2018-05-10 01:18:23 +02:00
|
|
|
#include <ccan/io/io.h>
|
|
|
|
#include <ccan/tal/str/str.h>
|
|
|
|
#include <common/status.h>
|
|
|
|
#include <common/utils.h>
|
2018-09-03 05:40:00 +02:00
|
|
|
#include <connectd/connectd.h>
|
2018-07-24 08:18:58 +02:00
|
|
|
#include <connectd/tor.h>
|
2020-04-14 15:09:24 +02:00
|
|
|
#include <errno.h>
|
2020-01-09 17:52:29 +01:00
|
|
|
#include <inttypes.h>
|
2018-05-10 01:18:23 +02:00
|
|
|
#include <netinet/in.h>
|
|
|
|
|
|
|
|
#define SOCKS_NOAUTH 0
|
|
|
|
#define SOCKS_ERROR 0xff
|
|
|
|
#define SOCKS_CONNECT 1
|
|
|
|
#define SOCKS_TYP_IPV4 1
|
|
|
|
#define SOCKS_DOMAIN 3
|
|
|
|
#define SOCKS_TYP_IPV6 4
|
|
|
|
#define SOCKS_V5 5
|
|
|
|
|
|
|
|
#define MAX_SIZE_OF_SOCKS5_REQ_OR_RESP 255
|
|
|
|
#define SIZE_OF_RESPONSE 4
|
|
|
|
#define SIZE_OF_REQUEST 3
|
|
|
|
#define SIZE_OF_IPV4_RESPONSE 6
|
|
|
|
#define SIZE_OF_IPV6_RESPONSE 18
|
|
|
|
#define SOCK_REQ_METH_LEN 3
|
|
|
|
#define SOCK_REQ_V5_LEN 5
|
|
|
|
#define SOCK_REQ_V5_HEADER_LEN 7
|
|
|
|
|
2020-01-10 12:50:26 +01:00
|
|
|
/* some crufts can not forward ipv6 */
|
2018-05-10 01:18:23 +02:00
|
|
|
#undef BIND_FIRST_TO_IPV6
|
|
|
|
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks {
|
2018-05-10 01:18:23 +02:00
|
|
|
u8 buffer[MAX_SIZE_OF_SOCKS5_REQ_OR_RESP];
|
|
|
|
size_t hlen;
|
|
|
|
in_port_t port;
|
|
|
|
char *host;
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting *connect;
|
2018-05-10 01:18:23 +02:00
|
|
|
};
|
|
|
|
|
2019-12-14 16:22:10 +01:00
|
|
|
static const char* socks5strerror(const tal_t *ctx, u8 code)
|
|
|
|
{
|
2020-01-10 12:50:26 +01:00
|
|
|
/* Error codes defined in https://tools.ietf.org/html/rfc1928#section-6 */
|
2019-12-14 16:22:10 +01:00
|
|
|
switch (code) {
|
|
|
|
case 0:
|
|
|
|
return tal_strdup(ctx, "success");
|
|
|
|
case 1:
|
|
|
|
return tal_strdup(ctx, "general SOCKS server failure");
|
|
|
|
case 2:
|
|
|
|
return tal_strdup(ctx, "connection not allowed by ruleset");
|
|
|
|
case 3:
|
|
|
|
return tal_strdup(ctx, "network unreachable");
|
|
|
|
case 4:
|
|
|
|
return tal_strdup(ctx, "host unreachable");
|
|
|
|
case 5:
|
|
|
|
return tal_strdup(ctx, "connection refused");
|
|
|
|
case 6:
|
|
|
|
return tal_strdup(ctx, "TTL expired");
|
|
|
|
case 7:
|
|
|
|
return tal_strdup(ctx, "command not supported");
|
|
|
|
case 8:
|
|
|
|
return tal_strdup(ctx, "address type not supported");
|
|
|
|
}
|
2020-01-09 17:52:29 +01:00
|
|
|
return tal_fmt(ctx, "unknown error: %" PRIu8, code);
|
2019-12-14 16:22:10 +01:00
|
|
|
}
|
|
|
|
|
2018-05-10 01:18:23 +02:00
|
|
|
static struct io_plan *connect_finish2(struct io_conn *conn,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks *connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2019-11-17 12:42:33 +01:00
|
|
|
status_io(LOG_IO_IN, NULL, "proxy",
|
2019-05-26 05:57:55 +02:00
|
|
|
connect->buffer + SIZE_OF_RESPONSE + SIZE_OF_IPV4_RESPONSE,
|
|
|
|
SIZE_OF_IPV6_RESPONSE - SIZE_OF_IPV4_RESPONSE);
|
2019-09-08 18:39:26 +02:00
|
|
|
status_debug("Now try LN connect out for host %s", connect->host);
|
2018-09-27 23:06:19 +02:00
|
|
|
return connection_out(conn, connect->connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct io_plan *connect_finish(struct io_conn *conn,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks *connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2019-11-17 12:42:33 +01:00
