release 4.9

closes #60

.gitignore

@@ -1,3 +1,6 @@
+proxychains4
+*.bz2
+*.xz
 *.o
 *.so
 *.la
@@ -8,6 +11,7 @@
 *.out
 *~
 *.patch
+version.h
 
 # Autoconf stuff 
 libtool

AUTHORS

@@ -6,13 +6,17 @@ netcreature@users.sourceforge.net
 main.c, remote-dns, thread safety, bugfixes, build system, 
 cleanups, mac support
 rofl0r.
-https://github.com/rofl0r/proxychains
+https://github.com/rofl0r/proxychains-ng
 
 localnet, bugfixes
 jianing yang.
 https://github.com/jianingy/proxychains
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/3498696
 
+round-robin
+crass.
+https://github.com/crass/proxychains-ng
+
 poll_retry (fixes for signal handling)
 colin cross.
 https://sourceforge.net/projects/proxychains/forums/forum/644747/topic/2367923

COPYING

@@ -1,8 +1,8 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                          675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 

ChangeLog

@@ -1,65 +0,0 @@
-ProxyChains version history (public releases)
-====================
-
-ver 3.1
-
-changed:
-	* dns resolver script fix
-	* prototypes in core.h
-
--------------------------------------------------------------------------
-ver 3.0
-
-added:
-	* new feature - DNS from behind proxy
-	* proxyresolv - stand alone command
-	* proxychains.conf - new option to enable/disable DNS support
-
-changed:
-	* bugfixes in core lib
-	* fixed strict chain
-	* fixed random chain
-	* output text
-	* autotools fix 
-
--------------------------------------------------------------------------
-ver 2.1
-	* bugfuxes
-
--------------------------------------------------------------------------
-ver 2.0
-	* major core rewrite
-	* new config options
-
--------------------------------------------------------------------------
-
-ver 1.8.2
-	* minor bugfixes
-	* improved compilation on FreeBSD & OpenBSD sysems.
-	* improved compilation on Sun Solaris systems .
-	* cross platform (UNIX) issues
-
--------------------------------------------------------------------------
-
-ver 1.8.0
-
-added:
-	* Socks5 protocol
-	* Socks4 protocol
-	* HTTP proxy auth basic
-	* Socks4 user auth
-	* Socks5 user/pass auth
-	* more chain options (random, strict, dynamic )
-	* configurable timeout for TCP connect.
-	* configurable timeout for TCP read.
-	* INSTALL file (explains how to install properly)
-
-changed:
-	* configuration file entries (proxychains.conf)
-	* configuration file lookup
-
--------------------------------------------------------------------------
-
-ver 0.0.1
-	* TCP calls interception
-	* HTTP CONNECT proxy protocol.

Makefile

@@ -15,10 +15,17 @@ sysconfdir=$(prefix)/etc
 
 SRCS = $(sort $(wildcard src/*.c))
 OBJS = $(SRCS:.c=.o)
-LOBJS = src/core.o src/common.o src/libproxychains.o
+LOBJS = src/nameinfo.o src/version.o \
+        src/core.o src/common.o src/libproxychains.o src/shm.o \
+        src/allocator_thread.o src/ip_type.o src/stringdump.o \
+        src/hostsreader.o src/hash.o src/debug.o
 
-CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe -DTHREAD_SAFE
-LDFLAGS = -shared -fPIC -Wl,--no-as-needed -ldl -lpthread
+GENH = src/version.h
+
+CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
+NO_AS_NEEDED = -Wl,--no-as-needed
+LIBDL   = -ldl
+LDFLAGS = -fPIC $(NO_AS_NEEDED)
 INC     = 
 PIC     = -fPIC
 AR      = $(CROSS_COMPILE)ar
@@ -26,9 +33,7 @@ RANLIB  = $(CROSS_COMPILE)ranlib
 
 LDSO_SUFFIX = so
 LD_SET_SONAME = -Wl,-soname=
-INSTALL_FLAGS = -D -m
-
--include config.mak
+INSTALL = ./tools/install.sh
 
 LDSO_PATHNAME = libproxychains4.$(LDSO_SUFFIX)
 
@@ -36,36 +41,51 @@ SHARED_LIBS = $(LDSO_PATHNAME)
 ALL_LIBS = $(SHARED_LIBS)
 PXCHAINS = proxychains4
 ALL_TOOLS = $(PXCHAINS)
+ALL_CONFIGS = src/proxychains.conf
 
+-include config.mak
 
 CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS)
+LDFLAGS+=$(USER_LDFLAGS)
 CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\"
 
 
 all: $(ALL_LIBS) $(ALL_TOOLS)
 
-install-config:
-	install -d $(DESTDIR)/$(sysconfdir)
-	install $(INSTALL_FLAGS) 644 src/proxychains.conf $(DESTDIR)/$(sysconfdir)/
+install: install-libs install-tools
 
-install: 
-	install -d $(DESTDIR)/$(bindir)/ $(DESTDIR)/$(libdir)/
-	install $(INSTALL_FLAGS) 755 $(ALL_TOOLS) $(DESTDIR)/$(bindir)/
-	install $(INSTALL_FLAGS) 644 $(ALL_LIBS) $(DESTDIR)/$(libdir)/
+$(DESTDIR)$(bindir)/%: %
+	$(INSTALL) -D -m 755 $< $@
+
+$(DESTDIR)$(libdir)/%: %
+	$(INSTALL) -D -m 644 $< $@
+
+$(DESTDIR)$(sysconfdir)/%: src/%
+	$(INSTALL) -D -m 644 $< $@
+
+install-libs: $(ALL_LIBS:%=$(DESTDIR)$(libdir)/%)
+install-tools: $(ALL_TOOLS:%=$(DESTDIR)$(bindir)/%)
+install-config: $(ALL_CONFIGS:src/%=$(DESTDIR)$(sysconfdir)/%)
 
 clean:
 	rm -f $(ALL_LIBS)
 	rm -f $(ALL_TOOLS)
 	rm -f $(OBJS)
+	rm -f $(GENH)
+
+src/version.h: $(wildcard VERSION .git)
+	printf '#define VERSION "%s"\n' "$$(sh tools/version.sh)" > $@
+
+src/version.o: src/version.h
 
 %.o: %.c
-	$(CC) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
 
 $(LDSO_PATHNAME): $(LOBJS)
-	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
+	$(CC) -shared $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -lpthread $(LIBDL) -o $@ $(LOBJS)
 
 $(ALL_TOOLS): $(OBJS)
-	$(CC) src/main.o src/common.o -o $(PXCHAINS)
+	$(CC) $(LDFLAGS) src/main.o src/common.o -o $(PXCHAINS)
 
 
-.PHONY: all clean install
+.PHONY: all clean install install-config install-libs install-tools

README

@@ -1,62 +1,123 @@
-ProxyChains ver 4.1 README
-==========================
+ProxyChains-NG ver 4.9 README
+=============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
-  in dynamically linked programs via a preloaded DLL and redirects the
-  connections through SOCKS4a/5 or HTTP proxies.
+  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
+  and redirects the connections through SOCKS4a/5 or HTTP proxies.
+  It supports TCP only (no UDP/ICMP etc).
+
+  The way it works is basically a HACK; so it is possible that it doesn't
+  work with your program, especially when it's a script, or starts 
+  numerous processes like background daemons or uses dlopen() to load
+  "modules" (bug in glibc dynlinker).
+  It should work with simple compiled (C/C++) dynamically linked programs
+  though.
+
+  If your program doesn't work with proxychains, consider using an 
+  iptables based solution instead; this is much more robust.
+
+  Supported Platforms: Linux, BSD, Mac.
+
 
 *********** ATTENTION ***********
 
-  this program works only on dynamically linked programs.
-  also both proxychains and the program to call must use
-  the same dynamic linker (i.e. same libc)
+  this program can be used to circumvent censorship.
+  doing so can be VERY DANGEROUS in certain countries.
 
-*********************************
+  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
+  BEFORE USING IT FOR ANYTHING SERIOUS.
 
-*** Known limitations of the current version: ***
+  this involves both the program and the proxy that you're going to
+  use.
 
-  when a process forks, does a DNS lookup in the child, and then uses
-  the ip in the parent, the corresponding ip mapping will not be found.
-  this is because the fork can't write back into the parents mapping table.
-  IRSSI shows this behaviour, so you have to pass the resolved ip address
-  to it. (you can use the proxyresolv script (requires "dig") to do so)
+  for example, you can connect to some "what is my ip" service
+  like ifconfig.me to make sure that it's not using your real ip.
 
-  this means that you can't currently use tor onion urls for irssi.
-  to solve this issue, an external data store (file, pipe, ...) has to
-  manage the dns <-> ip mapping. of course there has to be proper locking.
-  shm_open, mkstemp, are possible candidates for a file based approach,
-  the other option is to spawn some kind of server process that manages the
-  map lookups. since connect() etc are hooked, this must not be a TCP server.
+  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.
 
-  I am reluctant on doing this change, because the described behaviour
-  seems pretty idiotic (doing a fork only for a DNS lookup), and irssi
-  is currently the only known affected program.
+  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY 
+  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND 
+  THE RESULTING CONSEQUENCES.
 
