/*************************************************************************** core.c - description ------------------- begin : Tue May 14 2002 copyright : netcreature (C) 2002 email : netcreature@users.sourceforge.net *************************************************************************** * GPL * *************************************************************************** * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * ***************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "core.h" #include "common.h" #include "rdns.h" #include "mutex.h" extern int tcp_read_time_out; extern int tcp_connect_time_out; extern int proxychains_quiet_mode; extern unsigned int proxychains_proxy_offset; extern unsigned int remote_dns_subnet; static int poll_retry(struct pollfd *fds, nfds_t nfsd, int timeout) { int ret; int time_remain = timeout; int time_elapsed = 0; struct timeval start_time; struct timeval tv; gettimeofday(&start_time, NULL); do { //printf("Retry %d\n", time_remain); ret = poll(fds, nfsd, time_remain); gettimeofday(&tv, NULL); time_elapsed = ((tv.tv_sec - start_time.tv_sec) * 1000 + (tv.tv_usec - start_time.tv_usec) / 1000); //printf("Time elapsed %d\n", time_elapsed); time_remain = timeout - time_elapsed; } while(ret == -1 && errno == EINTR && time_remain > 0); //if (ret == -1) //printf("Return %d %d %s\n", ret, errno, strerror(errno)); return ret; } static void encode_base_64(char *src, char *dest, int max_len) { static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; int n, l, i; l = strlen(src); max_len = (max_len - 1) / 4; for(i = 0; i < max_len; i++, src += 3, l -= 3) { switch (l) { case 0: break; case 1: n = src[0] << 16; *dest++ = base64[(n >> 18) & 077]; *dest++ = base64[(n >> 12) & 077]; *dest++ = '='; *dest++ = '='; break; case 2: n = src[0] << 16 | src[1] << 8; *dest++ = base64[(n >> 18) & 077]; *dest++ = base64[(n >> 12) & 077]; *dest++ = base64[(n >> 6) & 077]; *dest++ = '='; break; default: n = src[0] << 16 | src[1] << 8 | src[2]; *dest++ = base64[(n >> 18) & 077]; *dest++ = base64[(n >> 12) & 077]; *dest++ = base64[(n >> 6) & 077]; *dest++ = base64[n & 077]; } if(l < 3) break; } *dest++ = 0; } void proxychains_write_log(char *str, ...) { char buff[1024*4]; va_list arglist; if(!proxychains_quiet_mode) { va_start(arglist, str); vsnprintf(buff, sizeof(buff), str, arglist); va_end(arglist); fprintf(stderr, "%s", buff); fflush(stderr); } } static int write_n_bytes(int fd, char *buff, size_t size) { int i = 0; size_t wrote = 0; for(;;) { i = write(fd, &buff[wrote], size - wrote); if(i <= 0) return i; wrote += i; if(wrote == size) return wrote; } } static int read_n_bytes(int fd, char *buff, size_t size) { int ready; size_t i; struct pollfd pfd[1]; pfd[0].fd = fd; pfd[0].events = POLLIN; for(i = 0; i < size; i++) { pfd[0].revents = 0; ready = poll_retry(pfd, 1, tcp_read_time_out); if(ready != 1 || !(pfd[0].revents & POLLIN) || 1 != read(fd, &buff[i], 1)) return -1; } return (int) size; } static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) { int ret, value; socklen_t value_len; struct pollfd pfd[1]; PFUNC(); pfd[0].fd = sock; pfd[0].events = POLLOUT; fcntl(sock, F_SETFL, O_NONBLOCK); ret = true_connect(sock, addr, len); PDEBUG("\nconnect ret=%d\n", ret); if(ret == -1 && errno == EINPROGRESS) { ret = poll_retry(pfd, 1, tcp_connect_time_out); PDEBUG("\npoll ret=%d\n", ret); if(ret == 1) { value_len = sizeof(socklen_t); getsockopt(sock, SOL_SOCKET, SO_ERROR, &value, &value_len); PDEBUG("\nvalue=%d\n", value); if(!value) ret = 0; else ret = -1; } else { ret = -1; } } else { #ifdef DEBUG if(ret == -1) perror("true_connect"); #endif if(ret != 0) ret = -1; } fcntl(sock, F_SETFL, !O_NONBLOCK); return ret; } #define INVALID_INDEX 0xFFFFFFFFU #define BUFF_SIZE 1024 // used to read responses from proxies. static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, char *user, char *pass) { char *dns_name = NULL; char hostnamebuf[MSG_LEN_MAX]; size_t dns_len = 0; PFUNC(); // we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution // the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with // the results returned from gethostbyname et al.) // the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127 if(!ip.is_v6 && proxychains_resolver >= DNSLF_RDNS_START && ip.addr.v4.octet[0] == remote_dns_subnet) { dns_len = rdns_get_host_for_ip(ip.addr.v4, hostnamebuf); if(!dns_len) goto err; else dns_name = hostnamebuf; } PDEBUG("host dns %s\n", dns_name ? dns_name : ""); size_t ulen = strlen(user); size_t passlen = strlen(pass); if(ulen > 0xFF || passlen > 0xFF || dns_len > 0xFF) { proxychains_write_log(LOG_PREFIX "error: maximum size of 255 for user/pass or domain name!