|
|
|
status_io(LOG_IO_IN, NULL, "proxy",
|
2018-09-27 23:06:19 +02:00
|
|
|
connect->buffer, SIZE_OF_IPV4_RESPONSE + SIZE_OF_RESPONSE);
|
2018-05-10 01:18:23 +02:00
|
|
|
|
2019-12-14 16:22:10 +01:00
|
|
|
/* buffer[1] contains the reply status code and 0 means "success",
|
|
|
|
* see https://tools.ietf.org/html/rfc1928#section-6
|
|
|
|
*/
|
2018-09-27 23:06:19 +02:00
|
|
|
if ( connect->buffer[1] == '\0') {
|
|
|
|
if ( connect->buffer[3] == SOCKS_TYP_IPV6) {
|
2019-05-26 05:57:55 +02:00
|
|
|
/* Read rest of response */
|
2018-05-10 01:18:23 +02:00
|
|
|
return io_read(conn,
|
2019-05-26 05:57:55 +02:00
|
|
|
connect->buffer + SIZE_OF_RESPONSE +
|
|
|
|
SIZE_OF_IPV4_RESPONSE,
|
2018-05-10 01:18:23 +02:00
|
|
|
SIZE_OF_IPV6_RESPONSE -
|
2019-05-26 05:57:55 +02:00
|
|
|
SIZE_OF_IPV4_RESPONSE,
|
2018-09-27 23:06:19 +02:00
|
|
|
&connect_finish2, connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
|
2018-09-27 23:06:19 +02:00
|
|
|
} else if ( connect->buffer[3] == SOCKS_TYP_IPV4) {
|
2019-09-08 18:39:26 +02:00
|
|
|
status_debug("Now try LN connect out for host %s",
|
2018-09-27 23:06:19 +02:00
|
|
|
connect->host);
|
|
|
|
return connection_out(conn, connect->connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
} else {
|
2020-04-14 15:09:24 +02:00
|
|
|
const char *msg = tal_fmt(tmpctx,
|
|
|
|
"Tor connect out for host %s error invalid "
|
2019-12-14 16:22:10 +01:00
|
|
|
"type return: %0x", connect->host,
|
|
|
|
connect->buffer[3]);
|
2020-04-14 15:09:24 +02:00
|
|
|
status_debug("%s", msg);
|
|
|
|
add_errors_to_error_list(connect->connect, msg);
|
|
|
|
|
|
|
|
errno = ECONNREFUSED;
|
2018-05-10 01:18:23 +02:00
|
|
|
return io_close(conn);
|
|
|
|
}
|
|
|
|
} else {
|
2020-04-14 15:09:24 +02:00
|
|
|
const char *msg = tal_fmt(tmpctx,
|
|
|
|
"Error connecting to %s: Tor server reply: %s",
|
2019-12-14 16:22:10 +01:00
|
|
|
connect->host,
|
|
|
|
socks5strerror(tmpctx, connect->buffer[1]));
|
2020-04-14 15:09:24 +02:00
|
|
|
status_debug("%s", msg);
|
|
|
|
add_errors_to_error_list(connect->connect, msg);
|
|
|
|
|
|
|
|
errno = ECONNREFUSED;
|
2018-05-10 01:18:23 +02:00
|
|
|
return io_close(conn);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-05-10 05:40:10 +02:00
|
|
|
/* called when TOR responds */
|
2018-05-10 01:18:23 +02:00
|
|
|
static struct io_plan *connect_out(struct io_conn *conn,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks *connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2018-09-27 23:06:19 +02:00
|
|
|
return io_read(conn, connect->buffer,
|
2018-05-10 01:18:23 +02:00
|
|
|
SIZE_OF_IPV4_RESPONSE + SIZE_OF_RESPONSE,
|
2018-09-27 23:06:19 +02:00
|
|
|
&connect_finish, connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:18:23 +02:00
|
|
|
static struct io_plan *io_tor_connect_after_resp_to_connect(struct io_conn
|
|
|
|
*conn,
|
|
|
|
struct
|
2018-09-27 23:06:19 +02:00
|
|
|
connecting_socks
|
|
|
|
*connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2019-11-17 12:42:33 +01:00
|
|
|
status_io(LOG_IO_IN, NULL, "proxy", connect->buffer, 2);
|
2018-05-10 05:40:10 +02:00
|
|
|
|
2018-09-27 23:06:19 +02:00
|
|
|
if (connect->buffer[1] == SOCKS_ERROR) {
|
2020-01-10 12:50:26 +01:00
|
|
|
/* The Tor socks5 server did not like any of our authentication
|
|
|
|
* methods and we provided only "no auth".
