/* $Id: socksfwd.c,v 1.1 2007-07-24 07:29:41 gophi Exp $ */ #include #include #include #include #include #include #include #include #include #include #include #include #define TIMEOUT 900 extern int errno, h_errno; #define die(...) do { \ int se = errno; \ fprintf(stderr, "socksfwd: line %d: ", __LINE__); \ errno = se; \ fprintf(stderr, __VA_ARGS__); \ fprintf(stderr, "\n"); \ exit(EXIT_FAILURE); \ } while (0) static volatile int flag_alrm = 0; static void sigalrm(int signo) { flag_alrm = 1; signal(signo, sigalrm); } static int create_socket(void) { int fd; fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) die("socket(): %s", strerror(errno)); return fd; } static int create_listening(int port) { struct hostent *hent; int fd, sv; struct sockaddr_in sa; hent = gethostbyname("127.0.0.1"); if (!hent) die("internal error"); fd = create_socket(); memset(&sa, 0, sizeof(sa)); memcpy(&sa.sin_addr, hent->h_addr, sizeof(sa.sin_addr)); sa.sin_family = AF_INET; sa.sin_port = htons(port); sv = 1; if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &sv, sizeof(sv)) == -1) die("setsockopt(): %s", strerror(errno)); if (bind(fd, (struct sockaddr *) &sa, sizeof(sa)) == -1) die("bind(): %s", strerror(errno)); if (listen(fd, 10) == -1) die("listen(): %s", strerror(errno)); return fd; } static int create_connected(struct sockaddr_in *sa) { int fd = create_socket(); /* moze tez alrm? */ if (connect(fd, (struct sockaddr *) sa, sizeof(*sa)) == -1) die("connect(): %s", strerror(errno)); return fd; } static size_t timeout_recv(int fd, char *buf, size_t sz) { alarm(TIMEOUT); flag_alrm = 0; while (!flag_alrm) { ssize_t rs = read(fd, buf, sz); if (rs == -1) { if (errno == EAGAIN || errno == EINTR) continue; die("read(): %s", strerror(errno)); } else if (!rs) exit(EXIT_SUCCESS); alarm(0); return rs; } alarm(0); if (flag_alrm) die("read(): timeout"); /* NOTREACHED */ return 0; } static void atomic_recv(int fd, char *buf, size_t sz) { while (sz) { ssize_t rs = timeout_recv(fd, buf, sz); buf += rs; sz -= rs; } } static void atomic_send(int fd, char *buf, size_t sz) { alarm(TIMEOUT); flag_alrm = 0; while (sz && !flag_alrm) { ssize_t rs = write(fd, buf, sz); if (rs == -1) { if (errno == EAGAIN || errno == EINTR) continue; die("write(): %s", strerror(errno)); } else if (!rs) die("write(): returned nonsense"); buf += rs; sz -= rs; } alarm(0); if (flag_alrm) die("write(): timeout"); } static void do_tunnel(int src, int dst) { char buf[1024]; size_t rs; rs = timeout_recv(src, buf, sizeof(buf)); atomic_send(dst, buf, rs); } static void tunnel(int fd1, int fd2) { fd_set fds; int max = ((fd1 > fd2) ? fd1 : fd2) + 1; for (;;) { int rs; FD_ZERO(&fds); FD_SET(fd1, &fds); FD_SET(fd2, &fds); alarm(TIMEOUT); rs = select(max, &fds, NULL, NULL, NULL); alarm(0); if (rs == 0) continue; if (rs == -1 && (errno == EAGAIN || errno == EINTR)) { if (flag_alrm) die("timeout"); continue; } if (FD_ISSET(fd1, &fds)) do_tunnel(fd1, fd2); if (FD_ISSET(fd2, &fds)) do_tunnel(fd2, fd1); } } static void handle(int fd) { unsigned char buf[256]; size_t i, methods; struct sockaddr_in sa; socklen_t len; int nfd; alarm(0); signal(SIGALRM, sigalrm); /* version, nmethods */ atomic_recv(fd, buf, 2); if (buf[0] != 5) die("invalid socks version in preauth (%d)", buf[0]); methods = buf[1]; atomic_recv(fd, buf, methods); for (i = 0; i < methods; ++i) if (buf[i] == 0) break; else if (buf[i] == 0xFF) die("no acceptable auth methods"); if (i == methods) die("disable authorization"); buf[0] = 5; // version buf[1] = 0; // no auth atomic_send(fd, buf, 2); atomic_recv(fd, buf, 4); if (buf[0] != 5) die("invalid socks version in request (%d)", buf[0]); if (buf[1] != 1) die("invalid request (%d)", buf[1]); if (buf[3] != 1 && buf[3] != 3) die("invalid address type (%d)", buf[3]); memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; if (buf[3] == 1) { // inet atomic_recv(fd, buf, 4); memcpy(&sa.sin_addr, buf, 4); } else { // hostname struct hostent *hent; size_t sz; atomic_recv(fd, buf, 1); sz = buf[0]; atomic_recv(fd, buf, sz); buf[sz] = 0; hent = gethostbyname(buf); if (!hent) die("cannot resolve %s: %s", buf, hstrerror(h_errno)); memcpy(&sa.sin_addr, hent->h_addr, sizeof(sa.sin_addr)); } atomic_recv(fd, buf, 2); memcpy(&sa.sin_port, buf, 2); nfd = create_connected(&sa); len = sizeof(sa); if (getsockname(nfd, (struct sockaddr *) &sa, &len) == -1) die("getsockname(): %s", strerror(errno)); buf[0] = 5; // ver buf[1] = 0; // success buf[2] = 0; // reserved buf[3] = 1; // ipv4 memcpy(&buf + 4, &sa.sin_addr, 4); memcpy(&buf + 8, &sa.sin_port, 2); atomic_send(fd, buf, 10); tunnel(fd, nfd); close(nfd); } int main(int ac, char * const av[]) { int port, fd; if (ac < 2) die("must specify port"); port = atoi(av[1]); if (!port) die("invalid port"); fd = create_listening(port); signal(SIGCHLD, SIG_IGN); for (;;) { int nfd; pid_t pid; nfd = accept(fd, NULL, NULL); if (nfd == -1) { if (errno == EAGAIN || errno == EINTR) continue; die("accept(): %s", strerror(errno)); } pid = fork(); if (pid == -1) die("fork(): %s", strerror(errno)); else if (!pid) { close(fd); handle(nfd); close(nfd); exit(EXIT_SUCCESS); } close(nfd); } /* NOTREACHED */ close(fd); return EXIT_SUCCESS; }