 *** Installation ***
 
   # needs a working C compiler, preferably gcc
-  ./configure
+  ./configure --prefix=/usr --sysconfdir=/etc
   make
-  sudo make install
+  [optional] sudo make install
+  [optional] sudo make install-config (installs proxychains.conf)
+
+  if you dont install, you can use proxychains from the build directory
+  like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80
 
 Changelog:
 ----------
-Version 4.1 adds support for mac os x (i386, x86_64, ppc)
-all internal functions are threadsafe when compiled with -DTHREAD_SAFE
-(default).
+Version 4.9
+- fix a security issue CVE-2015-3887
+- add sendto hook to handle MSG_FASTOPEN flag
+- replace problematic hostentdb with hostsreader
+- fix compilation on OpenBSD (although doesn't work there)
 
-Version (4.x) removes the dnsresolver script which required a dynamically
-linked "dig" binary to be present with remote DNS lookup.
-this speeds up any operation involving DNS, as the old script had to use TCP.
-additionally it allows to use .onion urls when used with TOR.
-also it removed the broken autoconf build system with a simple Makefile.
-there's a ./configure script though for convenience.
-it also adds support for a config file passed via command line switches/
-environment variables.
+Version 4.8.1:
+- fix regression in 4.8 install-config Makefile target
 
-Version (3.x) introduces support for DNS resolving through proxy 
-it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
-Auth-types: socks - "user/pass" , http - "basic".
+Version 4.8:
+- fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
+  to test for a numeric ip instead of resolving it (fixes nmap).
+- allow usage with programs that rely on LD_PRELOAD themselves
+- reject wrong entries in config file
+- print version number on startup
+
+Version 4.7:
+- new round_robin chaintype by crass.
+- fix bug with lazy allocation when GCC constructor was not used.
+- new configure flag --fat-binary to create a "fat" binary/library on OS X
+- return EBADF rather than EINTR in close hook. 
+  it's legal for a program to retry close() calls when they receive
+  EINTR, which could cause an infinite loop, as seen in chromium.
+
+Version 4.6:
+- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
+  used as proxy server address.
+
+Version 4.5:
+- hook close() to prevent OpenSSH from messing with internal infrastructure.
+  this caused ssh client to segfault when proxified.
+
+Version 4.4:
+- FreeBSD port
+- fixes some installation issues on Debian and Mac.
+
+Version 4.3:
+- fixes programs that do dns-lookups in child processes (fork()ed),
+  like irssi. to achieve this, support for compilation without pthreads
+  was sacrified.
+- fixes thread safety for gethostent() calls.
+- improved DNS handling speed, since hostent db is cached.
+
+Version 4.2:
+- fixes compilation issues with ubuntu 12.04 toolchain
+- fixes segfault in rare codepath
+
+Version 4.1 
+- support for mac os x (all archs)
+- all internal functions are threadsafe when compiled with -DTHREAD_SAFE 
+  (default).
+
+Version 4.0
+- replaced dnsresolver script (which required a dynamically linked "dig" 
+  binary to be present) with remote DNS lookup.
+  this speeds up any operation involving DNS, as the old script had to use TCP.
+  additionally it allows to use .onion urls when used with TOR.
+- removed broken autoconf build system with a simple Makefile.
+  there's a ./configure script though for convenience.
+  it also adds support for a config file passed via command line switches/
+  environment variables.
+
+Version 3.0
+- support for DNS resolving through proxy 
+  supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
+  Auth-types: socks - "user/pass" , http - "basic".
 
 When to use it ?
 1) When the only way to get "outside" from your LAN is through proxy server.
@@ -65,7 +126,8 @@ When to use it ?
 	like: your_host <--> proxy1 <--> proxy2 <--> target_host
 4) To "proxify" some program with no proxy support built-in (like telnet)
 5) Access intranet from outside via proxy.
-5) To use DNS behind proxy.
+6) To use DNS behind proxy.
+7) To access hidden tor onion services.
 
 Some cool features:
 
@@ -75,10 +137,9 @@ Some cool features:
 	random order from the list ( user defined length of chain ).
 	exact order  (as they appear in the list )
 	dynamic order (smart exclude dead proxies from chain)
-* You can use it with any TCP client application, even network scanners
-	yes, yes - you can make portscan via proxy (or chained proxies)
-	for example with Nmap scanner by fyodor (www.insecire.org/nmap).
-	proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)
+* You can use it with most TCP client applications, possibly even network 
+	scanners, as long as they use standard libc functionality.
+	pcap based scanning does not work.
 * You can use it with servers, like squid, sendmail, or whatever.
 * DNS resolving through proxy.
 
@@ -87,13 +148,13 @@ Configuration:
 --------------
 
 proxychains looks for config file in following order:
-1)	file listed in environment variable ${PROXYCHAINS_CONF_FILE} or
+1)	file listed in environment variable PROXYCHAINS_CONF_FILE or
 	provided as a -f argument to proxychains script or binary.
 2)	./proxychains.conf
 3)	$(HOME)/.proxychains/proxychains.conf
-4)	/etc/proxychains.conf  **
+4)	$(sysconfdir)/proxychains.conf  **
 
-**see more in /etc/proxychains.conf
+** usually /etc/proxychains.conf
 
 Usage Example:
 
@@ -116,3 +177,12 @@ Usage Example:
 in this example it will resolve targethost.com through proxy(or chained proxies)
 specified by proxychains.conf
 
+Community:
+----------
+#proxychains on irc.freenode.net
+
+Donations:
+----------
+bitcoins donations are welcome - please send to this address:
+1C9LBpuy56veBqw5N33sZMoZW8mwCw3tPh
+

VERSION

@@ -0,0 +1 @@
+4.9

configure

@@ -2,6 +2,22 @@
 
 prefix=/usr/local
 
+ismac() {
+	uname -s | grep Darwin >/dev/null
+}
+
+isx86_64() {
+	uname -m | grep -i X86_64 >/dev/null
+}
+
+isbsd() {
+	uname -s | grep BSD >/dev/null
+}
+
+isopenbsd() {
+	uname -s | grep OpenBSD >/dev/null
+}
+
 usage() {
 	echo "supported arguments"
 	echo "--prefix=/path 		default: $prefix"
@@ -10,6 +26,10 @@ usage() {
 	echo "--libdir=/path		default: $prefix/lib"
 	echo "--includedir=/path	default: $prefix/include"
 	echo "--sysconfdir=/path	default: $prefix/etc"
+	echo "--ignore-cve		default: no"
+	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
+	echo "	to preload from current dir (insecure)"
+	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--help : show this text"
 	exit 1
 }
@@ -21,6 +41,8 @@ spliteq() {
 	# or echo "$arg" | sed 's/[^=]*=//'
 }
 
+fat_binary=
+ignore_cve=no
 parsearg() {
 	case "$1" in
 	--prefix=*) prefix=`spliteq $1`;;
@@ -29,14 +51,13 @@ parsearg() {
 	--libdir=*) libdir=`spliteq $1`;;
 	--includedir=*) includedir=`spliteq $1`;;
 	--sysconfdir=*) sysconfdir=`spliteq $1`;;
+	--ignore-cve) ignore_cve=1;;
+	--ignore-cve=*) ignore_cve=`spliteq $1`;;
+	--fat-binary) fat_binary=1;;
 	--help) usage;;
 	esac
 }
 
-ismac() {
-	uname -s | grep Darwin
-}
-
 while true ; do
 	case $1 in
 	-*) parsearg "$1"; shift;;
@@ -71,18 +92,30 @@ fi
 echo CC?=$CC>config.mak
 [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
 [ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
+[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
 echo prefix=$prefix>>config.mak
 echo exec_prefix=$exec_prefix>>config.mak
 echo bindir=$bindir>>config.mak
 echo libdir=$libdir>>config.mak
 echo includedir=$includedir>>config.mak
 echo sysconfdir=$sysconfdir>>config.mak
+[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+make_cmd=make
 if ismac ; then
+	echo NO_AS_NEEDED=>>config.mak
 	echo LDSO_SUFFIX=dylib>>config.mak
 	echo MAC_CFLAGS+=-DIS_MAC=1>>config.mak
+	if isx86_64 && [ "$fat_binary" = 1 ] ; then
+		echo "Configuring a fat binary for i386 and x86_64"
+		echo MAC_CFLAGS+=-arch i386 -arch x86_64>>config.mak
+		echo LDFLAGS+=-arch i386 -arch x86_64>>config.mak
+	fi
 	echo LD_SET_SONAME=-Wl,-install_name,>>config.mak
-	echo INSTALL_FLAGS=-m>>config.mak
+elif isbsd ; then
+	echo LIBDL=>>config.mak
+	echo "CFLAGS+=-DIS_BSD">>config.mak
+	isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
+	make_cmd=gmake
 fi
 
-echo done, now run make \&\& make install
-
+echo "Done, now run $make_cmd && $make_cmd install"

