X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Daniel Kahn Gillmor <dkg@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Fri, 12 Aug 2016 15:20:02 +0000 Resent-Message-ID: <handler.24212.B.147101516919896 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: report 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: 24212 <at> debbugs.gnu.org X-Debbugs-Original-To: submit <at> debbugs.gnu.org Received: via spool by submit <at> debbugs.gnu.org id=B.147101516919896 (code B ref -1); Fri, 12 Aug 2016 15:20:02 +0000 Received: (at submit) by debbugs.gnu.org; 12 Aug 2016 15:19:29 +0000 Received: from localhost ([127.0.0.1]:55311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bYEF5-0005Ap-Uw for submit <at> debbugs.gnu.org; Fri, 12 Aug 2016 11:19:29 -0400 Received: from che.mayfirst.org ([162.247.75.118]:40107) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dkg@HIDDEN>) id 1bYEF2-0005Af-Qc for submit <at> debbugs.gnu.org; Fri, 12 Aug 2016 11:19:26 -0400 Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 6894AF98B for <submit <at> debbugs.gnu.org>; Fri, 12 Aug 2016 11:19:22 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 65FFB1FF54; Fri, 12 Aug 2016 11:17:40 -0400 (EDT) From: Daniel Kahn Gillmor <dkg@HIDDEN> User-Agent: Notmuch/0.22.1+88~g8d09e96 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Fri, 12 Aug 2016 11:17:36 -0400 Message-ID: <87a8girp7z.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.0 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Package: adns Hi Ian and other adns folks-- It would be great to finally land Tor support in adns. I'm attaching Werner Koch's series of seven patches for tor support in adns here. If you prefer to pull them from git, they can also be found on the "upstream-tor-work" branch at git://git.gnupg.org/adns If there are any blockers that prevent adns from merging these changes, i'd be happy to hear about them and to try to help work through them. Regards, --dkg --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-Nuke-trailing-spaces-from-3-files.patch Content-Transfer-Encoding: quoted-printable From=203d6d0f04bba61856953fe9287353ad7181b72982 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Wed, 11 Nov 2015 18:54:05 +0100 Subject: [PATCH 1/7] Nuke trailing spaces from 3 files Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/adns.h | 56 ++++++++++++++++++++++++++++---------------------------- src/event.c | 34 +++++++++++++++++----------------- src/query.c | 36 ++++++++++++++++++------------------ 3 files changed, 63 insertions(+), 63 deletions(-) diff --git a/src/adns.h b/src/adns.h index a6599f6..d50f951 100644 =2D-- a/src/adns.h +++ b/src/adns.h @@ -16,25 +16,25 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3, or (at your option) * any later version. =2D *=20=20 + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * =2D *=20 + * * For the benefit of certain LGPL'd `omnibus' software which * provides a uniform interface to various things including adns, I * make the following additional licence. I do this because the GPL * would otherwise force either the omnibus software to be GPL'd or * the adns-using part to be distributed separately. =2D *=20=20 + * * So: you may also redistribute and/or modify adns.h (but only the * public header file adns.h and not any other part of adns) under the * terms of the GNU Library General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at * your option) any later version. =2D *=20=20 + * * Note that adns itself is GPL'd. Authors of adns-using applications * with GPL-incompatible licences, and people who distribute adns with * applications where the whole distribution is not GPL'd, are still @@ -183,27 +183,27 @@ typedef enum { * Don't forget adns_qf_quoteok if that's what you want. */ =20 adns_r_none=3D 0, =2D=20=09=09=20=20=20=20=20 + adns_r_a=3D 1, =2D=20=09=09=20=20=20=20=20 + adns_r_ns_raw=3D 2, adns_r_ns=3D adns_r_ns_raw|adns__qtf_deref, =2D=20=09=09=20=20=20=20=20 + adns_r_cname=3D 5, =2D=20=09=09=20=20=20=20=20 + adns_r_soa_raw=3D 6, =2D adns_r_soa=3D adns_r_soa_raw|adns__qtf_mail822,=20 =2D=20=09=09=20=20=20=20=20 + adns_r_soa=3D adns_r_soa_raw|adns__qtf_mail822, + adns_r_ptr_raw=3D 12, /* do not mind PTR with wrong or missing ad= dr */ adns_r_ptr=3D adns_r_ptr_raw|adns__qtf_deref, =2D=20=09=09=20=20=20=20=20 =2D adns_r_hinfo=3D 13,=20=20 =2D=20=09=09=20=20=20=20=20 + + adns_r_hinfo=3D 13, + adns_r_mx_raw=3D 15, adns_r_mx=3D adns_r_mx_raw|adns__qtf_deref, =2D=20=09=09=20=20=20=20=20 + adns_r_txt=3D 16, =2D=20=09=09=20=20=20=20=20 + adns_r_rp_raw=3D 17, adns_r_rp=3D adns_r_rp_raw|adns__qtf_mail822, =20 @@ -214,11 +214,11 @@ typedef enum { * _quoteok_query, any query domain is allowed. */ adns_r_srv_raw=3D 33, adns_r_srv=3D adns_r_srv_raw|adns__qtf_deref, =2D=09=09=20=20=20=20=20 + adns_r_addr=3D adns_r_a|adns__qtf_deref, =20 adns__rrt_sizeforce=3D 0x7fffffff, =2D=20 + } adns_rrtype; =20 /* @@ -226,7 +226,7 @@ typedef enum { * legal syntax, or you get adns_s_querydomainvalid (if the query * domain contains bad characters) or adns_s_answerdomaininvalid (if * the answer contains bad characters). =2D *=20 + * * In queries _with_ qf_quoteok_*, domains in the query or response * may contain any characters, quoted according to RFC1035 5.1. On * input to adns, the char* is a pointer to the interior of a " @@ -298,7 +298,7 @@ typedef enum { adns_s_systemfail, =20 adns_s_max_localfail=3D 29, =2D=20 + /* remotely induced errors, detected locally */ adns_s_timeout, adns_s_allservfail, @@ -307,7 +307,7 @@ typedef enum { adns_s_unknownformat, =20 adns_s_max_remotefail=3D 59, =2D=20 + /* remotely induced errors, reported by remote server to us */ adns_s_rcodeservfail, adns_s_rcodeformaterror, @@ -323,14 +323,14 @@ typedef enum { adns_s_answerdomaininvalid, adns_s_answerdomaintoolong, adns_s_invaliddata, =2D=20 + adns_s_max_misconfig=3D 199, =20 /* permanent problems with the query */ adns_s_querydomainwrong, adns_s_querydomaininvalid, adns_s_querydomaintoolong, =2D=20 + adns_s_max_misquery=3D 299, =20 /* permanent errors */ @@ -338,7 +338,7 @@ typedef enum { adns_s_nodata, =20 adns_s_max_permfail=3D 499 =2D=20 + } adns_status; =20 typedef union { @@ -460,7 +460,7 @@ typedef struct { * (eg, failure to create sockets, malloc failure, etc.) return errno * values. EINVAL from _init et al means the configuration file * is erroneous and cannot be parsed. =2D *=20 + * * For _wait and _check failures are reported in the answer * structure, and only 0, ESRCH or (for _check) EAGAIN is * returned: if no (appropriate) requests are done adns_check returns @@ -516,7 +516,7 @@ int adns_init_logfn(adns_state *newstate_r, adns_initfl= ags flags, * is set later overrides any that is set earlier. * * Standard directives understood in resolv[-adns].conf: =2D *=20 + * * nameserver <address> * Must be followed by the IP address of a nameserver. Several * nameservers may be specified, and they will be tried in the order @@ -595,7 +595,7 @@ int adns_init_logfn(adns_state *newstate_r, adns_initfl= ags flags, * logging them. To be effective, appear in the configuration * before the unknown