add src ip disclosure options to socks4

Append the client IP address (and optionally the port) to the SOCKS4 login name.
darkk · Apr 10, 2016 · 2fa1e62 · 2fa1e62
1 parent f94a981
commit 2fa1e62
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 4 deletions.
diff --git a/parser.c b/parser.c
@@ -280,6 +280,8 @@ static int vp_disclose_src(parser_context *context, void *addr, const char *toke
 		{ "X-Forwarded-For", DISCLOSE_X_FORWARDED_FOR },
 		{ "Forwarded_ip", DISCLOSE_FORWARDED_IP },
 		{ "Forwarded_ipport", DISCLOSE_FORWARDED_IPPORT },
+		{ "username_append_ip", DISCLOSE_USERNAME_APPEND_IP },
+		{ "username_append_ipport", DISCLOSE_USERNAME_APPEND_IPPORT },
 	};
 	for (int i = 0; i < SIZEOF_ARRAY(opt); ++i) {
 		if (strcmp(token, opt[i].name) == 0) {

diff --git a/parser.h b/parser.h
@@ -9,6 +9,8 @@ enum disclose_src_e {
 	DISCLOSE_X_FORWARDED_FOR,
 	DISCLOSE_FORWARDED_IP,
 	DISCLOSE_FORWARDED_IPPORT,
+	DISCLOSE_USERNAME_APPEND_IP,
+	DISCLOSE_USERNAME_APPEND_IPPORT,
 };
 
 typedef enum {

diff --git a/redsocks.c b/redsocks.c
@@ -214,7 +214,9 @@ static int redsocks_onexit(parser_section *section)
 		return -1;
 	}
 
-	if (instance->config.disclose_src != DISCLOSE_NONE && instance->relay_ss != &http_connect_subsys) {
+	if (instance->config.disclose_src != DISCLOSE_NONE &&
+	    instance->relay_ss != &http_connect_subsys &&
+	    instance->relay_ss != &socks4_subsys) {
 		parser_error(section->context, "only `http-connect` supports `disclose_src` at the moment");
 		return -1;
 	}

diff --git a/redsocks.conf.example b/redsocks.conf.example
@@ -88,6 +88,10 @@ redsocks {
 	//  X-Forwarded-For  -- X-Forwarded-For: IP
 	//  Forwarded_ip     -- Forwarded: for=IP # see RFC7239
 	//  Forwarded_ipport -- Forwarded: for="IP:port" # see RFC7239
+	// socks4 supports:
+	//  username_append_ip     -- login@IP
+	//  username_append_ipport -- login@IP:port
+	//
 	// disclose_src = false;
 }
 

diff --git a/socks4.c b/socks4.c
@@ -99,17 +99,41 @@ static void socks4_read_cb(struct bufferevent *buffev, void *_arg)
 static struct evbuffer *socks4_mkconnect(redsocks_client *client)
 {
 	const redsocks_config *config = &client->instance->config;
-	const char *username = config->login ? config->login : "";
+	const char *login = config->login ? config->login : "";
+
 	// space for \0 comes from socks4_req->login
-	size_t username_len = strlen(username);
+	size_t username_len = strlen(login);
+	if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IP ||
+	    config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) {
+		username_len += NI_MAXHOST + 1 + NI_MAXSERV + 1;
+	}
+
 	size_t len = sizeof(socks4_req) + username_len;
 	socks4_req *req = calloc(1, len);
 
 	req->ver = socks4_ver;
 	req->cmd = socks4_cmd_connect;
 	req->port = client->destaddr.sin_port;
 	req->addr = client->destaddr.sin_addr.s_addr;
-	memcpy(req->login, username, username_len + 1);
+	strcat(req->login, login);
+	if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IP ||
+	    config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) {
+		strcat(req->login, "@");
+		// append origin addresss (and maybe port) to login (separated by @)
+		char host[NI_MAXHOST];
+		char port[NI_MAXSERV];
+		if (!getnameinfo((struct sockaddr*) &client->clientaddr, sizeof(client->clientaddr),
+		                 host, sizeof(host),
+		                 port, sizeof(port),
+		                 NI_NUMERICHOST)) {
+			strcat(req->login, host);
+			// also append the port
+			if (config->disclose_src == DISCLOSE_USERNAME_APPEND_IPPORT) {
+				strcat(req->login, ":");
+				strcat(req->login, port);
+			}
+		}
+	}
 
 	struct evbuffer *ret = mkevbuffer(req, len);
 	free(req);