src/allocator_thread.c

@@ -0,0 +1,296 @@
+#include <pthread.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/select.h>
+#include <assert.h>
+#include <string.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <errno.h>
+#include "allocator_thread.h"
+#include "shm.h"
+#include "debug.h"
+#include "ip_type.h"
+#include "mutex.h"
+#include "hash.h"
+#include "stringdump.h"
+
+/* stuff for our internal translation table */
+
+typedef struct {
+	uint32_t hash;
+	char* string;
+} string_hash_tuple;
+
+typedef struct {
+	uint32_t counter;
+	uint32_t capa;
+	string_hash_tuple** list;
+} internal_ip_lookup_table;
+
+pthread_mutex_t internal_ips_lock;
+internal_ip_lookup_table *internal_ips = NULL;
+internal_ip_lookup_table internal_ips_buf;
+
+uint32_t index_from_internal_ip(ip_type internalip) {
+	PFUNC();
+	ip_type tmp = internalip;
+	uint32_t ret;
+	ret = tmp.octet[3] + (tmp.octet[2] << 8) + (tmp.octet[1] << 16);
+	ret -= 1;
+	return ret;
+}
+
+char *string_from_internal_ip(ip_type internalip) {
+	PFUNC();
+	char *res = NULL;
+	uint32_t index = index_from_internal_ip(internalip);
+	if(index < internal_ips->counter)
+		res = internal_ips->list[index]->string;
+	return res;
+}
+
+extern unsigned int remote_dns_subnet;
+ip_type make_internal_ip(uint32_t index) {
+	ip_type ret;
+	index++; // so we can start at .0.0.1
+	if(index > 0xFFFFFF)
+		return ip_type_invalid;
+	ret.octet[0] = remote_dns_subnet & 0xFF;
+	ret.octet[1] = (index & 0xFF0000) >> 16;
+	ret.octet[2] = (index & 0xFF00) >> 8;
+	ret.octet[3] = index & 0xFF;
+	return ret;
+}
+
+static ip_type ip_from_internal_list(char* name, size_t len) {
+	uint32_t hash = dalias_hash((char *) name);
+	size_t i;
+	ip_type res;
+	void* new_mem;
+	// see if we already have this dns entry saved.
+	if(internal_ips->counter) {
+		for(i = 0; i < internal_ips->counter; i++) {
+			if(internal_ips->list[i]->hash == hash && !strcmp(name, internal_ips->list[i]->string)) {
+				res = make_internal_ip(i);
+				PDEBUG("got cached ip for %s\n", name);
+				goto have_ip;
+			}
+		}
+	}
+	// grow list if needed.
+	if(internal_ips->capa < internal_ips->counter + 1) {
+		PDEBUG("realloc\n");
+		new_mem = realloc(internal_ips->list, (internal_ips->capa + 16) * sizeof(void *));
+		if(new_mem) {
+			internal_ips->capa += 16;
+			internal_ips->list = new_mem;
+		} else {
+	oom:
+			PDEBUG("out of mem\n");
+			goto err_plus_unlock;
+		}
+	}
+
+	res = make_internal_ip(internal_ips->counter);
+	if(res.as_int == ip_type_invalid.as_int)
+		goto err_plus_unlock;
+
+	string_hash_tuple tmp = { 0 };
+	new_mem = dumpstring((char*) &tmp, sizeof(string_hash_tuple));
+	if(!new_mem)
+		goto oom;
+
+	PDEBUG("creating new entry %d for ip of %s\n", (int) internal_ips->counter, name);
+
+	internal_ips->list[internal_ips->counter] = new_mem;
+	internal_ips->list[internal_ips->counter]->hash = hash;
+	
+	new_mem = dumpstring((char*) name, len + 1);
+	
+	if(!new_mem) {
+		internal_ips->list[internal_ips->counter] = 0;
+		goto oom;
+	}
+	internal_ips->list[internal_ips->counter]->string = new_mem;
+
+	internal_ips->counter += 1;
+
+	have_ip:
+
+	return res;
+	err_plus_unlock:
+	
+	PDEBUG("return err\n");
+	return ip_type_invalid;
+}
+
+/* stuff for communication with the allocator thread */
+
+enum at_msgtype {
+	ATM_GETIP,
+	ATM_GETNAME,
+	ATM_EXIT,
+};
+
+enum at_direction {
+	ATD_SERVER = 0,
+	ATD_CLIENT,
+	ATD_MAX,
+};
+
+struct at_msghdr {
+	enum at_msgtype msgtype;
+	size_t datalen;
+};
+
+static pthread_t allocator_thread;
+static pthread_attr_t allocator_thread_attr;
+int req_pipefd[2];
+int resp_pipefd[2];
+
+static int wait_data(int readfd) {
+	PFUNC();
+	fd_set fds;
+	FD_ZERO(&fds);
+	FD_SET(readfd, &fds);
+	int ret;
+	while((ret = select(readfd+1, &fds, NULL, NULL, NULL)) <= 0) {
+		if(ret < 0) {
+			int e = errno;
+			if(e == EINTR) continue;
+#ifdef __GLIBC__
+			char emsg[1024];
+			char* x = strerror_r(errno, emsg, sizeof emsg);
+			dprintf(2, "select2: %s\n", x);
+#endif
+			return 0;
+		}
+	}
+	return 1;
+}
+
+static int sendmessage(enum at_direction dir, struct at_msghdr *hdr, void* data) {
+	static int* destfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[1], [ATD_CLIENT] = &resp_pipefd[1] };
+	int ret = write(*destfd[dir], hdr, sizeof *hdr) == sizeof *hdr;
+	if(ret && hdr->datalen) {
+		assert(hdr->datalen <= MSG_LEN_MAX);
+		ret = write(*destfd[dir], data, hdr->datalen) == hdr->datalen;
+	}
+	return ret;
+}
+
+static int getmessage(enum at_direction dir, struct at_msghdr *hdr, void* data) {
+	static int* readfd[ATD_MAX] = { [ATD_SERVER] = &req_pipefd[0], [ATD_CLIENT] = &resp_pipefd[0] };
+	int ret;
+	if((ret = wait_data(*readfd[dir]))) {
+		ret = read(*readfd[dir], hdr, sizeof *hdr) == sizeof(*hdr);
+		assert(hdr->datalen <= MSG_LEN_MAX);
+		if(ret && hdr->datalen) {
+			ret = read(*readfd[dir], data, hdr->datalen) == hdr->datalen;
+		}
+	}
+	return ret;
+}
+
+static void* threadfunc(void* x) {
+	(void) x;
+	int ret;
+	struct at_msghdr msg;
+	union { 
+		char host[MSG_LEN_MAX];
+		ip_type ip;
+	} readbuf;
+	while((ret = getmessage(ATD_SERVER, &msg, &readbuf))) {
+		switch(msg.msgtype) {
+			case ATM_GETIP:
+				/* client wants an ip for a DNS name. iterate our list and check if we have an existing entry.
+					* if not, create a new one. */
+				readbuf.ip = ip_from_internal_list(readbuf.host, msg.datalen - 1);
+				msg.datalen = sizeof(ip_type);
+				break;
+			case ATM_GETNAME: {
+				char *host = string_from_internal_ip(readbuf.ip);
+				if(host) {
+					size_t l = strlen(host);
+					assert(l < MSG_LEN_MAX);
+					memcpy(readbuf.host, host, l + 1);
+					msg.datalen = l + 1;
+				}
+				break;
+			}
+			case ATM_EXIT:
+				return 0;
+			default:
+				abort();
+		}
+		ret = sendmessage(ATD_CLIENT, &msg, &readbuf);
+	}
+	return 0;
+}
+
+/* API to access the internal ip mapping */
+
+ip_type at_get_ip_for_host(char* host, size_t len) {
+	ip_type readbuf;
+	MUTEX_LOCK(&internal_ips_lock);
+	if(len > MSG_LEN_MAX) goto inv;
+	struct at_msghdr msg = {.msgtype = ATM_GETIP, .datalen = len + 1 };
+	if(sendmessage(ATD_SERVER, &msg, host) &&
+	   getmessage(ATD_CLIENT, &msg, &readbuf));
+	else {
+		inv:
+		readbuf = ip_type_invalid;
+	}
+	MUTEX_UNLOCK(&internal_ips_lock);
+	return readbuf;
+}
+
+size_t at_get_host_for_ip(ip_type ip, char* readbuf) {
+	struct at_msghdr msg = {.msgtype = ATM_GETNAME, .datalen = sizeof(ip_type) };
+	size_t res = 0;
+	MUTEX_LOCK(&internal_ips_lock);
+	if(sendmessage(ATD_SERVER, &msg, &ip) && getmessage(ATD_CLIENT, &msg, readbuf)) {
+		if((ptrdiff_t) msg.datalen <= 0) res = 0;
+		else res = msg.datalen - 1;
+	}
+	MUTEX_UNLOCK(&internal_ips_lock);
+	return res;
+}
+
+
+static void initpipe(int* fds) {
+	if(pipe(fds) == -1) {
+		perror("pipe");
+		exit(1);
+	}
+}
+
+/* initialize with pointers to shared memory. these will
+ * be used to place responses and arguments */
+void at_init(void) {
+	PFUNC();
+	MUTEX_INIT(&internal_ips_lock);
+	internal_ips = &internal_ips_buf;
+	memset(internal_ips, 0, sizeof *internal_ips);
+	initpipe(req_pipefd);
+	initpipe(resp_pipefd);
+	pthread_attr_init(&allocator_thread_attr);
+	pthread_attr_setstacksize(&allocator_thread_attr, 16 * 1024);
+	pthread_create(&allocator_thread, &allocator_thread_attr, threadfunc, 0);
+}
+
+void at_close(void) {
+	PFUNC();
+	const int msg = ATM_EXIT;
+	write(req_pipefd[1], &msg, sizeof(int));
+	pthread_join(allocator_thread, NULL);
+	close(req_pipefd[0]);
+	close(req_pipefd[1]);
+	close(resp_pipefd[0]);
+	close(resp_pipefd[1]);
+	pthread_attr_destroy(&allocator_thread_attr);
+	MUTEX_DESTROY(&internal_ips_lock);
+}

src/allocator_thread.h

@@ -0,0 +1,19 @@
+#ifndef ALLOCATOR_THREAD_H
+#define ALLOCATOR_THREAD_H
+
+#include <unistd.h>
+#include "ip_type.h"
+
+#define MSG_LEN_MAX 256
+
+extern int req_pipefd[2];
+extern int resp_pipefd[2];
+
+void at_init(void);
+void at_close(void);
+size_t at_get_host_for_ip(ip_type ip, char* readbuf);
+ip_type at_get_ip_for_host(char* host, size_t len);
+
+//RcB: DEP "allocator_thread.c"
+#endif
+

src/common.c

@@ -3,6 +3,50 @@
 #include <unistd.h>
 #include <stdio.h>
 
+const char *proxy_type_strmap[] = {
+    "http",
+    "socks4",
+    "socks5",
+};
+
+const char *chain_type_strmap[] = {
+    "dynamic_chain",
+    "strict_chain",
+    "random_chain",
+    "round_robin_chain",
+};
+
+const char *proxy_state_strmap[] = {
+    "play",
+    "down",
+    "blocked",
+    "busy",
+};
+
+// stolen from libulz (C) rofl0r
+void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes) {
+	unsigned char *p;
+	char *o = outbuf_16_bytes;
+	unsigned char n;
+	for(p = ip_buf_4_bytes; p < ip_buf_4_bytes + 4; p++) {
+		n = *p;
+		if(*p >= 100) {
+			if(*p >= 200)
+				*(o++) = '2';
+			else
+				*(o++) = '1';
+			n %= 100;
+		}
+		if(*p >= 10) {
+			*(o++) = (n / 10) + '0';
+			n %= 10;
+		}
+		*(o++) = n + '0';
+		*(o++) = '.';
+	}
+	o[-1] = 0;
+}
+
 static int check_path(char *path) {
 	if(!path)
 		return 0;
@@ -15,7 +59,7 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	char *path = default_path;
 	if(check_path(path))
 		goto have;
-	
+
 	// priority 1: env var PROXYCHAINS_CONF_FILE
 	path = getenv(PROXYCHAINS_CONF_FILE_ENV_VAR);
 	if(check_path(path))
@@ -44,10 +88,10 @@ char *get_config_path(char* default_path, char* pbuf, size_t bufsize) {
 	path = "/etc/" PROXYCHAINS_CONF_FILE;
 	if(check_path(path))
 		goto have;
-	
+
 	perror("couldnt find configuration file");
 	exit(1);
-	
+
 	return NULL;
 	have:
 	return path;

src/common.h

@@ -1,3 +1,6 @@
+#ifndef COMMON_H
+#define COMMON_H
+
 #define PROXYCHAINS_CONF_FILE_ENV_VAR "PROXYCHAINS_CONF_FILE"
 #define PROXYCHAINS_QUIET_MODE_ENV_VAR "PROXYCHAINS_QUIET_MODE"
 #define PROXYCHAINS_CONF_FILE "proxychains.conf"
@@ -8,6 +11,12 @@
 
 #include <stddef.h>
 
-char *get_config_path(char* default_path, char* pbuf, size_t bufsize);
+extern const char *proxy_type_strmap[];
+extern const char *chain_type_strmap[];
+extern const char *proxy_state_strmap[];
 
-//RcB: DEP "common.c"
+char *get_config_path(char* default_path, char* pbuf, size_t bufsize);
+void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes);
+
+//RcB: DEP "common.c"
+#endif

src/core.c

@@ -27,94 +27,25 @@
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/poll.h>
+#include <poll.h>
 #include <sys/wait.h>
 #include <fcntl.h>
 #include <time.h>
 #include <sys/time.h>
 #include <stdarg.h>
 #include <assert.h>
-#ifdef THREAD_SAFE
-#include <pthread.h>
-pthread_mutex_t internal_ips_lock;
-pthread_mutex_t hostdb_lock;
-#endif
 
 #include "core.h"
 #include "common.h"
+#include "shm.h"
+#include "allocator_thread.h"
 
 extern int tcp_read_time_out;
 extern int tcp_connect_time_out;
 extern int proxychains_quiet_mode;
+extern unsigned int proxychains_proxy_offset;
 extern unsigned int remote_dns_subnet;
 
