Opened 4 months ago

Last modified 6 weeks ago

#29670 merge_ready defect

Could not create SOCKS args string

Reported by: cypherpunks Owned by: nickm
Priority: Medium Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 035-backport, 040-backport, ux, regression?
Cc: mcs, tbb-team, nickm Actual Points: .2
Parent ID: Points: .5
Reviewer: catalyst Sponsor: Sponsor19

Description

Set a SOCKS5 authenticated proxy listening on 127.0.0.1 using the browser launching wizard. tbb 8.0.6 (64bits) on Debian

3/6/19, 21:32:17.612 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
3/6/19, 21:32:17.613 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
3/6/19, 21:32:17.613 [NOTICE] Opened Socks listener on 127.0.0.1:9150 
3/6/19, 21:32:17.613 [NOTICE] Bootstrapped 5%: Connecting to directory server 
3/6/19, 21:32:17.614 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
3/6/19, 21:32:17.614 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:17.614 [WARN] Proxy Client: unable to connect to 69.164.220.107:443 
3/6/19, 21:32:18.598 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:18.599 [WARN] Proxy Client: unable to connect to 51.75.144.67:443 
3/6/19, 21:32:19.602 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:19.603 [WARN] Proxy Client: unable to connect to 37.218.242.26:443 
3/6/19, 21:32:20.606 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:20.607 [WARN] Proxy Client: unable to connect to 81.7.14.253:443 
3/6/19, 21:32:21.610 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:21.611 [WARN] Proxy Client: unable to connect to 51.15.77.244:443 
3/6/19, 21:32:23.619 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:23.620 [WARN] Proxy Client: unable to connect to 5.39.60.243:443 
3/6/19, 21:32:23.620 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:23.621 [WARN] Proxy Client: unable to connect to 171.25.193.9:80 
3/6/19, 21:32:28.638 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:28.638 [WARN] Proxy Client: unable to connect to 77.243.191.102:443 
3/6/19, 21:32:29.642 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:29.642 [WARN] Proxy Client: unable to connect to 131.188.40.189:443 
3/6/19, 21:32:37.674 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:37.674 [WARN] Proxy Client: unable to connect to 81.7.11.186:443 
3/6/19, 21:32:41.686 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:41.686 [WARN] Proxy Client: unable to connect to 193.23.244.244:443 
3/6/19, 21:32:50.722 [WARN] Could not create SOCKS args string. 
3/6/19, 21:32:50.722 [WARN] Proxy Client: unable to connect to 86.59.21.38:443 
3/6/19, 21:33:02.770 [WARN] Could not create SOCKS args string. 
3/6/19, 21:33:02.770 [WARN] Proxy Client: unable to connect to 212.47.231.164:443 
3/6/19, 21:33:04.778 [WARN] Could not create SOCKS args string. 
3/6/19, 21:33:04.778 [WARN] Proxy Client: unable to connect to 194.109.206.212:443 
3/6/19, 21:33:34.894 [WARN] Could not create SOCKS args string. 
3/6/19, 21:33:34.894 [WARN] Proxy Client: unable to connect to 204.13.164.118:443 
3/6/19, 21:33:45.941 [WARN] Could not create SOCKS args string. 
3/6/19, 21:33:45.942 [WARN] Proxy Client: unable to connect to 66.206.0.138:443 
3/6/19, 21:34:21.740 [WARN] Could not create SOCKS args string. 
3/6/19, 21:34:21.740 [WARN] Proxy Client: unable to connect to 154.35.175.225:443 
3/6/19, 21:34:34.127 [WARN] Could not create SOCKS args string. 
3/6/19, 21:34:34.128 [WARN] Proxy Client: unable to connect to 199.58.81.140:443 
3/6/19, 21:34:40.150 [WARN] Could not create SOCKS args string. 
3/6/19, 21:34:40.150 [WARN] Proxy Client: unable to connect to 198.50.191.95:443 
3/6/19, 21:34:40.658 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 
3/6/19, 21:34:40.658 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 

Child Tickets

TicketStatusOwnerSummaryComponent
#29876closedget_proxy_type() may be wrong when unused PT configuredCore Tor/Tor

Attachments (1)

debug.log (190.4 KB) - added by cypherpunks 3 months ago.

Download all attachments as: .zip

Change History (32)

comment:1 Changed 4 months ago by cypherpunks

FWIW, the authentication has both username and password field required.