\n"); goto err; } int len; unsigned char buff[BUFF_SIZE]; char ip_buf[INET6_ADDRSTRLEN]; int v6 = ip.is_v6; switch (pt) { case RAW_TYPE: { return SUCCESS; } break; case HTTP_TYPE:{ if(!dns_len) { if(!inet_ntop(v6?AF_INET6:AF_INET,ip.addr.v6,ip_buf,sizeof ip_buf)) { proxychains_write_log(LOG_PREFIX "error: ip address conversion failed\n"); goto err; } dns_name = ip_buf; } #define HTTP_AUTH_MAX ((0xFF * 2) + 1 + 1) /* 2 * 0xff: username and pass, plus 1 for ':' and 1 for zero terminator. */ char src[HTTP_AUTH_MAX]; char dst[(4 * HTTP_AUTH_MAX)]; if(ulen) { snprintf(src, sizeof(src), "%s:%s", user, pass); encode_base_64(src, dst, sizeof(dst)); } else dst[0] = 0; uint16_t hs_port = ntohs(port); len = snprintf((char *) buff, sizeof(buff), "CONNECT %s:%d HTTP/1.0\r\nHost: %s:%d\r\n%s%s%s\r\n", dns_name, hs_port, dns_name, hs_port, ulen ? "Proxy-Authorization: Basic " : dst, dst, ulen ? "\r\n" : dst); if(len < 0 || len != true_send(sock, buff, len, 0)) goto err; len = 0; // read header byte by byte. while(len < BUFF_SIZE) { if(1 == read_n_bytes(sock, (char *) (buff + len), 1)) len++; else goto err; if(len > 4 && buff[len - 1] == '\n' && buff[len - 2] == '\r' && buff[len - 3] == '\n' && buff[len - 4] == '\r') break; } // if not ok (200) or response greather than BUFF_SIZE return BLOCKED; if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0')) { PDEBUG("HTTP proxy blocked: buff=\"%s\"\n", buff); return BLOCKED; } return SUCCESS; } break; case SOCKS4_TYPE:{ if(v6) { proxychains_write_log(LOG_PREFIX "error: SOCKS4 doesn't support ipv6 addresses\n"); goto err; } buff[0] = 4; // socks version buff[1] = 1; // connect command memcpy(&buff[2], &port, 2); // dest port if(dns_len) { ip.addr.v4.octet[0] = 0; ip.addr.v4.octet[1] = 0; ip.addr.v4.octet[2] = 0; ip.addr.v4.octet[3] = 1; } memcpy(&buff[4], &ip.addr.v4, 4); // dest host len = ulen + 1; // username if(len > 1) memcpy(&buff[8], user, len); else { buff[8] = 0; } // do socksv4a dns resolution on the server if(dns_len) { memcpy(&buff[8 + len], dns_name, dns_len + 1); len += dns_len + 1; } if((len + 8) != write_n_bytes(sock, (char *) buff, (8 + len))) goto err; if(8 != read_n_bytes(sock, (char *) buff, 8)) goto err; if(buff[0] != 0 || buff[1] != 90) return BLOCKED; return SUCCESS; } break; case SOCKS5_TYPE:{ int n_methods = ulen ? 2 : 1; buff[0] = 5; // version buff[1] = n_methods ; // number of methods buff[2] = 0; // no auth method if(ulen) buff[3] = 2; /// auth method -> username / password if(2+n_methods != write_n_bytes(sock, (char *) buff, 2+n_methods)) goto err; if(2 != read_n_bytes(sock, (char *) buff, 2)) goto err; if(buff[0] != 5 || (buff[1] != 0 && buff[1] != 2)) { if(buff[0] == 5 && buff[1] == 0xFF) return BLOCKED; else goto err; } if(buff[1] == 2) { // authentication char in[2]; char out[515]; char *cur = out; size_t c; *cur++ = 1; // version c = ulen & 0xFF; *cur++ = c; memcpy(cur, user, c); cur += c; c = passlen & 0xFF; *cur++ = c; memcpy(cur, pass, c); cur += c; if((cur - out) != write_n_bytes(sock, out, cur - out)) goto err; if(2 != read_n_bytes(sock, in, 2)) goto err; /* according to RFC 1929 the version field for the user/pass auth sub- negotiation should be 1, which is kinda counter-intuitive, so there are some socks5 proxies that return 5 instead. other programs like curl work fine when the version is 5, so let's do the same and accept either of them. */ if(!(in[0] == 5 || in[0] == 1)) goto err; if(in[1] != 0) return BLOCKED; } int buff_iter = 0; buff[buff_iter++] = 5; // version buff[buff_iter++] = 1; // connect buff[buff_iter++] = 0; // reserved if(!dns_len) { buff[buff_iter++] = v6 ? 4 : 1; // ip v4/v6 memcpy(buff + buff_iter, ip.addr.v6, v6?16:4); // dest host buff_iter += v6?16:4; } else { buff[buff_iter++] = 3; //dns buff[buff_iter++] = dns_len & 0xFF; memcpy(buff + buff_iter, dns_name, dns_len); buff_iter += dns_len; } memcpy(buff + buff_iter, &port, 2); // dest port buff_iter += 2; if(buff_iter != write_n_bytes(sock, (char *) buff, buff_iter)) goto err; if(4 != read_n_bytes(sock, (char *) buff, 4)) goto err; if(buff[0] != 5 || buff[1] != 0) goto err; switch (buff[3]) { case 1: len = 4; break; case 4: len = 16; break; case 3: len = 0; if(1 != read_n_bytes(sock, (char *) &len, 1)) goto err; break; default: goto err; } if(len + 2 != read_n_bytes(sock, (char *) buff, len + 2)) goto err; return SUCCESS; } break; } err: return SOCKET_ERROR; } /* Given a socket connected to a SOCKS5 proxy server, performs a UDP_ASSOCIATE handshake and returns BND_ADDR and BND_PORT if successfull. Pass NULL dst_addr and dst_port to fill those fields with 0 if expected local addr and port for udp sending are unknown (see RFC1928) */ static int udp_associate(int sock, ip_type* dst_addr, unsigned short dst_port, ip_type* bnd_addr, unsigned short* bnd_port, char* user, char* pass){ PFUNC(); size_t ulen = strlen(user); size_t passlen = strlen(pass); if(ulen > 0xFF || passlen > 0xFF) { proxychains_write_log(LOG_PREFIX "error: maximum size of 255 for user/pass!\n"); goto err; } int len; unsigned char buff[BUFF_SIZE]; char ip_buf[INET6_ADDRSTRLEN]; int n_methods = ulen ? 2 : 1; buff[0] = 5; // version buff[1] = n_methods ; // number of methods buff[2] = 0; // no auth method if(ulen) buff[3] = 2; /// auth method -> username / password if(2+n_methods != write_n_bytes(sock, (char *) buff, 2+n_methods)) goto err; if(2 != read_n_bytes(sock, (char *) buff, 2)) goto err; if(buff[0] != 5 || (buff[1] != 0 && buff[1] != 2)) { if(buff[0] == 5 && buff[1] == 0xFF) return BLOCKED; else goto err; } if(buff[1] == 2) { // authentication char in[2]; char out[515]; char *cur = out; size_t c; *cur++ = 1; // version c = ulen & 0xFF; *cur++ = c; memcpy(cur, user, c); cur += c; c = passlen & 0xFF; *cur++ = c; memcpy(cur, pass, c); cur += c; if((cur - out) != write_n_bytes(sock, out, cur - out)) goto err; if(2 != read_n_bytes(sock, in, 2)) goto err; /* according to RFC 1929 the version field for the user/pass auth sub- negotiation should be 1, which is kinda counter-intuitive, so there are some socks5 proxies that return 5 instead. other programs like curl work fine when the version is 5, so let's do the same and accept either of them. */ if(!