experimental new feature: proxy_dns_daemon

since many users complain about issues with modern, ultracomplex
clusterfuck software such as chromium, nodejs, etc, i've reconsidered
one of my original ideas how to implement remote dns lookup support.
instead of having a background thread serving requests via a pipe,
the user manually starts a background daemon process before running
proxychains, and the two processes then communicate via UDP.
this requires much less hacks (like hooking of close() to prevent
pipes from getting closed) and doesn't need to call any async-signal
unsafe code like malloc(). this means it should be much more compatible
than the previous method, however it's not as practical and slightly
slower.

it's recommended that the proxychains4-daemon runs on localhost, and
if you use proxychains-ng a lot you might want to set ip up as a service
that starts on boot. a single proxychains4-daemon should theoretically
be able to serve many parallel proxychains4 instances, but this has not
yet been tested so far. it's also possible to run the daemon on other
computers, even over internet, but currently there is no error-checking/
timeout code at all; that means the UDP connection needs to be very
stable.

the library code used for the daemon sources are from my projects
libulz[0] and htab[1], and the server code is loosely based on
microsocks[2]. their licenses are all compatible with the GPL.
if not otherwise mentioned, they're released for this purpose under
the standard proxychains-ng license (see COPYING).

[0]: https://github.com/rofl0r/libulz
[1]: https://github.com/rofl0r/htab
[2]: https://github.com/rofl0r/microsocks

Makefile

@@ -13,13 +13,18 @@ includedir = $(prefix)/include
 libdir = $(prefix)/lib
 sysconfdir=$(prefix)/etc
 
-SRCS = $(sort $(wildcard src/*.c))
-OBJS = $(SRCS:.c=.o)
+OBJS = src/common.o src/main.o
+
+DOBJS = src/daemon/hsearch.o \
+        src/daemon/sblist.o src/daemon/sblist_delete.o \
+        src/daemon/daemon.o src/daemon/udpserver.o
+
 LOBJS = src/nameinfo.o src/version.o \
         src/core.o src/common.o src/libproxychains.o \
-        src/allocator_thread.o \
+        src/allocator_thread.o src/rdns.o \
         src/hostsreader.o src/hash.o src/debug.o
 
+
 GENH = src/version.h
 
 CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
@@ -41,7 +46,8 @@ LDSO_PATHNAME = libproxychains4.$(LDSO_SUFFIX)
 SHARED_LIBS = $(LDSO_PATHNAME)
 ALL_LIBS = $(SHARED_LIBS)
 PXCHAINS = proxychains4
-ALL_TOOLS = $(PXCHAINS)
+PXCHAINS_D = proxychains4-daemon
+ALL_TOOLS = $(PXCHAINS) $(PXCHAINS_D)
 ALL_CONFIGS = src/proxychains.conf
 
 -include config.mak
@@ -70,7 +76,7 @@ install-config: $(ALL_CONFIGS:src/%=$(DESTDIR)$(sysconfdir)/%)
 clean:
 	rm -f $(ALL_LIBS)
 	rm -f $(ALL_TOOLS)
-	rm -f $(OBJS)
+	rm -f $(OBJS) $(LOBJS) $(DOBJS)
 	rm -f $(GENH)
 
 src/version.h: $(wildcard VERSION .git)
@@ -83,10 +89,13 @@ src/version.o: src/version.h
 
 $(LDSO_PATHNAME): $(LOBJS)
 	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) $(USER_LDFLAGS) \
-		-shared -o $@ $(LOBJS) $(SOCKET_LIBS)
+		-shared -o $@ $^ $(SOCKET_LIBS)
+
+$(PXCHAINS): $(OBJS)
+	$(CC) $^ $(USER_LDFLAGS) $(LIBDL) -o $@
 
-$(ALL_TOOLS): $(OBJS)
-	$(CC) src/main.o src/common.o $(USER_LDFLAGS) $(LIBDL) -o $(PXCHAINS)
+$(PXCHAINS_D): $(DOBJS)
+	$(CC) $^ $(USER_LDFLAGS) -o $@
 
