add option to allow connections to local addresses

added component::core tor/torsocks owner::dgoulet priority::medium resolution::fixed severity::normal status::closed type::defect labels

This only occurs when the applications attempts establishing a connection to a local IP address, not when the Tor client (or other SOCKS proxy) is run on another IP address and Torsocks connects to it. Torsocks should not (and can not if proxying via Tor) make connections for an application on a non-public IP.

If this isn't the case, then can you provide more details about when Torsocks is denying connections to a non-local proxy? Debug logs may help a little too.

Please tell me if I can do anything else for debugging.

/etc/torsocks.conf on Debian Wheezy

# This is the configuration for libtorsocks (transparent socks) for use
# with tor, which is providing a socks server on port 9050 by default.
#
# Lines beginning with # and blank lines are ignored
#
# The basic idea is to specify:
#       - Local subnets - Networks that can be accessed directly without
#                         assistance from a socks server
#       - Paths - Paths are basically lists of networks and a socks server
#                 which can be used to reach these networks
#       - Default server - A socks server which should be used to access
#                          networks for which no path is available
# Much more documentation than provided in these comments can be found in
# torsocks.conf(5) and usewithtor(1) manpages.

# We specify local as 127.0.0.0 - 127.191.255.255 because the
# Tor MAPADDRESS virtual IP range is the rest of net 127.
# Torsocks also treats as local all the subnets that Tor does.
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
local = 169.254.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 192.168.0.0/255.255.0.0
  
# Default server
# For connections that aren't to the local subnets 
# the server at 127.0.0.1 should be used (again, hostnames could be used
# too, see note above)
server = 192.168.0.10

# SOCKS server type defaults to 4
server_type = 5

# The port defaults to 1080 but I've stated it here for clarity
server_port = 9159

# Username and password (if required on a SOCKSv5 server)
#default_user =
#default_pass =

# Paths
# For this example this machine needs to access 150.0.0.0/255.255.0.0 as
# well as port 80 on the network 150.1.0.0/255.255.0.0 through
# the socks 5 server at 10.1.7.25 (if this machines hostname was
# "socks.hello.com" we could also specify that, unless --disable-hostnames
# was specified to ./configure).

#path {
#        reaches = 150.0.0.0/255.255.0.0
#        reaches = 150.1.0.0:80/255.255.0.0
#        server = 10.1.7.25
#        server_type = 5
#        default_user = delius
#        default_pass = hello
#}
#

Enabled debugging with.

export TORSOCKS_DEBUG=1

Feel free to stop downloading after seeing the error message.

torsocks git clone git://git.immerda.ch/amnesia.git
libtorsocks(26959): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26960): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26957): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26961): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26962): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26963): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26964): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26965): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26966): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26967): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26961): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26969): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26971): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26972): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
libtorsocks(26961): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
Cloning into 'amnesia'...
libtorsocks(26961): connect: Connection is to a local address (192.168.0.10), may be a TCP DNS request to a local DNS server so have to reject to be safe. Please report a bug to http://code.google.com/p/torsocks/issues/entry if this is preventing a program from working properly with torsocks.
libtorsocks(26974): The symbol getipnodebyname() was not found in any shared library. The error reported was: not found!
^Cmote: Counting objects: 38787

Git fetch causes similar error messages.

Hm, I can't reproduce this with master. It's possible this was fixed since the last deb was created (I don't have a debian install on-hand to check). If possible, can you try installing the latest -rc that Jake released[1] (or git master) and let us know if you still receive that error?

$ torsocks git clone git://git.immerda.ch/amnesia.git
Cloning into 'amnesia'...
remote: Counting objects: 37352

Also, I note that rejecting that connection was not fatal, so I'm not sure exactly what it's trying to do.

[1] https://people.torproject.org/~ioerror/torsocks-1.3.tar.gz

I'll test as soon as cryptographic signature is provided for 1.3 rc. intrigeri already asked for one. (Re: [tor-dev] final torsocks RC 1.3 tar.gz up for testing)

Tested with 1.3 final, the error persists.

(Here is what I did:)

#On Debian

git clone https://git.torproject.org/torsocks.git
git tag -v 1.3
sudo apt-get build-dep torsocks
sudo apt-get remove torsocks
./autogen.sh
./configure
make
sudo make install

It's now completely broken, since switch from 1.2 (Debian) to 1.3 (torproject git).

Config remained the same as posted above.

# Just to show, the Tor is really accessible on that port.
/tmp $ /usr/bin/wget 192.168.0.10:9159
--2013-02-12 05:13:44--  http://192.168.0.10:9159/
Connecting to 192.168.0.10:9159... connected.
HTTP request sent, awaiting response... 501 Tor is not an HTTP Proxy
2013-02-12 05:13:44 ERROR 501: Tor is not an HTTP Proxy.