(in[0] == 5 || in[0] == 1)) goto err; if(in[1] != 0) return BLOCKED; } int buff_iter = 0; buff[buff_iter++] = 5; // version buff[buff_iter++] = 3; // udp_associate buff[buff_iter++] = 0; // reserved if(dst_addr) { int v6 = dst_addr->is_v6; buff[buff_iter++] = v6 ? 4 : 1; // ip v4/v6 memcpy(buff + buff_iter, dst_addr->addr.v6, v6?16:4); // dest host buff_iter += v6?16:4; memcpy(buff + buff_iter, &dst_port, 2); // dest port buff_iter += 2; } else { buff[buff_iter++] = 1; //we put atyp = 1, should we put 0 ? buff[buff_iter++] = 0; // v4 byte1 buff[buff_iter++] = 0; // v4 byte2 buff[buff_iter++] = 0; // v4 byte3 buff[buff_iter++] = 0; // v4 byte4 buff[buff_iter++] = 0; // port byte1 buff[buff_iter++] = 0; // port byte2 } if(buff_iter != write_n_bytes(sock, (char *) buff, buff_iter)) goto err; if(4 != read_n_bytes(sock, (char *) buff, 4)) goto err; if(buff[0] != 5 || buff[1] != 0) goto err; switch (buff[3]) { case ATYP_V4: bnd_addr->is_v6 = 0; break; case ATYP_V6: bnd_addr->is_v6 = 1; break; case ATYP_DOM: PDEBUG("BND_ADDR in UDP_ASSOCIATE response should not be a domain name!\n"); goto err; break; default: goto err; } len = bnd_addr->is_v6?16:4; if(len != read_n_bytes(sock, (char *) buff, len)) goto err; memcpy(bnd_addr->addr.v6, buff,len); if(2 != read_n_bytes(sock, (char *) buff, 2)) goto err; memcpy(bnd_port, buff, 2); return SUCCESS; err: return SOCKET_ERROR; } /* Fills buf with the SOCKS5 udp request header for the target dst_addr:dst_port*/ static int write_udp_header(socks5_addr dst_addr, unsigned short dst_port , char frag, char * buf, size_t buflen) { int size = 0; int v6 = dst_addr.atyp == ATYP_V6; if(dst_addr.atyp == ATYP_DOM){ size = dst_addr.addr.dom.len; } else { size = v6?16:4; } if (buflen <= size) { return -1; } int buf_iter = 0; buf[buf_iter++] = 0; // reserved buf[buf_iter++] = 0; // reserved buf[buf_iter++] = frag; // frag buf[buf_iter++] = dst_addr.atyp; // atyp switch (dst_addr.atyp){ case ATYP_V6: case ATYP_V4: memcpy(buf + buf_iter, dst_addr.addr.v6, v6?16:4); buf_iter += v6?16:4; break; case ATYP_DOM: buf[buf_iter++] = dst_addr.addr.dom.len; memcpy(buf + buf_iter, dst_addr.addr.dom.name, dst_addr.addr.dom.len); buf_iter += dst_addr.addr.dom.len; break; } memcpy(buf + buf_iter, &dst_port, 2); // dest port buf_iter += 2; return buf_iter; } int read_udp_header(char * buf, size_t buflen, socks5_addr* src_addr, unsigned short* src_port, char* frag) { PFUNC(); PDEBUG("buflen : %d\n", buflen); if (buflen < 5){ PDEBUG("buffer too short to contain a UDP header\n"); return -1; } int buf_iter = 0; buf_iter += 2; // first 2 bytes are reserved; *frag = buf[buf_iter++]; src_addr->atyp = buf[buf_iter++]; int v6; switch (src_addr->atyp) { case ATYP_DOM: PDEBUG("UDP header with ATYP_DOM addr type\n"); src_addr->addr.dom.len = buf[buf_iter++]; if(buflen < (5 + 2 + src_addr->addr.dom.len) ) { PDEBUG("buffer too short to read the UDP header\n"); return -1; } memcpy(src_addr->addr.dom.name, buf + buf_iter, src_addr->addr.dom.len); buf_iter += src_addr->addr.dom.len; break; case ATYP_V4: case ATYP_V6: PDEBUG("UDP header with ATYP_V4/6 addr type\n"); v6 = src_addr->atyp == ATYP_V6; if(buflen < (4 + 2 + v6?16:4) ){ PDEBUG("buffer too short to read the UDP header\n"); return -1; } memcpy(src_addr->addr.v6, buf + buf_iter, v6?16:4); buf_iter += v6?16:4; cast_socks5addr_v4inv6_to_v4(src_addr); break; default: break; } memcpy(src_port, buf+buf_iter, 2); buf_iter += 2; return buf_iter; } size_t get_iov_total_len(struct iovec* iov, size_t iov_len){ size_t n = 0; for(int i=0; iatyp == ATYP_V6) && !memcmp(addr->addr.v6, "\0\0\0\0\0\0\0\0\0\0\xff\xff", 12)){ PDEBUG("casting v4inv6 address to v4 address\n"); addr->atyp=ATYP_V4; memcpy(addr->addr.v4.octet, addr->addr.v6+12, 4); } } int compare_iptype_sockaddr(ip_type addr1, struct sockaddr* addr2){ if(addr1.is_v6 && (((struct sockaddr_in6 *)addr2)->sin6_family == AF_INET6)){ //Both are IPv6 return !memcmp(((struct sockaddr_in6 *)addr2)->sin6_addr.s6_addr, addr1.addr.v6, 16); } else if(!addr1.is_v6 && (((struct sockaddr_in *)addr2)->sin_family == AF_INET)){ //Both are IPv4 return ((uint32_t)(((struct sockaddr_in *)addr2)->sin_addr.s_addr) == addr1.addr.v4.as_int); } else { // Not the same address type return 0; } } int compare_socks5_addr_iptype(socks5_addr addr1, ip_type addr2){ PFUNC(); if(addr1.atyp == ATYP_DOM){ //addr1 is a domain name return 0; } if((addr1.atyp == ATYP_V6) && addr2.is_v6){ //Both are IPv6 return !memcmp(addr1.addr.v6, addr2.addr.v6, 16); } else if((addr1.atyp == ATYP_V4) && !addr2.is_v6){ //Both are IPv4 return (addr1.addr.v4.as_int == addr2.addr.v4.as_int); } else { // Not the same address type return 0; } } int is_from_chain_head(udp_relay_chain chain, struct sockaddr* src_addr){ if(compare_iptype_sockaddr(chain.head->bnd_addr, src_addr)){ return (chain.head->bnd_port == ((struct sockaddr_in*)src_addr)->sin_port); } return 0; } int decapsulate_check_udp_packet(void* in_buffer, size_t in_buffer_len, udp_relay_chain chain, socks5_addr* src_addr, unsigned short* src_port, void* udp_data, size_t* udp_data_len){ PFUNC(); // Go through the whole proxy chain, decapsulate each header and check that the addresses match udp_relay_node * tmp = chain.head; int read = 0; int rc = 0; socks5_addr header_addr; unsigned short header_port; char header_frag; while (tmp->next != NULL) { rc = read_udp_header(in_buffer+read, in_buffer_len-read, &header_addr, &header_port, &header_frag ); if(-1 == rc){ PDEBUG("error reading UDP header\n"); return -1; } read += rc; if(header_frag != 0x00){ printf("WARNING: received UDP packet with frag != 0 while fragmentation is unsupported.