If the application specifies a protocol but not a socket type,
normally getaddrinfo will select a corresponding protocol.
Mimic this behavior in our implementation of the function as well.
We only care about the case we're actually able to proxify
(SOCK_STREAM / IPPROTO_TCP).
Fixes proxifying pssh.
gethostbyname() is specified to transform simple numeric ipv4 addresses
into their binary form. since proxy_gethostbyname() was used as a
backend for all resolver functions, somehow we assumed the check for
an ipv4 was done from another site, however this didn't hold true when
the caller used gethostbyname() directly.
fixes#347
the buffer buff was only used for the initial handshake packets,
which in all supported protocols are usual less than a 100 bytes,
with user/pass and dns name at maximum we'd require 768 bytes,
which still leaves us a formidable 256 bytes for the rest of
the packet.
this fixes a segfault with microsocks which on musl uses tiny
thread stack sizes of 8KB.
careful analysis has shown that the buffer is only ever used for
at most a single hostname, so 256 bytes are sufficient.
the huge 8KB buffer caused stack overflow when used with microsocks,
which defaults to tiny thread stacks of 8KB with musl libc.
since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.
it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.
the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).
[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks
some lamer on IRC by the name of annoner/R3M0RS3/penis was complaining
that 3.1 is a lot better than proxychains-ng, because it happens to
work with the browser he's interested in.
since this wasn't the first time this is requested, let's give this
those lamers what they want: lame code!
this should make it work automatically on any new platform without
having to add yet another ifdef hack.
should fix issues with android (#265).
additionally the code for the systems lacking GNU-compatible getservbyname_r()
is now guarded with a mutex, which prevents possible races, therefore
resolving the ancient "TODO" item.
Fix issue #147.
If all proxies are in DOWN_STATE or BUSY_STATE state, select_proxy will run
forever in an infinite loop. When all proxies are not available, we wait some
intervals and retry. The wait time starts with 10 milliseconds and is
increased by 10 milliiseconds in each loop. 14 loops sums up with 1.05 second.
this was wrongly fixed in 06c20ed394
instead of reverting we now accept the correct version
(version field containing 1) plus the incorrect version (5) given by some
proxyservers in the wild. curl accepts both forms too.
closing #224
addressing #221
only basic testing was done (with 2 socks5 proxies listening on ::1)
but seems to work as intended.
ipv6 support for the hostsreader (/etc/hosts) is not implemented so far.
since "user" always points to a statically allocated string buffer,
the test for if(user)... was bogus.
use ulen instead.
this bug should only be visible on socks servers that require auth
if username was not passed, so it was probably not really an issue.
the allocatorthread got pointers to RAM which were reallocated
behind the back, and if realloc() couldn't grow in-place, lead
to segfaults in applications that do a lot of DNS-lookups such
as webbrowsers.
closes#66closes#31
thanks to @ravomavain for tracking down the issue.
the hostentdb introduced between 4.2 and 4.3
(via af5c6f0c6a )
had several issues:
- it caused breakage on FreeBSD and was commented out there
- prevented usage of the hostdb when proxy_dns was turned off
(issue #42)
- required dynamic memory allocation which was accessed from several
threads
- wouldnt reflect changes to the hosts file made during program run
the only sensible solution is to remove the hostentdb and replace it
with a home-grown hosts parser (we can't use gethostent() since
that would mess up the gethostent()-state from different threads).
the new parser used here is deliberately held simple and only meant
to provide the user with means to reference hardcoded ipv4 addresses
via his hosts file.
fixes#42
the strncpy function is both dangerous and slow.
dangerous because it doesn't do what the naive programmer expects
(bounded strcpy), and slow because it pads the entire bufsize
with zeroes.
sys/poll.h is a glibc legacy alias for poll.h.
the latter is specified by POSIX, the former not.
on glibc one of them just includes the other so it doesnt hurt.
the central dns resolver function proxy_gethostbyname() used
to iterate over the gethostent() db (/etc/hosts) on each dns
request.
since this is not threadsafe, we synchronized access to it
previously using mutexes. the parsing of this file is slow,
and blocking all threads to do it even moreso.
since gethostent_r() is only available on a few platforms,
i decided to read the hostent db once and then use a quick
in-memory lookup on further usage.
+ some further refactoring.
instead of allocating memory in the child, we now use the allocator
thread to do all the necessary allocations himself.
additionally we provide a clean API to query the ip <-> dns mapping.
these functions connect via a pipe to the allocator thread, and
exchange messages.
further cleanup is needed, but it seems to work so far.
thread-safety is not yet guaranteed.
closes#1
this is in order to get irssi, which forks for DNS lookups,
and similar programs, to work as intended.
in a previous attempt i learned that shared memory created in a
child process is not visible to the parent;
in this attempt i spin off a thread from the parent which listens
on a pipe and manages the shared memory allocation from the parent
address-space. however this doesnt work as expected:
memory allocated in the parent after the child forked is not visi-
ble to the child as well.
so what happens is: irssi starts a child process, the thread allocs
memory and hands it to the child, the child attempts to write and
segfaults. however irssi doesnt crash. since now the memory is
already allocated, doing the dns lookup again will succeed.
i.e. the dns lookup works now in irssi by luck.
all but the first dns lookups will suceed.
however this is not good enough for me to be satisfied, i commit
this only for documentation purposes.