 
 .PHONY: all clean install install-config install-libs install-tools

configure

@@ -159,6 +159,9 @@ check_compile 'whether we have GNU-style getservbyname_r()' "-DHAVE_GNU_GETSERVB
 check_compile 'whether we have pipe2() and O_CLOEXEC' "-DHAVE_PIPE2" \
 '#define _GNU_SOURCE\n#include <fcntl.h>\n#include <unistd.h>\nint main() {\nint pipefd[2];\npipe2(pipefd, O_CLOEXEC);\nreturn 0;}'
 
+check_compile 'whether we have SOCK_CLOEXEC' "-DHAVE_SOCK_CLOEXEC" \
+'#define _GNU_SOURCE\n#include <sys/socket.h>\nint main() {\nreturn socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);}'
+
 check_define __APPLE__ && {
 	mac_detected=true
 	check_define __x86_64__ && mac_64=true

src/allocator_thread.h

@@ -4,8 +4,6 @@
 #include <unistd.h>
 #include "ip_type.h"
 
-#define MSG_LEN_MAX 256
-
 extern int req_pipefd[2];
 extern int resp_pipefd[2];
 

src/core.c

@@ -37,13 +37,12 @@
 
 #include "core.h"
 #include "common.h"
-#include "allocator_thread.h"
+#include "rdns.h"
 #include "mutex.h"
 
 extern int tcp_read_time_out;
 extern int tcp_connect_time_out;
 extern int proxychains_quiet_mode;
-extern int proxychains_resolver;
 extern unsigned int proxychains_proxy_offset;
 extern unsigned int remote_dns_subnet;
 
@@ -200,8 +199,8 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt, c
 	// the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with
 	// the results returned from gethostbyname et al.)
 	// the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127
-	if(!ip.is_v6 && proxychains_resolver && ip.addr.v4.octet[0] == remote_dns_subnet) {
-		dns_len = at_get_host_for_ip(ip.addr.v4, hostnamebuf);
+	if(!ip.is_v6 && proxychains_resolver >= DNSLF_RDNS_START && ip.addr.v4.octet[0] == remote_dns_subnet) {
+		dns_len = rdns_get_host_for_ip(ip.addr.v4, hostnamebuf);
 		if(!dns_len) goto err;
 		else dns_name = hostnamebuf;
 	}
@@ -525,8 +524,8 @@ static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
 
 	PFUNC();
 
-	if(!v6 && proxychains_resolver && pto->ip.addr.v4.octet[0] == remote_dns_subnet) {
-		if(!at_get_host_for_ip(pto->ip.addr.v4, hostname_buf)) goto usenumericip;
+	if(!v6 && proxychains_resolver >= DNSLF_RDNS_START && pto->ip.addr.v4.octet[0] == remote_dns_subnet) {
+		if(!rdns_get_host_for_ip(pto->ip.addr.v4, hostname_buf)) goto usenumericip;
 		else hostname = hostname_buf;
 	} else {
 	usenumericip:
@@ -865,7 +864,7 @@ struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data*
 		goto retname;
 	}
 
-	data->resolved_addr = at_get_ip_for_host((char*) name, strlen(name)).as_int;
+	data->resolved_addr = rdns_get_ip_for_host((char*) name, strlen(name)).as_int;
 	if(data->resolved_addr == (in_addr_t) IPT4_INVALID.as_int) return NULL;
 
 	retname:
@@ -961,7 +960,7 @@ int proxy_getaddrinfo(const char *node, const char *service, const struct addrin
 			free(space);
 			return EAI_NONAME;
 		}
-		if(proxychains_resolver == 2)
+		if(proxychains_resolver == DNSLF_FORKEXEC)
 			hp = proxy_gethostbyname_old(node);
 		else
 			hp = proxy_gethostbyname(node, &ghdata);