# external service was up
/tmp $ nslookup github.com
Server:         192.168.0.10
Address:        192.168.0.10#53

Non-authoritative answer:
Name:   github.com
Address: 207.97.227.239

/tmp $ torsocks git clone https://github.com/adrelanos/Whonix.git
libtorsocks(7396): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(7397): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(7394): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
Cloning into 'Whonix'...
libtorsocks(7398): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(7398): do_resolve: error connecting to SOCKS server
libtorsocks(7398): failed to resolve: github.com
libtorsocks(7398): do_resolve: error connecting to SOCKS server
libtorsocks(7398): failed to resolve: github.com
error: Couldn't resolve host 'github.com' while accessing https://github.com/adrelanos/Whonix.git/info/refs
fatal: HTTP request failed

wget is now completely broken.

/tmp $ torsocks wget https://check.torproject.org
libtorsocks(8777): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8778): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8775): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
--2013-02-12 --  https://check.torproject.org/
Resolving check.torproject.org (check.torproject.org)... libtorsocks(8775): do_resolve: error connecting to SOCKS server
libtorsocks(8775): failed to resolve: check.torproject.org
failed: Name or service not known.
wget: unable to resolve host address `check.torproject.org'
/tmp $

curl has a lot warnings and debug output, but still works.

/tmp $ torsocks curl https://check.torproject.org
libtorsocks(8900): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8901): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8898): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
this is curl wrapper. caller: 
libtorsocks(8902): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8903): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8904): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8905): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8906): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8907): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8908): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8902): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8910): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8912): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8913): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
libtorsocks(8902): WARNING: The symbol getipnodebyname() was not found in any shared library with the reported error: Not Found!
  Also, we failed to find the symbol __getipnodebyname() with the reported error: Not Found
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Are you using Tor?</title>
<link rel="shortcut icon" type="image/x-icon" href="./favicon.ico">
<style type="text/css">
img,acronym {
  border: 0;  text-decoration: none;}</style></head>
<body>
<center>

<img alt="Congratulations. Your browser is configured to use Tor." src="/images/tor-on.png">
<br><h1 style="color: #0A0">
Congratulations. Your browser is configured to use Tor.<br>
<br>
</h1>
Please refer to the <a href="https://www.torproject.org/">Tor website</a> for further information about using Tor safely.  You are now free to browse the Internet anonymously.<br>
<br>

<br>
Your IP address appears to be: <b>74.3.165.39</b><br>
<small>
<tt><br>
<br>
<p>This page is also available in the following languages:</p><p><a href="?lang=ar" hreflang="ar" lang="ar" rel="alternate">&#1593;&#1585;&#1576;&#1610;&#1577;&nbsp;(Arabiya)</a> <a href="?lang=bms" hreflang="bms" lang="bms" rel="alternate">Burmese</a> <a href="?lang=cs" hreflang="cs" lang="cs" rel="alternate">&#269;esky</a> <a href="?lang=da" hreflang="da" lang="da" rel="alternate">dansk</a> <a href="?lang=de" hreflang="de" lang="de" rel="alternate">Deutsch</a> <a href="?lang=el" hreflang="el" lang="el" rel="alternate">&#917;&#955;&#955;&#951;&#957;&#953;&#954;&#940;&nbsp;(Ellinika)</a> <a href="?lang=en_US" hreflang="en_US" lang="en_US" rel="alternate">English</a> <a href="?lang=es" hreflang="es" lang="es" rel="alternate">espa&ntilde;ol</a> <a href="?lang=et" hreflang="et" lang="et" rel="alternate">Estonian</a> <a href="?lang=fa_IR" hreflang="fa_IR" lang="fa_IR" rel="alternate">&#1601;&#1575;&#1585;&#1587;&#1740; (F&#257;rs&#299;)</a> <a href="?lang=fi" hreflang="fi" lang="fi" rel="alternate">suomi</a> <a href="?lang=fr" hreflang="fr" lang="fr" rel="alternate">fran&ccedil;ais</a> <a href="?lang=it_IT" hreflang="it_IT" lang="it_IT" rel="alternate">Italiano</a> <a href="?lang=ja" hreflang="ja" lang="ja" rel="alternate">&#26085;&#26412;&#35486;&nbsp;(Nihongo)</a> <a href="?lang=nb" hreflang="nb" lang="nb" rel="alternate">norsk&nbsp;(bokm&aring;l)</a> <a href="?lang=nl" hreflang="nl" lang="nl" rel="alternate">Nederlands</a> <a href="?lang=pl" hreflang="pl" lang="pl" rel="alternate">polski</a> <a href="?lang=pt" hreflang="pt" lang="pt" rel="alternate">Portugu&ecirc;s</a> <a href="?lang=pt_BR" hreflang="pt_BR" lang="pt_BR" rel="alternate">Portugu&ecirc;s do Brasil</a> <a href="?lang=ro" hreflang="ro" lang="ro" rel="alternate">rom&acirc;n&#259;</a> <a href="?lang=ru" hreflang="ru" lang="ru" rel="alternate">&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;&nbsp;(Russkij)</a> <a href="?lang=th" hreflang="th" lang="th" rel="alternate">Thai</a> <a href="?lang=tr" hreflang="tr" lang="tr" rel="alternate">T&uuml;rk&ccedil;e</a> <a href="?lang=uk" hreflang="uk" lang="uk" rel="alternate">&#1091;&#1082;&#1088;&#1072;&#1111;&#1085;&#1089;&#1100;&#1082;&#1072;&nbsp;(ukrajins'ka)</a> <a href="?lang=vi" hreflang="vi" lang="vi" rel="alternate">Vietnamese</a> <a href="?lang=zh_CN" hreflang="zh_CN" lang="zh_CN" rel="alternate">&#20013;&#25991;(&#31616;)</a> </p></tt></small></center>
</body></html>/tmp $