options. ADNS_RES_OPTIONS is generally early * enough. =2D *=20 + * * There are a number of environment variables which can modify the * behaviour of adns. They take effect only if adns_init is used, and * the caller of adns_init can disable them using adns_if_noenv. In @@ -846,7 +846,7 @@ void adns_firsttimeout(adns_state ads, struct timeval now); /* Asks adns when it would first like the opportunity to time * something out. now must be the current time, from gettimeofday. =2D *=20 + * * If tv_mod points to 0 then tv_buf must be non-null, and * _firsttimeout will fill in *tv_buf with the time until the first * timeout, and make *tv_mod point to tv_buf. If adns doesn't have @@ -935,7 +935,7 @@ int adns_beforepoll(adns_state ads, struct pollfd *fds, /* Finds out which fd's adns is interested in, and when it would like * to be able to time things out. This is in a form suitable for use * with poll(2). =2D *=20 + * * On entry, usually fds should point to at least *nfds_io structs. * adns will fill up to that many structs will information for poll, * and record in *nfds_io how many structs it filled. If it wants to diff --git a/src/event.c b/src/event.c index eec4b6a..f26bd52 100644 =2D-- a/src/event.c +++ b/src/event.c @@ -11,17 +11,17 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) =2D *=20=20 + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3, or (at your option) * any later version. =2D *=20=20 + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. =2D *=20=20 + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation. */ @@ -51,7 +51,7 @@ static void tcp_close(adns_state ads) { void adns__tcp_broken(adns_state ads, const char *what, const char *why) { int serv; adns_query qu; =2D=20=20 + assert(ads->tcpstate =3D=3D server_connecting || ads->tcpstate =3D=3D se= rver_ok); serv=3D ads->tcpserver; if (what) adns__warn(ads,serv,0,"TCP connection failed: %s: %s",what,why= ); @@ -69,7 +69,7 @@ void adns__tcp_broken(adns_state ads, const char *what, c= onst char *why) { =20 static void tcp_connected(adns_state ads, struct timeval now) { adns_query qu, nqu; =2D=20=20 + adns__debug(ads,ads->tcpserver,0,"TCP connected"); ads->tcpstate=3D server_ok; for (qu=3D ads->tcpw.head; qu && ads->tcpstate =3D=3D server_ok; qu=3D n= qu) { @@ -81,7 +81,7 @@ static void tcp_connected(adns_state ads, struct timeval = now) { =20 static void tcp_broken_events(adns_state ads) { adns_query qu, nqu; =2D=20=20 + assert(ads->tcpstate =3D=3D server_broken); for (qu=3D ads->tcpw.head; qu; qu=3D nqu) { nqu=3D qu->next; @@ -110,7 +110,7 @@ void adns__tcp_tryconnect(adns_state ads, struct timeva= l now) { default: abort(); } =2D=20=20=20=20 + assert(!ads->tcpsend.used); assert(!ads->tcprecv.used); assert(!ads->tcprecv_skip); @@ -172,7 +172,7 @@ static void inter_immed(struct timeval **tv_io, struct = timeval *tvbuf) { =20 timerclear(rbuf); } =2D=20=20=20=20 + static void inter_maxto(struct timeval **tv_io, struct timeval *tvbuf, struct timeval maxto) { struct timeval *rbuf; @@ -209,7 +209,7 @@ static void timeouts_queue(adns_state ads, int act, struct timeval **tv_io, struct timeval *tvbuf, struct timeval now, struct query_queue *queue) { adns_query qu, nqu; =2D=20=20 + for (qu=3D queue->head; qu; qu=3D nqu) { nqu=3D qu->next; if (!timercmp(&now,&qu->timeout,>)) { @@ -345,7 +345,7 @@ int adns_processreadable(adns_state ads, int fd, const = struct timeval *now) { char addrbuf[ADNS_ADDR2TEXT_BUFLEN]; struct udpsocket *udp; adns_sockaddr udpaddr; =2D=20=20 + adns__consistency(ads,0,cc_entex); =20 switch (ads->tcpstate) { @@ -432,7 +432,7 @@ xit: =20 int adns_processwriteable(adns_state ads, int fd, const struct timeval *no= w) { int r; =2D=20=20 + adns__consistency(ads,0,cc_entex); =20 switch (ads->tcpstate) { @@ -486,7 +486,7 @@ xit: adns__returning(ads,0); return r; } =2D=20=20 + int adns_processexceptional(adns_state ads, int fd, const struct timeval *now) { adns__consistency(ads,0,cc_entex); @@ -513,7 +513,7 @@ static void fd_event(adns_state ads, int fd, const struct timeval *now), struct timeval now, int *r_r) { int r; =2D=20=20 + if (!(revent & pollflag)) return; if (fds && !(fd<maxfd && FD_ISSET(fd,fds))) return; r=3D func(ads,fd,&now); @@ -557,7 +557,7 @@ void adns_beforeselect(adns_state ads, int *maxfd_io, f= d_set *readfds_io, struct timeval tv_nowbuf; struct pollfd pollfds[MAX_POLLFDS]; int i, fd, maxfd, npollfds; =2D=20=20 + adns__consistency(ads,0,cc_entex); =20 if (tv_mod && (!*tv_mod || (*tv_mod)->tv_sec || (*tv_mod)->tv_usec)) { @@ -611,7 +611,7 @@ void adns_globalsystemfailure(adns_state ads) { =20 while (ads->udpw.head) adns__query_fail(ads->udpw.head, adns_s_systemfai= l); while (ads->tcpw.head) adns__query_fail(ads->tcpw.head, adns_s_systemfai= l); =2D=20=20 + switch (ads->tcpstate) { case server_connecting: case server_ok: @@ -690,7 +690,7 @@ int adns_wait(adns_state ads, int r, maxfd, rsel; fd_set readfds, writefds, exceptfds; struct timeval tvbuf, *tvp; =2D=20=20 + adns__consistency(ads,*query_io,cc_entex); for (;;) { r=3D adns__internal_check(ads,query_io,answer_r,context_r); @@ -722,7 +722,7 @@ int adns_check(adns_state ads, void **context_r) { struct timeval now; int r; =2D=20=20 + adns__consistency(ads,*query_io,cc_entex); r=3D gettimeofday(&now,0); if (!r) adns__autosys(ads,now); diff --git a/src/query.c b/src/query.c index ff56fc3..0f5c1a5 100644 =2D-- a/src/query.c +++ b/src/query.c @@ -11,17 +11,17 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) =2D *=20=20 + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3, or (at your option) * any later version. =2D *=20=20 + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. =2D *=20=20 + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation. */ @@ -41,11 +41,11 @@ static adns_query query_alloc(adns_state ads, adns_queryflags flags, struct timeval now) { /* Allocate a virgin query and return it. */ adns_query qu; =2D=20=20 + qu=3D malloc(sizeof(*qu)); if (!qu) return 0; qu->answer=3D malloc(sizeof(*qu->answer)); if (!qu->answer) { free(qu); return 0; } =2D=20=20 + qu->ads=3D ads; qu->state=3D query_tosend; qu->back=3D qu->next=3D qu->parent=3D 0; @@ -100,7 +100,7 @@ static void query_submit(adns_state ads, adns_query qu, =20 qu->query_dgram=3D malloc(qu->vb.used); if (!qu->query_dgram) { adns__query_fail(qu,adns_s_nomemory); return; } =2D=20=20 + qu->id=3D id; qu->query_dglen=3D qu->vb.used; memcpy(qu->query_dgram,qu->vb.buf,qu->vb.used); @@ -167,7 +167,7 @@ adns_status adns__internal_submit(adns_state ads, adns_= query *query_r, LIST_LINK_TAIL_PART(parent->children,qu,siblings.); memcpy(&qu->ctx,ctx,sizeof(qu->ctx)); query_submit(ads,qu, typei,qumsg_vb,id,flags,now); =2D=20=20 + return adns_s_ok; =20 x_err: @@ -206,7 +206,7 @@ static void query_simple(adns_state ads, adns_query qu, void adns__search_next(adns_state ads, adns_query qu, struct timeval now) { const char *nextentry; adns_status st; =2D=20=20 + if (qu->search_doneabs<0) { nextentry=3D 0; qu->search_doneabs=3D 1; @@ -286,7 +286,7 @@ int adns_submit(adns_state ads, =20 r=3D gettimeofday(&now,0); if (r) goto x_errno; qu=3D query_alloc(ads,typei,type,flags,now); if (!qu) goto x_errno; =2D=20=20 + qu->ctx.ext=3D context; qu->ctx.callback=3D 0; memset(&qu->ctx.pinfo,0,sizeof(qu->ctx.pinfo)); @@ -297,7 +297,7 @@ int adns_submit(adns_state ads, ol=3D strlen(owner); if (!ol) { st=3D adns_s_querydomaininvalid; goto x_adnsfail; } if (ol>DNS_MAXDOMAIN+1) { st=3D adns_s_querydomaintoolong; goto x_adnsfa= il; } =2D=09=09=09=09=20 + if (ol>=3D1 && owner[ol-1]=3D=3D'.' && (ol<2 || owner[ol-2]!