Opened 7 years ago

Closed 5 years ago

#8053 closed enhancement (duplicate)

add stream isolation support to torsocks

Reported by: proper Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Keywords:
Cc: tails@…, adrelanos@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There is uwt, but it's a hack (creates a temporary torsocks configuration file very time torsocks is started), has bugs and is not in the upstream torsocks package.

Please add the ability to set proxy type, IP address and port by command line. The interface could look like this:

torsocks -t 5 -i 127.0.0.1 -p 9050 /usr/bin/wget -c https://check.torproject.org
sudo torsocks -t 5 -i 127.0.0.1 -p 9052 /usr/bin/apt-get --yes dist-upgrade

The user could open multiple SocksPorts (9050, 9052, 9053, etc.) and use torsocks while separating the streams.

Child Tickets

Change History (14)

comment:1 Changed 7 years ago by sysrqb

This is definitely worth exploring. I think ideally, unless otherwise specified, all streams resulting from invocations of torsocks should be isolated. An easy way to accomplish this would be to use a randomly generated username/password (but that's a separate ticket).

My worry with the current implementation is that it requires the user to specify SOCKS_TYPE, IP, and Port which is asking a lot from a typical user. If we, by default, isolate all streams but allow a user to use a common stream, i.e. have wget/curl/etc use the same circuit as Torbrowser, then we maintain the current level of usability but provide extra features for power users. Thoughts?

comment:2 Changed 7 years ago by proper

Sounds good to me.

comment:3 Changed 7 years ago by T(A)ILS developers

Cc: tails@… added

comment:4 Changed 7 years ago by sysrqb

Status: newneeds_review

I have an initial patchset in branch userisol in https://github.com/sysrqb/torsocks.git. Please review.

comment:5 Changed 7 years ago by proper

Thanks for doing this work.

I can't review the code, but test the functionality. Here are my Debian Wheezy 32 bit test results. (Still same config: https://trac.torproject.org/projects/tor/ticket/8137#comment:2)

torsocks /usr/bin/curl https://check.torproject.org
/usr/local/bin/torsocks: 232: [: -a: unexpected operator
/usr/local/bin/torsocks: 242: /usr/local/bin/torsocks: [[: not found
/usr/local/bin/torsocks: 244: /usr/local/bin/torsocks: -z: not found
/usr/local/bin/torsocks: 245: /usr/local/bin/torsocks: -z: not found
curl: (6) Couldn't resolve host 'check.torproject.org'
torsocks -v 3 -f /etc/torsocks.conf /usr/bin/curl https://check.torproject.org
Setting to verbosity level 3
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 227: shift: can't shift that many
torsocks -v 3 /usr/bin/curl https://check.torproject.org
Setting to verbosity level 3
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 228: /usr/local/bin/torsocks: OPTIND: not found
/usr/local/bin/torsocks: 227: shift: can't shift that many

comment:6 Changed 7 years ago by sysrqb

Woops, looks like I had some bashisms. I'll be pushing an fix momentarily. Thanks for testing!

comment:7 Changed 7 years ago by proper

The last bug is fixed. I continue with testing...

Each time I run torsocks, I get a new exit IP and therefore presumably a new circuit as expected.

The following.

/usr/local/bin/torsocks -i 192.168.0.10 -P 9151 /usr/bin/curl https://check.torproject.org

Doesn't work for me.

Illegal option -i
Syntax: [.] /usr/local/bin/torsocks <session_options | program_options <program>]>
    session_options: [on] | [off] | [show | sh] | [--shell]
    program_options: [-hvupfdtiPN] 

    Options that affect all programs run from this session
          on       Enable Torsocks for all programs run here
                       Note: It is necessary to prepend a period (.)
                       or source in front of the torsocks command
          off      Disable Torsocks for all programs run here
                       Note: It is necessary to prepend a period (.)
                       or source in front of the torsocks command
          sh, show
                   Show the current list of preloaded libraries
        --shell    Enter into a shell that will enable Torsocks for
                       all programs run in the shell

    Options that affect only the program run by Torsocks
        -d debug_file       Path to log file
        -f file             Path to configuration file
        -h                  Show this message
        -i IP               SOCKS server IP address
        -N                  Do not read configuration file,
                              only use command line values
        -p pass             SOCKS password
        -P port             SOCKS server port number
        -t server_type      SOCKS server type (4, 4A, 5)
        -u user             SOCKS username
        -v num              Verbosity level [1,3]
        program             The program you want to run

For additional details and information, please view the man pages
torsocks(1) and torsocks.conf(5). Also read the information at
the top of the torsocks file that was just run.

comment:8 Changed 7 years ago by proper

Changing the getops line in /usr/local/bin/torsocks to

    while getopts v:f:d:u:p:t:i:P:N opt 

fixed the "Illegal option -i" error.

comment:9 Changed 7 years ago by proper

Cc: adrelanos@… added

This is now fixed in sysrqb's repository. (Comment 4)

comment:10 Changed 5 years ago by proper

Owner: set to dgoulet
Status: needs_reviewassigned

comment:11 Changed 5 years ago by proper

Previous discussions were about torsocks 1.x, which is now deprecated. It would still be great to have this in torsocks 2.0. That feature is also important for Whonix, because it's using lots of stream isolation (uwt) wrappers that are problematic.

comment:12 Changed 5 years ago by dgoulet

Can you just clarify "stream isolation" here. Do you want a way for torsocks to isolate it's connection on a dedicated circuit (for which user/pass to the SOCKS5 connection does that) or do you want each connect() to be on it's own circuit or ...?

This ticket seems to ask for a way on the command line to specify the ip/port and for torsocks 2.x this is #11726.

comment:13 Changed 5 years ago by proper

Just passing ip/port by command line. This ticket can be considered a duplicate of #11726.

comment:14 in reply to:  13 Changed 5 years ago by dgoulet

Resolution: duplicate
Status: assignedclosed

Replying to proper:

Just passing ip/port by command line. This ticket can be considered a duplicate of #11726.


Indeed, let's move this feature to #11726. Right now Torsocks 2.x only supports SOCKS5 so the "-t" option is not very possible.

Closing this one because duplicate.

Note: See TracTickets for help on using tickets.