From 2fa1e62245912b52cac88f9f31a784a34c288055 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Sun, 10 Apr 2016 17:40:19 +0200 Subject: [PATCH] add src ip disclosure options to socks4 Append the client IP address (and optionally the port) to the SOCKS4 login name. --- parser.c | 2 ++ parser.h | 2 ++ redsocks.c | 4 +++- redsocks.conf.example | 4 ++++ socks4.c | 30 +++++++++++++++++++++++++++--- 5 files changed, 38 insertions(+), 4 deletions(-) diff --git a/parser.c b/parser.c index 5443aa73..366b603b 100644 --- a/parser.c +++ b/parser.c @@ -280,6 +280,8 @@ static int vp_disclose_src(parser_context *context, void *addr, const char *toke { "X-Forwarded-For", DISCLOSE_X_FORWARDED_FOR }, { "Forwarded_ip", DISCLOSE_FORWARDED_IP }, { "Forwarded_ipport", DISCLOSE_FORWARDED_IPPORT }, + { "username_append_ip", DISCLOSE_USERNAME_APPEND_IP }, + { "username_append_ipport", DISCLOSE_USERNAME_APPEND_IPPORT }, }; for (int i = 0; i < SIZEOF_ARRAY(opt); ++i) { if (strcmp(token, opt[i].name) == 0) { diff --git a/parser.h b/parser.h index 5c83cdb9..41acfbb7 100644 --- a/parser.h +++ b/parser.h @@ -9,6 +9,8 @@ enum disclose_src_e { DISCLOSE_X_FORWARDED_FOR, DISCLOSE_FORWARDED_IP, DISCLOSE_FORWARDED_IPPORT, + DISCLOSE_USERNAME_APPEND_IP, + DISCLOSE_USERNAME_APPEND_IPPORT, }; typedef enum { diff --git a/redsocks.c b/redsocks.c index 490a7322..1ca638a7 100644 --- a/redsocks.c +++ b/redsocks.c @@ -214,7 +214,9 @@ static int redsocks_onexit(parser_section *section) return -1; } - if (instance->config.disclose_src != DISCLOSE_NONE && instance->relay_ss != &http_connect_subsys) { + if (instance->config.disclose_src != DISCLOSE_NONE && + instance->relay_ss != &http_connect_subsys && + instance->relay_ss != &socks4_subsys) { parser_error(section->context, "only `http-connect` supports `disclose_src` at the moment"); return -1; } diff --git a/redsocks.conf.example b/redsocks.conf.example index 00dab194..a8b70335 100644 --- a/redsocks.conf.example +++ b/redsocks.conf.example @@ -88,6 +88,10 @@ redsocks { // X-Forwarded-For -- X-Forwarded-For: IP // Forwarded_ip -- Forwarded: for=IP # see RFC7239 // Forwarded_ipport -- Forwarded: for="IP:port" # see RFC7239 + // socks4 supports: + // username_append_ip -- login@IP + // username_append_ipport -- login@IP:port + // // disclose_src = false; } diff --git a/socks4.c b/socks4.c index 0c77a5df..4767ec09 100644 --- a/socks4.c +++ b/socks4.c @@ -99,9 +99,15 @@ static void socks4_read_cb(struct bufferevent *buffev, void *_arg) static struct evbuffer *socks4_mkconnect(redsocks_client *client) { const redsocks_config *config = &client->instance->config; - const char *username = config->login ? config->login : ""; + const char *login = config->login ? config->login : ""; + // space for \0 comes from socks4_req->login - size_t username_len = strlen(username); + size_t username_len = strlen(login); + if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IP || + config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) { + username_len += NI_MAXHOST + 1 + NI_MAXSERV + 1; + } + size_t len = sizeof(socks4_req) + username_len; socks4_req *req = calloc(1, len); @@ -109,7 +115,25 @@ static struct evbuffer *socks4_mkconnect(redsocks_client *client) req->cmd = socks4_cmd_connect; req->port = client->destaddr.sin_port; req->addr = client->destaddr.sin_addr.s_addr; - memcpy(req->login, username, username_len + 1); + strcat(req->login, login); + if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IP || + config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) { + strcat(req->login, "@"); + // append origin addresss (and maybe port) to login (separated by @) + char host[NI_MAXHOST]; + char port[NI_MAXSERV]; + if (!getnameinfo((struct sockaddr*) &client->clientaddr, sizeof(client->clientaddr), + host, sizeof(host), + port, sizeof(port), + NI_NUMERICHOST)) { + strcat(req->login, host); + // also append the port + if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) { + strcat(req->login, ":"); + strcat(req->login, port); + } + } + } struct evbuffer *ret = mkevbuffer(req, len); free(req);