004b3d4270b3a9dace8f970047400ed38

the portable solution is to stick the function into a separate comilation
unit that does not see the glibc prototype.

closes #7
2012-12-17 22:17:04 +01:00
rofl0r
af5c6f0c6a replace hostent lookup with better performing in-memory copy.
the central dns resolver function proxy_gethostbyname() used
to iterate over the gethostent() db (/etc/hosts) on each dns
request.
since this is not threadsafe, we synchronized access to it
previously using mutexes. the parsing of this file is slow,
and blocking all threads to do it even moreso.
since gethostent_r() is only available on a few platforms,
i decided to read the hostent db once and then use a quick
in-memory lookup on further usage.

+ some further refactoring.
2012-11-08 01:18:19 +01:00
rofl0r
03ee84060e remove THREAD_SAFE ifdefs. from now on, pthreads are required.
additionally we have some explicit init and deinit routines for
core.c now, so that we dont need to share variables with
libproxychains.c.
2012-11-07 21:31:19 +01:00
rofl0r
d0abc93c74 preliminary first fork-safe version
instead of allocating memory in the child, we now use the allocator
thread to do all the necessary allocations himself.
additionally we provide a clean API to query the ip <-> dns mapping.
these functions connect via a pipe to the allocator thread, and
exchange messages.

further cleanup is needed, but it seems to work so far.
thread-safety is not yet guaranteed.

closes #1
2012-11-07 21:31:11 +01:00
rofl0r
25afe98b20 failed attempt to use shared memory for the ip <-> dns mapping
this is in order to get irssi, which forks for DNS lookups,
and similar programs, to work as intended.

in a previous attempt i learned that shared memory created in a
child process is not visible to the parent;
in this attempt i spin off a thread from the parent which listens
on a pipe and manages the shared memory allocation from the parent
address-space. however this doesnt work as expected:
memory allocated in the parent after the child forked is not visi-
ble to the child as well.

so what happens is: irssi starts a child process, the thread allocs
memory and hands it to the child, the child attempts to write and
segfaults. however irssi doesnt crash. since now the memory is
already allocated, doing the dns lookup again will succeed.

i.e. the dns lookup works now in irssi by luck.
all but the first dns lookups will suceed.

however this is not good enough for me to be satisfied, i commit
this only for documentation purposes.
2012-11-07 16:49:14 +01:00
rofl0r
e05cafc8e2 put a mutex lock around gethostent() usage, to prevent internal
races. the external usage was covered by the latest commit.
2012-11-04 05:23:51 +01:00
rofl0r
e8d49b02e8 gethostbyaddr hook: also set aliases.
i inspected behaviour of libc's and they all seem to set a valid
h_aliases pointer, of which the first one should be NULL, if no
aliases exist.
2012-11-04 04:58:48 +01:00
rofl0r
40edf758ee make getaddrinfo threadsafe 2012-07-16 01:05:28 +02:00
rofl0r
e5e87c8f22 put abort functionality into get_config_path to further reduce code duplication 2012-07-08 23:47:56 +02:00
rofl0r
fba5f5694c use config file lookup routine from a common place 2012-07-08 23:32:50 +02:00
rofl0r
1fc7e38ee0 fixup for d95ef42d48 2012-07-08 04:09:50 +02:00
rofl0r
2c9c4d9da7 simplify load_sym code and remove potential aliasing violation. 2012-07-08 00:27:46 +02:00
rofl0r
d95ef42d48 externalize some variables, which are used from both C files 2012-07-08 00:16:00 +02:00
Jahrome
229eb7cc5a bugfix: localnet never used if no port specified. Fix typo. 2012-05-22 23:11:03 +02:00
rofl0r
45f50ac754 cosmetic fix 2012-04-24 02:04:02 +02:00
rofl0r
d72e668767 use sane defaults 2012-04-24 01:48:17 +02:00
rofl0r
bc23ef8f46 fix debug message 2012-04-23 22:56:44 +02:00
rofl0r
88a54e872a use dynloader to call init() func when gcc is available, and lock it properly 2012-04-23 22:21:40 +02:00