Akkariin/proxychains-ng
1
0
Fork 0
mirror of https://github.com/rofl0r/proxychains-ng synced 2025-01-09 14:52:52 +08:00
Code Issues Releases Wiki Activity
5660aea02e
proxychains-ng/src/core.c
hugoc 5660aea02e remove send_udp_packet()
2024-02-01 17:53:11 +01:00

1841 lines
48 KiB
C
Raw Blame History

/***************************************************************************
core.c - description
-------------------
begin : Tue May 14 2002
copyright : netcreature (C) 2002
email : netcreature@users.sourceforge.net
***************************************************************************
* GPL *
***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
***************************************************************************/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <sys/utsname.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <poll.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <time.h>
#include <sys/time.h>
#include <stdarg.h>
#include <assert.h>
#include "core.h"
#include "common.h"
#include "rdns.h"
#include "mutex.h"
extern int tcp_read_time_out;
extern int tcp_connect_time_out;
extern int proxychains_quiet_mode;
extern unsigned int proxychains_proxy_offset;
extern unsigned int remote_dns_subnet;
static int poll_retry(struct pollfd *fds, nfds_t nfsd, int timeout) {
int ret;
int time_remain = timeout;
int time_elapsed = 0;
struct timeval start_time;
struct timeval tv;
gettimeofday(&start_time, NULL);
do {
//printf("Retry %d\n", time_remain);
ret = poll(fds, nfsd, time_remain);
gettimeofday(&tv, NULL);
time_elapsed = ((tv.tv_sec - start_time.tv_sec) * 1000 + (tv.tv_usec - start_time.tv_usec) / 1000);
//printf("Time elapsed %d\n", time_elapsed);
time_remain = timeout - time_elapsed;
} while(ret == -1 && errno == EINTR && time_remain > 0);
//if (ret == -1)
//printf("Return %d %d %s\n", ret, errno, strerror(errno));
return ret;
}
static void encode_base_64(char *src, char *dest, int max_len) {
static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int n, l, i;
l = strlen(src);
max_len = (max_len - 1) / 4;
for(i = 0; i < max_len; i++, src += 3, l -= 3) {
switch (l) {
case 0:
break;
case 1:
n = src[0] << 16;
*dest++ = base64[(n >> 18) & 077];
*dest++ = base64[(n >> 12) & 077];
*dest++ = '=';
*dest++ = '=';
break;
case 2:
n = src[0] << 16 | src[1] << 8;
*dest++ = base64[(n >> 18) & 077];
*dest++ = base64[(n >> 12) & 077];
*dest++ = base64[(n >> 6) & 077];
*dest++ = '=';
break;
default:
n = src[0] << 16 | src[1] << 8 | src[2];
*dest++ = base64[(n >> 18) & 077];
*dest++ = base64[(n >> 12) & 077];
*dest++ = base64[(n >> 6) & 077];
*dest++ = base64[n & 077];
}
if(l < 3)
break;
}
*dest++ = 0;
}
void proxychains_write_log(char *str, ...) {
char buff[1024*4];
va_list arglist;
if(!proxychains_quiet_mode) {
va_start(arglist, str);
vsnprintf(buff, sizeof(buff), str, arglist);
va_end(arglist);
fprintf(stderr, "%s", buff);
fflush(stderr);
}
}
static int write_n_bytes(int fd, char *buff, size_t size) {
int i = 0;
size_t wrote = 0;
for(;;) {
i = write(fd, &buff[wrote], size - wrote);
if(i <= 0)
return i;
wrote += i;
if(wrote == size)
return wrote;
}
}
static int read_n_bytes(int fd, char *buff, size_t size) {
int ready;
size_t i;
struct pollfd pfd[1];
pfd[0].fd = fd;
pfd[0].events = POLLIN;
for(i = 0; i < size; i++) {
pfd[0].revents = 0;
ready = poll_retry(pfd, 1, tcp_read_time_out);
if(ready != 1 || !(pfd[0].revents & POLLIN) || 1 != read(fd, &buff[i], 1))
return -1;
}
return (int) size;
}
static int timed_connect(int sock, const struct sockaddr *addr, socklen_t len) {
int ret, value;
socklen_t value_len;
struct pollfd pfd[1];
PFUNC();
pfd[0].fd = sock;
pfd[0].events = POLLOUT;
fcntl(sock, F_SETFL, O_NONBLOCK);
ret = true_connect(sock, addr, len);
PDEBUG("\nconnect ret=%d\n", ret);
if(ret == -1 && errno == EINPROGRESS) {
ret = poll_retry(pfd, 1, tcp_connect_time_out);
PDEBUG("\npoll ret=%d\n", ret);
if(ret == 1) {
value_len = sizeof(socklen_t);
getsockopt(sock, SOL_SOCKET, SO_ERROR, &value, &value_len);
PDEBUG("\nvalue=%d\n", value);
if(!value)
ret = 0;
else
ret = -1;
} else {
ret = -1;
}
} else {
#ifdef DEBUG
if(ret == -1)
perror("true_connect");
#endif
if(ret != 0)
ret = -1;
}
fcntl(sock, F_SETFL, !O_NONBLOCK);
return ret;
}
#define INVALID_INDEX 0xFFFFFFFFU
#define BUFF_SIZE 1024 // used to read responses from proxies.
static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, char *user, char *pass) {
char *dns_name = NULL;
char hostnamebuf[MSG_LEN_MAX];
size_t dns_len = 0;
PFUNC();
// we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution
// the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with
// the results returned from gethostbyname et al.)
// the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127
if(!ip.is_v6 && proxychains_resolver >= DNSLF_RDNS_START && ip.addr.v4.octet[0] == remote_dns_subnet) {
dns_len = rdns_get_host_for_ip(ip.addr.v4, hostnamebuf);
if(!dns_len) goto err;
else dns_name = hostnamebuf;
}
PDEBUG("host dns %s\n", dns_name ? dns_name : "<NULL>");
size_t ulen = strlen(user);
size_t passlen = strlen(pass);
if(ulen > 0xFF || passlen > 0xFF || dns_len > 0xFF) {
proxychains_write_log(LOG_PREFIX "error: maximum size of 255 for user/pass or domain name!\n");
goto err;
}
int len;
unsigned char buff[BUFF_SIZE];
char ip_buf[INET6_ADDRSTRLEN];
int v6 = ip.is_v6;
switch (pt) {
case RAW_TYPE: {
return SUCCESS;
}
break;
case HTTP_TYPE:{
if(!dns_len) {
if(!inet_ntop(v6?AF_INET6:AF_INET,ip.addr.v6,ip_buf,sizeof ip_buf)) {
proxychains_write_log(LOG_PREFIX "error: ip address conversion failed\n");
goto err;
}
dns_name = ip_buf;
}
#define HTTP_AUTH_MAX ((0xFF * 2) + 1 + 1) /* 2 * 0xff: username and pass, plus 1 for ':' and 1 for zero terminator. */
char src[HTTP_AUTH_MAX];
char dst[(4 * HTTP_AUTH_MAX)];
if(ulen) {
snprintf(src, sizeof(src), "%s:%s", user, pass);
encode_base_64(src, dst, sizeof(dst));
} else dst[0] = 0;
uint16_t hs_port = ntohs(port);
len = snprintf((char *) buff, sizeof(buff),
"CONNECT %s:%d HTTP/1.0\r\nHost: %s:%d\r\n%s%s%s\r\n",
dns_name, hs_port,
dns_name, hs_port,
ulen ? "Proxy-Authorization: Basic " : dst,
dst, ulen ? "\r\n" : dst);
if(len < 0 || len != true_send(sock, buff, len, 0))
goto err;
len = 0;
// read header byte by byte.
