add stream isolation support to torsocks
There is uwt, but it's a hack (creates a temporary torsocks configuration file very time torsocks is started), has bugs and is not in the upstream torsocks package.
Please add the ability to set proxy type, IP address and port by command line. The interface could look like this:
torsocks -t 5 -i 127.0.0.1 -p 9050 /usr/bin/wget -c https://check.torproject.orgsudo torsocks -t 5 -i 127.0.0.1 -p 9052 /usr/bin/apt-get --yes dist-upgradeThe user could open multiple SocksPorts (9050, 9052, 9053, etc.) and use torsocks while separating the streams.
Activity
This is definitely worth exploring. I think ideally, unless otherwise specified, all streams resulting from invocations of torsocks should be isolated. An easy way to accomplish this would be to use a randomly generated username/password (but that's a separate ticket).
My worry with the current implementation is that it requires the user to specify SOCKS_TYPE, IP, and Port which is asking a lot from a typical user. If we, by default, isolate all streams but allow a user to use a common stream, i.e. have wget/curl/etc use the same circuit as Torbrowser, then we maintain the current level of usability but provide extra features for power users. Thoughts?
Trac:
Cc: N/A to tails@boum.orgI have an initial patchset in branch userisol in https://github.com/sysrqb/torsocks.git. Please review.
Trac:
Status: new to needs_reviewThanks for doing this work.
I can't review the code, but test the functionality. Here are my Debian Wheezy 32 bit test results. (Still same config: https://trac.torproject.org/projects/tor/ticket/8137#comment:2)
torsocks /usr/bin/curl https://check.torproject.org /usr/local/bin/torsocks: 232: [: -a: unexpected operator /usr/local/bin/torsocks: 242: /usr/local/bin/torsocks: [[: not found /usr/local/bin/torsocks: 244: /usr/local/bin/torsocks: -z: not found /usr/local/bin/torsocks: 245: /usr/local/bin/torsocks: -z: not found curl: (6) Couldn't resolve host 'check.torproject.org'torsocks -v 3 -f /etc/torsocks.conf /usr/bin/curl https://check.torproject.org Setting to verbosity level 3 /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 227: shift: can't shift that manytorsocks -v 3 /usr/bin/curl https://check.torproject.org Setting to verbosity level 3 /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found /usr/local/bin/torsocks: 227: shift: can't shift that manyThe last bug is fixed. I continue with testing...
Each time I run torsocks, I get a new exit IP and therefore presumably a new circuit as expected.
The following.
/usr/local/bin/torsocks -i 192.168.0.10 -P 9151 /usr/bin/curl https://check.torproject.orgDoesn't work for me.
Illegal option -i Syntax: [.] /usr/local/bin/torsocks <session_options | program_options <program>]> session_options: [on] | [off] | [show | sh] | [--shell] program_options: [-hvupfdtiPN] Options that affect all programs run from this session on Enable Torsocks for all programs run here Note: It is necessary to prepend a period (.) or source in front of the torsocks command off Disable Torsocks for all programs run here Note: It is necessary to prepend a period (.) or source in front of the torsocks command sh, show Show the current list of preloaded libraries --shell Enter into a shell that will enable Torsocks for all programs run in the shell Options that affect only the program run by Torsocks -d debug_file Path to log file -f file Path to configuration file -h Show this message -i IP SOCKS server IP address -N Do not read configuration file, only use command line values -p pass SOCKS password -P port SOCKS server port number -t server_type SOCKS server type (4, 4A, 5) -u user SOCKS username -v num Verbosity level [1,3] program The program you want to run For additional details and information, please view the man pages torsocks(1) and torsocks.conf(5). Also read the information at the top of the torsocks file that was just run.This is now fixed in sysrqb's repository. (Comment 4)
Trac:
Cc: tails@boum.org to tails@boum.org, adrelanos@riseup.net
Can you just clarify "stream isolation" here. Do you want a way for torsocks to isolate it's connection on a dedicated circuit (for which user/pass to the SOCKS5 connection does that) or do you want each connect() to be on it's own circuit or ...?
This ticket seems to ask for a way on the command line to specify the ip/port and for torsocks 2.x this is #11726 (moved).
Just passing ip/port by command line. This ticket can be considered a duplicate of #11726 (moved).
-
Replying to proper:
Just passing ip/port by command line. This ticket can be considered a duplicate of #11726 (moved).
Indeed, let's move this feature to #11726 (moved). Right now Torsocks 2.x only supports SOCKS5 so the "-t" option is not very possible.
Closing this one because duplicate.
Trac:
Status: assigned to closed
Resolution: N/A to duplicate mentioned in issue #8117 (moved)
moved to tpo/core/torsocks#8053 (closed)