Commit Graph

360 Commits

Author SHA1 Message Date
rofl0r
486f8200ad tunnel_to: shrink huge buffer size
the buffer buff was only used for the initial handshake packets,
which in all supported protocols are usual less than a 100 bytes,
with user/pass and dns name at maximum we'd require 768 bytes,
which still leaves us a formidable 256 bytes for the rest of
the packet.
this fixes a segfault with microsocks which on musl uses tiny
thread stack sizes of 8KB.
2020-10-26 03:03:08 +00:00
rofl0r
c99d97983e shrink huge gethostbyname buffer
careful analysis has shown that the buffer is only ever used for
at most a single hostname, so 256 bytes are sufficient.
the huge 8KB buffer caused stack overflow when used with microsocks,
which defaults to tiny thread stacks of 8KB with musl libc.
2020-10-26 02:53:29 +00:00
rofl0r
7fe8139496 experimental new feature: proxy_dns_daemon
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.

it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.

the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).

[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
2020-09-23 22:14:39 +01:00
rofl0r
1e00b9ac1e get rid of ip_type.c 2020-09-23 17:00:16 +01:00
rofl0r
1221c5e93a get_chain_data: fix strstr() config parsing
using strstr() is a very error-prone way for config parsing.

for example if "proxy_dns" is being tested for the line "proxy_dns_old",
it would return true.

we fix this by removing leading and trailing whitespace from the line
to parse and use strcmp/strncmp() instead.

the if(1) has been inserted so we can keep the same indentation level
and not spam the commit with whitespace changes.
2020-09-21 11:31:52 +01:00
rofl0r
e6c4764660 proxy_dns_old: use pipe2 if available, else O_CLOEXEC
make the old code a little less lame
2020-09-21 10:46:38 +01:00
rofl0r
2ab631918d add support for "proxy_dns_old" to use old 3.1 DNS lookup method
some lamer on IRC by the name of annoner/R3M0RS3/penis was complaining
that 3.1 is a lot better than proxychains-ng, because it happens to
work with the browser he's interested in.
since this wasn't the first time this is requested, let's give this
those lamers what they want: lame code!
2020-09-20 22:11:17 +01:00
rofl0r
3e791fd797 make sure allocator thread is only used if proxy_dns is requested 2020-09-20 18:21:40 +01:00
rofl0r
3a5050bec2 initialize allocator thread from get_chain_data if needed
since we caved in to demands that it should be possible to allow
hostnames in the proxy list section, we now got to deal with the
fallout. the code was calling at_get... assuming that the allocator
thread is always used.
2020-09-20 18:18:31 +01:00
rofl0r
3dfda493d8 only start allocator thread if proxy_dns is requested
this should fix problems with programs that do whacky
non-async-signal-safe stuff.
2020-09-20 18:17:51 +01:00
rofl0r
ed8f8444ab allocator_thread: rework message sending structures
simplify code by adding a new at_msg struct that contains both
the message header and the message body.
this allow e.g. atomic writes of the whole message instead of doing
it in 2 steps. unfortunately reads still have to be done in at least
2 steps, since there are no atomicity guarantees[0].
additionally the message header shrunk from 8 to 4 bytes.

[0]: https://stackoverflow.com/questions/14661708/under-what-conditions-are-pipe-reads-atomic
2020-09-20 18:17:51 +01:00
rofl0r
12e5da1b90 get_chain_data: print debug info 2020-09-20 17:02:21 +01:00
rofl0r
121c582d9c debug: fix DUMP_PROXY_CHAIN() hack 2020-09-20 17:00:10 +01:00
rofl0r
acf2f4725d fix build on FreeBSD due to usage of Dl_info 2020-09-05 14:36:05 +01:00
Ethan F
0ee5db605b
Add Haiku support (#340) 2020-08-17 09:31:04 +01:00
tom gilon
bf2ef2ce38 dnat: add rule precedence logic 2020-07-08 19:35:18 +03:00
tom gilon
de31961349 Add option to change tcp destination port and ip before sending to proxy server 2020-05-06 01:07:57 +03:00
Solar Flare
b8fa2a7405 get own_dir by using dladdr() instead of argv[0] 2019-11-27 00:32:08 +08:00
Solar Flare
0a8663c845 fix a buffer overflow bug 2019-11-12 10:40:33 +08:00
rofl0r
86408cd806 add libc gethostbyname test 2019-09-07 15:23:02 +01:00
rofl0r
ea187938e1 test_gethostent: improve compileability 2019-09-07 15:22:41 +01:00
rofl0r
962373e5c6 getaddrinfo: fix behaviour when node is null and !passive
according to the spec, if these 2 conditions hold, the name shall
resolve to localhost.

closes #292
2019-07-21 14:27:55 +01:00
rofl0r
de4460fbd1 proxy_getaddrinfo: don't use sizeof(struct sockaddr_storage) for addr_len
this should fix an issue which seems to be mac's bind() only accepting
sizeof(struct sockaddr_in) for AF_INET.

ref: https://github.com/rofl0r/microsocks/issues/19
2019-05-25 02:23:38 +01:00
rofl0r
5ad7c2a183 proxy_getaddrinfo: implement support for numeric ipv6
closes #282
2019-04-25 14:36:08 +01:00
rofl0r
067885694d proxy url parser: look for @ from the right side
fixes usernames with @ in them.
this is only relevant for support of new url-style proxy addresses.
2019-04-21 01:48:38 +01:00
rofl0r
e895fb713a release 4.14 2019-03-16 23:04:10 +00:00
rofl0r
b8cdfe842c allow non-numeric proxy ips under certain circumstances
conditions that need to be met are:
1) chaintype strict
2) proxy_dns on
3) not the first proxy in the list

if these conditions are met, the dns name can be passed to be
receiving proxy and be resolved there.