while(len < BUFF_SIZE) {
if(1 == read_n_bytes(sock, (char *) (buff + len), 1))
len++;
else
goto err;
if(len > 4 &&
buff[len - 1] == '\n' &&
buff[len - 2] == '\r' && buff[len - 3] == '\n' && buff[len - 4] == '\r')
break;
}
// if not ok (200) or response greather than BUFF_SIZE return BLOCKED;
if(len == BUFF_SIZE || !(buff[9] == '2' && buff[10] == '0' && buff[11] == '0')) {
PDEBUG("HTTP proxy blocked: buff=\"%s\"\n", buff);
return BLOCKED;
}
return SUCCESS;
}
break;
case SOCKS4_TYPE:{
if(v6) {
proxychains_write_log(LOG_PREFIX "error: SOCKS4 doesn't support ipv6 addresses\n");
goto err;
}
buff[0] = 4; // socks version
buff[1] = 1; // connect command
memcpy(&buff[2], &port, 2); // dest port
if(dns_len) {
ip.addr.v4.octet[0] = 0;
ip.addr.v4.octet[1] = 0;
ip.addr.v4.octet[2] = 0;
ip.addr.v4.octet[3] = 1;
}
memcpy(&buff[4], &ip.addr.v4, 4); // dest host
len = ulen + 1; // username
if(len > 1)
memcpy(&buff[8], user, len);
else {
buff[8] = 0;
}
// do socksv4a dns resolution on the server
if(dns_len) {
memcpy(&buff[8 + len], dns_name, dns_len + 1);
len += dns_len + 1;
}
if((len + 8) != write_n_bytes(sock, (char *) buff, (8 + len)))
goto err;
if(8 != read_n_bytes(sock, (char *) buff, 8))
goto err;
if(buff[0] != 0 || buff[1] != 90)
return BLOCKED;
return SUCCESS;
}
break;
case SOCKS5_TYPE:{
int n_methods = ulen ? 2 : 1;
buff[0] = 5; // version
buff[1] = n_methods ; // number of methods
buff[2] = 0; // no auth method
if(ulen) buff[3] = 2; /// auth method -> username / password
if(2+n_methods != write_n_bytes(sock, (char *) buff, 2+n_methods))
goto err;
if(2 != read_n_bytes(sock, (char *) buff, 2))
goto err;
if(buff[0] != 5 || (buff[1] != 0 && buff[1] != 2)) {
if(buff[0] == 5 && buff[1] == 0xFF)
return BLOCKED;
else
goto err;
}
if(buff[1] == 2) {
// authentication
char in[2];
char out[515];
char *cur = out;
size_t c;
*cur++ = 1; // version
c = ulen & 0xFF;
*cur++ = c;
memcpy(cur, user, c);
cur += c;
c = passlen & 0xFF;
*cur++ = c;
memcpy(cur, pass, c);
cur += c;
if((cur - out) != write_n_bytes(sock, out, cur - out))
goto err;
if(2 != read_n_bytes(sock, in, 2))
goto err;
/* according to RFC 1929 the version field for the user/pass auth sub-
negotiation should be 1, which is kinda counter-intuitive, so there
are some socks5 proxies that return 5 instead. other programs like
curl work fine when the version is 5, so let's do the same and accept
either of them. */
if(!(in[0] == 5 || in[0] == 1))
goto err;
if(in[1] != 0)
return BLOCKED;
}
int buff_iter = 0;
buff[buff_iter++] = 5; // version
buff[buff_iter++] = 1; // connect
buff[buff_iter++] = 0; // reserved
if(!dns_len) {
buff[buff_iter++] = v6 ? 4 : 1; // ip v4/v6
memcpy(buff + buff_iter, ip.addr.v6, v6?16:4); // dest host
buff_iter += v6?16:4;
} else {
buff[buff_iter++] = 3; //dns
buff[buff_iter++] = dns_len & 0xFF;
memcpy(buff + buff_iter, dns_name, dns_len);
buff_iter += dns_len;
}
memcpy(buff + buff_iter, &port, 2); // dest port
buff_iter += 2;
if(buff_iter != write_n_bytes(sock, (char *) buff, buff_iter))
goto err;
if(4 != read_n_bytes(sock, (char *) buff, 4))
goto err;
if(buff[0] != 5 || buff[1] != 0)
goto err;
switch (buff[3]) {
case 1:
len = 4;
break;
case 4:
len = 16;
break;
case 3:
len = 0;
if(1 != read_n_bytes(sock, (char *) &len, 1))
goto err;
break;
default:
goto err;
}
if(len + 2 != read_n_bytes(sock, (char *) buff, len + 2))
goto err;
return SUCCESS;
}
break;
}
err:
return SOCKET_ERROR;
}
/* Given a socket connected to a SOCKS5 proxy server, performs a UDP_ASSOCIATE handshake and returns BND_ADDR and BND_PORT if successfull.
Pass NULL dst_addr and dst_port to fill those fields with 0 if expected local addr and port for udp sending are unknown (see RFC1928) */
static int udp_associate(int sock, ip_type* dst_addr, unsigned short dst_port, ip_type* bnd_addr, unsigned short* bnd_port, char* user, char* pass){
PFUNC();
size_t ulen = strlen(user);
size_t passlen = strlen(pass);
if(ulen > 0xFF || passlen > 0xFF) {
proxychains_write_log(LOG_PREFIX "error: maximum size of 255 for user/pass!\n");
goto err;
}
int len;
unsigned char buff[BUFF_SIZE];
char ip_buf[INET6_ADDRSTRLEN];
int n_methods = ulen ? 2 : 1;
buff[0] = 5; // version
buff[1] = n_methods ; // number of methods
buff[2] = 0; // no auth method
if(ulen) buff[3] = 2; /// auth method -> username / password
if(2+n_methods != write_n_bytes(sock, (char *) buff, 2+n_methods))
goto err;
if(2 != read_n_bytes(sock, (char *) buff, 2))
goto err;
if(buff[0] != 5 || (buff[1] != 0 && buff[1] != 2)) {
if(buff[0] == 5 && buff[1] == 0xFF)
return BLOCKED;
else
goto err;
}
if(buff[1] == 2) {
// authentication
char in[2];
char out[515];
char *cur = out;
size_t c;
*cur++ = 1; // version
c = ulen & 0xFF;
*cur++ = c;
memcpy(cur, user, c);
cur += c;
c = passlen & 0xFF;
*cur++ = c;
memcpy(cur, pass, c);
cur += c;
if((cur - out) != write_n_bytes(sock, out, cur - out))
goto err;
if(2 != read_n_bytes(sock, in, 2))
goto err;
/* according to RFC 1929 the version field for the user/pass auth sub-
negotiation should be 1, which is kinda counter-intuitive, so there
are some socks5 proxies that return 5 instead. other programs like
curl work fine when the version is 5, so let's do the same and accept
either of them. */
if(!(in[0] == 5 || in[0] == 1))
goto err;
if(in[1] != 0)
return BLOCKED;
}
int buff_iter = 0;
buff[buff_iter++] = 5; // version
buff[buff_iter++] = 3; // udp_associate
buff[buff_iter++] = 0; // reserved
if(dst_addr) {
int v6 = dst_addr->is_v6;
buff[buff_iter++] = v6 ? 4 : 1; // ip v4/v6
memcpy(buff + buff_iter, dst_addr->addr.v6, v6?16:4); // dest host
buff_iter += v6?16:4;
memcpy(buff + buff_iter, &dst_port, 2); // dest port
buff_iter += 2;
} else {
buff[buff_iter++] = 1; //we put atyp = 1, should we put 0 ?
