aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-01-04 23:01:00 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-01-04 23:01:00 +0000
commit2e42b0a252416803a90ea232dc94a0a21d5a97e5 (patch)
treece5c9b3a2e33408a77300563964924a73d6b464b /lib
parentfcc485092a09811d5bfed78d13984fed5c31e652 (diff)
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the
proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
Diffstat (limited to 'lib')
-rw-r--r--lib/socks.c110
-rw-r--r--lib/url.c8
-rw-r--r--lib/urldata.h6
3 files changed, 97 insertions, 27 deletions
diff --git a/lib/socks.c b/lib/socks.c
index 5146b0dc4..90ec1f215 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -390,6 +390,17 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
curl_socket_t sock = conn->sock[sockindex];
struct SessionHandle *data = conn->data;
long timeout;
+ bool socks5_resolve_local = data->set.socks5_resolve_local;
+ const size_t hostname_len = strlen(hostname);
+ int packetsize = 0;
+
+ /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+ if(!socks5_resolve_local && hostname_len > 255)
+ {
+ infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
+ "length > 255 [actual len=%d]\n", hostname_len);
+ socks5_resolve_local = TRUE;
+ }
/* get timeout */
if(data->set.timeout && data->set.connecttimeout) {
@@ -553,13 +564,26 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
socksreq[0] = 5; /* version (SOCKS5) */
socksreq[1] = 1; /* connect */
socksreq[2] = 0; /* must be zero */
- socksreq[3] = 1; /* IPv4 = 1 */
- {
+ if(!socks5_resolve_local) {
+ packetsize = 5 + hostname_len + 2;
+
+ socksreq[3] = 3; /* ATYP: domain name = 3 */
+ socksreq[4] = (char) hostname_len; /* address length */
+ memcpy(&socksreq[5], hostname, hostname_len); /* address bytes w/o NULL */
+
+ *((unsigned short*)&socksreq[hostname_len+5]) =
+ htons((unsigned short)remote_port);
+ }
+ else {
struct Curl_dns_entry *dns;
Curl_addrinfo *hp=NULL;
int rc = Curl_resolv(conn, hostname, remote_port, &dns);
+ packetsize = 10;
+
+ socksreq[3] = 1; /* IPv4 = 1 */
+
if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_HOST;
@@ -595,40 +619,76 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
hostname);
return CURLE_COULDNT_RESOLVE_HOST;
}
+
+ *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
}
- *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
+ code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
+ if((code != CURLE_OK) || (written != packetsize)) {
+ failf(data, "Failed to send SOCKS5 connect request.");
+ return CURLE_COULDNT_CONNECT;
+ }
- {
- const int packetsize = 10;
+ packetsize = 10; /* minimum packet size is 10 */
+
+ result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+ &actualread, timeout);
+ if((result != CURLE_OK) || (actualread != packetsize)) {
+ failf(data, "Failed to receive SOCKS5 connect request ack.");
+ return CURLE_COULDNT_CONNECT;
+ }
- code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
- if((code != CURLE_OK) || (written != packetsize)) {
- failf(data, "Failed to send SOCKS5 connect request.");
+ if(socksreq[0] != 5) { /* version */
+ failf(data,
+ "SOCKS5 reply has wrong version, version should be 5.");
+ return CURLE_COULDNT_CONNECT;
+ }
+ if(socksreq[1] != 0) { /* Anything besides 0 is an error */
+ failf(data,
+ "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+ (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+ (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+ (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
+ socksreq[1]);
return CURLE_COULDNT_CONNECT;
- }
+ }
- result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+ /* Fix: in general, returned BND.ADDR is variable length parameter by RFC
+ 1928, so the reply packet should be read until the end to avoid errors at
+ subsequent protocol level.
+
+ +----+-----+-------+------+----------+----------+
+ |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
+ +----+-----+-------+------+----------+----------+
+ | 1 | 1 | X'00' | 1 | Variable | 2 |
+ +----+-----+-------+------+----------+----------+
+
+ ATYP:
+ o IP v4 address: X'01', BND.ADDR = 4 byte
+ o domain name: X'03', BND.ADDR = [ 1 byte length, string ]
+ o IP v6 address: X'04', BND.ADDR = 16 byte
+ */
+
+ /* Calculate real packet size */
+ if(socksreq[3] == 3) {
+ /* domain name */
+ int addrlen = (int) socksreq[4];
+ packetsize = 5 + addrlen + 2;
+ }
+ else if(socksreq[3] == 4) {
+ /* IPv6 */
+ packetsize = 4 + 16 + 2;
+ }
+
+ /* At this point we already read first 10 bytes */
+ if(packetsize > 10) {
+ packetsize -= 10;
+ result = blockread_all(conn, sock, (char *)&socksreq[10], packetsize,
&actualread, timeout);
if((result != CURLE_OK) || (actualread != packetsize)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
return CURLE_COULDNT_CONNECT;
}
-
- if(socksreq[0] != 5) { /* version */
- failf(data,
- "SOCKS5 reply has wrong version, version should be 5.");
- return CURLE_COULDNT_CONNECT;
- }
- if(socksreq[1] != 0) { /* Anything besides 0 is an error */
- failf(data,
- "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
- (unsigned char)socksreq[4], (unsigned char)socksreq[5],
- (unsigned char)socksreq[6], (unsigned char)socksreq[7],
- (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
- socksreq[1]);
- return CURLE_COULDNT_CONNECT;
- }
}
Curl_nonblock(sock, TRUE);
diff --git a/lib/url.c b/lib/url.c
index 550cb2113..774e25ff2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2054,6 +2054,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
}
break;
+ case CURLOPT_SOCKS5_RESOLVE_LOCAL:
+ /*
+ * Enable or disable using of SOCKS5 proxy server to resolve domain names
+ * instead of using platform API like gethostbyname_r etc
+ */
+ data->set.socks5_resolve_local = (bool)(0 != va_arg(param, long));
+ break;
+
default:
/* unknown tag and its companion, just ignore: */
result = CURLE_FAILED_INIT; /* correct this */
diff --git a/lib/urldata.h b/lib/urldata.h
index 9febb8415..2f061e035 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1441,7 +1441,9 @@ struct UserDefined {
long new_directory_perms; /* Permissions to use when creating remote dirs */
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
via an HTTP proxy */
-
+ bool socks5_resolve_local; /* resolve host names locally even if a SOCKS5
+ proxy in use. Valid only if CURLOPT_PROXYTYPE
+ == CURLPROXY_SOCKS5, otherwise ignored. */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
};