src/daemon/daemon.c

@@ -0,0 +1,231 @@
+/*
+   proxychains-ng DNS daemon
+
+   Copyright (C) 2020 rofl0r.
+
+*/
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#define _POSIX_C_SOURCE 200809L
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <signal.h>
+#include <sys/select.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <limits.h>
+#include "udpserver.h"
+#include "sblist.h"
+#include "hsearch.h"
+#include "../remotedns.h"
+#include "../ip_type.h"
+
+#ifndef MAX
+#define MAX(x, y) ((x) > (y) ? (x) : (y))
+#endif
+
+static struct htab *ip_lookup_table;
+static sblist *hostnames;
+static unsigned remote_subnet;
+static const struct server* server;
+
+#ifndef CONFIG_LOG
+#define CONFIG_LOG 1
+#endif
+#if CONFIG_LOG
+/* we log to stderr because it's not using line buffering, i.e. malloc which would need
+   locking when called from different threads. for the same reason we use dprintf,
+   which writes directly to an fd. */
+#define dolog(...) dprintf(2, __VA_ARGS__)
+#else
+static void dolog(const char* fmt, ...) { }
+#endif
+
+static char* my_inet_ntoa(unsigned char *ip_buf_4_bytes, char *outbuf_16_bytes) {
+	unsigned char *p;
+	char *o = outbuf_16_bytes;
+	unsigned char n;
+	for(p = ip_buf_4_bytes; p < ip_buf_4_bytes + 4; p++) {
+		n = *p;
+		if(*p >= 100) {
+			if(*p >= 200)
+				*(o++) = '2';
+			else
+				*(o++) = '1';
+			n %= 100;
+		}
+		if(*p >= 10) {
+			*(o++) = (n / 10) + '0';
+			n %= 10;
+		}
+		*(o++) = n + '0';
+		*(o++) = '.';
+	}
+	o[-1] = 0;
+	return outbuf_16_bytes;
+}
+
+
+/* buf needs to be long enough for an ipv6 addr, i.e. INET6_ADDRSTRLEN + 1 */
+static char* ipstr(union sockaddr_union *su, char* buf) {
+	int af = SOCKADDR_UNION_AF(su);
+	void *ipdata = SOCKADDR_UNION_ADDRESS(su);
+	inet_ntop(af, ipdata, buf, INET6_ADDRSTRLEN+1);
+	char portbuf[7];
+	snprintf(portbuf, sizeof portbuf, ":%u", (unsigned) ntohs(SOCKADDR_UNION_PORT(su)));
+	strcat(buf, portbuf);
+	return buf;
+}
+
+static int usage(char *a0) {
+	dprintf(2,
+		"Proxychains-NG remote dns daemon\n"
+		"--------------------------------\n"
+		"usage: %s -i listenip -p port -r remotesubnet\n"
+		"all arguments are optional.\n"
+		"by default listenip is 127.0.0.1, port 1053 and remotesubnet 224.\n\n", a0
+	);
+	return 1;
+}
+
+unsigned index_from_ip(ip_type4 internalip) {
+	ip_type4 tmp = internalip;
+	uint32_t ret;
+	ret = tmp.octet[3] + (tmp.octet[2] << 8) + (tmp.octet[1] << 16);
+	ret -= 1;
+	return ret;
+}
+
+char *host_from_ip(ip_type4 internalip) {
+	char *res = NULL;
+	unsigned index = index_from_ip(internalip);
+	if(index < sblist_getsize(hostnames)) {
+		char **tmp = sblist_get(hostnames, index);
+		if(tmp && *tmp) res = *tmp;
+	}
+	return res;
+}
+
+ip_type4 get_ip_from_index(unsigned index) {
+	ip_type4 ret;
+	index++; // so we can start at .0.0.1
+	if(index > 0xFFFFFF)
+		return IPT4_INVALID;
+	ret.octet[0] = remote_subnet & 0xFF;
+	ret.octet[1] = (index & 0xFF0000) >> 16;
+	ret.octet[2] = (index & 0xFF00) >> 8;
+	ret.octet[3] = index & 0xFF;
+	return ret;
+}
+
+ip_type4 get_ip(char* hn) {