buff[buff_iter++] = 0; // v4 byte1
buff[buff_iter++] = 0; // v4 byte2
buff[buff_iter++] = 0; // v4 byte3
buff[buff_iter++] = 0; // v4 byte4
buff[buff_iter++] = 0; // port byte1
buff[buff_iter++] = 0; // port byte2
}
if(buff_iter != write_n_bytes(sock, (char *) buff, buff_iter))
goto err;
if(4 != read_n_bytes(sock, (char *) buff, 4))
goto err;
if(buff[0] != 5 || buff[1] != 0)
goto err;
switch (buff[3]) {
case ATYP_V4:
bnd_addr->is_v6 = 0;
break;
case ATYP_V6:
bnd_addr->is_v6 = 1;
break;
case ATYP_DOM:
PDEBUG("BND_ADDR in UDP_ASSOCIATE response should not be a domain name!\n");
goto err;
break;
default:
goto err;
}
len = bnd_addr->is_v6?16:4;
if(len != read_n_bytes(sock, (char *) buff, len))
goto err;
memcpy(bnd_addr->addr.v6, buff,len);
if(2 != read_n_bytes(sock, (char *) buff, 2))
goto err;
memcpy(bnd_port, buff, 2);
return SUCCESS;
err:
return SOCKET_ERROR;
}
/* Fills buf with the SOCKS5 udp request header for the target dst_addr:dst_port*/
static int write_udp_header(socks5_addr dst_addr, unsigned short dst_port , char frag, char * buf, size_t buflen) {
int size = 0;
int v6 = dst_addr.atyp == ATYP_V6;
if(dst_addr.atyp == ATYP_DOM){
size = dst_addr.addr.dom.len;
} else {
size = v6?16:4;
}
if (buflen <= size) {
return -1;
}
int buf_iter = 0;
buf[buf_iter++] = 0; // reserved
buf[buf_iter++] = 0; // reserved
buf[buf_iter++] = frag; // frag
buf[buf_iter++] = dst_addr.atyp; // atyp
switch (dst_addr.atyp){
case ATYP_V6:
case ATYP_V4:
memcpy(buf + buf_iter, dst_addr.addr.v6, v6?16:4);
buf_iter += v6?16:4;
break;
case ATYP_DOM:
buf[buf_iter++] = dst_addr.addr.dom.len;
memcpy(buf + buf_iter, dst_addr.addr.dom.name, dst_addr.addr.dom.len);
buf_iter += dst_addr.addr.dom.len;
break;
}
memcpy(buf + buf_iter, &dst_port, 2); // dest port
buf_iter += 2;
return buf_iter;
}
int read_udp_header(char * buf, size_t buflen, socks5_addr* src_addr, unsigned short* src_port, char* frag) {
PFUNC();
PDEBUG("buflen : %d\n", buflen);
if (buflen < 5){
PDEBUG("buffer too short to contain a UDP header\n");
return -1;
}
int buf_iter = 0;
buf_iter += 2; // first 2 bytes are reserved;
*frag = buf[buf_iter++];
src_addr->atyp = buf[buf_iter++];
int v6;
switch (src_addr->atyp)
{
case ATYP_DOM:
PDEBUG("UDP header with ATYP_DOM addr type\n");
src_addr->addr.dom.len = buf[buf_iter++];
if(buflen < (5 + 2 + src_addr->addr.dom.len) ) {
PDEBUG("buffer too short to read the UDP header\n");
return -1;
}
memcpy(src_addr->addr.dom.name, buf + buf_iter, src_addr->addr.dom.len);
buf_iter += src_addr->addr.dom.len;
break;
case ATYP_V4:
case ATYP_V6:
PDEBUG("UDP header with ATYP_V4/6 addr type\n");
v6 = src_addr->atyp == ATYP_V6;
if(buflen < (4 + 2 + v6?16:4) ){
PDEBUG("buffer too short to read the UDP header\n");
return -1;
}
memcpy(src_addr->addr.v6, buf + buf_iter, v6?16:4);
buf_iter += v6?16:4;
cast_socks5addr_v4inv6_to_v4(src_addr);
break;
default:
break;
}
memcpy(src_port, buf+buf_iter, 2);
buf_iter += 2;
return buf_iter;
}
size_t get_iov_total_len(struct iovec* iov, size_t iov_len){
size_t n = 0;
for(int i=0; i<iov_len; i++){
n += iov[i].iov_len;
}
return n;
}
size_t write_buf_to_iov(void* buff, size_t buff_len, struct iovec* iov, size_t iov_len){
size_t written = 0;
int i = 0;
size_t min = 0;
//size_t iov_total_len = get_iov_total_len(iov, iov_len);
while( (written < buff_len) && (i < iov_len)){
min = ((buff_len-written)<iov[i].iov_len)?(buff_len-written):iov[i].iov_len;
memcpy(iov[i].iov_base, buff+written, min);
written += min;
i += 1;
}
return written;
}
size_t write_iov_to_buf(void* buff, size_t buff_len, struct iovec* iov, size_t iov_len){
size_t written = 0;
int i = 0;
size_t min = 0;
//size_t iov_total_len = get_iov_total_len(iov, iov_len);
while( (written < buff_len) && (i < iov_len)){
min = ((buff_len-written)<iov[i].iov_len)?(buff_len-written):iov[i].iov_len;
memcpy(buff+written, iov[i].iov_base, min);
written += min;
i += 1;
}
return written;
}
void cast_socks5addr_v4inv6_to_v4(socks5_addr* addr){
if( (addr->atyp == ATYP_V6) && !memcmp(addr->addr.v6, "\0\0\0\0\0\0\0\0\0\0\xff\xff", 12)){
PDEBUG("casting v4inv6 address to v4 address\n");
addr->atyp=ATYP_V4;
memcpy(addr->addr.v4.octet, addr->addr.v6+12, 4);
}
}
int compare_iptype_sockaddr(ip_type addr1, struct sockaddr* addr2){
if(addr1.is_v6 && (((struct sockaddr_in6 *)addr2)->sin6_family == AF_INET6)){
//Both are IPv6
return !memcmp(((struct sockaddr_in6 *)addr2)->sin6_addr.s6_addr, addr1.addr.v6, 16);
} else if(!addr1.is_v6 && (((struct sockaddr_in *)addr2)->sin_family == AF_INET)){
//Both are IPv4
return ((uint32_t)(((struct sockaddr_in *)addr2)->sin_addr.s_addr) == addr1.addr.v4.as_int);
} else {
// Not the same address type
return 0;
}
}
int compare_socks5_addr_iptype(socks5_addr addr1, ip_type addr2){
PFUNC();
if(addr1.atyp == ATYP_DOM){
//addr1 is a domain name
return 0;
}
if((addr1.atyp == ATYP_V6) && addr2.is_v6){
//Both are IPv6
return !memcmp(addr1.addr.v6, addr2.addr.v6, 16);
} else if((addr1.atyp == ATYP_V4) && !addr2.is_v6){
//Both are IPv4
return (addr1.addr.v4.as_int == addr2.addr.v4.as_int);
