-
Notifications
You must be signed in to change notification settings - Fork 14
/
TODO
84 lines (57 loc) · 2.96 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Version 1.0
-----------
- is_local is fishy. investigate.
- Resolve race condition where hooks are called before dlsym'd. - DONE
- Need to ensure even locally destined dns requests are caught and handled
appropriately.
Do we need to detect TCP dns requests in connect() to ensure
they are rejected/re-routed?
Where do such requests come from? res_*?
How can we re-route them to Tor? DNSPort?
- kill ICMP as well.
Version 1.1
-----------
* What about the isc library calls like res_init and so on? How widely are
they use? Does this present a more elegant way to implement this stuff?
* It should be possible to make this thread-safe with --enable-threads.
* Add stdout and stderr messages that enable a parent program (such as TorK)
to monitor torsocks for errors.
* Merge dsocks so we support BSD (http://monkey.org/~dugsong/dsocks/)
--------------------------------------------------------------------------
DONE:
* In fact, one could modify tsocks further to play nicely with tor. For
example, you could prevent nonlocal UDP traffic from being sent at all,
and so on. - DONE
- Addressed in connect(), sendto() and sendmsg().
- Don't need to handle send(), since that is handled in connect().
------------------------------------------------------------------------
Original TODO:
- Update FAQ to include information about the install location of the
tsocks library
- Install the saveme and validateconf binaries, presumably with new names
TODO
----
* Think about how local names get resolved. Is it important? For example,
if I 'telnet localhost' which using tordns, what should happen? Should
we search through /etc/hosts ourselves or what?
* What about the isc library calls like res_init and so on? How widely are
they use? Does this present a more elegant way to implement this stuff?
* Perhaps intercept res_query etc and try to do something appropriate.
* It should be possible to make this thread-safe with --enable-threads.
* validateconf needs to be updated to understand (and show information about)
the tordns configuration options.
* Perhaps intercept reverse name lookups? - DONE - getaddrbyhost (RH)
* In fact, one could modify tsocks further to play nicely with tor. For
example, you could prevent nonlocal UDP traffic from being sent at all,
and so on.
The 'tordns' feature for tsocks only works with applications using the
standard c library name lookup mechanisms.
Some programs roll their own name lookup functions, for example, 'curl'
uses the 'adns' library, not the standard c library name lookup calls.
In this case, you'll still be leaking DNS requests.
However, it seems that most programs which go to the trouble of implementing
asynchronous DNS requests or doing other tricky things have native SOCKS or
HTTP proxy support.
Requests for reverse name lookups are not intercepted.
Finally, the tsocks library is NOT thread-safe, with or without this patch.
You should not 'torify' multithreaded applications.