-internal_ip_lookup_table internal_ips = { 0, 0, NULL };
-
-
-uint32_t dalias_hash(char *s0) {
-	unsigned char *s = (void *) s0;
-	uint_fast32_t h = 0;
-	while(*s) {
-		h = 16 * h + *s++;
-		h ^= h >> 24 & 0xf0;
-	}
-	return h & 0xfffffff;
-}
-
-uint32_t index_from_internal_ip(ip_type internalip) {
-	ip_type tmp = internalip;
-	uint32_t ret;
-	ret = tmp.octet[3] + (tmp.octet[2] << 8) + (tmp.octet[1] << 16);
-	ret -= 1;
-	return ret;
-}
-
-char *string_from_internal_ip(ip_type internalip) {
-	char *res = NULL;
-	uint32_t index = index_from_internal_ip(internalip);
-	MUTEX_LOCK(&internal_ips_lock);
-	if(index < internal_ips.counter)
-		res = internal_ips.list[index]->string;
-	MUTEX_UNLOCK(&internal_ips_lock);
-	return res;
-}
-
-in_addr_t make_internal_ip(uint32_t index) {
-	ip_type ret;
-	index++;		// so we can start at .0.0.1
-	if(index > 0xFFFFFF)
-		return (in_addr_t) - 1;
-	ret.octet[0] = remote_dns_subnet & 0xFF;
-	ret.octet[1] = (index & 0xFF0000) >> 16;
-	ret.octet[2] = (index & 0xFF00) >> 8;
-	ret.octet[3] = index & 0xFF;
-	return (in_addr_t) ret.as_int;
-}
-
-// stolen from libulz (C) rofl0r
-void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes) {
-	unsigned char *p;
-	char *o = outbuf_16_bytes;
-	unsigned char n;
-	for(p = ip_buf_4_bytes; p < ip_buf_4_bytes + 4; p++) {
-		n = *p;
-		if(*p >= 100) {
-			if(*p >= 200)
-				*(o++) = '2';
-			else
-				*(o++) = '1';
-			n %= 100;
-		}
-		if(*p >= 10) {
-			*(o++) = (n / 10) + '0';
-			n %= 10;
-		}
-		*(o++) = n + '0';
-		*(o++) = '.';
-	}
-	o[-1] = 0;
-}
-
 static int poll_retry(struct pollfd *fds, nfds_t nfsd, int timeout) {
 	int ret;
 	int time_remain = timeout;
@@ -220,6 +151,7 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
 	int ret, value;
 	socklen_t value_len;
 	struct pollfd pfd[1];
+	PFUNC();
 
 	pfd[0].fd = sock;
 	pfd[0].events = POLLOUT;
@@ -258,21 +190,19 @@ static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
 #define INVALID_INDEX 0xFFFFFFFFU
 static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, char *user, char *pass) {
 	char *dns_name = NULL;
+	char hostnamebuf[MSG_LEN_MAX];
 	size_t dns_len = 0;
 
-	PDEBUG("tunnel_to()\n");
+	PFUNC();
 
 	// we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution
 	// the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with
 	// the results returned from gethostbyname et al.)
 	// the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127
 	if(ip.octet[0] == remote_dns_subnet) {
-		dns_name = string_from_internal_ip(ip);
-		if(!dns_name)
-			goto err;
-		dns_len = strlen(dns_name);
-		if(!dns_len)
-			goto err;
+		dns_len = at_get_host_for_ip(ip, hostnamebuf);
+		if(!dns_len) goto err;
+		else dns_name = hostnamebuf;
 	}
 	
 	PDEBUG("host dns %s\n", dns_name ? dns_name : "<NULL>");
@@ -338,8 +268,10 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 				}
 
 				// if not ok (200) or response greather than BUFF_SIZE return BLOCKED;
-				if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0'))
+				if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0')) {
+					PDEBUG("HTTP proxy blocked: buff=\"%s\"\n", buff);
 					return BLOCKED;
+				}
 
 				return SUCCESS;
 			}
@@ -498,6 +430,7 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 #define DT "Dynamic chain"
 #define ST "Strict chain"
 #define RT "Random chain"
+#define RRT "Round Robin chain"
 
 static int start_chain(int *fd, proxy_data * pd, char *begin_mark) {
 	struct sockaddr_in addr;
@@ -535,7 +468,6 @@ static proxy_data *select_proxy(select_type how, proxy_data * pd, unsigned int p
 		return NULL;
 	switch (how) {
 		case RANDOMLY:
-			srand(time(NULL));
 			do {
 				k++;
 				i = 0 + (unsigned int) (proxy_count * 1.0 * rand() / (RAND_MAX + 1.0));
@@ -586,14 +518,14 @@ static unsigned int calc_alive(proxy_data * pd, unsigned int proxy_count) {
 static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
 	int retcode = -1;
 	char *hostname;
+	char hostname_buf[MSG_LEN_MAX];
 	char ip_buf[16];
 
-	PDEBUG("chain_step()\n");
+	PFUNC();
 
 	if(pto->ip.octet[0] == remote_dns_subnet) {
-		hostname = string_from_internal_ip(pto->ip);
-		if(!hostname)
-			goto usenumericip;
+		if(!at_get_host_for_ip(pto->ip, hostname_buf)) goto usenumericip;
+		else hostname = hostname_buf;
 	} else {
 	usenumericip:
 		pc_stringfromipv4(&pto->ip.octet[0], ip_buf);
@@ -626,15 +558,20 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 	proxy_data p4;
 	proxy_data *p1, *p2, *p3;
 	int ns = -1;
+	int rc = -1;
 	unsigned int offset = 0;
 	unsigned int alive_count = 0;
 	unsigned int curr_len = 0;
+	unsigned int curr_pos = 0;
+	unsigned int looped = 0; // went back to start of list in RR mode
 
 	p3 = &p4;
 
-	PDEBUG("connect_proxy_chain\n");
+	PFUNC();
 
 	again:
+	rc = -1;
+	DUMP_PROXY_CHAIN(pd, proxy_count);
 
 	switch (ct) {
 		case DYNAMIC_TYPE:
@@ -661,6 +598,52 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 				goto error;
 			break;
 
+		case ROUND_ROBIN_TYPE:
+			alive_count = calc_alive(pd, proxy_count);
+			curr_pos = offset = proxychains_proxy_offset;
+			if(alive_count < max_chain)
+				goto error_more;
+                        PDEBUG("1:rr_offset = %d, curr_pos = %d\n", offset, curr_pos);
+			/* Check from current RR offset til end */
+			for (;rc != SUCCESS;) {
+				if (!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) {
+					/* We've reached the end of the list, go to the start */
+ 					offset = 0;
+					looped++;
+					continue;
+				} else if (looped && rc > 0 && offset >= curr_pos) {
+ 					PDEBUG("GOTO MORE PROXIES 0\n");
+					/* We've gone back to the start and now past our starting position */
+					proxychains_proxy_offset = 0;
+ 					goto error_more;
+ 				}
+ 				PDEBUG("2:rr_offset = %d\n", offset);
+ 				rc=start_chain(&ns, p1, RRT);
+			}
+			/* Create rest of chain using RR */
+			for(curr_len = 1; curr_len < max_chain;) {
+				PDEBUG("3:rr_offset = %d, curr_len = %d, max_chain = %d\n", offset, curr_len, max_chain);
+				p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
+				if(!p2) {
+					/* Try from the beginning to where we started */
+					offset = 0;
+					continue;
+				} else if(SUCCESS != chain_step(ns, p1, p2)) {
+					PDEBUG("GOTO AGAIN 1\n");
+					goto again;
+				} else
+					p1 = p2;
+				curr_len++;
+			}
+			//proxychains_write_log(TP);
+			p3->ip = target_ip;
+			p3->port = target_port;
+			proxychains_proxy_offset = offset+1;
+			PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len);
+			if(SUCCESS != chain_step(ns, p1, p3))
+				goto error;
+			break;
+
 		case STRICT_TYPE:
 			alive_count = calc_alive(pd, proxy_count);
 			offset = 0;
@@ -736,21 +719,21 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 	return -1;
 }
 
-static const ip_type local_host = { {127, 0, 0, 1} };
+void core_initialize(void) {
+}
+
+void core_unload(void) {
+}
 
 static void gethostbyname_data_setstring(struct gethostbyname_data* data, char* name) {
 	snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
 	data->hostent_space.h_name = data->addr_name;
 }
 
+extern ip_type hostsreader_get_numeric_ip_for_name(const char* name);
 struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) {
+	PFUNC();
 	char buff[256];
-	uint32_t i, hash;
-	// yep, new_mem never gets freed. once you passed a fake ip to the client, you can't "retreat" it
-	void *new_mem;
-	size_t l;
-
-	struct hostent *hp;
 
 	data->resolved_addr_p[0] = (char *) &data->resolved_addr;
 	data->resolved_addr_p[1] = NULL;
@@ -768,82 +751,27 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
 	if(!strcmp(buff, name)) {
 		data->resolved_addr = inet_addr(buff);
 		if(data->resolved_addr == (in_addr_t) (-1))
-			data->resolved_addr = (in_addr_t) (local_host.as_int);
+			data->resolved_addr = (in_addr_t) (ip_type_localhost.as_int);
 		goto retname;
 	}
 
-	memset(buff, 0, sizeof(buff));
-
 	// this iterates over the "known hosts" db, usually /etc/hosts
-	MUTEX_LOCK(&hostdb_lock);
-	while((hp = gethostent()))
-		if(!strcmp(hp->h_name, name) && hp->h_addrtype == AF_INET && hp->h_length == sizeof(in_addr_t)) {
-			data->resolved_addr = *((in_addr_t*)(hp->h_addr_list[0]));
-			MUTEX_UNLOCK(&hostdb_lock);
-			goto retname;
-		}
-	MUTEX_UNLOCK(&hostdb_lock);
-
-	hash = dalias_hash((char *) name);
-
-	MUTEX_LOCK(&internal_ips_lock);
-
-	// see if we already have this dns entry saved.
-	if(internal_ips.counter) {
-		for(i = 0; i < internal_ips.counter; i++) {
-			if(internal_ips.list[i]->hash == hash && !strcmp(name, internal_ips.list[i]->string)) {
-				data->resolved_addr = make_internal_ip(i);
-				PDEBUG("got cached ip for %s\n", name);
-				goto have_ip;
-			}
-		}
+	ip_type hdb_res = hostsreader_get_numeric_ip_for_name(name);
+	if(hdb_res.as_int != ip_type_invalid.as_int) {
+		data->resolved_addr = hdb_res.as_int;
+		goto retname;
 	}
-	// grow list if needed.
-	if(internal_ips.capa < internal_ips.counter + 1) {
-		PDEBUG("realloc\n");
-		new_mem = realloc(internal_ips.list, (internal_ips.capa + 16) * sizeof(void *));
-		if(new_mem) {
-			internal_ips.capa += 16;
-			internal_ips.list = new_mem;
-		} else {
-	oom:
-			proxychains_write_log("out of mem\n");
-			goto err_plus_unlock;
-		}
-	}
-
-	data->resolved_addr = make_internal_ip(internal_ips.counter);
-	if(data->resolved_addr == (in_addr_t) - 1)
-		goto err_plus_unlock;
-
-	l = strlen(name);
-	new_mem = malloc(sizeof(string_hash_tuple) + l + 1);
-	if(!new_mem)
-		goto oom;
-
-	PDEBUG("creating new entry %d for ip of %s\n", (int) internal_ips.counter, name);
-
-	internal_ips.list[internal_ips.counter] = new_mem;
-	internal_ips.list[internal_ips.counter]->hash = hash;
-	internal_ips.list[internal_ips.counter]->string = (char *) new_mem + sizeof(string_hash_tuple);
-
-	memcpy(internal_ips.list[internal_ips.counter]->string, name, l + 1);
-
-	internal_ips.counter += 1;
-
-	have_ip:
-
-	MUTEX_UNLOCK(&internal_ips_lock);
 	