} else {
// Not the same address type
return 0;
}
}
int is_from_chain_head(udp_relay_chain chain, struct sockaddr* src_addr){
if(compare_iptype_sockaddr(chain.head->bnd_addr, src_addr)){
return (chain.head->bnd_port == ((struct sockaddr_in*)src_addr)->sin_port);
}
return 0;
}
int decapsulate_check_udp_packet(void* in_buffer, size_t in_buffer_len, udp_relay_chain chain, socks5_addr* src_addr, unsigned short* src_port, void* udp_data, size_t* udp_data_len){
PFUNC();
// Go through the whole proxy chain, decapsulate each header and check that the addresses match
udp_relay_node * tmp = chain.head;
int read = 0;
int rc = 0;
socks5_addr header_addr;
unsigned short header_port;
char header_frag;
while (tmp->next != NULL)
{
rc = read_udp_header(in_buffer+read, in_buffer_len-read, &header_addr, &header_port, &header_frag );
if(-1 == rc){
PDEBUG("error reading UDP header\n");
return -1;
}
read += rc;
if(header_frag != 0x00){
printf("WARNING: received UDP packet with frag != 0 while fragmentation is unsupported.\n");
}
if(!compare_socks5_addr_iptype(header_addr, tmp->next->bnd_addr)){
PDEBUG("UDP header addr is not equal to proxy node addr, dropping packet\n");
return -1;
}
if(tmp->next->bnd_port != header_port){
PDEBUG("UDP header port is not equal to proxy node port, dropping packet\n");
return -1;
}
PDEBUG("UDP header's addr and port correspond to proxy node's addr and port\n");
tmp = tmp->next;
}
PDEBUG("all UDP headers validated\n");
// Decapsulate the last header. No checks needed here, just pass the source addr and port as return values
rc = read_udp_header(in_buffer+read, in_buffer_len-read, src_addr, src_port, &header_frag);
if(-1 == rc){
PDEBUG("error reading UDP header\n");
return -1;
}
read += rc;
if(header_frag != 0x00){
printf("WARNING: received UDP packet with frag != 0 while fragmentation is unsupported.\n");
}
// Copy the UDP data to the provided buffer. If the provided buffer is too small, data is truncated
int min = ((in_buffer_len-read)>*udp_data_len)?*udp_data_len:(in_buffer_len-read);
memcpy(udp_data,in_buffer+read, min);
// Write back the length of written UDP data in the input/output parameter udp_data_len
*udp_data_len = min;
return 0;
}
int unsocksify_udp_packet(void* in_buffer, size_t in_buffer_len, udp_relay_chain chain, ip_type* src_ip, unsigned short* src_port, void* udp_data, size_t* udp_data_len){
PFUNC();
// Decapsulate all the UDP headers and check that the packet came from the right proxy nodes
int rc;
socks5_addr src_addr;
rc = decapsulate_check_udp_packet(in_buffer, in_buffer_len, chain, &src_addr, src_port, udp_data, udp_data_len);
if(rc != SUCCESS){
PDEBUG("error decapsulating the packet\n");
return -1;
}
PDEBUG("all UDP headers decapsulated and validated\n");
// If the innermost UDP header (containing the address of the final target) is of type ATYP_DOM, perform a
// reverse mapping to hand the 224.X.X.X IP to the client application
if(src_addr.atyp == ATYP_DOM){
PDEBUG("Fetching matching IP for hostname\n");
DUMP_BUFFER(src_addr.addr.dom.name,src_addr.addr.dom.len);
ip_type4 tmp_ip = IPT4_INVALID;
char host_string[256];
memcpy(host_string, src_addr.addr.dom.name, src_addr.addr.dom.len);
host_string[src_addr.addr.dom.len] = 0x00;
tmp_ip = rdns_get_ip_for_host(host_string, src_addr.addr.dom.len);
if(tmp_ip.as_int == -1){
PDEBUG("error getting ip for host\n");
return -1;
}
src_addr.atyp = ATYP_V4;
src_addr.addr.v4.as_int = tmp_ip.as_int;
}
src_ip->is_v6 = (src_addr.atyp == ATYP_V6);
if(src_ip->is_v6){
memcpy(src_ip->addr.v6, src_addr.addr.v6, 16);
} else{
src_ip->addr.v4.as_int = src_addr.addr.v4.as_int;
}
return 0;
}
int encapsulate_udp_packet(udp_relay_chain chain, socks5_addr dst_addr, unsigned short dst_port, void* buffer, size_t* buffer_len){
PFUNC();
unsigned int written = 0;
unsigned int offset = 0;
udp_relay_node * tmp = chain.head;
while ((tmp->next != NULL) && (written < *buffer_len))
{
socks5_addr tmpaddr;
tmpaddr.atyp = (tmp->next)->bnd_addr.is_v6?ATYP_V6:ATYP_V4;
memcpy(tmpaddr.addr.v6, (tmp->next)->bnd_addr.addr.v6, (tmp->next)->bnd_addr.is_v6?16:4);
written = write_udp_header(tmpaddr, (tmp->next)->bnd_port, 0, buffer+offset, *buffer_len - offset);
if (written == -1){
PDEBUG("error write_udp_header\n");
return -1;
}
offset += written;
tmp = tmp->next;
}
written = write_udp_header(dst_addr, dst_port, 0, buffer+offset, *buffer_len-offset);
if (written == -1){
PDEBUG("error write_udp_header\n");
return -1;
}
offset += written;
*buffer_len = offset;
return 0;
}
int socksify_udp_packet(void* udp_data, size_t udp_data_len, udp_relay_chain chain, ip_type dst_ip, unsigned short dst_port, void* buffer, size_t* buffer_len){
PFUNC();
if (chain.head == NULL ){
PDEBUG("provided chain is empty\n");
return -1;
}
char *dns_name = NULL;
char hostnamebuf[MSG_LEN_MAX];
size_t dns_len = 0;
socks5_addr dst_addr;
// we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution
// the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with
// the results returned from gethostbyname et al.)
