[tor-commits] [torsocks/master] Add socket(2) support
dgoulet at torproject.org
dgoulet at torproject.org
Fri Apr 4 22:40:25 UTC 2014
commit fe4e8981364ebb1d677cbdcc0302bafbce345d3b
Author: David Goulet <dgoulet at ev0ke.net>
Date: Wed Aug 7 06:07:11 2013 -0400
Add socket(2) support
Deny every non TCP socket that are inet/inet6 domain because we can't
pipe that data to the Tor network.
Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
src/lib/Makefile.am | 2 +-
src/lib/socket.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
src/lib/torsocks.c | 6 ++++--
src/lib/torsocks.h | 14 +++++++++++++
4 files changed, 74 insertions(+), 3 deletions(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index f27db5c..d107fc8 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -12,7 +12,7 @@ lib_LTLIBRARIES = libtorsocks.la
libtorsocks_la_SOURCES = torsocks.c torsocks.h \
connect.c gethostbyname.c getaddrinfo.c close.c \
- getpeername.c
+ getpeername.c socket.c
libtorsocks_la_LIBADD = \
$(top_builddir)/src/common/libcommon.la \
diff --git a/src/lib/socket.c b/src/lib/socket.c
new file mode 100644
index 0000000..69d28e6
--- /dev/null
+++ b/src/lib/socket.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2013 - David Goulet <dgoulet at ev0ke.net>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License, version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+
+#include <common/log.h>
+
+#include "torsocks.h"
+
+/*
+ * Torsocks call for socket(2)
+ */
+LIBC_SOCKET_RET_TYPE tsocks_socket(LIBC_SOCKET_SIG)
+{
+ switch (__type) {
+ case SOCK_STREAM:
+ break;
+ default:
+ if (__domain == AF_INET || __domain == AF_INET6) {
+ ERR("Non TCP socket denied. Tor network can't handle it. "
+ "Stopping everything!");
+ errno = EINVAL;
+ return -1;
+ }
+ break;
+ }
+
+ /* Stream socket for INET/INET6 is good so open it. */
+ return tsocks_libc_socket(__domain, __type, __protocol);
+}
+
+/*
+ * Libc hijacked symbol socket(2).
+ */
+LIBC_SOCKET_DECL
+{
+ /* Find symbol if not already set. Exit if not found. */
+ tsocks_libc_socket = tsocks_find_libc_symbol(LIBC_SOCKET_NAME_STR,
+ TSOCKS_SYM_EXIT_NOT_FOUND);
+ return tsocks_socket(LIBC_SOCKET_ARGS);
+}
diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c
index cf287d9..833a472 100644
--- a/src/lib/torsocks.c
+++ b/src/lib/torsocks.c
@@ -123,6 +123,8 @@ static void init_libc_symbols(void)
TSOCKS_SYM_EXIT_NOT_FOUND);
tsocks_libc_close = tsocks_find_libc_symbol(LIBC_CLOSE_NAME_STR,
TSOCKS_SYM_EXIT_NOT_FOUND);
+ tsocks_libc_socket = tsocks_find_libc_symbol(LIBC_SOCKET_NAME_STR,
+ TSOCKS_SYM_EXIT_NOT_FOUND);
}
/*
@@ -358,7 +360,7 @@ int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr)
}
}
- conn.fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ conn.fd = tsocks_libc_socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (conn.fd < 0) {
PERROR("socket");
ret = -errno;
@@ -406,7 +408,7 @@ int tsocks_tor_resolve_ptr(const char *addr, char **ip, int af)
DBG("Resolving %" PRIu32 " on the Tor network", addr);
- conn.fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ conn.fd = tsocks_libc_socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (conn.fd < 0) {
PERROR("socket");
ret = -errno;
diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h
index f1a93ef..b8da8ca 100644
--- a/src/lib/torsocks.h
+++ b/src/lib/torsocks.h
@@ -45,6 +45,15 @@
#define LIBC_CONNECT_ARGS \
__sockfd, __addr, __addrlen
+/* socket(2) */
+#define LIBC_SOCKET_NAME socket
+#define LIBC_SOCKET_NAME_STR XSTR(LIBC_SOCKET_NAME)
+#define LIBC_SOCKET_RET_TYPE int
+#define LIBC_SOCKET_SIG \
+ int __domain, int __type, int __protocol
+#define LIBC_SOCKET_ARGS \
+ __domain, __type, __protocol
+
/* close(2) */
#include <unistd.h>
@@ -155,6 +164,11 @@ TSOCKS_LIBC_DECL(connect, LIBC_CONNECT_RET_TYPE, LIBC_CONNECT_SIG)
#define LIBC_CONNECT_DECL \
LIBC_CONNECT_RET_TYPE LIBC_CONNECT_NAME(LIBC_CONNECT_SIG)
+/* socket(2) */
+TSOCKS_LIBC_DECL(socket, LIBC_SOCKET_RET_TYPE, LIBC_SOCKET_SIG)
+#define LIBC_SOCKET_DECL \
+ LIBC_SOCKET_RET_TYPE LIBC_SOCKET_NAME(LIBC_SOCKET_SIG)
+
/* close(2) */
TSOCKS_LIBC_DECL(close, LIBC_CLOSE_RET_TYPE, LIBC_CLOSE_SIG)
#define LIBC_CLOSE_DECL \
More information about the tor-commits
mailing list