+	data->resolved_addr = at_get_ip_for_host((char*) name, strlen(name)).as_int;
+	if(data->resolved_addr == (in_addr_t) ip_type_invalid.as_int) return NULL;
+
 	retname:
 
 	gethostbyname_data_setstring(data, (char*) name);
 	
+	PDEBUG("return hostent space\n");
+	
 	return &data->hostent_space;
-
-	err_plus_unlock:
-	MUTEX_UNLOCK(&internal_ips_lock);
-	return NULL;
 }
 
 struct addrinfo_data {
@@ -853,13 +781,19 @@ struct addrinfo_data {
 };
 
 void proxy_freeaddrinfo(struct addrinfo *res) {
+	PFUNC();
 	free(res);
 }
 
-#ifdef IS_MAC
-/* getservbyname on mac is using thread local storage, so we dont need mutex */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
+#define getservbyname_r mygetservbyname_r
+#endif
+/* getservbyname on mac is using thread local storage, so we dont need mutex 
+   TODO: check if the same applies to OpenBSD */
 static int getservbyname_r(const char* name, const char* proto, struct servent* result_buf, 
 			   char* buf, size_t buflen, struct servent** result) {
+	PFUNC();
 	struct servent *res;
 	int ret;
 	(void) buf; (void) buflen;
@@ -885,12 +819,16 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 	struct addrinfo *p;
 	char buf[1024];
 	int port;
+	PFUNC();
 
 //      printf("proxy_getaddrinfo node %s service %s\n",node,service);
 	space = calloc(1, sizeof(struct addrinfo_data));
 	if(!space) goto err1;
-	
+
 	if(node && !inet_aton(node, &((struct sockaddr_in *) &space->sockaddr_space)->sin_addr)) {
+		/* some folks (nmap) use getaddrinfo() with AI_NUMERICHOST to check whether a string
+		   containing a numeric ip was passed. we must return failure in that case. */
+		if(hints && (hints->ai_flags & AI_NUMERICHOST)) return EAI_NONAME;
 		hp = proxy_gethostbyname(node, &ghdata);
 		if(hp)
 			memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr,
@@ -905,10 +843,10 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 
 	*res = p = &space->addrinfo_space;
 	assert((size_t)p == (size_t) space);
-	
+
 	p->ai_addr = &space->sockaddr_space;
 	if(node)
-		strncpy(space->addr_name, node, sizeof(space->addr_name));
+		snprintf(space->addr_name, sizeof(space->addr_name), "%s", node);
 	p->ai_canonname = space->addr_name;
 	p->ai_next = NULL;
 	p->ai_family = space->sockaddr_space.sa_family = AF_INET;
@@ -919,9 +857,12 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 		p->ai_flags = hints->ai_flags;
 		p->ai_protocol = hints->ai_protocol;
 	} else {
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
 		p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
 	}
-	
+
 	goto out;
 	err2:
 	free(space);

src/core.h

@@ -14,6 +14,7 @@
  *                                                                         *
  ***************************************************************************/
 
+#include <unistd.h>
 #include <stdint.h>
 #include <netinet/in.h>
 #include <sys/types.h>
@@ -25,35 +26,7 @@
 #define BUFF_SIZE 8*1024  // used to read responses from proxies.
 #define     MAX_LOCALNET 64
 
-typedef union {
-	unsigned char octet[4];
-	uint32_t as_int;
-} ip_type;
-
-typedef struct {
-	uint32_t hash;
-	char* string;
-} string_hash_tuple;
-
-typedef struct {
-	uint32_t counter;
-	uint32_t capa;
-	string_hash_tuple** list;
-} internal_ip_lookup_table;
-
-extern internal_ip_lookup_table internal_ips;
-#ifdef THREAD_SAFE
-#include <pthread.h>
-extern pthread_mutex_t internal_ips_lock;
-extern pthread_mutex_t hostdb_lock;
-# define MUTEX_LOCK(x) pthread_mutex_lock(x)
-# define MUTEX_UNLOCK(x) pthread_mutex_unlock(x)
-# define MUTEX_INIT(x,y) pthread_mutex_init(x, y)
-#else
-# define MUTEX_LOCK(x)
-# define MUTEX_UNLOCK(x)
-# define MUTEX_INIT(x,y)
-#endif
+#include "ip_type.h"
 
 /*error codes*/
 typedef enum {
@@ -74,8 +47,9 @@ typedef enum {
 typedef enum {
 	DYNAMIC_TYPE,
 	STRICT_TYPE,
-	RANDOM_TYPE}
-chain_type;
+	RANDOM_TYPE,
+	ROUND_ROBIN_TYPE
+} chain_type;
 
 typedef enum {
 	PLAY_STATE,
@@ -109,6 +83,7 @@ int connect_proxy_chain (int sock, ip_type target_ip, unsigned short target_port
 
 void proxychains_write_log(char *str, ...);
 
+typedef int (*close_t)(int);
 typedef int (*connect_t)(int, const struct sockaddr *, socklen_t);
 typedef struct hostent* (*gethostbyname_t)(const char *);
 typedef int (*freeaddrinfo_t)(struct addrinfo *);
@@ -120,6 +95,10 @@ typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *
 typedef int (*getnameinfo_t) (const struct sockaddr *, socklen_t, char *, 
 			      socklen_t, char *, socklen_t, int);
 
+typedef ssize_t (*sendto_t) (int sockfd, const void *buf, size_t len, int flags,
+			     const struct sockaddr *dest_addr, socklen_t addrlen);
+
+
 
 extern connect_t true_connect;
 extern gethostbyname_t true_gethostbyname;
@@ -141,16 +120,14 @@ int proxy_getaddrinfo(const char *node, const char *service,
 		      const struct addrinfo *hints, struct addrinfo **res);
 void proxy_freeaddrinfo(struct addrinfo *res);
 
-void pc_stringfromipv4(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes);
+void core_initialize(void);
+void core_unload(void);
 
-#ifdef DEBUG
-# define PDEBUG(fmt, args...) do { fprintf(stderr,"DEBUG:"fmt, ## args); fflush(stderr); } while(0)
-#else
-# define PDEBUG(fmt, args...) do {} while (0)
-#endif
+#include "debug.h"
 
 #endif
 
 //RcB: DEP "core.c"
 //RcB: DEP "libproxychains.c"
-//RcB: LINK "-Wl,--no-as-needed -ldl -lpthread"
+//RcB: LINK "-Wl,--no-as-needed -ldl -lpthread"
+

src/debug.c

@@ -0,0 +1,21 @@
+
+#ifdef DEBUG
+# include "core.h"
+# include "common.h"
+# include "debug.h"
+
+void DUMP_PROXY_CHAIN(proxy_data *pchain, unsigned int count) {
+	char ip_buf[16];
+	for (; count; pchain++, count--) {
+		pc_stringfromipv4(&pchain->ip.octet[0], ip_buf);
+		PDEBUG("[%s] %s %s:%d", proxy_state_strmap[pchain->ps],
+		       proxy_type_strmap[pchain->pt], 
+		       ip_buf, htons(pchain->port));
+		if (*pchain->user || *pchain->pass) {
+			PSTDERR(" [u=%s,p=%s]", pchain->user, pchain->pass);
+		}
+		PSTDERR("\n");
+	}
+}
+
+#endif

src/debug.h

@@ -0,0 +1,20 @@
+#ifndef DEBUG_H
+#define DEBUG_H
+
+#ifdef DEBUG
+# include <stdio.h>
+# define PSTDERR(fmt, args...) do { dprintf(2,fmt, ## args); } while(0)
+# define PDEBUG(fmt, args...) PSTDERR("DEBUG:"fmt, ## args)
+
+# include "core.h"
+void DUMP_PROXY_CHAIN(proxy_data *pchain, unsigned int count);
+
+#else
+# define PDEBUG(fmt, args...) do {} while (0)
+# define DUMP_PROXY_CHAIN(args...) do {} while (0)
+#endif
+
+# define PFUNC() do { PDEBUG("pid[%d]:%s\n", getpid(), __FUNCTION__); } while(0)
+
+#endif
+

src/hash.c

@@ -0,0 +1,12 @@
+#include "hash.h"
+
+/* dalias' version of the elf hash */
+uint32_t dalias_hash(char *s0) {
+	unsigned char *s = (void *) s0;
+	uint_fast32_t h = 0;
+	while(*s) {
+		h = 16 * h + *s++;
+		h ^= h >> 24 & 0xf0;
+	}
+	return h & 0xfffffff;
+}

src/hash.h

@@ -0,0 +1,10 @@
+#ifndef HASH_H
+#define HASH_H
+
+#include <stdint.h>
+
+uint32_t dalias_hash(char *s0);
+
+//RcB: DEP "hash.c"
+
+#endif