// the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127
if(!dst_ip.is_v6 && proxychains_resolver >= DNSLF_RDNS_START && dst_ip.addr.v4.octet[0] == remote_dns_subnet) {
dst_addr.atyp = ATYP_DOM;
dns_len = rdns_get_host_for_ip(dst_ip.addr.v4, dst_addr.addr.dom.name);
PDEBUG("dnslen: %d\n", dns_len);
if(!dns_len) return -1;
else dns_name = dst_addr.addr.dom.name;
dst_addr.addr.dom.len = dns_len & 0xFF;
PDEBUG("dnslen in struct: %d\n", dst_addr.addr.dom.len);
} else {
if(dst_ip.is_v6){
dst_addr.atyp = ATYP_V6;
memcpy(dst_addr.addr.v6, dst_ip.addr.v6, 16);
} else {
dst_addr.atyp = ATYP_V4;
memcpy(dst_addr.addr.v4.octet, dst_ip.addr.v4.octet, 4);
}
}
PDEBUG("host dns %s\n", dns_name ? dns_name : "<NULL>");
// Write all the UDP headers into the provided buffer
int rc;
size_t tmp_buffer_len = *buffer_len;
rc = encapsulate_udp_packet(chain, dst_addr, dst_port, buffer, &tmp_buffer_len);
if(rc != SUCCESS){
PDEBUG("error encapsulate_udp_packet()\n");
return -1;
}
// Append UDP data in the remaining space of the buffer
int min = (udp_data_len>(buffer_len-tmp_buffer_len))?(buffer_len-tmp_buffer_len):udp_data_len;
memcpy(buffer + tmp_buffer_len, udp_data, min);
*buffer_len = tmp_buffer_len + min;
return 0;
}
#define TP " ... "
#define DT "Dynamic chain"
#define ST "Strict chain"
#define RT "Random chain"
#define RRT "Round Robin chain"
#define UDPC "UDP_ASSOCIATE tcp socket chain"
static int start_chain(int *fd, proxy_data * pd, char *begin_mark) {
PFUNC();
int v6 = pd->ip.is_v6;
*fd = socket(v6?PF_INET6:PF_INET, SOCK_STREAM, 0);
if(*fd == -1)
goto error;
char ip_buf[INET6_ADDRSTRLEN];
if(!inet_ntop(v6?AF_INET6:AF_INET,pd->ip.addr.v6,ip_buf,sizeof ip_buf))
goto error;
proxychains_write_log(LOG_PREFIX "%s " TP " %s:%d ",
begin_mark, ip_buf, htons(pd->port));
pd->ps = PLAY_STATE;
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_port = pd->port,
.sin_addr.s_addr = (in_addr_t) pd->ip.addr.v4.as_int
};
struct sockaddr_in6 addr6 = {
.sin6_family = AF_INET6,
.sin6_port = pd->port,
};
if(v6) memcpy(&addr6.sin6_addr.s6_addr, pd->ip.addr.v6, 16);
if(timed_connect(*fd, (struct sockaddr *) (v6?(void*)&addr6:(void*)&addr), v6?sizeof(addr6):sizeof(addr))) {
pd->ps = DOWN_STATE;
goto error1;
}
pd->ps = BUSY_STATE;
return SUCCESS;
error1:
proxychains_write_log(TP " timeout\n");
error:
if(*fd != -1)
close(*fd);
return SOCKET_ERROR;
}
static proxy_data *select_proxy(select_type how, proxy_data * pd, unsigned int proxy_count, unsigned int *offset) {
PFUNC();
PDEBUG("offset: %d\n", *offset);
PDEBUG("state: %d\n", pd[0].ps);
unsigned int i = 0, k = 0;
if(*offset >= proxy_count)
return NULL;
switch (how) {
case RANDOMLY:
do {
k++;
i = rand() % proxy_count;
} while(pd[i].ps != PLAY_STATE && k < proxy_count * 100);
break;
case FIFOLY:
for(i = *offset; i < proxy_count; i++) {
if(pd[i].ps == PLAY_STATE) {
*offset = i;
break;
}
}
default:
break;
}
if(i >= proxy_count)
i = 0;
return (pd[i].ps == PLAY_STATE) ? &pd[i] : NULL;
}
static void release_all(proxy_data * pd, unsigned int proxy_count) {
unsigned int i;
for(i = 0; i < proxy_count; i++)
pd[i].ps = PLAY_STATE;
return;
}
static void release_busy(proxy_data * pd, unsigned int proxy_count) {
unsigned int i;
for(i = 0; i < proxy_count; i++)
if(pd[i].ps == BUSY_STATE)
pd[i].ps = PLAY_STATE;
return;
}
static unsigned int calc_alive(proxy_data * pd, unsigned int proxy_count) {
unsigned int i;
int alive_count = 0;
release_busy(pd, proxy_count);
for(i = 0; i < proxy_count; i++)
if(pd[i].ps == PLAY_STATE)
alive_count++;
return alive_count;
}
static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
int retcode = -1;
char *hostname;
char hostname_buf[MSG_LEN_MAX];
char ip_buf[INET6_ADDRSTRLEN];
int v6 = pto->ip.is_v6;
PFUNC();
if(!v6 && proxychains_resolver >= DNSLF_RDNS_START && pto->ip.addr.v4.octet[0] == remote_dns_subnet) {
if(!rdns_get_host_for_ip(pto->ip.addr.v4, hostname_buf)) goto usenumericip;
else hostname = hostname_buf;
} else {
usenumericip:
if(!inet_ntop(v6?AF_INET6:AF_INET,pto->ip.addr.v6,ip_buf,sizeof ip_buf)) {
pto->ps = DOWN_STATE;
proxychains_write_log("<--ip conversion error!\n");
close(ns);
return SOCKET_ERROR;
}
hostname = ip_buf;
}
proxychains_write_log(TP " %s:%d ", hostname, htons(pto->port));
retcode = tunnel_to(ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass);
switch (retcode) {
case SUCCESS:
pto->ps = BUSY_STATE;
break;
case BLOCKED:
pto->ps = BLOCKED_STATE;
proxychains_write_log("<--denied\n");
close(ns);
break;
case SOCKET_ERROR:
pto->ps = DOWN_STATE;
proxychains_write_log("<--socket error or timeout!\n");
close(ns);
break;
}
return retcode;
}
int connect_proxy_chain(int sock, ip_type target_ip,
unsigned short target_port, proxy_data * pd,
unsigned int proxy_count, chain_type ct, unsigned int max_chain) {
proxy_data p4;
proxy_data *p1, *p2, *p3;
int ns = -1;
int rc = -1;
unsigned int offset = 0;
unsigned int alive_count = 0;
unsigned int curr_len = 0;
unsigned int looped = 0; // went back to start of list in RR mode
unsigned int rr_loop_max = 14;
p3 = &p4;
PFUNC();
again:
rc = -1;
DUMP_PROXY_CHAIN(pd, proxy_count);
switch (ct) {
case DYNAMIC_TYPE:
alive_count = calc_alive(pd, proxy_count);
offset = 0;
do {
if(!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset)))
goto error_more;
} while(SUCCESS != start_chain(&ns, p1, DT) && offset < proxy_count);
for(;;) {
p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
if(!p2)
break;
if(SUCCESS != chain_step(ns, p1, p2)) {
PDEBUG("GOTO AGAIN 1\n");