\n"); } if(!compare_socks5_addr_iptype(header_addr, tmp->next->bnd_addr)){ PDEBUG("UDP header addr is not equal to proxy node addr, dropping packet\n"); return -1; } if(tmp->next->bnd_port != header_port){ PDEBUG("UDP header port is not equal to proxy node port, dropping packet\n"); return -1; } PDEBUG("UDP header's addr and port correspond to proxy node's addr and port\n"); tmp = tmp->next; } PDEBUG("all UDP headers validated\n"); // Decapsulate the last header. No checks needed here, just pass the source addr and port as return values rc = read_udp_header(in_buffer+read, in_buffer_len-read, src_addr, src_port, &header_frag); if(-1 == rc){ PDEBUG("error reading UDP header\n"); return -1; } read += rc; if(header_frag != 0x00){ printf("WARNING: received UDP packet with frag != 0 while fragmentation is unsupported.\n"); } // Copy the UDP data to the provided buffer. If the provided buffer is too small, data is truncated int min = ((in_buffer_len-read)>*udp_data_len)?*udp_data_len:(in_buffer_len-read); memcpy(udp_data,in_buffer+read, min); // Write back the length of written UDP data in the input/output parameter udp_data_len *udp_data_len = min; return 0; } int unsocksify_udp_packet(void* in_buffer, size_t in_buffer_len, udp_relay_chain chain, ip_type* src_ip, unsigned short* src_port, void* udp_data, size_t* udp_data_len){ PFUNC(); // Decapsulate all the UDP headers and check that the packet came from the right proxy nodes int rc; socks5_addr src_addr; rc = decapsulate_check_udp_packet(in_buffer, in_buffer_len, chain, &src_addr, src_port, udp_data, udp_data_len); if(rc != SUCCESS){ PDEBUG("error decapsulating the packet\n"); return -1; } PDEBUG("all UDP headers decapsulated and validated\n"); // If the innermost UDP header (containing the address of the final target) is of type ATYP_DOM, perform a // reverse mapping to hand the 224.X.X.X IP to the client application if(src_addr.atyp == ATYP_DOM){ PDEBUG("Fetching matching IP for hostname\n"); DUMP_BUFFER(src_addr.addr.dom.name,src_addr.addr.dom.len); ip_type4 tmp_ip = IPT4_INVALID; char host_string[256]; memcpy(host_string, src_addr.addr.dom.name, src_addr.addr.dom.len); host_string[src_addr.addr.dom.len] = 0x00; tmp_ip = rdns_get_ip_for_host(host_string, src_addr.addr.dom.len); if(tmp_ip.as_int == -1){ PDEBUG("error getting ip for host\n"); return -1; } src_addr.atyp = ATYP_V4; src_addr.addr.v4.as_int = tmp_ip.as_int; } src_ip->is_v6 = (src_addr.atyp == ATYP_V6); if(src_ip->is_v6){ memcpy(src_ip->addr.v6, src_addr.addr.v6, 16); } else{ src_ip->addr.v4.as_int = src_addr.addr.v4.as_int; } return 0; } int encapsulate_udp_packet(udp_relay_chain chain, socks5_addr dst_addr, unsigned short dst_port, void* buffer, size_t* buffer_len){ PFUNC(); unsigned int written = 0; unsigned int offset = 0; udp_relay_node * tmp = chain.head; while ((tmp->next != NULL) && (written < *buffer_len)) { socks5_addr tmpaddr; tmpaddr.atyp = (tmp->next)->bnd_addr.is_v6?ATYP_V6:ATYP_V4; memcpy(tmpaddr.addr.v6, (tmp->next)->bnd_addr.addr.v6, (tmp->next)->bnd_addr.is_v6?16:4); written = write_udp_header(tmpaddr, (tmp->next)->bnd_port, 0, buffer+offset, *buffer_len - offset); if (written == -1){ PDEBUG("error write_udp_header\n"); return -1; } offset += written; tmp = tmp->next; } written = write_udp_header(dst_addr, dst_port, 0, buffer+offset, *buffer_len-offset); if (written == -1){ PDEBUG("error write_udp_header\n"); return -1; } offset += written; *buffer_len = offset; return 0; } int socksify_udp_packet(void* udp_data, size_t udp_data_len, udp_relay_chain chain, ip_type dst_ip, unsigned short dst_port, void* buffer, size_t* buffer_len){ PFUNC(); if (chain.head == NULL ){ PDEBUG("provided chain is empty\n"); return -1; } char *dns_name = NULL; char hostnamebuf[MSG_LEN_MAX]; size_t dns_len = 0; socks5_addr dst_addr; // we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution // the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with // the results returned from gethostbyname et al.) // the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127 if(!dst_ip.is_v6 && proxychains_resolver >= DNSLF_RDNS_START && dst_ip.addr.v4.octet[0] == remote_dns_subnet) { dst_addr.atyp = ATYP_DOM; dns_len = rdns_get_host_for_ip(dst_ip.addr.v4, dst_addr.addr.dom.name); PDEBUG("dnslen: %d\n", dns_len); if(!dns_len) return -1; else dns_name = dst_addr.addr.dom.name; dst_addr.addr.dom.len = dns_len & 0xFF; PDEBUG("dnslen in struct: %d\n", dst_addr.addr.dom.len); } else { if(dst_ip.is_v6){ dst_addr.atyp = ATYP_V6; memcpy(dst_addr.addr.v6, dst_ip.addr.v6, 16); } else { dst_addr.atyp = ATYP_V4; memcpy(dst_addr.addr.v4.octet, dst_ip.addr.v4.octet, 4); } } PDEBUG("host dns %s\n", dns_name ? dns_name : ""); // Write all the UDP headers into the provided buffer int rc; size_t tmp_buffer_len = *buffer_len; rc = encapsulate_udp_packet(chain, dst_addr, dst_port, buffer, &tmp_buffer_len); if(rc != SUCCESS){ PDEBUG("error encapsulate_udp_packet()\n"); return -1; } // Append UDP data in the remaining space of the buffer int min = (udp_data_len>(buffer_len-tmp_buffer_len))?