=3D'\\')) { flags &=3D ~adns_qf_search; qu->flags=3D flags; @@ -374,7 +374,7 @@ int adns_synchronous(adns_state ads, adns_answer **answer_r) { adns_query qu; int r; =2D=20=20 + r=3D adns_submit(ads,owner,type,flags,0,&qu); if (r) return r; =20 @@ -398,7 +398,7 @@ static void *alloc_common(adns_query qu, size_t sz) { =20 void *adns__alloc_interim(adns_query qu, size_t sz) { void *rv; =2D=20=20 + sz=3D MEM_ROUND(sz); rv=3D alloc_common(qu,sz); if (!rv) return 0; @@ -408,7 +408,7 @@ void *adns__alloc_interim(adns_query qu, size_t sz) { =20 void *adns__alloc_preserved(adns_query qu, size_t sz) { void *rv; =2D=20=20 + sz=3D MEM_ROUND(sz); rv=3D adns__alloc_interim(qu,sz); if (!rv) return 0; @@ -449,7 +449,7 @@ void adns__transfer_interim(adns_query from, adns_query= to, void *block) { =20 assert(!to->final_allocspace); assert(!from->final_allocspace); =2D=20=20 + LIST_UNLINK(from->allocations,an); LIST_LINK_TAIL(to->allocations,an); =20 @@ -585,17 +585,17 @@ static void makefinal_query(adns_query qu) { qu->final_allocspace=3D (byte*)ans + MEM_ROUND(sizeof(*ans)); adns__makefinal_str(qu,&ans->cname); adns__makefinal_str(qu,&ans->owner); =2D=20=20 + if (ans->nrrs) { adns__makefinal_block(qu, &ans->rrs.untyped, ans->nrrs*ans->rrsz); =20 for (rrn=3D0; rrn<ans->nrrs; rrn++) qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz); } =2D=20=20 + free_query_allocs(qu); return; =2D=20=20 + x_nomem: qu->preserved_allocd=3D 0; qu->answer->cname=3D 0; @@ -663,7 +663,7 @@ void adns__makefinal_str(adns_query qu, char **strp) { l=3D strlen(before)+1; after=3D adns__alloc_final(qu,l); memcpy(after,before,l); =2D *strp=3D after;=20=20 + *strp=3D after; } =20 void adns__makefinal_block(adns_query qu, void **blpp, size_t sz) { =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0002-Remove-return-value-from-the-GET_W-and-GET_L-macros.patch Content-Transfer-Encoding: quoted-printable From=20ab194ca0c362b0bbb77997189ed453a088d7ecb3 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Wed, 11 Nov 2015 19:22:47 +0100 Subject: [PATCH 2/7] Remove return value from the GET_W and GET_L macros The return value of the macros is nowhere used. This patch silences a pretty noisy compiler warning about an unused value. Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.h b/src/internal.h index 9334a6f..c466aff 100644 =2D-- a/src/internal.h +++ b/src/internal.h @@ -936,12 +936,12 @@ static inline int errno_resources(int e) { return e= =3D=3DENOMEM || e=3D=3DENOBUFS; } =20 #define GETIL_B(cb) (((dgram)[(cb)++]) & 0x0ff) #define GET_B(cb,tv) ((tv)=3D GETIL_B((cb))) =2D#define GET_W(cb,tv) ((tv)=3D0,(tv)|=3D(GETIL_B((cb))<<8), (tv)|=3DGETIL= _B(cb), (tv)) +#define GET_W(cb,tv) ((tv)=3D0,(tv)|=3D(GETIL_B((cb))<<8), (tv)|=3DGETIL_B= (cb)) #define GET_L(cb,tv) ( (tv)=3D0, \ (tv)|=3D(GETIL_B((cb))<<24), \ (tv)|=3D(GETIL_B((cb))<<16), \ (tv)|=3D(GETIL_B((cb))<<8), \ =2D (tv)|=3DGETIL_B(cb), \ =2D (tv) ) + (tv)|=3DGETIL_B(cb) \ + ) =20 #endif =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0003-Add-macro-to-safely-clear-memory.patch Content-Transfer-Encoding: quoted-printable From=20260d51202e965a8f000b439d2645a014b28b7580 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Mon, 9 Nov 2015 18:01:43 +0100 Subject: [PATCH 3/7] Add macro to safely clear memory. * src/internal.h (WIPEMEMORY): New. =2D- This kind of platform neutral code has been in use by GnuPG and Libgcrypt for ages. I am still waiting for some C committee f^D experts to figure that this makes use of undefined behaviour for volatile and they tell their optimizing-for-the-flat-world compiler to remove such code and thereby unveil passwords in memory (which actually happened for the standard memset). Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/internal.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/internal.h b/src/internal.h index c466aff..e5c41b1 100644 =2D-- a/src/internal.h +++ b/src/internal.h @@ -944,4 +944,12 @@ static inline int errno_resources(int e) { return e=3D= =3DENOMEM || e=3D=3DENOBUFS; } (tv)|=3DGETIL_B(cb) \ ) =20 +/* To avoid that a compiler optimizes certain memset calls away, this + macro may be used instead. */ +#define WIPEMEMORY(_ptr,_len) do { \ + volatile char *_vptr=3D(volatile char *)(_ptr); \ + size_t _vlen=3D(_len); \ + while(_vlen) { *_vptr=3D0; _vptr++; _vlen--; } \ + } while(0) + #endif =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0004-Add-flag-adns_if_tormode-to-provide-a-basic-TOR-mode.patch Content-Transfer-Encoding: quoted-printable From=200bf5b8b6314667f83ca24cc1734fc94909120b44 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Wed, 11 Nov 2015 19:27:41 +0100 Subject: [PATCH 4/7] Add flag adns_if_tormode to provide a basic TOR mode. * src/adns.h (adns_if_tormode): New. * src/query.c (adns_submit): Force use of a VC in tormode. (adns_submit_reverse_any): Ditto. (adns_submit_reverse): Ditto. (adns_synchronous): Ditto. * src/event.c (use_socks_p, socks_connect): New. Based on code from Libassuan. (adns__tcp_tryconnect): Move setnonblock after the init of ADDR. Call socks_connect if needed. =2D- This patch has the problem that connecting to the Tor server and, more important, establishing the Tor connection will block. Changing this would require quite some rework of the TCP code. In fact it has always been the case that when falling back to TCP mode and the connect would have blocked the connection won't be established but times outs. There is no retry code for the case that connect returns with EWOULDBLOCK or EINPROGRESS. Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/adns.h | 2 + src/event.c | 203 +++++++++++++++++++++++++++++++++++++++++++++++++++++= +--- src/internal.h | 2 +- src/query.c | 10 +++ 4 files changed, 208 insertions(+), 9 deletions(-) diff --git a/src/adns.h b/src/adns.h index d50f951..d2748bc 100644 =2D-- a/src/adns.h +++ b/src/adns.h @@ -115,6 +115,8 @@ typedef enum { /* In general, or together the desired f= lags: */ * all) then the query flags take precedence; otherwise only records wh= ich * satisfy all of the stated requirements are allowed. */ + adns_if_tormode=3D 0x1000,/* route all traffic via Tor */ + adns__if_sizeforce=3D 0x7fff, } adns_initflags; =20 diff --git a/src/event.c b/src/event.c index f26bd52..0b2f17b 100644 =2D-- a/src/event.c +++ b/src/event.c @@ -94,6 +94,176 @@ static void tcp_broken_events(adns_state ads) { ads->tcpstate=3D server_disconnected; } =20 + +/* Return true if SOCKS shall be used. This is the case if + adns_if_tormode is set and the desired address is not the loopback + address. */ +static int +use_socks_p (adns_state ads, const adns_rr_addr *addr) +{ + if (!(ads->iflags & adns_if_tormode)) + return 0; + else if (addr->addr.sa.sa_family =3D=3D AF_INET6) + { + const struct sockaddr_in6 *addr_in6 =3D &addr->addr.inet6; + const unsigned char *s; + int i; + + s =3D (unsigned char *)&addr_in6->sin6_addr.s6_addr; + if (s[15] !=3D 1) + return 1; /* Last octet is not 1 - not the loopback address. */ + for (i=3D0; i < 15; i++, s++) + if (*s) + return 1; /* Non-zero octet found - not the loopback address. */ + + return 0; /* This is the loopback address. */ + } + else if (addr->addr.sa.sa_family =3D=3D AF_INET) + { + const struct sockaddr_in *addr_in =3D &addr->addr.inet; + + if (*(const unsigned char*)&addr_in->sin_addr.s_addr =3D=3D 127) + return 0; /* Loopback (127.0.0.0/8) */ + + return 1; + } + else + return 0; +} + + +/* Connect to TOR using the SOCKS5 protocol. We assume that the + connection to the SOCKS proxy (TOR server) does not block; if it + would block we return and the the usual retry logic of the caller + kicks in. */ +static int +socks_connect (adns_state ads, int fd, const adns_rr_addr *addr) +{ + int ret; + struct sockaddr_in proxyaddr_in; + struct sockaddr *proxyaddr; + size_t proxyaddrlen; + const struct sockaddr_in6 *addr_in6; + const struct sockaddr_in *addr_in; + unsigned char buffer[22]; + size_t buflen; + + memset (&proxyaddr_in, 0, sizeof proxyaddr_in); + + /* Connect to local host. */ + /* Fixme: First try to use IPv6. */ + proxyaddr_in.sin_family =3D AF_INET; + proxyaddr_in.sin_port =3D htons (9050); + proxyaddr_in.sin_addr.s_addr =3D htonl (INADDR_LOOPBACK); + proxyaddr =3D (struct sockaddr *)&proxyaddr_in; + proxyaddrlen =3D sizeof proxyaddr_in; + ret =3D connect(fd, proxyaddr, proxyaddrlen); + if (ret) + return ret; + + /* Negotiate method. */ + buffer[0] =3D 5; /* RFC-1928 VER field. */ + buffer[1] =3D 1; /* NMETHODS */ + buffer[2] =3D 0; /* Method: No authentication required. */ + adns__sigpipe_protect(ads); + ret =3D write(fd, buffer, 3); + adns__sigpipe_unprotect(ads); + if (ret !=3D 3) + { + if (ret >=3D 0) + errno =3D EIO; + return -1; + } + ret =3D read(fd, buffer, 2); + if (ret < 0) + return ret; + if (ret !=3D 2 || buffer[0] !=3D 5 || buffer[1] !=3D 0 ) + { + /* Socks server returned wrong version or does not support our + requested method. */ + errno =3D ENOTSUP; /* Fixme: Is there a better errno? */ + return -1; + } + + /* Send request details (rfc-1928, 4). */ + buffer[0] =3D 5; /* VER */ + buffer[1] =3D 1; /* CMD =3D CONNECT */ + buffer[2] =3D 0; /* RSV */ + if (addr->addr.sa.sa_family =3D=3D AF_INET6) + { + addr_in6 =3D &addr->addr.inet6; + + buffer[3] =3D 4; /* ATYP =3D IPv6 */ + memcpy (buffer+ 4, &addr_in6->sin6_addr.s6_addr, 16); /* DST.ADDR */ + memcpy (buffer+20, &addr_in6->sin6_port, 2); /* DST.PORT */ + buflen =3D 22; + } + else + { + addr_in =3D &addr->addr.inet; + + buffer[3] =3D 1; /* ATYP =3D IPv4 */ + memcpy (buffer+4, &addr_in->sin_addr.s_addr, 4); /* DST.ADDR */ + memcpy (buffer+8, &addr_in->sin_port, 2); /* DST.PORT */ + buflen =3D 10; + } + adns__sigpipe_protect(ads); + ret =3D write(fd, buffer, buflen); + adns__sigpipe_unprotect(ads); + if (ret !=3D buflen) + { + if (ret >=3D 0) + errno =3D EIO; + return -1; + } + ret =3D read(fd, buffer, buflen); + if (ret < 0) + return ret; + if (ret !=3D buflen || buffer[0] !=3D 5 || buffer[2] !=3D 0 ) + { + /* Socks server returned wrong version or the reserved field is + not zero. */ + errno =3D EPROTO; + return -1; + } + if (buffer[1]) + { + switch (buffer[1]) + { + case 0x01: /* general SOCKS server failure. */ + errno =3D ENETDOWN; + break; + case 0x02: /* connection not allowed by ruleset. */ + errno =3D EACCES; + break; + case 0x03: /* Network unreachable */ + errno =3D ENETUNREACH; + break; + case 0x04: /* Host unreachable */ + errno =3D EHOSTUNREACH; + break; + case 0x05: /* Connection refused */ + errno =3D ECONNREFUSED; + break; + case 0x06: /* TTL expired */ + errno =3D ETIMEDOUT; + break; + case 0x08: /* Address type not supported */ + errno =3D EPROTONOSUPPORT; + break; + case 0x07: /* Command not supported */ + default: + errno =3D ENOTSUP; /* Fixme: Is there a better errno? */ + } + return -1; + } + /* We have not way to store the actual address used by the server. + Fortunately it is of no real use. */ + + return 0; +} + + void adns__tcp_tryconnect(adns_state ads, struct timeval now) { int r, fd, tries; adns_rr_addr *addr; @@ -126,14 +296,31 @@ void adns__tcp_tryconnect(adns_state ads, struct time= val now) { adns__diag(ads,-1,0,"cannot create TCP socket: %s",strerror(errno)); return; } =2D r=3D adns__setnonblock(ads,fd); =2D if (r) { =2D adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:" =2D " %s",strerror(r)); =2D close(fd); =2D return; =2D } =2D r=3D connect(fd,&addr->addr.sa,addr->len); + if (use_socks_p(ads,addr)) + { + r=3D socks_connect(ads,fd,addr); + if (!r) + { + r=3D adns__setnonblock(ads,fd); + if (r) { + adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:" + " %s",strerror(r)); + close(fd); + return; + } + } + } + else + { + r=3D adns__setnonblock(ads,fd); + if (r) { + adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:" + " %s",strerror(r)); + close(fd); + return; + } + r=3D connect(fd,&addr->addr.sa,addr->len); + } ads->tcpsocket=3D fd; ads->tcpstate=3D server_connecting; if (r=3D=3D0) { tcp_connected(ads,now); return; } diff --git a/src/internal.h b/src/internal.h index e5c41b1..71782da 100644 =2D-- a/src/internal.h +++ b/src/internal.h @@ -331,7 +331,7 @@ struct adns__query { * too big for UDP / UDP timeout \ \ send via UDP * send via TCP / more retries \ \ * when conn'd / desired \ \ =2D * | | | + * or Tor-mode | | | * v | v * +-----------+ +-------------+ * | tcpw/tcpw | ________ | tosend/udpw | diff --git a/src/query.c b/src/query.c index 0f5c1a5..0fc4d07 100644 =2D-- a/src/query.c +++ b/src/query.c @@ -275,6 +275,9 @@ int adns_submit(adns_state ads, =20 adns__consistency(ads,0,cc_entex); =20 + if ((ads->iflags & adns_if_tormode)) + flags |=3D adns_qf_usevc; + if (flags & ~(adns_queryflags)0x4009ffff) /* 0x40080000 are reserved for `harmless' future expansion * 0x00000020 used to be adns_qf_quoteok_cname, now the default; @@ -346,6 +349,8 @@ int adns_submit_reverse_any(adns_state ads, int r; =20 flags &=3D ~adns_qf_search; + if ((ads->iflags & adns_if_tormode)) + flags |=3D adns_qf_usevc; =20 buf =3D shortbuf; r=3D adns__make_reverse_domain(addr,zone, &buf,sizeof(shortbuf),&buf_fre= e); @@ -364,6 +369,8 @@ int adns_submit_reverse(adns_state ads, if (((type^adns_r_ptr) & adns_rrt_reprmask) && ((type^adns_r_ptr_raw) & adns_rrt_reprmask)) return EINVAL; + if ((ads->iflags & adns_if_tormode)) + flags |=3D adns_qf_usevc; return adns_submit_reverse_any(ads,addr,0,type,flags,context,query_r); } =20 @@ -375,6 +382,9 @@ int adns_synchronous(adns_state ads, adns_query qu; int r; =20 + if ((ads->iflags & adns_if_tormode)) + flags |=3D adns_qf_usevc; + r=3D adns_submit(ads,owner,type,flags,0,&qu); if (r) return r; =20 =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0005-Make-handling-of-returned-SOCKS-bound-address-more-r.patch Content-Transfer-Encoding: quoted-printable From=20b8b8f90c85a7e194f0260cc98479dd97601cb04b Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Mon, 9 Nov 2015 18:08:03 +0100 Subject: [PATCH 5/7] Make handling of returned SOCKS bound address more robust. * src/event.c (socks_connect): Allow proxy to return a v6 address instead of the provided v4 and vice versa. =2D- The specs say nothing about this but doing it this way is likely more robust that assuming the same family will be returned. Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/event.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/event.c b/src/event.c index 0b2f17b..8d5adde 100644 =2D-- a/src/event.c +++ b/src/event.c @@ -216,7 +216,7 @@ socks_connect (adns_state ads, int fd, const adns_rr_ad= dr *addr) errno =3D EIO; return -1; } =2D ret =3D read(fd, buffer, buflen); + ret =3D read(fd, buffer, 10 /*(v4 length)*/); if (ret < 0) return ret; if (ret !=3D buflen || buffer[0] !=3D 5 || buffer[2] !=3D 0 ) @@ -254,10 +254,24 @@ socks_connect (adns_state ads, int fd, const adns_rr_= addr *addr) case 0x07: /* Command not supported */ default: errno =3D ENOTSUP; /* Fixme: Is there a better errno? */ + break; } return -1; } =2D /* We have not way to store the actual address used by the server. + if (buffer[3] =3D=3D 4) + { + /* ATYP indicates a v6 address. We need to read the remaining + 12 bytes to finialize the SOCKS5 intro. */ + ret =3D read(fd, buffer, 12 /*(v6-v4 length)*/); + if (ret !=3D 12) + { + if (ret >=3D 0) + errno =3D EIO; + return -1; + } + } + + /* We have no way to store the actual address used by the server. Fortunately it is of no real use. */ =20 return 0; =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0006-Add-config-options-adns_tormode-and-adns_sockscred.patch Content-Transfer-Encoding: quoted-printable From=202ca1bd9a52824b87a416e7da1aa1d73cdedf174f Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Sun, 8 Nov 2015 18:57:56 +0100 Subject: [PATCH 6/7] Add config options adns_tormode and adns_sockscred. * src/internal.h (struct adns__state): Add field "sockscred". * src/setup.c (init_begin): Clear SOCKSCRED. (init_finish): Free SOCKSCRED. (ccf_options): Implement new options. * src/adns.h: Describe options. Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/adns.h | 8 ++++++++ src/internal.h | 1 + src/setup.c | 19 +++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/src/adns.h b/src/adns.h index d2748bc..f4b9718 100644 =2D-- a/src/adns.h +++ b/src/adns.h @@ -598,6 +598,14 @@ int adns_init_logfn(adns_state *newstate_r, adns_initf= lags flags, * before the unknown options. ADNS_RES_OPTIONS is generally early * enough. * + * adns_tormode + * Forces the use of virtual circuits over a SOCKS5 proxy running at + * port 9050. No UDP based communication is done. + * + * adns_sockscred:username:password + * Use username and password for SOCKS5 authentication. Default is + * not to use any authentication. + * * There are a number of environment variables which can modify the * behaviour of adns. They take effect only if adns_init is used, and * the caller of adns_init can disable them using adns_if_noenv. In diff --git a/src/internal.h b/src/internal.h index 71782da..35ca8a3 100644 =2D-- a/src/internal.h +++ b/src/internal.h @@ -396,6 +396,7 @@ struct adns__state { char **searchlist; unsigned config_report_unknown:1; unsigned short rand48xsubi[3]; + char *sockscred; /* Malloced string with the SOCKS5 credentials or NULL.= */ }; =20 /* From addrfam.c: */ diff --git a/src/setup.c b/src/setup.c index c67b042..83c8bd6 100644 =2D-- a/src/setup.c +++ b/src/setup.c @@ -328,6 +328,21 @@ static void ccf_options(adns_state ads, const char *fn, } continue; } + if (WORD_IS("adns_tormode")) { + ads->iflags |=3D adns_if_tormode; + continue; + } + if (WORD_STARTS("adns_sockscred:")) { + l -=3D 15; + ads->sockscred =3D malloc (l + 1); + if (!ads->sockscred) { + saveerr(ads,errno); + continue; + } + memcpy (ads->sockscred, word, l); + ads->sockscred[l] =3D 0; + continue; + } if (WORD_IS("adns_ignoreunkcfg")) { ads->config_report_unknown=3D0; continue; @@ -640,6 +655,8 @@ static int init_begin(adns_state *ads_r, adns_initflags= flags, ads->rand48xsubi[1]=3D (unsigned long)pid >> 16; ads->rand48xsubi[2]=3D pid ^ ((unsigned long)pid >> 16); =20 + ads->sockscred =3D NULL; + *ads_r=3D ads; return 0; } @@ -681,6 +698,8 @@ static int init_finish(adns_state ads) { x_closeudp: for (i=3D0; i<ads->nudpsockets; i++) close(ads->udpsockets[i].fd); x_free: + if (ads->sockscred) + free (ads->sockscred); free(ads); return r; } =2D-=20 2.8.1 --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0007-Allow-SOCKS5-authentication-with-username-password.patch Content-Transfer-Encoding: quoted-printable From=2059371e4c138fa9fde27352d4d35e3f321d41d4e4 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@HIDDEN> Date: Mon, 9 Nov 2015 18:10:27 +0100 Subject: [PATCH 7/7] Allow SOCKS5 authentication with username/password. * src/event.c (socks_connect): Implemedn authentication method 2. =2D- The credentials are given by the new config option adns_sockscred. Changing the credentials is an indication to Tor to use a new circuit. Tor ignores the actual value of the credentials. Signed-off-by: Werner Koch <wk@HIDDEN> Signed-off-by: Daniel Kahn Gillmor <dkg@HIDDEN> =2D-- src/event.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +--- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/src/event.c b/src/event.c index 8d5adde..02842a2 100644 =2D-- a/src/event.c +++ b/src/event.c @@ -145,8 +145,10 @@ socks_connect (adns_state ads, int fd, const adns_rr_a= ddr *addr) size_t proxyaddrlen; const struct sockaddr_in6 *addr_in6; const struct sockaddr_in *addr_in; =2D unsigned char buffer[22]; + unsigned char buffer[22+512]; /* The extra 512 bytes are used as + space for username:password. */ size_t buflen; + int method; =20 memset (&proxyaddr_in, 0, sizeof proxyaddr_in); =20 @@ -164,7 +166,11 @@ socks_connect (adns_state ads, int fd, const adns_rr_a= ddr *addr) /* Negotiate method. */ buffer[0] =3D 5; /* RFC-1928 VER field. */ buffer[1] =3D 1; /* NMETHODS */ =2D buffer[2] =3D 0; /* Method: No authentication required. */ + if (ads->sockscred) + method =3D 2; /* Method: username/password authentication. */ + else + method =3D 0; /* Method: No authentication required. */ + buffer[2] =3D method; adns__sigpipe_protect(ads); ret =3D write(fd, buffer, 3); adns__sigpipe_unprotect(ads); @@ -177,7 +183,7 @@ socks_connect (adns_state ads, int fd, const adns_rr_ad= dr *addr) ret =3D read(fd, buffer, 2); if (ret < 0) return ret; =2D if (ret !=3D 2 || buffer[0] !=3D 5 || buffer[1] !=3D 0 ) + if (ret !=3D 2 || buffer[0] !=3D 5 || buffer[1] !=3D method ) { /* Socks server returned wrong version or does not support our requested method. */ @@ -185,6 +191,66 @@ socks_connect (adns_state ads, int fd, const adns_rr_a= ddr *addr) return -1; } =20 + if (ads->sockscred) + { + /* Username/Password sub-negotiation. */ + const char *password; + int ulen, plen; + + password =3D strchr (ads->sockscred, ':'); + if (!password) + { + errno =3D EINVAL; /* No password given. */ + return -1; + } + ulen =3D password - ads->sockscred; + password++; + plen =3D strlen (password); + if (!ulen || ulen > 255 || !plen || plen > 255) + { + errno =3D EINVAL; /* Credentials too long or too short. */ + return -1; + } + + buffer[0] =3D 1; /* VER of the sub-negotiation. */ + buffer[1] =3D ulen; + buflen =3D 2; + memcpy (buffer+buflen, ads->sockscred, ulen); + buflen +=3D ulen; + buffer[buflen++] =3D plen; + memcpy (buffer+buflen, password, plen); + buflen +=3D plen; + adns__sigpipe_protect(ads); + ret =3D write(fd, buffer, buflen); + adns__sigpipe_unprotect(ads); + WIPEMEMORY (buffer, buflen); + if (ret !=3D buflen) + { + if (ret >=3D 0) + errno =3D EIO; + return -1; + } + ret =3D read(fd, buffer, 2); + if (ret !=3D 2) + { + if (ret >=3D 0) + errno =3D EIO; + return -1; + } + if (buffer[0] !=3D 1) + { + /* SOCKS server returned wrong version. */ + errno =3D EPROTO; + return -1; + } + if (buffer[1]) + { + /* SOCKS server denied access. */ + errno =3D EACCES; + return -1; + } + } + /* Send request details (rfc-1928, 4). */ buffer[0] =3D 5; /* VER */ buffer[1] =3D 1; /* CMD =3D CONNECT */ =2D-=20 2.8.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXreiQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKKRQQAKTEoZt4kZoQ69qBNEt7+Jdv lvRfWSWJqK5c5FmPKl1zJPAMMIFTDw55PImLmMhJRVaEetFbqimv0losfc8UTIfW ZrM0SJiWYVrh3Ugr/dpFN0MqNHgxhurwl34jOvMULKZPAvC5djFivMooyVMoYiMq 6AT0T/zbareWkhnmlMm9Qp0ew4rgFM3Cx+Vprkr2F/wCYMDzJrwN46NoP5Bt0jFs gqc1RSKGNkKwlcBqm5nxto1HYbaZ7UxWXffRC4fcq6y4yG0x7nEVij+WaGMOVBrD mcZbfcEwdyST4gQK4M04vd7JdeTxuszIO2D5RYq+zWtOw+3JHBupxgE/K8Oju/iV QcyWJRZdfW0/oeIAM6aDv/udPFrqfgfepE6EfW6MO/ZHYaT8wMqQi9TasFt32ozd 9C3aygEhtlnDPouvmkjQuYS2iJyFCS5zsRYqmNqTfYQ7p6JM+gk/7tu9cM3MXyuL XewjpAOpN+1b9m68ko/kZkvCBKXH6LqsXVoUk6jA3M8EjOcXzkaJyw5/zBbpAbzp TcH9qbNkQC5O9HNnun81S+qU0rkB5s1wJXax4S07eH59uatOOxWtMixMWrzYjCuL KGGWmd24C8CAC0qtGicL80yaPVdO9IaUguKqHJXgp+Q4k72MxNkrRqgmzOuecwP/ psuuij94DPczdDaB/3E7 =KTiY -----END PGP SIGNATURE----- --==-=-=--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Daniel Kahn Gillmor <dkg@HIDDEN> Subject: bug#24212: Acknowledgement (please add SOCKS support and enforced TCP to enable DNS resolution through Tor) Message-ID: <handler.24212.B.147101516919896.ack <at> debbugs.gnu.org> References: <87a8girp7z.fsf@HIDDEN> X-Gnu-PR-Message: ack 24212 X-Gnu-PR-Package: adns Reply-To: 24212 <at> debbugs.gnu.org Date: Fri, 12 Aug 2016 15:20:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): adns-discuss@HIDDEN If you wish to submit further information on this problem, please send it to 24212 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 24212: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D24212 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Ian Jackson <ijackson@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Fri, 12 Aug 2016 21:15:02 +0000 Resent-Message-ID: <handler.24212.B24212.147103645818443 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Daniel Kahn Gillmor <dkg@HIDDEN> Cc: 24212 <at> debbugs.gnu.org Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147103645818443 (code B ref 24212); Fri, 12 Aug 2016 21:15:02 +0000 Received: (at 24212) by debbugs.gnu.org; 12 Aug 2016 21:14:18 +0000 Received: from localhost ([127.0.0.1]:55489 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bYJmU-0004nO-FJ for submit <at> debbugs.gnu.org; Fri, 12 Aug 2016 17:14:18 -0400 Received: from chiark.greenend.org.uk ([212.13.197.229]:60805 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ijackson@HIDDEN>) id 1bYJmS-0004nH-PD for 24212 <at> debbugs.gnu.org; Fri, 12 Aug 2016 17:14:17 -0400 Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local (return-path ijackson@HIDDEN) id 1bYJmS-0002o1-5j; Fri, 12 Aug 2016 22:14:16 +0100 From: Ian Jackson <ijackson@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22446.15400.62920.169329@HIDDEN> Date: Fri, 12 Aug 2016 22:14:16 +0100 Newsgroups: chiark.mail.adns.discuss In-Reply-To: <87a8girp7z.fsf@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu) X-Spam-Score: -2.8 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.8 (--) Daniel Kahn Gillmor writes ("bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor"): > If there are any blockers that prevent adns from merging these changes, > i'd be happy to hear about them and to try to help work through them. Hi. Sorry about the delay dealing with this. I'm about to make a bugfix release, which won't include this, but I am interested in supporting the Tor project. I have some concerns about the patch series, though. Will you be at the GNU Hackers' Meeting in Rennes ? Otherwise maybe we can chat by irc or something. Ian.
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Daniel Kahn Gillmor <dkg@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Sat, 13 Aug 2016 03:44:02 +0000 Resent-Message-ID: <handler.24212.B24212.14710598037855 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Ian Jackson <ijackson@HIDDEN> Cc: 24212 <at> debbugs.gnu.org Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.14710598037855 (code B ref 24212); Sat, 13 Aug 2016 03:44:02 +0000 Received: (at 24212) by debbugs.gnu.org; 13 Aug 2016 03:43:23 +0000 Received: from localhost ([127.0.0.1]:55624 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bYPr1-00022d-IJ for submit <at> debbugs.gnu.org; Fri, 12 Aug 2016 23:43:23 -0400 Received: from che.mayfirst.org ([162.247.75.118]:40545) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dkg@HIDDEN>) id 1bYPr0-00022W-Ka for 24212 <at> debbugs.gnu.org; Fri, 12 Aug 2016 23:43:23 -0400 Received: from fifthhorseman.net (c-174-62-194-216.hsd1.ct.comcast.net [174.62.194.216]) by che.mayfirst.org (Postfix) with ESMTPSA id EE0D8F98B; Fri, 12 Aug 2016 23:43:21 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 85771200CD; Fri, 12 Aug 2016 23:43:18 -0400 (EDT) From: Daniel Kahn Gillmor <dkg@HIDDEN> In-Reply-To: <22446.15400.62920.169329@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> User-Agent: Notmuch/0.22.1+88~g8d09e96 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Fri, 12 Aug 2016 23:43:14 -0400 Message-ID: <87d1ldz63x.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain On Fri 2016-08-12 17:14:16 -0400, Ian Jackson wrote: > Daniel Kahn Gillmor writes ("bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor"): >> If there are any blockers that prevent adns from merging these changes, >> i'd be happy to hear about them and to try to help work through them. > > Hi. Sorry about the delay dealing with this. > > I'm about to make a bugfix release, which won't include this, but I am > interested in supporting the Tor project. great, i'm glad to hear it. > I have some concerns about the patch series, though. Will you be at > the GNU Hackers' Meeting in Rennes ? Otherwise maybe we can chat by > irc or something. I won't be at the GNU Hackers Meeting in Rennes, but i'm happy to try to coordinate by IRC at some point. i'm "dkg" on all the usual networks (oftc, freenode, etc), feel free to ping me and i'll ping you back when i reconnect. also, if you want to raise the issues you have here on the public bug tracker, that might be useful for other people who are interested in this discussion. thanks for your work on adns, --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXrpdTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKkm4QAJaimL1EFCiCJWaLZ79MlP27 6b6keCB6hLbwHFr75PTU2UWsvStRBwbOVsaE2XXJL8uM1lDwRWFzirSYEVhtfu0E 4Y83n3co1Wr0MA7pVF6HrXpXM3hfI0pKRMUNUG3/Fu3lIzWrttIViEio5n0ey4Cd vp1M60/Gk63RkENaBG/g0+xCrPQtOLatVgwVFYryL6wzmsGW3PjPFstmRmsn05Xu Jsepb6aI1myAgy1ZCdga74o6EBDHANskeaqixhdWb8boxeSpfL4EzoRZRq5Ow5/a pMdSf+qzYGK/+3WKTbf5A4jCDYJNCF1XWGBczwtWY+dFYh7fmD9unopxP+A5/urZ dkqpkcoCPzQ2SyraZnv5vPidnP1wlhR2xP+Sr7dNbnr+DI62vdncovVETT/UzEOF K1zGLmqpZskXG3FnYUMwyw9x9te+TEoY8oOa4uYUMP9B59DCVR1aMW+K+mXFzbwO JsWynQDDDi+FnVPcHcQpbkshjE6c6hs7zXpFXUl5FAEO2nJF+tgYCFvBav/7D1rL JD5jLCilzhYWdfu243By2lcAPs1lsIjWn8vLLHcy5eX35yoOFTel2QPw9QP1q9Y/ xUGQefD3PLuM4H6YVFgKK1GUBtx8oEERH9/0+QV/bI3PzVsrhhbDKyCH+u3vUYQ1 zgBDJbeInMgIxG7nDfMy =03aW -----END PGP SIGNATURE----- --=-=-=--
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Werner Koch <wk@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Sat, 13 Aug 2016 13:28:02 +0000 Resent-Message-ID: <handler.24212.B24212.147109486811398 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Ian Jackson <ijackson@HIDDEN> Cc: 24212 <at> debbugs.gnu.org, Daniel Kahn Gillmor <dkg@HIDDEN> Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147109486811398 (code B ref 24212); Sat, 13 Aug 2016 13:28:02 +0000 Received: (at 24212) by debbugs.gnu.org; 13 Aug 2016 13:27:48 +0000 Received: from localhost ([127.0.0.1]:55820 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bYYyZ-0002xl-Ui for submit <at> debbugs.gnu.org; Sat, 13 Aug 2016 09:27:48 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:45602) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <wk@HIDDEN>) id 1bYYyX-0002xb-PU for 24212 <at> debbugs.gnu.org; Sat, 13 Aug 2016 09:27:46 -0400 Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1bYYyV-00082a-GF for <24212 <at> debbugs.gnu.org>; Sat, 13 Aug 2016 15:27:43 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1bYYRK-0003sS-K3; Sat, 13 Aug 2016 14:53:26 +0200 From: Werner Koch <wk@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Date: Sat, 13 Aug 2016 14:53:24 +0200 In-Reply-To: <22446.15400.62920.169329@HIDDEN> (Ian Jackson's message of "Fri, 12 Aug 2016 22:14:16 +0100") Message-ID: <87fuq8de4b.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -5.0 (-----) On Fri, 12 Aug 2016 23:14, ijackson@HIDDEN said: > I have some concerns about the patch series, though. Will you be at Still? I revised it back then according to your requests. > the GNU Hackers' Meeting in Rennes ? Otherwise maybe we can chat by Neal, who is working with me, will be there. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* Join us at OpenPGP.conf <https://openpgp-conf.org> */
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Ian Jackson <ijackson@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Mon, 05 Sep 2016 10:48:01 +0000 Resent-Message-ID: <handler.24212.B24212.147307244416829 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Werner Koch <wk@HIDDEN> Cc: 24212 <at> debbugs.gnu.org, Daniel Kahn Gillmor <dkg@HIDDEN> Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147307244416829 (code B ref 24212); Mon, 05 Sep 2016 10:48:01 +0000 Received: (at 24212) by debbugs.gnu.org; 5 Sep 2016 10:47:24 +0000 Received: from localhost ([127.0.0.1]:50096 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bgrQy-0004NM-0v for submit <at> debbugs.gnu.org; Mon, 05 Sep 2016 06:47:24 -0400 Received: from chiark.greenend.org.uk ([212.13.197.229]:56276 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ijackson@HIDDEN>) id 1bgrQv-0004NC-K0 for 24212 <at> debbugs.gnu.org; Mon, 05 Sep 2016 06:47:21 -0400 Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local (return-path ijackson@HIDDEN) id 1bgrQq-0001vv-Vq; Mon, 05 Sep 2016 11:47:17 +0100 From: Ian Jackson <ijackson@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22477.19764.608069.369028@HIDDEN> Date: Mon, 5 Sep 2016 11:47:16 +0100 In-Reply-To: <87fuq8de4b.fsf@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> <87fuq8de4b.fsf@HIDDEN> X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu) X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) Werner Koch writes ("Re: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor"): > On Fri, 12 Aug 2016 23:14, ijackson@HIDDEN said: > > I have some concerns about the patch series, though. Will you be at > > Still? I revised it back then according to your requests. After a conversation with Daniel, I now intend to make some changes myself, based loosely on 59371e4c138fa9fde27352d4d35e3f321d41d4e4 (in gnupg/upstream-for-work). Changes I intend to make are: * In the configuration and initialisation code, replace the Tor specific configuration knowledge with a resolv.conf option to use any SOCKS server, called something like `socks_server' or `adns_socks_server'. The value would be an IPv4/IPV6 literal, plus port number; or, alternatively, a pathname (for use with AF_UNIX, SOCK_STREAM). My understanding is that whatever in Tor is using adns generates its own private resolv.conf anyway; and there is no need for general adns clients to be able to specify, as such, use of Tor. (If /all/ adns clients on a host should use the Tor server via SOCKS, then putting the socks configuration in the host-wide resolv.conf would be appropriate.) Does that make sense ? * Drop the whitespace patch. Instead, include a patch to .gitattributes to suppress git's moaning. I don't have an easy way to test this code. If I send you a reference to a git branch, would you be able to test it for me ? Thanks, Ian. -- Ian Jackson <ijackson@HIDDEN> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Werner Koch <wk@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Mon, 05 Sep 2016 15:38:02 +0000 Resent-Message-ID: <handler.24212.B24212.147308985617868 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Ian Jackson <ijackson@HIDDEN> Cc: 24212 <at> debbugs.gnu.org, Daniel Kahn Gillmor <dkg@HIDDEN> Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147308985617868 (code B ref 24212); Mon, 05 Sep 2016 15:38:02 +0000 Received: (at 24212) by debbugs.gnu.org; 5 Sep 2016 15:37:36 +0000 Received: from localhost ([127.0.0.1]:50510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bgvxo-0004e8-9j for submit <at> debbugs.gnu.org; Mon, 05 Sep 2016 11:37:36 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:46190) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <wk@HIDDEN>) id 1bgvxl-0004dz-QV for 24212 <at> debbugs.gnu.org; Mon, 05 Sep 2016 11:37:34 -0400 Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.84_2 #1 (Debian)) id 1bgvxj-0004Ug-QC for <24212 <at> debbugs.gnu.org>; Mon, 05 Sep 2016 17:37:31 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1bgvsU-0000KD-02; Mon, 05 Sep 2016 17:32:06 +0200 From: Werner Koch <wk@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> <87fuq8de4b.fsf@HIDDEN> <22477.19764.608069.369028@HIDDEN> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Date: Mon, 05 Sep 2016 17:32:05 +0200 In-Reply-To: <22477.19764.608069.369028@HIDDEN> (Ian Jackson's message of "Mon, 5 Sep 2016 11:47:16 +0100") Message-ID: <87d1ki5pmy.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Albanian_morse_SWAT_pre-emptive_Audiotel_eternity_server_pink_noise="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -5.0 (-----) --=Albanian_morse_SWAT_pre-emptive_Audiotel_eternity_server_pink_noise= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 5 Sep 2016 12:47, ijackson@HIDDEN said: > Changes I intend to make are: > > * In the configuration and initialisation code, replace the Tor > specific configuration knowledge with a resolv.conf option to use > any SOCKS server, called something like `socks_server' or > `adns_socks_server'. The value would be an IPv4/IPV6 literal, plus > port number; or, alternatively, a pathname (for use with AF_UNIX, > SOCK_STREAM). The code I am using is cfgstr =3D xtryasprintf ("nameserver %s\n" "options adns_tormode adns_sockscred:%s", tor_nameserver, tor_credentials); ret =3D adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint= */, NULL, cfgstr); thus it would be easy to adjust. > (If /all/ adns clients on a host should use the Tor server via > SOCKS, then putting the socks configuration in the host-wide > resolv.conf would be appropriate.) The reason I added explicit Tor options is to make it crystal-clear that the intention is to use Tor and nothing else. There are not many ADNS users on Debian and thus I doubt that system wide changes of resolv.conf are very useful. > I don't have an easy way to test this code. If I send you a reference > to a git branch, would you be able to test it for me ? Sure. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* Join us at OpenPGP.conf <https://openpgp-conf.org> */ --=Albanian_morse_SWAT_pre-emptive_Audiotel_eternity_server_pink_noise= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlfNj/UACgkQTwVA1Xf5X5V60wCeKRUEnGrkCu0d6yDgCGSrZ8zS IysAnjgAFC9tRXV5j0jtn/HaVAXtlH4A =gf5a -----END PGP SIGNATURE----- --=Albanian_morse_SWAT_pre-emptive_Audiotel_eternity_server_pink_noise=--
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: Ian Jackson <ijackson@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Mon, 05 Sep 2016 15:43:02 +0000 Resent-Message-ID: <handler.24212.B24212.147309014818347 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Werner Koch <wk@HIDDEN> Cc: 24212 <at> debbugs.gnu.org, Daniel Kahn Gillmor <dkg@HIDDEN> Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147309014818347 (code B ref 24212); Mon, 05 Sep 2016 15:43:02 +0000 Received: (at 24212) by debbugs.gnu.org; 5 Sep 2016 15:42:28 +0000 Received: from localhost ([127.0.0.1]:50518 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bgw2W-0004lr-45 for submit <at> debbugs.gnu.org; Mon, 05 Sep 2016 11:42:28 -0400 Received: from chiark.greenend.org.uk ([212.13.197.229]:42674 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ijackson@HIDDEN>) id 1bgw2U-0004lg-NZ for 24212 <at> debbugs.gnu.org; Mon, 05 Sep 2016 11:42:27 -0400 Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local (return-path ijackson@HIDDEN) id 1bgw2T-0000Pu-5X; Mon, 05 Sep 2016 16:42:25 +0100 From: Ian Jackson <ijackson@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22477.37473.64916.527563@HIDDEN> Date: Mon, 5 Sep 2016 16:42:25 +0100 In-Reply-To: <87d1ki5pmy.fsf@HIDDEN> References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> <87fuq8de4b.fsf@HIDDEN> <22477.19764.608069.369028@HIDDEN> <87d1ki5pmy.fsf@HIDDEN> X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu) X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) Werner Koch writes ("Re: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor"): > The code I am using is > cfgstr = xtryasprintf ("nameserver %s\n" > "options adns_tormode adns_sockscred:%s", > tor_nameserver, tor_credentials); ... > thus it would be easy to adjust. OK, good. > > (If /all/ adns clients on a host should use the Tor server via > > SOCKS, then putting the socks configuration in the host-wide > > resolv.conf would be appropriate.) > > There are not many ADNS users on Debian and thus I doubt that > system wide changes of resolv.conf are very useful. Not useful in the context of Tor, you mean ? Fair enough. > The reason I added explicit Tor options is to make it crystal-clear that > the intention is to use Tor and nothing else. I'm not sure I follow. The patches add a SOCKS client to adns. Is there some reason why users ought not to use this SOCKS client in contexts other than Tor ? > > I don't have an easy way to test this code. If I send you a reference > > to a git branch, would you be able to test it for me ? > > Sure. OK. Thanks. I will get back to you. Ian. -- Ian Jackson <ijackson@HIDDEN> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
X-Loop: help-debbugs@HIDDEN Subject: bug#24212: please add SOCKS support and enforced TCP to enable DNS resolution through Tor Resent-From: nisse@HIDDEN (Niels =?UTF-8?Q?M=C3=B6ller?=) Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: adns-discuss@HIDDEN Resent-Date: Mon, 05 Sep 2016 17:07:02 +0000 Resent-Message-ID: <handler.24212.B24212.147309519726353 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 24212 X-GNU-PR-Package: adns X-GNU-PR-Keywords: To: Ian Jackson <ijackson@HIDDEN> Cc: Werner Koch <wk@HIDDEN>, 24212 <at> debbugs.gnu.org Received: via spool by 24212-submit <at> debbugs.gnu.org id=B24212.147309519726353 (code B ref 24212); Mon, 05 Sep 2016 17:07:02 +0000 Received: (at 24212) by debbugs.gnu.org; 5 Sep 2016 17:06:37 +0000 Received: from localhost ([127.0.0.1]:50563 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bgxLw-0006qz-Qe for submit <at> debbugs.gnu.org; Mon, 05 Sep 2016 13:06:36 -0400 Received: from mail.lysator.liu.se ([130.236.254.3]:60068) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <nisse@HIDDEN>) id 1bgxLv-0006qp-4E for 24212 <at> debbugs.gnu.org; Mon, 05 Sep 2016 13:06:35 -0400 Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 9CD5040013; Mon, 5 Sep 2016 19:06:33 +0200 (CEST) Received: from armitage.lysator.liu.se (armitage.lysator.liu.se [IPv6:2001:6b0:17:f0a0::83]) by mail.lysator.liu.se (Postfix) with SMTP id 2FEC340012; Mon, 5 Sep 2016 19:06:32 +0200 (CEST) Received: by armitage.lysator.liu.se (sSMTP sendmail emulation); Mon, 05 Sep 2016 19:06:32 +0200 From: nisse@HIDDEN (Niels =?UTF-8?Q?M=C3=B6ller?=) References: <87a8girp7z.fsf@HIDDEN> <22446.15400.62920.169329@HIDDEN> <87fuq8de4b.fsf@HIDDEN> <22477.19764.608069.369028@HIDDEN> Date: Mon, 05 Sep 2016 19:06:31 +0200 In-Reply-To: <22477.19764.608069.369028@HIDDEN> (Ian Jackson's message of "Mon, 5 Sep 2016 11:47:16 +0100") Message-ID: <nnbn02ff8o.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.0 (----) Ian Jackson <ijackson@HIDDEN> writes: > I don't have an easy way to test this code. There ought to be some simple socks server you could start from the adns testsuite. Seems to be two socks5 servers in debian, and one additional doing socks4 only, see https://wiki.debian.org/SOCKS. (You could also use openssh or lsh, but I guess that's a bit too heavy weight to use for adns tests). Regards, /Niels --=20 Niels M=C3=B6ller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.