commit bd6ae94ff0d1a1a1064e6cfd40320182e8ff5ccc
Author: Tim Rühsen <[email protected]>
Date: Wed Jan 14 14:48:37 2015 +0100
Allow TCP Fast Open clients go through tor
This patch prevents TFO clients to silently leak when torified. TFO uses
sendto() instead of connect()/send().
Signed-off-by: David Goulet <[email protected]>
---
src/lib/Makefile.am | 2 +-
src/lib/sendto.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++
src/lib/torsocks.h | 19 +++++++++++-
3 files changed, 100 insertions(+), 2 deletions(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index d64b3f6..6e137f3 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -9,6 +9,6 @@ lib_LTLIBRARIES = libtorsocks.la
libtorsocks_la_SOURCES = torsocks.c torsocks.h \
connect.c gethostbyname.c getaddrinfo.c close.c \
getpeername.c socket.c syscall.c socketpair.c recv.c \
- exit.c accept.c listen.c fclose.c
+ exit.c accept.c listen.c fclose.c sendto.c
libtorsocks_la_LIBADD = $(top_builddir)/src/common/libcommon.la
diff --git a/src/lib/sendto.c b/src/lib/sendto.c
new file mode 100644
index 0000000..3362026
--- /dev/null
+++ b/src/lib/sendto.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2015 - Tim Rühsen <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License, version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+
+#include <common/log.h>
+#include <common/utils.h>
+
+#include "torsocks.h"
+
+/*
+ * Using TCP Fast Open (TFO) uses sendto() instead of connect() with 'flags'
+ * set to MSG_FASTOPEN. Without this code, using TFO simply bypasses Tor
+ * without letting the user know.
+ *
+ * This solution simply ignores TFO and falls back to connect(). At the time
+ * the tor server supports TFO, socks5.c (client code) could implement it in
+ * send_data() and connect_socks5().
+ */
+
+/* sendto(2)
+ * args: int sockfd, const void *buf, size_t len, int flags,
+ * const struct sockaddr *dest_addr, socklen_t addrlen
+ */
+TSOCKS_LIBC_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+
+/*
+ * Torsocks call for sendto(2).
+ */
+LIBC_SENDTO_RET_TYPE tsocks_sendto(LIBC_SENDTO_SIG)
+{
+#ifdef MSG_FASTOPEN
+ int ret;
+
+ if ((flags & MSG_FASTOPEN) == 0) {
+ /* No TFO, fallback to libc sendto() */
+ goto libc_sendto;
+ }
+
+ DBG("[sendto] TCP fast open catched on fd %d", sockfd);
+
+ ret = connect(sockfd, dest_addr, addrlen);
+ if (ret == 0) {
+ /* Connection established, send payload */
+ ret = send(sockfd, buf, len, flags & ~MSG_FASTOPEN);
+ }
+
+ return ret;
+
+libc_sendto:
+#endif /* MSG_FASTOPEN */
+
+ return tsocks_libc_sendto(LIBC_SENDTO_ARGS);
+}
+
+/*
+ * Libc hijacked symbol sendto(2).
+ */
+LIBC_SENDTO_DECL
+{
+ if (!tsocks_libc_sendto) {
+ tsocks_libc_sendto = tsocks_find_libc_symbol(
+ LIBC_SENDTO_NAME_STR,
TSOCKS_SYM_EXIT_NOT_FOUND);
+ }
+
+ return tsocks_sendto(LIBC_SENDTO_ARGS);
+}
diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h
index 6ded557..3b9cda2 100644
--- a/src/lib/torsocks.h
+++ b/src/lib/torsocks.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000-2008 - Shaun Clowes <[email protected]>
+ * Copyright (C) 2000-2008 - Shaun Clowes <[email protected]>
* 2008-2011 - Robert Hogan
<[email protected]>
* 2013 - David Goulet
<[email protected]>
*
@@ -170,6 +170,7 @@ struct hostent **result, int *h_errnop
int sockfd, struct sockaddr *addr, socklen_t *addrlen
#define LIBC_GETPEERNAME_ARGS sockfd, addr, addrlen
+/* recvmsg(2) */
#define LIBC_RECVMSG_NAME recvmsg
#define LIBC_RECVMSG_NAME_STR XSTR(LIBC_RECVMSG_NAME)
#define LIBC_RECVMSG_RET_TYPE ssize_t
@@ -178,6 +179,16 @@ struct hostent **result, int *h_errnop
#define LIBC_RECVMSG_ARGS \
sockfd, msg, flags
+/* sendto(2) */
+#define LIBC_SENDTO_NAME sendto
+#define LIBC_SENDTO_NAME_STR XSTR(LIBC_SENDTO_NAME)
+#define LIBC_SENDTO_RET_TYPE ssize_t
+#define LIBC_SENDTO_SIG \
+ int sockfd, const void *buf, size_t len, int flags,\
+ const struct sockaddr *dest_addr, socklen_t addrlen
+#define LIBC_SENDTO_ARGS \
+ sockfd, buf, len, flags, dest_addr, addrlen
+
/* accept(2) */
#define LIBC_ACCEPT_NAME accept
#define LIBC_ACCEPT_NAME_STR XSTR(LIBC_ACCEPT_NAME)
@@ -277,6 +288,12 @@ TSOCKS_DECL(recvmsg, LIBC_RECVMSG_RET_TYPE,
LIBC_RECVMSG_SIG)
#define LIBC_RECVMSG_DECL \
LIBC_RECVMSG_RET_TYPE LIBC_RECVMSG_NAME(LIBC_RECVMSG_SIG)
+/* sendto(2) */
+extern TSOCKS_LIBC_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+TSOCKS_DECL(sendto, LIBC_SENDTO_RET_TYPE, LIBC_SENDTO_SIG)
+#define LIBC_SENDTO_DECL \
+ LIBC_SENDTO_RET_TYPE LIBC_SENDTO_NAME(LIBC_SENDTO_SIG)
+
/* socket(2) */
extern TSOCKS_LIBC_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
TSOCKS_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