There's also an unanswered stackexchange question date back to 2015
https://tor.stackexchange.com/questions/7259/unable-to-connect-to-tor-using-socks-5

comment:2 Changed 4 months ago by gk

Component: Applications/Tor BrowserApplications/Tor Launcher
Owner: changed from tbb-team to brade
Status: newneeds_information

So, to be clear you use the Tor Launcher wizard and there the "I use a proxy to connect to the Internet"-option? What details are you then entering?

comment:3 Changed 4 months ago by gk

Cc: mcs tbb-team added

comment:4 Changed 4 months ago by cypherpunks

Yes, I just entered the 4 fields for socks5 proxy.

no problem with address/port since the proxy server did receive connection, but there's something wrong with username/password that caused the authentication to fail. I use the same proxy config for another program and it works, so problems on the proxy side are ruled out.

comment:5 Changed 4 months ago by cypherpunks

ok so I captured the traffic using wireshark:

tbb opens a tcp connection to proxy, proxy accepts
tbb sends socks5 with client authentication methods, proxy chooses username/password
tbb terminates connection with [fin]

no authentication happened at all, which matches the log warning SOCKS args string not created.

username/password are just alnums, there's even no special character in them... any ideas?

comment:6 Changed 4 months ago by mcs

Cc: nickm added

Do you know if this worked with older versions of Tor Browser, e.g., 7.5.6?

Tor Launcher, via the tor control port, adds info about the configured SOCKS5 proxy to the torrc file. Please attach the contents of that file to this ticket (after you redact the user name and password). On Linux, Tor Browser's torrc file is located in Browser/TorBrowser/Data/Tor/torrc within the installation directory.

I am not familiar enough with tor internals to be sure what leads to the Could not create SOCKS args string message. Adding Nick to the Cc in case he can shed some light.

comment:7 Changed 4 months ago by cypherpunks

I have not tried older versions, but given the stackexchange question from 2015 it's probably not a recent regression.

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

DataDirectory /opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor
GeoIPFile /opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
GeoIPv6File /opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6
Socks5Proxy 127.0.0.1:1080
Socks5ProxyUsername username
Socks5ProxyPassword password

comment:8 Changed 4 months ago by cypherpunks

I tried using proxy with the tor shipped by debian and it works...

a little digging in the source tree turned out that the SOCKS args string warning is only triggered when get_proxy_type() == PROXY_PLUGGABLE (src/core/mainloop/connection.c:2636).

tbb somehow told tor that I want to use a bridge?

comment:9 in reply to:  8 Changed 3 months ago by mcs

Replying to cypherpunks:

I tried using proxy with the tor shipped by debian and it works...

a little digging in the source tree turned out that the SOCKS args string warning is only triggered when get_proxy_type() == PROXY_PLUGGABLE (src/core/mainloop/connection.c:2636).

tbb somehow told tor that I want to use a bridge?

That does not seem to be the case based on the contents of your torrc.

Can you reproduce this problem using a clean copy of Tor Browser that you download from https://dist.torproject.org/torbrowser/8.0.8/ ?
Can you configure tor to generate debug logging and make that available? That should help one of the Network Team members to debug this problem.

Changed 3 months ago by cypherpunks

Attachment: debug.log added

comment:10 Changed 3 months ago by cypherpunks

reproduced with a clean copy.
debug log attached, I just hope there isn't anything sensitive...

comment:11 Changed 3 months ago by mcs

Component: Applications/Tor LauncherCore Tor/Tor
Status: needs_informationnew

Thanks for providing the debug log. Reclassifying as Core Tor/Tor so a network team member can take a look. This is my understanding of steps to reproduce:

  1. Download Tor Browser 8.0.8 for Linux (64 bit).
  2. During initial setup, configure a Socks5 proxy (see comment:7 for a copy of the torrc).

The mystery is what causes the Could not create SOCKS args string error (and why does it happen for this installation but not for all installations).