(buffer_len-tmp_buffer_len):udp_data_len; memcpy(buffer + tmp_buffer_len, udp_data, min); *buffer_len = tmp_buffer_len + min; return 0; } #define TP " ... " #define DT "Dynamic chain" #define ST "Strict chain" #define RT "Random chain" #define RRT "Round Robin chain" #define UDPC "UDP_ASSOCIATE tcp socket chain" static int start_chain(int *fd, proxy_data * pd, char *begin_mark) { PFUNC(); int v6 = pd->ip.is_v6; *fd = socket(v6?PF_INET6:PF_INET, SOCK_STREAM, 0); if(*fd == -1) goto error; char ip_buf[INET6_ADDRSTRLEN]; if(!inet_ntop(v6?AF_INET6:AF_INET,pd->ip.addr.v6,ip_buf,sizeof ip_buf)) goto error; proxychains_write_log(LOG_PREFIX "%s " TP " %s:%d ", begin_mark, ip_buf, htons(pd->port)); pd->ps = PLAY_STATE; struct sockaddr_in addr = { .sin_family = AF_INET, .sin_port = pd->port, .sin_addr.s_addr = (in_addr_t) pd->ip.addr.v4.as_int }; struct sockaddr_in6 addr6 = { .sin6_family = AF_INET6, .sin6_port = pd->port, }; if(v6) memcpy(&addr6.sin6_addr.s6_addr, pd->ip.addr.v6, 16); if(timed_connect(*fd, (struct sockaddr *) (v6?(void*)&addr6:(void*)&addr), v6?sizeof(addr6):sizeof(addr))) { pd->ps = DOWN_STATE; goto error1; } pd->ps = BUSY_STATE; return SUCCESS; error1: proxychains_write_log(TP " timeout\n"); error: if(*fd != -1) close(*fd); return SOCKET_ERROR; } static proxy_data *select_proxy(select_type how, proxy_data * pd, unsigned int proxy_count, unsigned int *offset) { PFUNC(); PDEBUG("offset: %d\n", *offset); PDEBUG("state: %d\n", pd[0].ps); unsigned int i = 0, k = 0; if(*offset >= proxy_count) return NULL; switch (how) { case RANDOMLY: do { k++; i = rand() % proxy_count; } while(pd[i].ps != PLAY_STATE && k < proxy_count * 100); break; case FIFOLY: for(i = *offset; i < proxy_count; i++) { if(pd[i].ps == PLAY_STATE) { *offset = i; break; } } default: break; } if(i >= proxy_count) i = 0; return (pd[i].ps == PLAY_STATE) ? &pd[i] : NULL; } static void release_all(proxy_data * pd, unsigned int proxy_count) { unsigned int i; for(i = 0; i < proxy_count; i++) pd[i].ps = PLAY_STATE; return; } static void release_busy(proxy_data * pd, unsigned int proxy_count) { unsigned int i; for(i = 0; i < proxy_count; i++) if(pd[i].ps == BUSY_STATE) pd[i].ps = PLAY_STATE; return; } static unsigned int calc_alive(proxy_data * pd, unsigned int proxy_count) { unsigned int i; int alive_count = 0; release_busy(pd, proxy_count); for(i = 0; i < proxy_count; i++) if(pd[i].ps == PLAY_STATE) alive_count++; return alive_count; } static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) { int retcode = -1; char *hostname; char hostname_buf[MSG_LEN_MAX]; char ip_buf[INET6_ADDRSTRLEN]; int v6 = pto->ip.is_v6; PFUNC(); if(!v6 && proxychains_resolver >= DNSLF_RDNS_START && pto->ip.addr.v4.octet[0] == remote_dns_subnet) { if(!rdns_get_host_for_ip(pto->ip.addr.v4, hostname_buf)) goto usenumericip; else hostname = hostname_buf; } else { usenumericip: if(!inet_ntop(v6?AF_INET6:AF_INET,pto->ip.addr.v6,ip_buf,sizeof ip_buf)) { pto->ps = DOWN_STATE; proxychains_write_log("<--ip conversion error!\n"); close(ns); return SOCKET_ERROR; } hostname = ip_buf; } proxychains_write_log(TP " %s:%d ", hostname, htons(pto->port)); retcode = tunnel_to(ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass); switch (retcode) { case SUCCESS: pto->ps = BUSY_STATE; break; case BLOCKED: pto->ps = BLOCKED_STATE; proxychains_write_log("<--denied\n"); close(ns); break; case SOCKET_ERROR: pto->ps = DOWN_STATE; proxychains_write_log("<--socket error or timeout!\n"); close(ns); break; } return retcode; } int connect_proxy_chain(int sock, ip_type target_ip, unsigned short target_port, proxy_data * pd, unsigned int proxy_count, chain_type ct, unsigned int max_chain) { proxy_data p4; proxy_data *p1, *p2, *p3; int ns = -1; int rc = -1; unsigned int offset = 0; unsigned int alive_count = 0; unsigned int curr_len = 0; unsigned int looped = 0; // went back to start of list in RR mode unsigned int rr_loop_max = 14; p3 = &p4; PFUNC(); again: rc = -1; DUMP_PROXY_CHAIN(pd, proxy_count); switch (ct) { case DYNAMIC_TYPE: alive_count = calc_alive(pd, proxy_count); offset = 0; do { if(!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) goto error_more; } while(SUCCESS != start_chain(&ns, p1, DT) && offset < proxy_count); for(;;) { p2 = select_proxy(FIFOLY, pd, proxy_count, &offset); if(!p2) break; if(SUCCESS != chain_step(ns, p1, p2)) { PDEBUG("GOTO AGAIN 1\n"); goto again; } p1 = p2; } //proxychains_write_log(TP); p3->ip = target_ip; p3->port = target_port; if(SUCCESS != chain_step(ns, p1, p3)) goto error; break; case ROUND_ROBIN_TYPE: alive_count = calc_alive(pd, proxy_count); offset = proxychains_proxy_offset; if(alive_count < max_chain) goto error_more; PDEBUG("1:rr_offset = %d\n", offset); /* Check from current RR offset til end */ for (;rc != SUCCESS;) { if (!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) { /* We've reached the end of the list, go to the start */ offset = 0; looped++; if (looped > rr_loop_max) { proxychains_proxy_offset = 0; goto error_more; } else { PDEBUG("rr_type all proxies down, release all\n"); release_all(pd, proxy_count); /* Each loop we wait 10ms more */ usleep(10000 * looped); continue; } } PDEBUG("2:rr_offset = %d\n", offset); rc=start_chain(&ns, p1, RRT); } /* Create rest of chain using RR */ for(curr_len = 1; curr_len < max_chain;) { PDEBUG("3:rr_offset = %d, curr_len = %d, max_chain = %d\n", offset, curr_len, max_chain); p2 = select_proxy(FIFOLY, pd, proxy_count, &offset); if(!p2) { /* Try from the beginning to where we started */ offset = 0; continue; } else if(SUCCESS != chain_step(ns, p1, p2)) { PDEBUG("GOTO AGAIN 1\n"); goto again; } else p1 = p2; curr_len++; } //proxychains_write_log(TP); p3->ip = target_ip; p3->port = target_port; proxychains_proxy_offset = offset+1; PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len); if(SUCCESS != chain_step(ns, p1, p3)) goto error; break; case STRICT_TYPE: alive_count = calc_alive(pd, proxy_count); offset = 0; if(!