|
|
|
|
*/
|
2020-04-14 15:09:24 +02:00
|
|
|
const char *msg = tal_fmt(tmpctx,
|
|
|
|
"Connected out for %s error: authentication required",
|
2019-12-14 16:22:10 +01:00
|
|
|
connect->host);
|
2020-04-14 15:09:24 +02:00
|
|
|
status_debug("%s", msg);
|
|
|
|
add_errors_to_error_list(connect->connect, msg);
|
|
|
|
|
|
|
|
errno = ECONNREFUSED;
|
2018-05-10 01:18:23 +02:00
|
|
|
return io_close(conn);
|
|
|
|
}
|
2020-01-09 14:35:03 +01:00
|
|
|
if (connect->buffer[1] == '\0') {
|
|
|
|
/* make the V5 request */
|
|
|
|
connect->hlen = strlen(connect->host);
|
|
|
|
connect->buffer[0] = SOCKS_V5;
|
|
|
|
connect->buffer[1] = SOCKS_CONNECT;
|
|
|
|
connect->buffer[2] = 0;
|
|
|
|
connect->buffer[3] = SOCKS_DOMAIN;
|
|
|
|
connect->buffer[4] = connect->hlen;
|
|
|
|
|
|
|
|
memcpy(connect->buffer + SOCK_REQ_V5_LEN, connect->host, connect->hlen);
|
|
|
|
memcpy(connect->buffer + SOCK_REQ_V5_LEN + strlen(connect->host),
|
|
|
|
&(connect->port), sizeof connect->port);
|
|
|
|
|
|
|
|
status_io(LOG_IO_OUT, NULL, "proxy", connect->buffer,
|
|
|
|
SOCK_REQ_V5_HEADER_LEN + connect->hlen);
|
|
|
|
return io_write(conn, connect->buffer,
|
|
|
|
SOCK_REQ_V5_HEADER_LEN + connect->hlen,
|
|
|
|
connect_out, connect);
|
|
|
|
} else {
|
2020-04-14 15:09:24 +02:00
|
|
|
const char *msg = tal_fmt(tmpctx,
|
|
|
|
"Connected out for %s error: unexpected connect answer %0x from the tor socks5 proxy",
|
2020-01-09 14:35:03 +01:00
|
|
|
connect->host,
|
|
|
|
connect->buffer[1]);
|
2020-04-14 15:09:24 +02:00
|
|
|
status_debug("%s", msg);
|
|
|
|
add_errors_to_error_list(connect->connect, msg);
|
|
|
|
|
|
|
|
errno = ECONNREFUSED;
|
2020-01-09 14:35:03 +01:00
|
|
|
return io_close(conn);
|
|
|
|
}
|
2018-05-10 01:18:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct io_plan *io_tor_connect_after_req_to_connect(struct io_conn *conn,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks
|
|
|
|
*connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2018-09-27 23:06:19 +02:00
|
|
|
return io_read(conn, connect->buffer, 2,
|
|
|
|
&io_tor_connect_after_resp_to_connect, connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct io_plan *io_tor_connect_do_req(struct io_conn *conn,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks *connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
|
|
|
/* make the init request */
|
2018-09-27 23:06:19 +02:00
|
|
|
connect->buffer[0] = SOCKS_V5;
|
|
|
|
connect->buffer[1] = 1;
|
|
|
|
connect->buffer[2] = SOCKS_NOAUTH;
|
2018-05-10 01:18:23 +02:00
|
|
|
|
2019-11-17 12:42:33 +01:00
|
|
|
status_io(LOG_IO_OUT, NULL, "proxy", connect->buffer, SOCK_REQ_METH_LEN);
|
2018-09-27 23:06:19 +02:00
|
|
|
return io_write(conn, connect->buffer, SOCK_REQ_METH_LEN,
|
|
|
|
&io_tor_connect_after_req_to_connect, connect);
|
2018-05-10 01:18:23 +02:00
|
|
|
}
|
|
|
|
|
2020-01-10 12:50:26 +01:00
|
|
|
/* called when we want to connect to TOR SOCKS5 */
|
2018-05-10 01:18:23 +02:00
|
|
|
struct io_plan *io_tor_connect(struct io_conn *conn,
|
2018-05-10 01:18:24 +02:00
|
|
|
const struct addrinfo *tor_proxyaddr,
|
2018-05-10 05:02:03 +02:00
|
|
|
const char *host, u16 port,
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting *connect)
|
2018-05-10 01:18:23 +02:00
|
|
|
{
|
2018-09-27 23:06:19 +02:00
|
|
|
struct connecting_socks *connect_tor = tal(connect,
|
|
|
|
struct connecting_socks);
|
2018-05-10 01:18:23 +02:00
|
|
|
|
2018-09-27 23:06:19 +02:00
|
|
|
connect_tor->port = htons(port);
|
|
|
|
connect_tor->host = tal_strdup(connect_tor, host);
|
|
|
|
connect_tor->connect = connect;
|
2018-05-10 01:18:23 +02:00
|
|
|
|
2018-05-10 01:18:24 +02:00
|
|
|
return io_connect(conn, tor_proxyaddr,
|
2018-09-27 23:06:19 +02:00
|
|
|
&io_tor_connect_do_req, connect_tor);
|
2018-05-10 01:18:23 +02:00
|
|
|
}
|