src/hostsreader.c

@@ -0,0 +1,121 @@
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+/*
+   simple reader for /etc/hosts
+   it only supports comments, blank lines and lines consisting of an ipv4 hostname pair.
+   this is required so we can return entries from the host db without messing up the
+   non-thread-safe state of libc's gethostent().
+
+*/
+
+struct hostsreader {
+	FILE *f;
+	char* ip, *name;
+};
+
+int hostsreader_open(struct hostsreader *ctx) {
+	if(!(ctx->f = fopen("/etc/hosts", "r"))) return 0;
+	return 1;
+}
+
+void hostsreader_close(struct hostsreader *ctx) {
+	fclose(ctx->f);
+}
+
+static int isnumericipv4(const char* ipstring);
+int hostsreader_get(struct hostsreader *ctx, char* buf, size_t bufsize) {
+	while(1) {
+		if(!fgets(buf, bufsize, ctx->f)) return 0;
+		if(*buf == '#') continue;
+		char *p = buf;
+		size_t l = bufsize;
+		ctx->ip = p;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p || p == ctx->ip) continue;
+		*p = 0;
+		p++;
+		while(*p && isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		ctx->name = buf;
+		while(*p && !isspace(*p) && l) {
+			p++;
+			l--;
+		}
+		if(!l || !*p) continue;
+		*p = 0;
+		if(isnumericipv4(ctx->ip)) return 1;
+	}
+}
+
+char* hostsreader_get_ip_for_name(const char* name, char* buf, size_t bufsize) {
+	struct hostsreader ctx;
+	char *res = 0;
+	if(!hostsreader_open(&ctx)) return 0;
+	while(hostsreader_get(&ctx, buf, bufsize)) {
+		if(!strcmp(ctx.name, name)) {
+			res = ctx.ip;
+			break;
+		}
+	}
+	hostsreader_close(&ctx);
+	return res;
+}
+
+#include "ip_type.h"
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+ip_type hostsreader_get_numeric_ip_for_name(const char* name) {
+	char *hres;
+	char buf[320];
+	if((hres = hostsreader_get_ip_for_name(name, buf, sizeof buf))) {
+		struct in_addr c;
+		inet_aton(hres, &c);
+		ip_type res;
+		memcpy(res.octet, &c.s_addr, 4);
+		return res;
+	} else return ip_type_invalid;
+}
+
+#ifdef HOSTSREADER_TEST
+int main() {
+	char buf[256];
+	char * ret = hostsreader_get_ip_for_name("goo", buf, sizeof buf);
+	printf("%s\n", ret ? ret : "null");
+}
+#endif
+
+/* isnumericipv4() taken from libulz */
+static int isnumericipv4(const char* ipstring) {
+	size_t x = 0, n = 0, d = 0;
+	int wasdot = 0;
+	while(1) {
+		switch(ipstring[x]) {
+			case 0: goto done;
+			case '.':
+				if(!n || wasdot) return 0;
+				d++;
+				wasdot = 1;
+				break;
+			case '0': case '1': case '2': case '3': case '4':
+			case '5': case '6': case '7': case '8': case '9':
+				n++;
+				wasdot = 0;
+				break;
+			default:
+				return 0;
+		}
+		x++;
+	}
+	done:
+	if(d == 3 && n >= 4 && n <= 12) return 1;
+	return 0;
+}

src/ip_type.c

@@ -0,0 +1,5 @@
+#include "ip_type.h"
+
+const ip_type ip_type_invalid = { .as_int = -1 };
+const ip_type ip_type_localhost = { {127, 0, 0, 1} };
+

src/ip_type.h

@@ -0,0 +1,15 @@
+#ifndef IP_TYPE_H
+#define IP_TYPE_H
+
+#include <stdint.h>
+
+typedef union {
+	unsigned char octet[4];
+	uint32_t as_int;
+} ip_type;
+
+extern const ip_type ip_type_invalid;
+extern const ip_type ip_type_localhost;
+
+//RcB: DEP "ip_type.c"
+#endif

src/libproxychains.c

@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
+#include <assert.h>
 #include <netdb.h>
 
 #include <netinet/in.h>
@@ -31,6 +32,7 @@
 #include <sys/socket.h>
 #include <fcntl.h>
 #include <dlfcn.h>
+#include <pthread.h>
 
 
 #include "core.h"
@@ -43,18 +45,21 @@
 #define     SOCKFAMILY(x)     (satosin(x)->sin_family)
 #define     MAX_CHAIN 512
 
+close_t true_close;
 connect_t true_connect;
 gethostbyname_t true_gethostbyname;
 getaddrinfo_t true_getaddrinfo;
 freeaddrinfo_t true_freeaddrinfo;
 getnameinfo_t true_getnameinfo;
 gethostbyaddr_t true_gethostbyaddr;
+sendto_t true_sendto;
 
 int tcp_read_time_out;
 int tcp_connect_time_out;
 chain_type proxychains_ct;
 proxy_data proxychains_pd[MAX_CHAIN];
 unsigned int proxychains_proxy_count = 0;
+unsigned int proxychains_proxy_offset = 0;
 int proxychains_got_chain_data = 0;
 unsigned int proxychains_max_chain = 1;
 int proxychains_quiet_mode = 0;
@@ -63,9 +68,8 @@ localaddr_arg localnet_addr[MAX_LOCALNET];
 size_t num_localnet_addr = 0;
 unsigned int remote_dns_subnet = 224;
 
-#ifdef THREAD_SAFE
 pthread_once_t init_once = PTHREAD_ONCE_INIT;
-#endif
+
 static int init_l = 0;
 
 static inline void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_type * ct);
@@ -73,7 +77,7 @@ static inline void get_chain_data(proxy_data * pd, unsigned int *proxy_count, ch
 static void* load_sym(char* symname, void* proxyfunc) {
 
 	void *funcptr = dlsym(RTLD_NEXT, symname);
-	
+
 	if(!funcptr) {
 		fprintf(stderr, "Cannot load symbol '%s' %s\n", symname, dlerror());
 		exit(1);
@@ -91,36 +95,53 @@ static void* load_sym(char* symname, void* proxyfunc) {
 
 #define SETUP_SYM(X) do { true_ ## X = load_sym( # X, X ); } while(0)
 
+#include "shm.h"
+#include "allocator_thread.h"
+#include "stringdump.h"
+
+const char *proxychains_get_version(void);
+
 static void do_init(void) {
-	MUTEX_INIT(&internal_ips_lock, NULL);
-	MUTEX_INIT(&hostdb_lock, NULL);
+	srand(time(NULL));
+	dumpstring_init(); // global string garbage can
+	core_initialize();
+	at_init();
+
 	/* read the config file */
 	get_chain_data(proxychains_pd, &proxychains_proxy_count, &proxychains_ct);
+	DUMP_PROXY_CHAIN(proxychains_pd, proxychains_proxy_count);
+
+	proxychains_write_log(LOG_PREFIX "DLL init: proxychains-ng %s\n", proxychains_get_version());
 
-	proxychains_write_log(LOG_PREFIX "DLL init\n");
-	
 	SETUP_SYM(connect);
+	SETUP_SYM(sendto);
 	SETUP_SYM(gethostbyname);
 	SETUP_SYM(getaddrinfo);
 	SETUP_SYM(freeaddrinfo);
 	SETUP_SYM(gethostbyaddr);
 	SETUP_SYM(getnameinfo);
-	
+	SETUP_SYM(close);
+
 	init_l = 1;
 }
 
+#if 0
+/* FIXME this is currently unused.
+ * it is not strictly needed.
+ * maybe let it be called by a gcc destructor, if that doesnt
+ * have negative consequences (e.g. when a child calles exit) */
+static void unload(void) {
+	at_close();
+	core_unload();
+}
+#endif
+
 static void init_lib_wrapper(const char* caller) {
 #ifndef DEBUG
 	(void) caller;
 #endif
-#ifndef THREAD_SAFE
-	if(init_l) return;
-	PDEBUG("%s called from %s\n", __FUNCTION__,  caller);
-	do_init();
-#else
 	if(!init_l) PDEBUG("%s called from %s\n", __FUNCTION__,  caller);
 	pthread_once(&init_once, do_init);
-#endif
 }
 
 /* if we use gcc >= 3, we can instruct the dynamic loader 
@@ -151,9 +172,13 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 	tcp_read_time_out = 4 * 1000;
 	tcp_connect_time_out = 10 * 1000;
 	*ct = DYNAMIC_TYPE;
-	
+
 	env = get_config_path(getenv(PROXYCHAINS_CONF_FILE_ENV_VAR), buff, sizeof(buff));
-	file = fopen(env, "r");
+	if( ( file = fopen(env, "r") ) == NULL )
+	{
+	        perror("couldnt read configuration file");
+        	exit(1);
+	}
 
 	env = getenv(PROXYCHAINS_QUIET_MODE_ENV_VAR);
 	if(env && *env == '1')
@@ -165,15 +190,25 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 			if(list) {
 				if(count >= MAX_CHAIN)
 					break;
-				
+
 				memset(&pd[count], 0, sizeof(proxy_data));
 
 				pd[count].ps = PLAY_STATE;
 				port_n = 0;
 
-				sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				int ret = sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
+				if(ret < 3 || ret == EOF) {
+					inv:
+					fprintf(stderr, "error: invalid item in proxylist section: %s", buff);
+					exit(1);
+				}
 
-				pd[count].ip.as_int = (uint32_t) inet_addr(host);
+				in_addr_t host_ip = inet_addr(host);
+				if(host_ip == INADDR_NONE) {
+					fprintf(stderr, "proxy %s has invalid value or is not numeric\n", host);
+					exit(1);
+				}
+				pd[count].ip.as_int = (uint32_t) host_ip;
 				pd[count].port = htons((unsigned short) port_n);
 
 				if(!strcmp(type, "http")) {
@@ -183,7 +218,7 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 				} else if(!strcmp(type, "socks5")) {
 					pd[count].pt = SOCKS5_TYPE;
 				} else
-					continue;
+					goto inv;
 
 				if(pd[count].ip.as_int && port_n && pd[count].ip.as_int != (uint32_t) - 1)
 					count++;
@@ -196,6 +231,8 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 					*ct = STRICT_TYPE;
 				} else if(strstr(buff, "dynamic_chain")) {
 					*ct = DYNAMIC_TYPE;
+				} else if(strstr(buff, "round_robin_chain")) {
+					*ct = ROUND_ROBIN_TYPE;
 				} else if(strstr(buff, "tcp_read_time_out")) {
 					sscanf(buff, "%s %d", user, &tcp_read_time_out);
 				} else if(strstr(buff, "tcp_connect_time_out")) {
@@ -263,13 +300,29 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 		}
 	}
 	fclose(file);
+	if(!count) {
+		fprintf(stderr, "error: no valid proxy found in config\n");
+		exit(1);
+	}
 	*proxy_count = count;
 	proxychains_got_chain_data = 1;
 }
 
 /*******  HOOK FUNCTIONS  *******/
 
+int close(int fd) {
+	INIT();
+	/* prevent rude programs (like ssh) from closing our pipes */
+	if(fd != req_pipefd[0]  && fd != req_pipefd[1] &&
+	   fd != resp_pipefd[0] && fd != resp_pipefd[1]) {
+		return true_close(fd);
+	}
+	errno = EBADF;
+	return -1;
+}
+
 int connect(int sock, const struct sockaddr *addr, unsigned int len) {
+	PFUNC();
 	int socktype = 0, flags = 0, ret = 0;
 	socklen_t optlen = 0;
 	ip_type dest_ip;
@@ -345,7 +398,7 @@ int getaddrinfo(const char *node, const char *service, const struct addrinfo *hi
 