addressing https://github.com/rofl0r/proxychains-ng/issues/246#issuecomment-468222637
2019-02-28 14:07:08 +00:00
rofl0r
9f17774b99 allocator_thread.c: whitespace cleanup 2019-02-28 13:32:57 +00:00
rofl0r
dbec605e2c get_chain_data(): no need for inline 2019-02-28 13:28:10 +00:00
rofl0r
5c8f9a2922 shrink huge log buffer 2019-02-28 13:22:13 +00:00
rofl0r
50c079d4b4 don't try to connect to null-routed ips 2019-02-28 13:08:02 +00:00
Tom Li
11988579f5 allocator_thread.c: set O_CLOEXEC/FD_CLOEXEC for pipes, fix #273.
In proxychains, we create pipes and use them internally.
If exec() is called by the program we run, the pipes opened
previously are never closed, causing a file descriptor leak
may eventually crash the program.

This commit calls fcntl() to set FD_CLOEXEC flags on pipes.
AFAIK there's no race condition on pipe creation, but we still
prefer to call the newer pipe2() with O_CLOEXEC if it's supported
by the system, due to its advantage of atomic operation, which
prevents potential race conditions in the future.

Signed-off-by: Tom Li <tomli@tomli.me>
2018-12-25 18:03:39 +00:00
Tom Li
db5cd6b699 configure: define HAVE_PIPE2 if we have pipe2() and O_CLOEXEC.
This commit adds a new run for pipe2() and O_CLOEXEC. If a program
can be executed, define HAVE_PIPE2.

Signed-off-by: Tom Li <tomli@tomli.me>
2018-12-25 18:03:39 +00:00
rofl0r
a6959ee715 configure: force check_compile() to link an executable
by using -c (which just creates an object file), we don't catch implicit
function declarations as an error (see discussion of #274).
2018-12-25 18:01:26 +00:00
rofl0r
49bf4ba772 replace getservbyname_r ifdef hacks with configure check
this should make it work automatically on any new platform without
having to add yet another ifdef hack.
should fix issues with android (#265).
additionally the code for the systems lacking GNU-compatible getservbyname_r()
is now guarded with a mutex, which prevents possible races, therefore
resolving the ancient "TODO" item.
2018-12-02 13:48:43 +00:00
rofl0r
2213afb6f0 debug mode: display whether proxy_dns is on or off 2018-12-02 13:46:55 +00:00
rofl0r
bd7e8a1da1 test_getaddrinfo.c: add check for service argument 2018-12-02 13:45:35 +00:00
rofl0r
416d481ac9 test_getaddrinfo.c: whitespace cleanup 2018-12-02 13:27:22 +00:00
amyangfei
eb36238c8a remove unused variable 2018-08-26 06:18:20 +01:00
amyangfei
275e64499e Fix select_proxy dead loop in round_roubin_chain
Fix issue #147.
If all proxies are in DOWN_STATE or BUSY_STATE state, select_proxy will run
forever in an infinite loop. When all proxies are not available, we wait some
intervals and retry. The wait time starts with 10 milliseconds and is
increased by 10 milliiseconds in each loop. 14 loops sums up with 1.05 second.
2018-08-23 12:40:27 +01:00
rofl0r
1c8f8e4e7e alternatively allow specifying proxy addresses via URL-style strings
e.g. socks5://user:pass@ip:port

code taken from my library "rocksock"[0].

[0]: https://github.com/rofl0r/rocksock
2018-07-26 23:13:15 +01:00
rofl0r
d21af711d8 release 4.13 2018-06-25 00:26:05 +01:00
rofl0r
49d8ac9338 accept proper RFC1929 auth subnegotiation version field
this was wrongly fixed in 06c20ed394

instead of reverting we now accept the correct version
(version field containing 1) plus the incorrect version (5) given by some
proxyservers in the wild. curl accepts both forms too.

closing #224
addressing #221
2018-05-29 18:59:30 +01:00
rofl0r
bb30d867fe configure: prevent bug overwriting config.mak on OpenBSD
the command writing the openbsd line was using >> before the call
which was meant to initialize config.mak using >.

closes #228
2018-04-12 07:13:26 +01:00
rofl0r
06c20ed394 fix socks5 username/password auth
the version field in the auth check needs to be 5, not 1.

closes #221
2018-02-11 14:59:27 +00:00
rofl0r
831df039bd print usage info on --help too 2018-02-11 14:58:26 +00:00
rofl0r
1a62ec60af support solaris X/Open connect call too
solaris curiously defines connect to point to __xnet_connect when
_XOPEN_SOURCE is defined 600.
that means some programs use the real connect symbol, while others
use __xnet_connect.

thanks to @Low-power for testing.

https://github.com/nxmirrors/onnv/blob/master/usr/src/lib/libsocket/socket/socket.c
https://github.com/nxmirrors/onnv/blob/master/usr/src/uts/common/sys/socket.h#L486
2018-01-10 17:36:39 +00:00
WHR
35a674bdbc configure: Solaris detection, ld 'soname' option auto detection; other Solaris related fixes 2018-01-11 00:45:40 +08:00
papadave
a1f7007a46 main.c: fix build error with solaris
sys/feature_tests.h:362:2: error: #error
"Compiler or options invalid for pre-UNIX 03 X/Open applications and pre-2001 POSIX applications"
2018-01-10 16:14:21 +00:00
rofl0r
3366dc3131 allocator_thread.c: fix build on FreeBSD due to MAP_ANON
thx to @Low-power for testing
2018-01-10 16:09:09 +00:00