goto again;
}
p1 = p2;
}
//proxychains_write_log(TP);
p3->ip = target_ip;
p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3))
goto error;
break;
case ROUND_ROBIN_TYPE:
alive_count = calc_alive(pd, proxy_count);
offset = proxychains_proxy_offset;
if(alive_count < max_chain)
goto error_more;
PDEBUG("1:rr_offset = %d\n", offset);
/* Check from current RR offset til end */
for (;rc != SUCCESS;) {
if (!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) {
/* We've reached the end of the list, go to the start */
offset = 0;
looped++;
if (looped > rr_loop_max) {
proxychains_proxy_offset = 0;
goto error_more;
} else {
PDEBUG("rr_type all proxies down, release all\n");
release_all(pd, proxy_count);
/* Each loop we wait 10ms more */
usleep(10000 * looped);
continue;
}
}
PDEBUG("2:rr_offset = %d\n", offset);
rc=start_chain(&ns, p1, RRT);
}
/* Create rest of chain using RR */
for(curr_len = 1; curr_len < max_chain;) {
PDEBUG("3:rr_offset = %d, curr_len = %d, max_chain = %d\n", offset, curr_len, max_chain);
p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
if(!p2) {
/* Try from the beginning to where we started */
offset = 0;
continue;
} else if(SUCCESS != chain_step(ns, p1, p2)) {
PDEBUG("GOTO AGAIN 1\n");
goto again;
} else
p1 = p2;
curr_len++;
}
//proxychains_write_log(TP);
p3->ip = target_ip;
p3->port = target_port;
proxychains_proxy_offset = offset+1;
PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len);
if(SUCCESS != chain_step(ns, p1, p3))
goto error;
break;
case STRICT_TYPE:
alive_count = calc_alive(pd, proxy_count);
offset = 0;
if(!(p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) {
PDEBUG("select_proxy failed\n");
goto error_strict;
}
if(SUCCESS != start_chain(&ns, p1, ST)) {
PDEBUG("start_chain failed\n");
goto error_strict;
}
while(offset < proxy_count) {
if(!(p2 = select_proxy(FIFOLY, pd, proxy_count, &offset)))
break;
if(SUCCESS != chain_step(ns, p1, p2)) {
PDEBUG("chain_step failed\n");
goto error_strict;
}
p1 = p2;
}
//proxychains_write_log(TP);
p3->ip = target_ip;
p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3))
goto error;
break;
case RANDOM_TYPE:
alive_count = calc_alive(pd, proxy_count);
if(alive_count < max_chain)
goto error_more;
curr_len = offset = 0;
do {
if(!(p1 = select_proxy(RANDOMLY, pd, proxy_count, &offset)))
goto error_more;
} while(SUCCESS != start_chain(&ns, p1, RT) && offset < max_chain);
while(++curr_len < max_chain) {
if(!(p2 = select_proxy(RANDOMLY, pd, proxy_count, &offset)))
goto error_more;
if(SUCCESS != chain_step(ns, p1, p2)) {
PDEBUG("GOTO AGAIN 2\n");
goto again;
}
p1 = p2;
}
//proxychains_write_log(TP);
p3->ip = target_ip;
p3->port = target_port;
if(SUCCESS != chain_step(ns, p1, p3))
goto error;
}
proxychains_write_log(TP " OK\n");
dup2(ns, sock);
close(ns);
return 0;
error:
if(ns != -1)
close(ns);
errno = ECONNREFUSED; // for nmap ;)
return -1;
error_more:
proxychains_write_log("\n!!!need more proxies!!!\n");
error_strict:
PDEBUG("error\n");
release_all(pd, proxy_count);
if(ns != -1)
close(ns);
errno = ETIMEDOUT;
return -1;
}
// int connect_to_lastnode(int *sock, udp_relay_chain chain){
// udp_relay_node * current_node = chain.head;
// //First connect to the chain head
// if(SUCCESS != start_chain(sock, &(current_node->pd), UDPC)){
// PDEBUG("start_chain failed\n");
// return -1;
// }
// // Connect to the rest of the chain
// while(current_node->next != NULL){
// if(SUCCESS != chain_step(sock, &(current_node->pd), &(current_node->next->pd))){
// PDEBUG("chain step failed\n");
// return -1;
// }
// current_node = current_node->next;
// }
// return SUCCESS;
// }
int add_node_to_chain(proxy_data * pd, udp_relay_chain * chain){
PFUNC();
// Allocate memory for the new node structure
udp_relay_node * new_node = NULL;
if(NULL == (new_node = (udp_relay_node *)malloc(sizeof(udp_relay_node)))){
PDEBUG("error malloc new node\n");
return -1;
}
new_node->next = NULL;
udp_relay_node * tmp = chain->head;
if(tmp == NULL){ // Means new_node is the first node to be created
chain->head = new_node;
new_node->prev = NULL;
} else {
// Moving to the end of the current chain
while(tmp->next != NULL){
tmp = tmp->next;
}
// Adding the new node at the end
tmp->next = new_node;
new_node->prev = tmp;
}
// Initializing the new node
new_node->pd.ip = pd->ip;
new_node->pd.port = pd->port;
new_node->pd.pt = pd->pt;
new_node->pd.ps = pd->ps;
strcpy(new_node->pd.user, pd->user);
strcpy(new_node->pd.pass, pd->pass);
// Connecting the new node tcp_socketfd to the associated proxy through the current chain
//
tmp = chain->head;
// First connect to the chain head
if(SUCCESS != start_chain(&(new_node->tcp_sockfd), &(tmp->pd), UDPC)){
PDEBUG("start_chain failed\n");
new_node->tcp_sockfd = -1;
goto err;
}
// Connect to the rest of the chain
while(tmp->next != NULL){
if(SUCCESS != chain_step(new_node->tcp_sockfd, &(tmp->pd), &(tmp->next->pd))){
PDEBUG("chain step failed\n");
new_node->tcp_sockfd = -1;
goto err;
}
tmp = tmp->next;
}
// Performing UDP_ASSOCIATE handshake in order to fill the new node BND_ADDR and BND_PORT
if(SUCCESS != udp_associate(new_node->tcp_sockfd, NULL, NULL, &(new_node->bnd_addr), &(new_node->bnd_port), new_node->pd.user, new_node->pd.pass)){
PDEBUG("udp_associate failed\n");
goto err;
}
PDEBUG("new node added and open to relay UDP packets\n");
return SUCCESS;
err:
// Ensure new node tcp socket is closed
if(new_node->tcp_sockfd != -1){
close(new_node->tcp_sockfd);
}
// Remove the new node from the chain