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) { PDEBUG("select_proxy failed\n"); goto error_strict; } if(SUCCESS != start_chain(&ns, p1, ST)) { PDEBUG("start_chain failed\n"); goto error_strict; } while(offset < proxy_count) { if(!(p2 = select_proxy(FIFOLY, pd, proxy_count, &offset))) break; if(SUCCESS != chain_step(ns, p1, p2)) { PDEBUG("chain_step failed\n"); goto error_strict; } p1 = p2; } //proxychains_write_log(TP); p3->ip = target_ip; p3->port = target_port; if(SUCCESS != chain_step(ns, p1, p3)) goto error; break; case RANDOM_TYPE: alive_count = calc_alive(pd, proxy_count); if(alive_count < max_chain) goto error_more; curr_len = offset = 0; do { if(!(p1 = select_proxy(RANDOMLY, pd, proxy_count, &offset))) goto error_more; } while(SUCCESS != start_chain(&ns, p1, RT) && offset < max_chain); while(++curr_len < max_chain) { if(!(p2 = select_proxy(RANDOMLY, pd, proxy_count, &offset))) goto error_more; if(SUCCESS != chain_step(ns, p1, p2)) { PDEBUG("GOTO AGAIN 2\n"); goto again; } p1 = p2; } //proxychains_write_log(TP); p3->ip = target_ip; p3->port = target_port; if(SUCCESS != chain_step(ns, p1, p3)) goto error; } proxychains_write_log(TP " OK\n"); dup2(ns, sock); close(ns); return 0; error: if(ns != -1) close(ns); errno = ECONNREFUSED; // for nmap ;) return -1; error_more: proxychains_write_log("\n!!!need more proxies!!!\n"); error_strict: PDEBUG("error\n"); release_all(pd, proxy_count); if(ns != -1) close(ns); errno = ETIMEDOUT; return -1; } // int connect_to_lastnode(int *sock, udp_relay_chain chain){ // udp_relay_node * current_node = chain.head; // //First connect to the chain head // if(SUCCESS != start_chain(sock, &(current_node->pd), UDPC)){ // PDEBUG("start_chain failed\n"); // return -1; // } // // Connect to the rest of the chain // while(current_node->next != NULL){ // if(SUCCESS != chain_step(sock, &(current_node->pd), &(current_node->next->pd))){ // PDEBUG("chain step failed\n"); // return -1; // } // current_node = current_node->next; // } // return SUCCESS; // } int add_node_to_chain(proxy_data * pd, udp_relay_chain * chain){ PFUNC(); // Allocate memory for the new node structure udp_relay_node * new_node = NULL; if(NULL == (new_node = (udp_relay_node *)malloc(sizeof(udp_relay_node)))){ PDEBUG("error malloc new node\n"); return -1; } new_node->next = NULL; udp_relay_node * tmp = chain->head; if(tmp == NULL){ // Means new_node is the first node to be created chain->head = new_node; new_node->prev = NULL; } else { // Moving to the end of the current chain while(tmp->next != NULL){ tmp = tmp->next; } // Adding the new node at the end tmp->next = new_node; new_node->prev = tmp; } // Initializing the new node new_node->pd.ip = pd->ip; new_node->pd.port = pd->port; new_node->pd.pt = pd->pt; new_node->pd.ps = pd->ps; strcpy(new_node->pd.user, pd->user); strcpy(new_node->pd.pass, pd->pass); // Connecting the new node tcp_socketfd to the associated proxy through the current chain // tmp = chain->head; // First connect to the chain head if(SUCCESS != start_chain(&(new_node->tcp_sockfd), &(tmp->pd), UDPC)){ PDEBUG("start_chain failed\n"); new_node->tcp_sockfd = -1; goto err; } // Connect to the rest of the chain while(tmp->next != NULL){ if(SUCCESS != chain_step(new_node->tcp_sockfd, &(tmp->pd), &(tmp->next->pd))){ PDEBUG("chain step failed\n"); new_node->tcp_sockfd = -1; goto err; } tmp = tmp->next; } // Performing UDP_ASSOCIATE handshake in order to fill the new node BND_ADDR and BND_PORT if(SUCCESS != udp_associate(new_node->tcp_sockfd, NULL, NULL, &(new_node->bnd_addr), &(new_node->bnd_port), new_node->pd.user, new_node->pd.pass)){ PDEBUG("udp_associate failed\n"); goto err; } PDEBUG("new node added and open to relay UDP packets\n"); return SUCCESS; err: // Ensure new node tcp socket is closed if(new_node->tcp_sockfd != -1){ close(new_node->tcp_sockfd); } // Remove the new node from the chain if(new_node->prev == NULL){ // means new_node is the only node in chain chain->head = NULL; } else{ (new_node->prev)->next = NULL; } // Free memory free(new_node); return -1; } int free_relay_chain(udp_relay_chain chain){ if(NULL != chain.connected_peer_addr){ free(chain.connected_peer_addr); chain.connected_peer_addr = NULL; } if(chain.head == NULL){ return SUCCESS; } udp_relay_node * current = chain.head; udp_relay_node * next = NULL; while(current != NULL){ next = current->next; close(current->tcp_sockfd); free(current); current = next; } return SUCCESS; } udp_relay_chain * open_relay_chain(proxy_data *pd, unsigned int proxy_count, chain_type ct, unsigned int max_chains){ PFUNC(); // Allocate memory for the new relay chain udp_relay_chain * new_chain = NULL; if(NULL == (new_chain = (udp_relay_chain *)malloc(sizeof(udp_relay_chain)))){ PDEBUG("error malloc new chain\n"); return NULL; } new_chain->head = NULL; new_chain->sockfd = -1; new_chain->connected_peer_addr = NULL; new_chain->connected_peer_addr_len = -1; unsigned int alive_count = 0; unsigned int offset = 0; proxy_data *p1; switch (ct) { case DYNAMIC_TYPE: PDEBUG("DYNAMIC_TYPE not yet supported for UDP\n"); goto error; break; case ROUND_ROBIN_TYPE: PDEBUG("ROUND_ROBIN_TYPE not yet supported for UDP\n"); goto error; break; case STRICT_TYPE: alive_count = calc_alive(pd, proxy_count); offset = 0; PDEBUG("opening STRICT_TYPE relay chain, alive_count=%d, offset=%d\n", alive_count, offset); while((p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) { if(SUCCESS != add_node_to_chain(p1, new_chain)) { PDEBUG("add_node_to_chain failed\n"); p1->ps = BLOCKED_STATE; goto error; } p1->ps = BUSY_STATE; } return new_chain; break; case RANDOM_TYPE: PDEBUG("RANDOM_TYPE not yet supported for UDP\n"); goto error; break; default: break; } error: PDEBUG("error\n"); release_all(pd, proxy_count); free_relay_chain(*new_chain); free(new_chain); errno = ETIMEDOUT; return NULL; } // Checks the address family of addr, allocates a matching structure and keeps a pointer to it in the chain structure to store the address of the connected peer void set_connected_peer_addr(udp_relay_chain* chain, struct sockaddr* addr, socklen_t addrlen){ sa_family_t fam = ((struct sockaddr_in*)addr)->sin_family; int v6 = fam == AF_INET6; if(v6){ struct sockaddr_in6* old_addr6 = (struct sockaddr_in6*)addr; struct sockaddr_in6* new_addr6 = NULL; if(NULL == (new_addr6 = (struct sockaddr_in6*)malloc(sizeof(struct sockaddr_in6)))){ PDEBUG("error malloc\n"); return -1; } new_addr6->sin6_family = old_addr6->sin6_family; new_addr6->sin6_port = old_addr6->sin6_port; memcpy(new_addr6->sin6_addr.s6_addr, old_addr6->sin6_addr.s6_addr, 16); chain->connected_peer_addr = (struct sockaddr*)new_addr6; chain->connected_peer_addr_len = sizeof(struct sockaddr_in6); } else{ struct sockaddr_in* old_addr = (struct sockaddr_in*)addr; struct sockaddr_in* new_addr = NULL; if(NULL == (new_addr = (struct sockaddr_in*)malloc(sizeof(struct sockaddr_in)))){ PDEBUG("error malloc\n"); return -1; } new_addr->sin_family = old_addr->sin_family; new_addr->sin_port = old_addr->sin_port; new_addr->sin_addr.s_addr = old_addr->sin_addr.s_addr; chain->connected_peer_addr = (struct sockaddr*)new_addr; chain->connected_peer_addr_len = sizeof(struct sockaddr_in); } } void add_relay_chain(udp_relay_chain_list* chains_list, udp_relay_chain* new_chain){ new_chain->next = NULL; if(chains_list->tail == NULL){ // The current list is empty, set head and tail to the new chain chains_list->head = new_chain; chains_list->tail = new_chain; new_chain->prev = NULL; } else { // Add the new chain at the end chains_list->tail->next = new_chain; new_chain->prev = chains_list->tail; chains_list->tail = new_chain; } } void del_relay_chain(udp_relay_chain_list* chains_list, udp_relay_chain* chain){ if(chain == chains_list->head){ if(chain->next == NULL){ free(chain); chains_list->head = NULL; chains_list->tail = NULL; }else{ chains_list->head = chain->next; free(chain); } } else if (chain = chains_list->tail){ chains_list->tail = chain->prev; free(chain); } else { chain->next->prev = chain->prev; chain->prev->next = chain->next; free(chain); } } udp_relay_chain* get_relay_chain(udp_relay_chain_list chains_list, int sockfd){ udp_relay_chain* tmp = chains_list.head; while(tmp != NULL){ if(tmp->sockfd == sockfd){ break; } tmp = tmp->next; } return tmp; } static pthread_mutex_t servbyname_lock; void core_initialize(void) { MUTEX_INIT(&servbyname_lock); } void core_unload(void) { MUTEX_DESTROY(&servbyname_lock); } static void gethostbyname_data_setstring(struct gethostbyname_data* data, char* name) { snprintf(data->addr_name, sizeof(data->addr_name), "%s", name); data->hostent_space.h_name = data->addr_name; } extern ip_type4 hostsreader_get_numeric_ip_for_name(const char* name); struct hostent* proxy_gethostbyname_old(const char *name) { static struct hostent hostent_space; static in_addr_t resolved_addr; static char* resolved_addr_p; static char addr_name[256]; int pipe_fd[2]; char buff[256]; in_addr_t addr; pid_t pid; int status, ret; size_t l; struct hostent* hp; hostent_space.h_addr_list = &resolved_addr_p; *hostent_space.h_addr_list = (char*)&resolved_addr; resolved_addr = 0; if(pc_isnumericipv4(name)) { strcpy(buff, name); goto got_buff; } gethostname(buff,sizeof(buff)); if(!strcmp(buff,name)) goto got_buff; memset(buff, 0, sizeof(buff)); // TODO: this works only once, so cache it ... // later while ((hp=gethostent())) if (!strcmp(hp->h_name,name)) return hp; #ifdef HAVE_PIPE2 ret = pipe2(pipe_fd, O_CLOEXEC); #else ret = pipe(pipe_fd); if(ret == 0) { fcntl(pipe_fd[0], F_SETFD, FD_CLOEXEC); fcntl(pipe_fd[1], F_SETFD, FD_CLOEXEC); } #endif if(ret) goto err; pid = fork(); switch(pid) { case 0: // child proxychains_write_log("|DNS-request| %s \n", name); close(pipe_fd[0]); dup2(pipe_fd[1],1); close(pipe_fd[1]); // putenv("LD_PRELOAD="); execlp("proxyresolv","proxyresolv",name,NULL); perror("can't exec proxyresolv"); exit(2); case -1: //error close(pipe_fd[0]); close(pipe_fd[1]); perror("can't fork"); goto err; default: close(pipe_fd[1]); waitpid(pid, &status, 0); buff[0] = 0; read(pipe_fd[0],&buff,sizeof(buff)); close(pipe_fd[0]); got_buff: l = strlen(buff); if (!l) goto err_dns; if (buff[l-1] == '\n') buff[l-1] = 0; addr = inet_addr(buff); if (addr == (in_addr_t) (-1)) goto err_dns; memcpy(*(hostent_space.h_addr_list), &addr ,sizeof(struct in_addr)); hostent_space.h_name = addr_name; snprintf(addr_name, sizeof