 	INIT();
 
-	PDEBUG("getaddrinfo: %s %s\n", node, service);
+	PDEBUG("getaddrinfo: %s %s\n", node ? node : "null", service ? service : "null");
 
 	if(proxychains_resolver)
 		ret = proxy_getaddrinfo(node, service, hints, res);
@@ -367,32 +420,31 @@ void freeaddrinfo(struct addrinfo *res) {
 	return;
 }
 
-// work around a buggy prototype in GLIBC. according to the bugtracker it has been fixed in git at 02 May 2011.
-// 2.14 came out in June 2011 so that should be the first fixed version
-#if defined(__GLIBC__) && (__GLIBC__ < 3) && (__GLIBC_MINOR__ < 14)
-int getnameinfo(const struct sockaddr *sa,
-		socklen_t salen, char *host, socklen_t hostlen, char *serv, socklen_t servlen, unsigned int flags)
-#else
-int getnameinfo(const struct sockaddr *sa,
-		socklen_t salen, char *host, socklen_t hostlen, char *serv, socklen_t servlen, int flags)
-#endif
+int pc_getnameinfo(const struct sockaddr *sa, socklen_t salen,
+	           char *host, socklen_t hostlen, char *serv,
+	           socklen_t servlen, int flags)
 {
 	char ip_buf[16];
 	int ret = 0;
 
 	INIT();
-	
-	PDEBUG("getnameinfo: %s %s\n", host, serv);
+
+	PFUNC();
 
 	if(!proxychains_resolver) {
 		ret = true_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
 	} else {
+		if(salen < sizeof(struct sockaddr_in) || SOCKFAMILY(*sa) != AF_INET)
+			return EAI_FAMILY;
 		if(hostlen) {
 			pc_stringfromipv4((unsigned char*) &(SOCKADDR_2(*sa)), ip_buf);
-			strncpy(host, ip_buf, hostlen);
+			if(snprintf(host, hostlen, "%s", ip_buf) >= hostlen)
+				return EAI_OVERFLOW;
+		}
+		if(servlen) {
+			if(snprintf(serv, servlen, "%d", ntohs(SOCKPORT(*sa))) >= servlen)
+				return EAI_OVERFLOW;
 		}
-		if(servlen)
-			snprintf(serv, servlen, "%d", ntohs(SOCKPORT(*sa)));
 	}
 	return ret;
 }
@@ -429,3 +481,20 @@ struct hostent *gethostbyaddr(const void *addr, socklen_t len, int type) {
 	}
 	return NULL;
 }
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
+	       const struct sockaddr *dest_addr, socklen_t addrlen) {
+	if (flags & MSG_FASTOPEN) {
+		if (!connect(sockfd, dest_addr, addrlen) && errno != EINPROGRESS) {
+			return -1;
+		}
+		dest_addr = NULL;
+		addrlen = 0;
+		flags &= ~MSG_FASTOPEN;
+	}
+	return true_sendto(sockfd, buf, len, flags, dest_addr, addrlen);
+}

src/main.c

@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME;
 
 static char own_dir[256];
 static const char *dll_dirs[] = {
+#ifndef SUPER_SECURE /* CVE-2015-3887 */
 	".",
+#endif
 	own_dir,
 	LIB_DIR,
 	"/lib",
@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) {
 	while(l && argv0[l - 1] != '/')
 		l--;
 	if(l == 0)
+#ifdef SUPER_SECURE
+		memcpy(own_dir, "/dev/null/", 11);
+#else
 		memcpy(own_dir, ".", 2);
+#endif
 	else {
 		memcpy(own_dir, argv0, l - 1);
 		own_dir[l] = 0;
@@ -89,7 +95,7 @@ int main(int argc, char *argv[]) {
 
 	/* check if path of config file has not been passed via command line */
 	path = get_config_path(path, pbuf, sizeof(pbuf));
-	
+
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "config file found: %s\n", path);
 
@@ -103,7 +109,7 @@ int main(int argc, char *argv[]) {
 	// search DLL
 
 	set_own_dir(argv[0]);
-	
+
 	i = 0;
 
 	while(dll_dirs[i]) {
@@ -122,14 +128,24 @@ int main(int argc, char *argv[]) {
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name);
 
-#ifndef IS_MAC
-	snprintf(buf, sizeof(buf), "LD_PRELOAD=%s/%s", prefix, dll_name);
-	putenv(buf);
-#else
-	snprintf(buf, sizeof(buf), "DYLD_INSERT_LIBRARIES=%s/%s", prefix, dll_name);
-	putenv(buf);
+#ifdef IS_MAC
 	putenv("DYLD_FORCE_FLAT_NAMESPACE=1");
+#define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES"
+#define LD_PRELOAD_SEP ":"
+#else
+#define LD_PRELOAD_ENV "LD_PRELOAD"
+/* all historic implementations of BSD and linux dynlinkers seem to support
+   space as LD_PRELOAD separator, with colon added only recently.
+   we use the old syntax for maximum compat */
+#define LD_PRELOAD_SEP " "
 #endif
+	char *old_val = getenv(LD_PRELOAD_ENV);
+	snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s",
+	         prefix, dll_name,
+	         /* append previous LD_PRELOAD content, if existent */
+	         old_val ? LD_PRELOAD_SEP : "",
+	         old_val ? old_val : "");
+	putenv(buf);
 	execvp(argv[start_argv], &argv[start_argv]);
 	perror("proxychains can't load process....");
 

src/mutex.h

@@ -0,0 +1,10 @@
+#ifndef MUTEX_H
+#define MUTEX_H
+
+#include <pthread.h>
+# define MUTEX_LOCK(x) pthread_mutex_lock(x)
+# define MUTEX_UNLOCK(x) pthread_mutex_unlock(x)
+# define MUTEX_INIT(x) pthread_mutex_init(x, NULL)
+# define MUTEX_DESTROY(x) pthread_mutex_destroy(x)
+
+#endif

src/nameinfo.c

@@ -0,0 +1,13 @@
+#include <sys/socket.h>
+
+extern int pc_getnameinfo(const void *sa, socklen_t salen, 
+                   char *host, socklen_t hostlen, char *serv, 
+                   socklen_t servlen, int flags);
+
+
+int getnameinfo(const void *sa, socklen_t salen, 
+                   char *host, socklen_t hostlen, char *serv, 
+                   socklen_t servlen, int flags) {
+	return pc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
+}
+

src/proxychains

@@ -1,26 +0,0 @@
-#!/bin/sh
-echo "ProxyChains-3.1 (http://proxychains.sf.net)"
-
-usage() {
-
-	echo "	usage:"
-	echo "		$0 [h] [f config-file] <prog> [args]"
-	exit
-}
-
-if [ $# = 0 ] ; then
-	usage
-fi
-
-if [ $1 = "-h" ]; then
-	usage
-fi
-
-if [ "$1" = "-f" ]; then
-	export PROXYCHAINS_CONF_FILE=$2;
-	shift;
-	shift;
-fi
-
-export LD_PRELOAD=libproxychains.so.3
-exec "$@"

src/proxychains.conf

@@ -22,13 +22,27 @@ strict_chain
 # all proxies must be online to play in chain
 # otherwise EINTR is returned to the app
 #
+#round_robin_chain
+#
+# Round Robin - Each connection will be done via chained proxies
+# of chain_len length
+# all proxies chained in the order as they appear in the list
+# at least one proxy must be online to play in chain
+# (dead proxies are skipped).
+# the start of the current proxy chain is the proxy after the last
+# proxy in the previously invoked proxy chain.
+# if the end of the proxy chain is reached while looking for proxies
+# start at the beginning again.
+# otherwise EINTR is returned to the app
+# These semantics are not guaranteed in a multithreaded environment.
+#
 #random_chain
 #
 # Random - Each connection will be done via random proxy
 # (or proxy chain, see  chain_len) from the list.
 # this option is good to test your IDS :)
 
-# Make sense only if random_chain
+# Make sense only if random_chain or round_robin_chain
 #chain_len = 2
 
 # Quiet mode (no output from library)
@@ -77,9 +91,11 @@ tcp_connect_time_out 8000
 # localnet 192.168.0.0/255.255.0.0
 
 # ProxyList format
-#       type  host  port [user pass]
+#       type  ip  port [user pass]
 #       (values separated by 'tab' or 'blank')
 #
+#       only numeric ipv4 addresses are valid
+#
 #
 #        Examples:
 #

src/proxyresolv

@@ -1,8 +1,10 @@
 #!/bin/sh
-# This script is called by proxychains to resolve DNS names
+# This is a legacy script that uses "dig" to do DNS lookups via TCP.
+# it is not actively maintained since proxychains no longer depends
+# on it. i leave it here as a bonus.
 
 # DNS server used to resolve names
-DNS_SERVER=4.2.2.2
+DNS_SERVER=8.8.8.8
 
 
 if [ $# = 0 ] ; then
@@ -12,5 +14,5 @@ if [ $# = 0 ] ; then
 fi
 
 
-export LD_PRELOAD=libproxychains.so
-dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'
+export LD_PRELOAD=libproxychains4.so
+dig $1 @$DNS_SERVER +tcp | awk '/A.?[0-9]+\.[0-9]+\.[0-9]/{print $5;}'

src/shm.c

@@ -0,0 +1,53 @@
+#include <assert.h>
+#include <string.h>
+#include <limits.h>
+#include <string.h>
+#include <stdlib.h>
+#ifndef PAGE_SIZE
+#define PAGE_SIZE 4096
+#endif
+#include "shm.h"
+#include "debug.h"
+
+#if 0
+#include <sys/mman.h>
+#include <sys/ipc.h>
+#include <sys/shm.h>
+
+/* allocates shared memory which can be accessed from the parent and its childs */
+void *shm_realloc(void* old, size_t old_size, size_t new_size) {
+	//PFUNC();
+	void *nu = mmap(NULL, new_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
+	if(old) {
+		if(!nu) return NULL;
+		assert(new_size >= old_size);
+		memcpy(nu, old, old_size);
+		munmap(old, old_size);
+	}
+	return nu;
+}
+#endif
+
+void stringpool_init(struct stringpool* sp) {
+	PFUNC();
+	memset(sp, 0, sizeof *sp);
+}
+
+char* stringpool_add(struct stringpool *sp, char* s, size_t len) {
+	//PFUNC();
+	if(len > sp->alloced - sp->used) {
+		size_t newsz = sp->used + len;
+		size_t inc = PAGE_SIZE - (newsz % PAGE_SIZE);
+		newsz += (inc == PAGE_SIZE) ? 0 : inc;
+		void* p = realloc(sp->start, newsz);
+		if(p) {
+			sp->start = p;
+			sp->alloced = newsz;
+		} else 
+			return 0;
+	}
+	char* ret = sp->start + sp->used;
+	memcpy(ret, s, len);
+	sp->used += len;
+	return ret;
+}