if(new_node->prev == NULL){ // means new_node is the only node in chain
chain->head = NULL;
} else{
(new_node->prev)->next = NULL;
}
// Free memory
free(new_node);
return -1;
}
int free_relay_chain(udp_relay_chain chain){
if(NULL != chain.connected_peer_addr){
free(chain.connected_peer_addr);
chain.connected_peer_addr = NULL;
}
if(chain.head == NULL){
return SUCCESS;
}
udp_relay_node * current = chain.head;
udp_relay_node * next = NULL;
while(current != NULL){
next = current->next;
close(current->tcp_sockfd);
free(current);
current = next;
}
return SUCCESS;
}
udp_relay_chain * open_relay_chain(proxy_data *pd, unsigned int proxy_count, chain_type ct, unsigned int max_chains){
PFUNC();
// Allocate memory for the new relay chain
udp_relay_chain * new_chain = NULL;
if(NULL == (new_chain = (udp_relay_chain *)malloc(sizeof(udp_relay_chain)))){
PDEBUG("error malloc new chain\n");
return NULL;
}
new_chain->head = NULL;
new_chain->sockfd = -1;
new_chain->connected_peer_addr = NULL;
new_chain->connected_peer_addr_len = -1;
unsigned int alive_count = 0;
unsigned int offset = 0;
proxy_data *p1;
switch (ct)
{
case DYNAMIC_TYPE:
PDEBUG("DYNAMIC_TYPE not yet supported for UDP\n");
goto error;
break;
case ROUND_ROBIN_TYPE:
PDEBUG("ROUND_ROBIN_TYPE not yet supported for UDP\n");
goto error;
break;
case STRICT_TYPE:
alive_count = calc_alive(pd, proxy_count);
offset = 0;
PDEBUG("opening STRICT_TYPE relay chain, alive_count=%d, offset=%d\n", alive_count, offset);
while((p1 = select_proxy(FIFOLY, pd, proxy_count, &offset))) {
if(SUCCESS != add_node_to_chain(p1, new_chain)) {
PDEBUG("add_node_to_chain failed\n");
p1->ps = BLOCKED_STATE;
goto error;
}
p1->ps = BUSY_STATE;
}
return new_chain;
break;
case RANDOM_TYPE:
PDEBUG("RANDOM_TYPE not yet supported for UDP\n");
goto error;
break;
default:
break;
}
error:
PDEBUG("error\n");
release_all(pd, proxy_count);
free_relay_chain(*new_chain);
free(new_chain);
errno = ETIMEDOUT;
return NULL;
}
// Checks the address family of addr, allocates a matching structure and keeps a pointer to it in the chain structure to store the address of the connected peer
void set_connected_peer_addr(udp_relay_chain* chain, struct sockaddr* addr, socklen_t addrlen){
sa_family_t fam = ((struct sockaddr_in*)addr)->sin_family;
int v6 = fam == AF_INET6;
if(v6){
struct sockaddr_in6* old_addr6 = (struct sockaddr_in6*)addr;
struct sockaddr_in6* new_addr6 = NULL;
if(NULL == (new_addr6 = (struct sockaddr_in6*)malloc(sizeof(struct sockaddr_in6)))){
PDEBUG("error malloc\n");
return -1;
}
new_addr6->sin6_family = old_addr6->sin6_family;
new_addr6->sin6_port = old_addr6->sin6_port;
memcpy(new_addr6->sin6_addr.s6_addr, old_addr6->sin6_addr.s6_addr, 16);
chain->connected_peer_addr = (struct sockaddr*)new_addr6;
chain->connected_peer_addr_len = sizeof(struct sockaddr_in6);
} else{
struct sockaddr_in* old_addr = (struct sockaddr_in*)addr;
struct sockaddr_in* new_addr = NULL;
if(NULL == (new_addr = (struct sockaddr_in*)malloc(sizeof(struct sockaddr_in)))){
PDEBUG("error malloc\n");
return -1;
}
new_addr->sin_family = old_addr->sin_family;
new_addr->sin_port = old_addr->sin_port;
new_addr->sin_addr.s_addr = old_addr->sin_addr.s_addr;
chain->connected_peer_addr = (struct sockaddr*)new_addr;
chain->connected_peer_addr_len = sizeof(struct sockaddr_in);
}
}
void add_relay_chain(udp_relay_chain_list* chains_list, udp_relay_chain* new_chain){
new_chain->next = NULL;
if(chains_list->tail == NULL){ // The current list is empty, set head and tail to the new chain
chains_list->head = new_chain;
chains_list->tail = new_chain;
new_chain->prev = NULL;
} else {
// Add the new chain at the end
chains_list->tail->next = new_chain;
new_chain->prev = chains_list->tail;
chains_list->tail = new_chain;
}
}
void del_relay_chain(udp_relay_chain_list* chains_list, udp_relay_chain* chain){
if(chain == chains_list->head){
if(chain->next == NULL){
free(chain);
chains_list->head = NULL;
chains_list->tail = NULL;
}else{
chains_list->head = chain->next;
free(chain);
}
} else if (chain = chains_list->tail){
chains_list->tail = chain->prev;
free(chain);
} else {
chain->next->prev = chain->prev;
chain->prev->next = chain->next;
free(chain);
}
}
udp_relay_chain* get_relay_chain(udp_relay_chain_list chains_list, int sockfd){
udp_relay_chain* tmp = chains_list.head;
while(tmp != NULL){
if(tmp->sockfd == sockfd){
break;
}
tmp = tmp->next;
}
return tmp;
}
static pthread_mutex_t servbyname_lock;
void core_initialize(void) {
MUTEX_INIT(&servbyname_lock);
}
void core_unload(void) {
MUTEX_DESTROY(&servbyname_lock);
}
static void gethostbyname_data_setstring(struct gethostbyname_data* data, char* name) {
snprintf(data->addr_name, sizeof(data->addr_name), "%s", name);
data->hostent_space.h_name = data->addr_name;
}
extern ip_type4 hostsreader_get_numeric_ip_for_name(const char* name);
struct hostent* proxy_gethostbyname_old(const char *name)
{
static struct hostent hostent_space;
static in_addr_t resolved_addr;
static char* resolved_addr_p;
static char addr_name[256];
int pipe_fd[2];
char buff[256];
in_addr_t addr;
pid_t pid;
int status, ret;
size_t l;
struct hostent* hp;
hostent_space.h_addr_list = &resolved_addr_p;
*hostent_space.h_addr_list = (char*)&resolved_addr;
resolved_addr = 0;
if(pc_isnumericipv4(name)) {
strcpy(buff, name);
goto got_buff;
}
gethostname(buff,sizeof(buff));
if(!strcmp(buff,name))
goto got_buff;
memset(buff, 0, sizeof(buff));
// TODO: this works only once, so cache it ...