addr_name, "%s", buff); hostent_space.h_length = sizeof (in_addr_t); hostent_space.h_addrtype = AF_INET; } proxychains_write_log("|DNS-response| %s is %s\n", name, inet_ntoa(*(struct in_addr*)&addr)); return &hostent_space; err_dns: proxychains_write_log("|DNS-response|: %s lookup error\n", name); err: return NULL; } struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) { PFUNC(); char buff[256]; data->resolved_addr_p[0] = (char *) &data->resolved_addr; data->resolved_addr_p[1] = NULL; data->hostent_space.h_addr_list = data->resolved_addr_p; // let aliases point to the NULL member, mimicking an empty list. data->hostent_space.h_aliases = &data->resolved_addr_p[1]; data->resolved_addr = 0; data->hostent_space.h_addrtype = AF_INET; data->hostent_space.h_length = sizeof(in_addr_t); if(pc_isnumericipv4(name)) { data->resolved_addr = inet_addr(name); goto retname; } gethostname(buff, sizeof(buff)); if(!strcmp(buff, name)) { data->resolved_addr = inet_addr(buff); if(data->resolved_addr == (in_addr_t) (-1)) data->resolved_addr = (in_addr_t) (IPT4_LOCALHOST.as_int); goto retname; } // this iterates over the "known hosts" db, usually /etc/hosts ip_type4 hdb_res = hostsreader_get_numeric_ip_for_name(name); if(hdb_res.as_int != IPT4_INVALID.as_int) { data->resolved_addr = hdb_res.as_int; goto retname; } data->resolved_addr = rdns_get_ip_for_host((char*) name, strlen(name)).as_int; if(data->resolved_addr == (in_addr_t) IPT4_INVALID.as_int) return NULL; retname: gethostbyname_data_setstring(data, (char*) name); PDEBUG("return hostent space\n"); return &data->hostent_space; } struct addrinfo_data { struct addrinfo addrinfo_space; struct sockaddr_storage sockaddr_space; char addr_name[256]; }; void proxy_freeaddrinfo(struct addrinfo *res) { PFUNC(); free(res); } static int mygetservbyname_r(const char* name, const char* proto, struct servent* result_buf, char* buf, size_t buflen, struct servent** result) { PFUNC(); #ifdef HAVE_GNU_GETSERVBYNAME_R PDEBUG("using host getservbyname_r\n"); return getservbyname_r(name, proto, result_buf, buf, buflen, result); #endif struct servent *res; int ret; (void) buf; (void) buflen; MUTEX_LOCK(&servbyname_lock); res = getservbyname(name, proto); if(res) { *result_buf = *res; *result = result_buf; ret = 0; } else { *result = NULL; ret = ENOENT; } MUTEX_UNLOCK(&servbyname_lock); return ret; } static int looks_like_numeric_ipv6(const char *node) { if(!strchr(node, ':')) return 0; const char* p= node; while(1) switch(*(p++)) { case 0: return 1; case ':': case '.': case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': break; default: return 0; } } static int my_inet_aton(const char *node, struct addrinfo_data* space) { int ret; ((struct sockaddr_in *) &space->sockaddr_space)->sin_family = AF_INET; ret = inet_aton(node, &((struct sockaddr_in *) &space->sockaddr_space)->sin_addr); if(ret || !looks_like_numeric_ipv6(node)) return ret; ret = inet_pton(AF_INET6, node, &((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_addr); if(ret) ((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_family = AF_INET6; return ret; } int proxy_getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **res) { struct gethostbyname_data ghdata; struct addrinfo_data *space; struct servent *se = NULL; struct hostent *hp = NULL; struct servent se_buf; struct addrinfo *p; char buf[1024]; int port, af = AF_INET; PDEBUG("proxy_getaddrinfo node:%s service: %s, flags: %d\n", node?node:"",service?service:"",hints?(int)hints->ai_flags:0); space = calloc(1, sizeof(struct addrinfo_data)); if(!space) return EAI_MEMORY; if(node && !my_inet_aton(node, space)) { /* some folks (nmap) use getaddrinfo() with AI_NUMERICHOST to check whether a string containing a numeric ip was passed. we must return failure in that case. */ if(hints && (hints->ai_flags & AI_NUMERICHOST)) { err_nn: free(space); return EAI_NONAME; } if(proxychains_resolver == DNSLF_FORKEXEC) hp = proxy_gethostbyname_old(node); else hp = proxy_gethostbyname(node, &ghdata); if(hp) memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr, *(hp->h_addr_list), sizeof(in_addr_t)); else goto err_nn; } else if(node) { af = ((struct sockaddr_in *) &space->sockaddr_space)->sin_family; } else if(!node && !(hints->ai_flags & AI_PASSIVE)) { af = ((struct sockaddr_in *) &space->sockaddr_space)->sin_family = AF_INET; memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr, (char[]){127,0,0,1}, 4); } if(service) mygetservbyname_r(service, NULL, &se_buf, buf, sizeof(buf), &se); port = se ? se->s_port : htons(atoi(service ? service : "0")); if(af == AF_INET) ((struct sockaddr_in *) &space->sockaddr_space)->sin_port = port; else ((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_port = port; *res = p = &space->addrinfo_space; assert((size_t)p == (size_t) space); p->ai_addr = (void*) &space->sockaddr_space; if(node) snprintf(space->addr_name, sizeof(space->addr_name), "%s", node); p->ai_canonname = space->addr_name; p->ai_next = NULL; p->ai_family = space->sockaddr_space.ss_family = af; p->ai_addrlen = af == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); if(hints) { p->ai_socktype = hints->ai_socktype; p->ai_flags = hints->ai_flags; p->ai_protocol = hints->ai_protocol; if(!p->ai_socktype && p->ai_protocol == IPPROTO_TCP) p->ai_socktype = SOCK_STREAM; } else { #ifndef AI_V4MAPPED #define AI_V4MAPPED 0 #endif p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG); } return 0; }