Forgot to mention.

After

git tag -v 1.3

I of course done a

git checkout 1.3.

The getipnodebyname warnings are not surprising and can be ignored. The lines

libtorsocks(7398): do_resolve: error connecting to SOCKS server
libtorsocks(7398): failed to resolve: github.com

explain the outcome but they indicate that the issue is a connectivity problem between client and server. Yet, curl was successful. Does curl resolve names a different way?

Does curl resolve names a different way?

I don't know that.

Apparently, I messed up TORSOCKS_CONF_FILE.

#8220 (moved): "add TORSOCKS_CONF_FILE to debug output"
#8221 (moved): "add configuration to debug output"

The do_resolve / failed to resolve error is solved.

Back to the original question.

Running.

torsocks /usr/bin/git clone git://git.immerda.ch/amnesia.git

Results in

libtorsocks(23746): connect: Connection is to a local address (192.168.0.10), may be a TCP DNS request to a local DNS server so have to reject to be safe. Please report a bug to http://code.google.com/p/torsocks/issues/entry if this is preventing a program from working properly with torsocks.

Also when using 1.3.

It's non-fatal, connection still succeeds.

Can please fix this warning?

Trac:
Cc: N/A to intrigeri@boum.org

Is this Wheezy 32- or 64-bit? I'm having trouble reproducing on 64-bit Wheezy right now.

Wheezy 32 bit.

Quick update: currently this bug only seems to non-fatally effect operations using the git protocol.

It lets KGpg fail fatally (wrapped gpg with torsocks), because it doesn't understand the torsocks error message.

Gpg itself also fails non-fatally.

Replying to proper:

It lets KGpg fail fatally (wrapped gpg with torsocks), because it doesn't understand the torsocks error message.

Can you grab a stack trace of this crash?

Gpg itself also fails non-fatally.

Is this the same situation as we have with git? If so, I'm beginning to think this is the correct behavior because the connections appear to be dns lookups to a local dns server (at least that's what it appears to be in my local tests). Was 192.168.0.10 also a dns server in your environment (in addition to a Tor client)?

Replying to cypherpunks:

Replying to proper:

It lets KGpg fail fatally (wrapped gpg with torsocks), because it doesn't understand the torsocks error message.

Can you grab a stack trace of this crash?

Sorry for my wording. "Fails fatally" shouldn't mean crash of kgpg. When I clicked on details after trying to connect, I saw the torsocks warning (the usual ...may be a TCP DNS reque...).

The problem is, kgpg wants to phrase gpg's output and gets confused by the torsocks warning.

Gpg itself also fails non-fatally.

Is this the same situation as we have with git?

Yes.

gpg --recv-keys 9B157153925C303A42253AFB9C131AD3713AAEEF gpg: requesting key 713AAEEF from hkp server pool.sks-keyservers.net 18:28:01 libtorsocks(4719): connect: Connection is to a local address (192.168.0.10), may be a TCP DNS request to a local DNS server so have to reject to be safe. Please report a bug to http://code.google.com/p/torsocks/issues/entry if this is preventing a program from working properly with torsocks. gpg: key 713AAEEF: "adrelanos " not changed gpg: Total number processed: 1 gpg: unchanged: 1

Was 192.168.0.10 also a dns server in your environment

Yes.

(Same non-fatal fail when /etc/resolv.conf is empty on 192.168.0.11 and if that DnsPort on 192.168.0.10 is disabled.)

If so, I'm beginning to think this is the correct behavior because the connections appear to be dns lookups to a local dns server (at least that's what it appears to be in my local tests).

Ok, I understand. Could you add an option (configuration file, environment variable or command line switch) to suppress that warning please?

add option to allow connections to local addresses

Child items ...

Activity