// later
while ((hp=gethostent()))
if (!strcmp(hp->h_name,name))
return hp;
#ifdef HAVE_PIPE2
ret = pipe2(pipe_fd, O_CLOEXEC);
#else
ret = pipe(pipe_fd);
if(ret == 0) {
fcntl(pipe_fd[0], F_SETFD, FD_CLOEXEC);
fcntl(pipe_fd[1], F_SETFD, FD_CLOEXEC);
}
#endif
if(ret)
goto err;
pid = fork();
switch(pid) {
case 0: // child
proxychains_write_log("|DNS-request| %s \n", name);
close(pipe_fd[0]);
dup2(pipe_fd[1],1);
close(pipe_fd[1]);
// putenv("LD_PRELOAD=");
execlp("proxyresolv","proxyresolv",name,NULL);
perror("can't exec proxyresolv");
exit(2);
case -1: //error
close(pipe_fd[0]);
close(pipe_fd[1]);
perror("can't fork");
goto err;
default:
close(pipe_fd[1]);
waitpid(pid, &status, 0);
buff[0] = 0;
read(pipe_fd[0],&buff,sizeof(buff));
close(pipe_fd[0]);
got_buff:
l = strlen(buff);
if (!l) goto err_dns;
if (buff[l-1] == '\n') buff[l-1] = 0;
addr = inet_addr(buff);
if (addr == (in_addr_t) (-1))
goto err_dns;
memcpy(*(hostent_space.h_addr_list),
&addr ,sizeof(struct in_addr));
hostent_space.h_name = addr_name;
snprintf(addr_name, sizeof addr_name, "%s", buff);
hostent_space.h_length = sizeof (in_addr_t);
hostent_space.h_addrtype = AF_INET;
}
proxychains_write_log("|DNS-response| %s is %s\n",
name, inet_ntoa(*(struct in_addr*)&addr));
return &hostent_space;
err_dns:
proxychains_write_log("|DNS-response|: %s lookup error\n", name);
err:
return NULL;
}
struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) {
PFUNC();
char buff[256];
data->resolved_addr_p[0] = (char *) &data->resolved_addr;
data->resolved_addr_p[1] = NULL;
data->hostent_space.h_addr_list = data->resolved_addr_p;
// let aliases point to the NULL member, mimicking an empty list.
data->hostent_space.h_aliases = &data->resolved_addr_p[1];
data->resolved_addr = 0;
data->hostent_space.h_addrtype = AF_INET;
data->hostent_space.h_length = sizeof(in_addr_t);
if(pc_isnumericipv4(name)) {
data->resolved_addr = inet_addr(name);
goto retname;
}
gethostname(buff, sizeof(buff));
if(!strcmp(buff, name)) {
data->resolved_addr = inet_addr(buff);
if(data->resolved_addr == (in_addr_t) (-1))
data->resolved_addr = (in_addr_t) (IPT4_LOCALHOST.as_int);
goto retname;
}
// this iterates over the "known hosts" db, usually /etc/hosts
ip_type4 hdb_res = hostsreader_get_numeric_ip_for_name(name);
if(hdb_res.as_int != IPT4_INVALID.as_int) {
data->resolved_addr = hdb_res.as_int;
goto retname;
}
data->resolved_addr = rdns_get_ip_for_host((char*) name, strlen(name)).as_int;
if(data->resolved_addr == (in_addr_t) IPT4_INVALID.as_int) return NULL;
retname:
gethostbyname_data_setstring(data, (char*) name);
PDEBUG("return hostent space\n");
return &data->hostent_space;
}
struct addrinfo_data {
struct addrinfo addrinfo_space;
struct sockaddr_storage sockaddr_space;
char addr_name[256];
};
void proxy_freeaddrinfo(struct addrinfo *res) {
PFUNC();
free(res);
}
static int mygetservbyname_r(const char* name, const char* proto, struct servent* result_buf,
char* buf, size_t buflen, struct servent** result) {
PFUNC();
#ifdef HAVE_GNU_GETSERVBYNAME_R
PDEBUG("using host getservbyname_r\n");
return getservbyname_r(name, proto, result_buf, buf, buflen, result);
#endif
struct servent *res;
int ret;
(void) buf; (void) buflen;
MUTEX_LOCK(&servbyname_lock);
res = getservbyname(name, proto);
if(res) {
*result_buf = *res;
*result = result_buf;
ret = 0;
} else {
*result = NULL;
ret = ENOENT;
}
MUTEX_UNLOCK(&servbyname_lock);
return ret;
}
static int looks_like_numeric_ipv6(const char *node)
{
if(!strchr(node, ':')) return 0;
const char* p= node;
while(1) switch(*(p++)) {
case 0: return 1;
case ':': case '.':
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
break;
default: return 0;
}
}
static int my_inet_aton(const char *node, struct addrinfo_data* space)
{
int ret;
((struct sockaddr_in *) &space->sockaddr_space)->sin_family = AF_INET;
ret = inet_aton(node, &((struct sockaddr_in *) &space->sockaddr_space)->sin_addr);
if(ret || !looks_like_numeric_ipv6(node)) return ret;
ret = inet_pton(AF_INET6, node, &((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_addr);
if(ret) ((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_family = AF_INET6;
return ret;
}
int proxy_getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **res) {
struct gethostbyname_data ghdata;
struct addrinfo_data *space;
struct servent *se = NULL;
struct hostent *hp = NULL;
struct servent se_buf;
struct addrinfo *p;
char buf[1024];
int port, af = AF_INET;
PDEBUG("proxy_getaddrinfo node:%s service: %s, flags: %d\n",
node?node:"",service?service:"",hints?(int)hints->ai_flags:0);
space = calloc(1, sizeof(struct addrinfo_data));
if(!space) return EAI_MEMORY;
if(node && !my_inet_aton(node, space)) {
/* some folks (nmap) use getaddrinfo() with AI_NUMERICHOST to check whether a string
containing a numeric ip was passed. we must return failure in that case. */
if(hints && (hints->ai_flags & AI_NUMERICHOST)) {
err_nn:
free(space);
return EAI_NONAME;
}
if(proxychains_resolver == DNSLF_FORKEXEC)
hp = proxy_gethostbyname_old(node);
else
hp = proxy_gethostbyname(node, &ghdata);
if(hp)
memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr,
*(hp->h_addr_list), sizeof(in_addr_t));
else
goto err_nn;
} else if(node) {
af = ((struct sockaddr_in *) &space->sockaddr_space)->sin_family;
} else if(!node && !(hints->ai_flags & AI_PASSIVE)) {
af = ((struct sockaddr_in *) &space->sockaddr_space)->sin_family = AF_INET;
memcpy(&((struct sockaddr_in *) &space->sockaddr_space)->sin_addr,
(char[]){127,0,0,1}, 4);
}
if(service) mygetservbyname_r(service, NULL, &se_buf, buf, sizeof(buf), &se);
port = se ? se->s_port : htons(atoi(service ? service : "0"));
if(af == AF_INET)
((struct sockaddr_in *) &space->sockaddr_space)->sin_port = port;
else
((struct sockaddr_in6 *) &space->sockaddr_space)->sin6_port = port;
*res = p = &space->addrinfo_space;
assert((size_t)p == (size_t) space);
p->ai_addr = (void*) &space->sockaddr_space;
if(node)
snprintf(space->addr_name, sizeof(space->addr_name), "%s", node);
p->ai_canonname = space->addr_name;
p->ai_next = NULL;
p->ai_family = space->sockaddr_space.ss_family = af;
p->ai_addrlen = af == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6);
if(hints) {
p->ai_socktype = hints->ai_socktype;
p->ai_flags = hints->ai_flags;
p->ai_protocol = hints->ai_protocol;
if(!p->ai_socktype && p->ai_protocol == IPPROTO_TCP)
p->ai_socktype = SOCK_STREAM;
} else {
#ifndef AI_V4MAPPED
#define AI_V4MAPPED 0
#endif
p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink