Torsocks issueshttps://gitlab.torproject.org/tpo/core/torsocks/-/issues2021-11-15T16:43:26Zhttps://gitlab.torproject.org/tpo/core/torsocks/-/issues/29000Let torsocks run from source directory2021-11-15T16:43:26ZtraumschuleLet torsocks run from source directoryI don't know how complicated it is to implement, it can be handy to run torsocks from source to test patches.
src/bin/torsocks is not executable and before running 'make install' it returns:
```
$ sh src/bin/torsocks --version
ERROR: /u...I don't know how complicated it is to implement, it can be handy to run torsocks from source to test patches.
src/bin/torsocks is not executable and before running 'make install' it returns:
```
$ sh src/bin/torsocks --version
ERROR: /usr/local/lib/torsocks/libtorsocks.so does not exist! Try re-installing torsocks.
```https://gitlab.torproject.org/tpo/core/torsocks/-/issues/28999Mention dependencies in INSTALL2021-11-15T16:43:24ZtraumschuleMention dependencies in INSTALLRequirements are listed in README.md but not INSTALL.
```
Requirements
-----------------
- autoconf
- automake
- libtool
- gcc
```Requirements are listed in README.md but not INSTALL.
```
Requirements
-----------------
- autoconf
- automake
- libtool
- gcc
```https://gitlab.torproject.org/tpo/core/torsocks/-/issues/26889torsocks: option to disable all network traffic2021-11-15T16:43:16ZTractorsocks: option to disable all network trafficI've already talked to dgoulet about this:
I would love an option to make torsocks disable all network traffic. There are many good use cases to run applications without Internet communication. For example, commands in mailcap(4) to dis...I've already talked to dgoulet about this:
I would love an option to make torsocks disable all network traffic. There are many good use cases to run applications without Internet communication. For example, commands in mailcap(4) to display non-text.
This is a classic job for (application) firewalls, but torsocks has all the functionality already, f.e. if used with an invalid --port where no Tor or proxy is actually listening. But this is an ugly hack.
A --disable-network option would be very easy for torsocks, and very useful. Of course, it's low priority.
**Trac**:
**Username**: ilfhttps://gitlab.torproject.org/tpo/core/torsocks/-/issues/25884add support for exitmap requirements2021-11-15T16:43:10Zcypherpunksadd support for exitmap requirementsphw wrote a patch for torsocks a long time ago,
it would be great if this could be adapted to a current version of torsocks and merged
<https://github.com/NullHypothesis/torsocks/commit/e8b3fe64a5b2c324086a16615be38736addb94f9>phw wrote a patch for torsocks a long time ago,
it would be great if this could be adapted to a current version of torsocks and merged
<https://github.com/NullHypothesis/torsocks/commit/e8b3fe64a5b2c324086a16615be38736addb94f9>https://gitlab.torproject.org/tpo/core/torsocks/-/issues/21227Ship a git-remote-tor helper2021-11-15T16:43:05ZnicooShip a git-remote-tor helperInteracting with git remotes over Tor is harder than it needs to be.
The 2 current options I'm aware of are:
- running `torsocks git` everytime, which is not great;
- setting the `http.proxy` config option, but
- this only works for H...Interacting with git remotes over Tor is harder than it needs to be.
The 2 current options I'm aware of are:
- running `torsocks git` everytime, which is not great;
- setting the `http.proxy` config option, but
- this only works for HTTP remotes (not SSH ones, for instance)
- this works on a per-repository basis
- it's impossible to cone a repository (or add a remote, or...) and set this configuration item in one step
Given that, I quickly whipped up a git-remote-tor helper (in POSIX SH), which simply runs another git-remote-* helper under torsocks.
Using it, it is possible to do things such as `git clone tor:http://dccbbv6cooddgcrq.onion/torspec.git`.
It currently lacks documentation and doesn't work (yet) with SSH remotes, though.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/19793Torsocks - only torify .onion domains2021-11-15T16:43:03ZTracTorsocks - only torify .onion domains**What torsocks does: **
Routes all traffic through Tor.
**What it should do:**
It shoud have an _option_ to route .onion domains through Tor, while normal traffic is not routed through Tor.
**Advantages**
This would allow Mail/XMPP s...**What torsocks does: **
Routes all traffic through Tor.
**What it should do:**
It shoud have an _option_ to route .onion domains through Tor, while normal traffic is not routed through Tor.
**Advantages**
This would allow Mail/XMPP servers to connect to .onion domains, without any configuration hassle.
Original discussion [http://tor-talk.torproject.narkive.com/j7MtPG5T/torsocks-usewithtor-only-for-onion]
**Trac**:
**Username**: klexxhttps://gitlab.torproject.org/tpo/core/torsocks/-/issues/19407Support FD passing on Unix socket2021-11-15T16:43:01ZDavid Gouletdgoulet@torproject.orgSupport FD passing on Unix socketMultiple issues need FD passing through a Unix socket to work: legacy/trac#8585, legacy/trac#16183
It's maybe possible to support this safely. My intuition is that we might be able to get it work by passing some cookies in the ancillary...Multiple issues need FD passing through a Unix socket to work: legacy/trac#8585, legacy/trac#16183
It's maybe possible to support this safely. My intuition is that we might be able to get it work by passing some cookies in the ancillary data so we can recognize the sendmsg() with the recvmsg(). Maybe!?...https://gitlab.torproject.org/tpo/core/torsocks/-/issues/14132Add SocksPort Unix support to torsocks2021-11-15T16:42:56ZJacob AppelbaumAdd SocksPort Unix support to torsocksIn Paris, dgoulet and I started to write some basic torsocks support for SocksSocket (legacy/trac#12585) - in an ideal world, we'd have a Tor with a SocksSocket running by default. This would allow torsocks to do useful things by default...In Paris, dgoulet and I started to write some basic torsocks support for SocksSocket (legacy/trac#12585) - in an ideal world, we'd have a Tor with a SocksSocket running by default. This would allow torsocks to do useful things by default - namely - any app can be instantly torified without worries about firewalls, users can be isolated from different socks proxies by uid, etc. Basically, I think it means that torsocks could default to SocksSocket, if built on a SocksSocket supporting platform.
I think for changes, we'd want to do the following:
Add a configuration (in /etc/torsocks.conf ) option for the default SocksSocket location
eg: /var/lib/tor/SockSocket
stat() the default SocksSocket file location
if we find a SockSocket, we switch to AF_UNIX for all communications
normal torsocks failures from here out
if we don't find a SocksSocket
fail hard? fail soft?
if we fail soft, switch to the default _server_ configured
if that fails, give an error and fail hard
dgoulet - do you still have the patch we started to write in paris?https://gitlab.torproject.org/tpo/core/torsocks/-/issues/13184Add an option to whitelist networks2021-11-15T16:42:55ZDavid Gouletdgoulet@torproject.orgAdd an option to whitelist networksThis warning is possible for anything socket trying to connect to a localhost address.
`WARNING torsocks[12360]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it fo...This warning is possible for anything socket trying to connect to a localhost address.
`WARNING torsocks[12360]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177)`
We should implement a whitelist mechanism so the user can tell which local network is allowed such as localhost.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/11727Support shared onion pool for DNS resolution in separate process2021-06-07T16:51:38ZDavid Gouletdgoulet@torproject.orgSupport shared onion pool for DNS resolution in separate processSo it turns out that in irssi is doing DNS resolution in an other process and passing the result back to the first process which will make the connection.
This means that the two process have two distinct onion pools so the process doin...So it turns out that in irssi is doing DNS resolution in an other process and passing the result back to the first process which will make the connection.
This means that the two process have two distinct onion pools so the process doing the DNS resolution will store the onion address with the reserved cookie but the other process, when connecting using that cookie, will be unable to find the onion address in its pool.
One solution I have in mind is to create that onion pool in a shared memory (SHM) and hijack the clone/fork symbol so when we detect a new process we can set the onion pool reference in it thus sharing the pool across processes that have a common parent.
I have a PoC that works but maybe there could be an IPC approach instead.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/11724Check recvmmsg() FD passing on Unix socket for TCP socket2021-11-15T16:42:36ZDavid Gouletdgoulet@torproject.orgCheck recvmmsg() FD passing on Unix socket for TCP socketrecvmsg() is supported as of now. A full exit should be done here because Torsocks can't handle this inet socket with Tor.recvmsg() is supported as of now. A full exit should be done here because Torsocks can't handle this inet socket with Tor.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/11579Torsocks should support Java2021-11-15T16:42:33ZMatt PaganTorsocks should support JavaRight now Java programs run with torsocks have their network calls dropped, or sometimes crash. Torsocks should force Java programs to use Tor. This could be done by setting the proxy settings in the JVM with -DsockProxyHost=127.0.0.1 -D...Right now Java programs run with torsocks have their network calls dropped, or sometimes crash. Torsocks should force Java programs to use Tor. This could be done by setting the proxy settings in the JVM with -DsockProxyHost=127.0.0.1 -DsocksProxyPort=8080. To ensure proxy obedience for DNS calls, torsocks might implement a DNS provider that uses SOCKS for resolution, add that to the classpath, and use it to override the DNS provider the JVM uses at runtime.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/8702Support advanced polling features in OS2021-11-15T16:42:32ZMatthew FinkelSupport advanced polling features in OSSupport interaction with epoll, kqueue, etc
I'm breaking this out from legacy/trac#3711 because it doesn't really belong in that ticket.Support interaction with epoll, kqueue, etc
I'm breaking this out from legacy/trac#3711 because it doesn't really belong in that ticket.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/6228NSS module for .onion DNS name resolution2021-11-15T16:42:23ZTracNSS module for .onion DNS name resolutionFrom a usability point of view it'd be great to always have .onion addresses resolved via Tor - system wide, by default. It'd make .onion addresses a first-class citizen in the overall web browsing experience.
The idea is to provide a l...From a usability point of view it'd be great to always have .onion addresses resolved via Tor - system wide, by default. It'd make .onion addresses a first-class citizen in the overall web browsing experience.
The idea is to provide a libnss-tor module to by default always resolve .onion addresses via Tor, with no need for 'torify', proxy configurations within an application etc. Similar to what libnss-mdns does for .local addresses for instance.
Thanks to [this](https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) I came up with the following setup to achieve the same thing:
* torrc with 'AutomapHostsOnResolve 1', 'DNSPort 53535' and 'TransPort 9040'
* dnsmasq with a 'server=/onion/127.0.0.1!#53535'
* iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-ports 9040
* 'nameserver 127.0.0.1' in /etc/resolv.conf
However having a libnss-tor for that would remove the iptables/dnsmasq part, which should make it way more convinient for most people. It'd also make the mapaddress option in the torrc obsolete, I think.
Further things to consider:
* Security implications?
* Does something like libnss exist for other operating systems, too?
**Trac**:
**Username**: tux