+	htab_value *v = htab_find(ip_lookup_table, hn);
+	if(v) return get_ip_from_index(v->n);
+	char *n = strdup(hn);
+	if(!n) return IPT4_INVALID;
+	if(!sblist_add(hostnames, &n)) {
+	o_out:;
+		free(n);
+		return IPT4_INVALID;
+	}
+	if(!htab_insert(ip_lookup_table, n, HTV_N(sblist_getsize(hostnames)-1))) {
+		sblist_delete(hostnames, sblist_getsize(hostnames)-1);
+		goto o_out;
+	}
+	return get_ip_from_index(sblist_getsize(hostnames)-1);
+}
+
+int main(int argc, char** argv) {
+	int ch;
+	const char *listenip = "127.0.0.1";
+	unsigned port = 1053;
+	remote_subnet = 224;
+	while((ch = getopt(argc, argv, ":r:i:p:")) != -1) {
+		switch(ch) {
+			case 'r':
+				remote_subnet = atoi(optarg);
+				break;
+			case 'i':
+				listenip = optarg;
+				break;
+			case 'p':
+				port = atoi(optarg);
+				break;
+			case ':':
+				dprintf(2, "error: option -%c requires an operand\n", optopt);
+				/* fall through */
+			case '?':
+				return usage(argv[0]);
+		}
+	}
+	signal(SIGPIPE, SIG_IGN);
+	struct server s;
+	if(server_setup(&s, listenip, port)) {
+		perror("server_setup");
+		return 1;
+	}
+	server = &s;
+
+	ip_lookup_table = htab_create(64);
+	hostnames = sblist_new(sizeof(char*), 64);
+
+	while(1) {
+		struct client c;
+		char ipstr_buf[INET6_ADDRSTRLEN+6+1];
+		char ip4str_buf[16];
+		struct at_msg msg, out;
+		size_t msgl = sizeof(msg);
+		int failed = 0;
+
+#define FAIL() do { failed=1; goto sendresp; } while(0)
+
+		if(server_waitclient(&s, &c, &msg, &msgl)) continue;
+		msg.h.datalen = ntohs(msg.h.datalen);
+		if(msgl != sizeof(msg.h)+msg.h.datalen) {
+			dolog("%s: invalid datalen\n", ipstr(&c.addr, ipstr_buf));
+			FAIL();
+		}
+
+		out.h.msgtype = msg.h.msgtype;
+		if(msg.h.msgtype == ATM_GETIP) {
+			if(!memchr(msg.m.host, 0, msg.h.datalen)) {
+				dolog("%s: nul terminator missing\n", ipstr(&c.addr, ipstr_buf));
+				FAIL();
+			}
+			out.h.datalen = sizeof(ip_type4);
+			out.m.ip = get_ip(msg.m.host);
+			failed = !memcmp(&out.m.ip, &IPT4_INVALID, 4);
+			dolog("%s requested ip for %s (%s)\n", ipstr(&c.addr, ipstr_buf),
+			      msg.m.host, failed?"FAIL":my_inet_ntoa((void*)&out.m.ip, ip4str_buf));
+			if(failed) FAIL();
+		} else if (msg.h.msgtype == ATM_GETNAME) {
+			if(msg.h.datalen != 4) {
+				dolog("%s: invalid len for getname request\n", ipstr(&c.addr, ipstr_buf));
+				FAIL();
+			}
+			char *hn = host_from_ip(msg.m.ip);
+			if(hn) {
+				size_t l = strlen(hn);
+				memcpy(out.m.host, hn, l+1);
+				out.h.datalen = l+1;
+			}
+			dolog("%s requested name for %s (%s)\n", ipstr(&c.addr, ipstr_buf),
+			      my_inet_ntoa((void*) &msg.m.ip, ip4str_buf), hn?hn:"FAIL");
+			if(!hn) FAIL();
+		} else {
+			dolog("%s: unknown request %u\n", ipstr(&c.addr, ipstr_buf),
+			      (unsigned) msg.h.msgtype);
+		}
+	sendresp:;
+		if(failed) {
+			out.h.msgtype = ATM_FAIL;
+			out.h.datalen = 0;
+		}
+		unsigned short dlen = out.h.datalen;
+		out.h.datalen = htons(dlen);
+		sendto(server->fd, &out, sizeof(out.h)+dlen, 0, (void*) &c.addr, SOCKADDR_UNION_LENGTH(&c.addr));
+	}
+}