src/shm.h

@@ -0,0 +1,17 @@
+#ifndef SHM_H
+#define SHM_H
+#include <unistd.h>
+
+struct stringpool {
+	size_t alloced;
+	size_t used;
+	char* start;
+};
+
+void stringpool_init(struct stringpool* sp);
+char* stringpool_add(struct stringpool *sp, char* s, size_t len);
+#if 0
+void *shm_realloc(void* old, size_t old_size, size_t new_size);
+#endif
+//RcB: DEP "shm.c"
+#endif

src/stringdump.c

@@ -0,0 +1,13 @@
+#include "stringdump.h"
+#include "debug.h"
+
+struct stringpool mem;
+
+char *dumpstring(char* s, size_t len) {
+	PFUNC();
+	return stringpool_add(&mem, s, len);
+}
+
+void dumpstring_init(void) {
+	stringpool_init(&mem);
+}

src/stringdump.h

@@ -0,0 +1,12 @@
+#ifndef STRINGDUMP_H
+#define STRINGDUMP_H
+
+#include "shm.h"
+#include <unistd.h>
+
+char *dumpstring(char* s, size_t len);
+void dumpstring_init(void);
+
+//RcB: DEP "stringdump.h"
+
+#endif

src/version.c

@@ -0,0 +1,6 @@
+#include "version.h"
+static const char version[] = VERSION;
+const char *proxychains_get_version(void) {
+	return version;
+}
+

tests/test_gethostent.c

@@ -1,6 +1,6 @@
 #include <netdb.h>
 #include <stdio.h>
-#include "../src/core.h"
+#include "../src/common.h"
 
 void printhostent(struct hostent *hp) {
 	char ipbuf[16];

tests/test_gethostent_r.c

@@ -0,0 +1,61 @@
+#include <netdb.h>
+#include <stdio.h>
+#include <errno.h>
+#include "../src/common.h"
+
+/*
+int gethostent_r( 
+        struct hostent *ret, char *buf, size_t buflen,
+        struct hostent **result, int *h_errnop);
+
+Glibc2 also has reentrant versions gethostent_r(), gethostbyaddr_r(),
+gethostbyname_r() and gethostbyname2_r(). 
+
+The caller supplies a hostent structure ret which will be filled in on success, 
+and a temporary work buffer buf of size buflen. 
+After the call, result will point to the result on success. 
+In case of an error or if no entry is found result will be NULL. 
+The functions return 0 on success and a nonzero error number on failure. 
+In addition to the errors returned by the nonreentrant versions of these functions, 
+if buf is too small, the functions will return ERANGE, and the call should be retried 
+with a larger buffer. 
+The global variable h_errno is not modified, but the address of a variable in which 
+to store error numbers is passed in h_errnop.
+*/
+
+void printhostent(struct hostent *hp) {
+	char ipbuf[16];
+	pc_stringfromipv4(hp->h_addr_list[0], ipbuf);
+	printf("alias: %p, len: %d, name: %s, addrlist: %p, addrtype: %d, ip: %s\n", 
+		hp->h_aliases, 
+		hp->h_length,
+		hp->h_name,
+		hp->h_addr_list,
+		hp->h_addrtype,
+		ipbuf
+	);
+}
+
+int main(int argc, char** argv) {
+	struct hostent he_buf;
+	struct hostent *he_res;
+	char h_buf[1024];
+	int ch_errno;
+	int ret;
+	do {
+		ret = gethostent_r(&he_buf, h_buf, sizeof(h_buf), &he_res, &ch_errno);
+		printf("ret: %d, h_errno: %d\n", ret, ch_errno);
+		if(ret != 0) {
+			errno = ret;
+			ret = -1;
+		}
+		if(ret == -1) {
+			perror("gethostent_r");
+			break;
+		}
+		if(he_res) {
+			printhostent(he_res);
+		}
+	} while (he_res);
+	return 0;
+}

tests/test_getnameinfo.c

@@ -0,0 +1,83 @@
+#include <netdb.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#define     satosin(x)      ((struct sockaddr_in *) &(x))
+#define     SOCKADDR(x)     (satosin(x)->sin_addr.s_addr)
+#define     SOCKADDR_2(x)     (satosin(x)->sin_addr)
+#define     SOCKPORT(x)     (satosin(x)->sin_port)
+#define     SOCKFAMILY(x)     (satosin(x)->sin_family)
+
+int main() {
+	struct sockaddr a = {0}, *sa = &a;
+	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
+	SOCKPORT(a) = htons(80);
+	memcpy(  &( (struct sockaddr_in*) sa ) ->sin_addr   , (char[]) {127,0,0,1}, 4);
+
+	int ret;
+
+	if ((ret = getnameinfo(sa, 0, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_FAMILY);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_FAMILY);
+
+	SOCKFAMILY(a) = AF_INET;
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 1, sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_OVERFLOW);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 0, sbuf,
+	    1, NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == EAI_OVERFLOW);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, 0, sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof hbuf, sbuf,
+	    0, NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+
+	if ((ret = getnameinfo(sa, sizeof a, hbuf, sizeof(hbuf), sbuf,
+	    sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) == 0)
+		printf("host=%s, serv=%s\n", hbuf, sbuf);
+	else
+		printf("%s\n", gai_strerror(ret));
+
+	assert(ret == 0);
+
+		
+	return 0;
+}

tests/test_proxy_gethostbyname.c

@@ -1,4 +1,5 @@
 #include "../src/core.h"
+#include "../src/common.h"
 #include <stdio.h>
 
 void printhostent(struct hostent *hp) {

tests/test_sendto.c

@@ -0,0 +1,66 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+#ifndef MSG_FASTOPEN
+#   define MSG_FASTOPEN 0x20000000
+#endif
+
+void error(const char *msg)
+{
+	perror(msg);
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	if (argc < 4) {
+		printf("Usage: %s host port method(connect or sendto)\n", argv[0]);
+		return 1;
+	}
+	const char *hostname = argv[1];
+	const int portno = atoi(argv[2]);
+	const char *method = argv[3];
+	char request[BUFSIZ];
+	sprintf(request, "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", hostname);
+	int sockfd, n;
+	struct sockaddr_in serv_addr;
+	struct hostent *server;
+
+	char buffer[BUFSIZ];
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	if (sockfd < 0) error("ERROR opening socket");
+	server = gethostbyname(hostname);
+	if (server == NULL) {
+		fprintf(stderr, "%s: no such host\n", hostname);
+		return 1;
+	}
+	memset(&serv_addr, 0, sizeof(serv_addr));
+	serv_addr.sin_family = AF_INET;
+	memcpy(&serv_addr.sin_addr.s_addr, server->h_addr, server->h_length);
+	serv_addr.sin_port = htons(portno);
+	if (!strcmp(method, "connect")) {
+	  if (connect(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
+		  error("connect");
+	  n = send(sockfd, request, strlen(request), 0);
+	} else if (!strcmp(method, "sendto")) {
+	  n = sendto(sockfd, request, strlen(request), MSG_FASTOPEN, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
+	} else {
+	  printf("Unknown method %s\n", method);
+	  return 1;
+	}
+	if (n < 0)
+		 error("send");
+	memset(buffer, 0, BUFSIZ);
+	n = read(sockfd, buffer, BUFSIZ - 1);
+	if (n < 0)
+		 error("ERROR reading from socket");
+	printf("%s\n", buffer);
+	close(sockfd);
+	return 0;
+}

tests/test_shm.c

@@ -0,0 +1,39 @@
+#include "../src/shm.h"
+#include <assert.h>
+
+#define s(A) (sizeof(A) - 1)
+#define ss(A) (A), s(A)
+
+int main() {
+	char buf4096[4096];
+	struct stringpool sp;
+	stringpool_init(&sp);
+	char *r;
+	size_t pos = 0;
+	r = stringpool_add(&sp, ss("AAAAA"));
+	assert(r == sp.start);
+	
+	pos += s("AAAAA");
+	assert(sp.alloced == 4096);
+	assert(sp.used == pos);
+	
+	r = stringpool_add(&sp, buf4096, sizeof(buf4096));
+	assert(r == sp.start + pos);
+	
+	pos += sizeof(buf4096);
+	assert(sp.alloced == 4096 * 2);
+	assert(sp.used == pos);
+	
+	r = stringpool_add(&sp, buf4096, 4096 - s("AAAAA"));
+	assert(r == sp.start + pos);
+	pos += 4096 - s("AAAAA");
+	assert(pos == 4096 * 2);
+
+	assert(sp.alloced == 4096 * 2);
+	assert(sp.used == pos);
+	
+	
+	
+	return 0;
+	
+}

tools/install.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# This is an actually-safe install command which installs the new
+# file atomically in the new location, rather than overwriting
+# existing files.
+#
+
+usage() {
+printf "usage: %s [-D] [-l] [-m mode] src dest\n" "$0" 1>&2
+exit 1
+}
+
+mkdirp=
+symlink=
+mode=755
+
+while getopts Dlm: name ; do
+case "$name" in
+D) mkdirp=yes ;;
+l) symlink=yes ;;
+m) mode=$OPTARG ;;
+?) usage ;;
+esac
+done
+shift $(($OPTIND - 1))
+
+test "$#" -eq 2 || usage
+src=$1
+dst=$2
+tmp="$dst.tmp.$$"
+
+case "$dst" in
+*/) printf "%s: %s ends in /\n", "$0" "$dst" 1>&2 ; exit 1 ;;
+esac
+
+set -C
+set -e
+
+if test "$mkdirp" ; then
+umask 022
+case "$2" in
+*/*) mkdir -p "${dst%/*}" ;;
+esac
+fi
+
+trap 'rm -f "$tmp"' EXIT INT QUIT TERM HUP
+
+umask 077
+
+if test "$symlink" ; then
+ln -s "$1" "$tmp"
+else
+cat < "$1" > "$tmp"
+chmod "$mode" "$tmp"
+fi
+
+mv -f "$tmp" "$2"
+test -d "$2" && {
+rm -f "$2/$tmp"
+printf "%s: %s is a directory\n" "$0" "$dst" 1>&2
+exit 1
+}
+
+exit 0

tools/version.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if test -d .git ; then
+if type git >/dev/null 2>&1 ; then
+git describe --tags --match 'v[0-9]*' 2>/dev/null \
+| sed -e 's/^v//' -e 's/-/-git-/'
+else
+sed 's/$/-git/' < VERSION
+fi
+else
+cat VERSION
+fi