Last edited 3 months ago by mcs (previous) (diff)

comment:12 Changed 3 months ago by mcs

Owner: brade deleted
Status: newassigned

comment:13 Changed 3 months ago by mcs

Status: assignednew

comment:14 Changed 3 months ago by nickm

Keywords: 035-backport 040-backport ux added
Milestone: Tor: 0.4.1.x-final
Points: .5

comment:15 Changed 2 months ago by nickm

Keywords: regression? added

comment:16 Changed 2 months ago by nickm

Keywords: 041-should added

comment:17 Changed 7 weeks ago by nickm

Keywords: 041-regression? added

comment:18 Changed 7 weeks ago by nickm

Owner: set to nickm
Status: newaccepted

I'll take a quick look and see if this is easy

comment:19 Changed 7 weeks ago by nickm

Sponsor: Sponsor19

Looks like the bug here is in get_proxy_type():

  if (options->ClientTransportPlugin)
    return PROXY_PLUGGABLE;
  else if (options->HTTPSProxy)
    return PROXY_CONNECT;
  else if (options->Socks4Proxy)
    return PROXY_SOCKS4;
  else if (options->Socks5Proxy)
    return PROXY_SOCKS5;
  else
    return PROXY_NONE;

The offending commit looks like 41d2b4d3af01b34beb2951028cdbc45b5f41e08e in 0.2.6.1-alpha.

It looks like this will only happen when you have ClientTransportPlugin enabled, and you have a socks5 proxy set, and you aren't using a bridge, and your proxy asks for authentication.

comment:20 Changed 7 weeks ago by nickm

Keywords: added; 041-regression? removed

comment:21 Changed 7 weeks ago by nickm

Actual Points: .2
Status: acceptedneeds_review

I have a possible fix in a branch called bug29670_035 with a PR in https://github.com/torproject/tor/pull/1056

I have run a couple of experiments with it, but I do not have the right kind of local socks proxy to try this out. If somebody else could see whether it fixes the bug, that would help greatly.

comment:22 Changed 6 weeks ago by asn

Reviewer: catalyst

comment:23 Changed 6 weeks ago by catalyst

OK this looks like an concrete instance of a theoretical bug I was worried about in existing code when I noticed some quirks when working on bootstrap reporting.

comment:24 in reply to:  23 ; Changed 6 weeks ago by catalyst

Replying to catalyst:

OK this looks like an concrete instance of a theoretical bug I was worried about in existing code when I noticed some quirks when working on bootstrap reporting.

That would be #29876.

comment:25 in reply to:  24 Changed 6 weeks ago by catalyst

Replying to catalyst:

Replying to catalyst:

OK this looks like an concrete instance of a theoretical bug I was worried about in existing code when I noticed some quirks when working on bootstrap reporting.

That would be #29876.

Made that ticket a child of this one. We can close them at the same time.

comment:26 in reply to:  21 Changed 6 weeks ago by catalyst

Status: needs_reviewneeds_revision

Replying to nickm:

I have a possible fix in a branch called bug29670_035 with a PR in https://github.com/torproject/tor/pull/1056

I have run a couple of experiments with it, but I do not have the right kind of local socks proxy to try this out. If somebody else could see whether it fixes the bug, that would help greatly.

Thanks! Look reasonable by visual inspection. The practracker exceptions need updating though, which is why the tests seem to be failing.

I'm going to try to manually test it on Tor Browser.

comment:27 Changed 6 weeks ago by nickm

Status: needs_revisionneeds_review

Added bug29670_041 with PR at https://github.com/torproject/tor/pull/1072 to merge it forward to master and add practracker exceptions. The branch for older series is still bug29670_035.

comment:28 in reply to:  27 Changed 6 weeks ago by catalyst

Replying to nickm:

Added bug29670_041 with PR at https://github.com/torproject/tor/pull/1072 to merge it forward to master and add practracker exceptions. The branch for older series is still bug29670_035.

Oh I see, https://github.com/torproject/tor/pull/1056 is against the wrong base. I'll adjust it.

comment:29 in reply to:  27 Changed 6 weeks ago by catalyst

Status: needs_reviewmerge_ready

Replying to nickm:

Added bug29670_041 with PR at https://github.com/torproject/tor/pull/1072 to merge it forward to master and add practracker exceptions. The branch for older series is still bug29670_035.

Thanks! Looks good now. (after adjusting the 035 base branch for https://github.com/torproject/tor/pull/1056) I manually tested the 041 branch with Tor Browser and an SSH SOCKS proxy, but I don't have an easy way to test a SOCKS5 proxy that requires authentication.

comment:30 Changed 6 weeks ago by nickm

Keywords: asn-merge added; removed

comment:31 Changed 6 weeks ago by nickm

Keywords: 041-should asn-merge removed
Milestone: Tor: 0.4.1.x-finalTor: 0.4.0.x-final

George merged this into 041, marking for possible backport.

Note: See TracTickets for help on using tickets.