Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.

shw_dev
shw 8 years ago
parent de4f6ac206
commit acf62b63d1

@ -395,6 +395,11 @@ func printPacket(pkt *nfqueue.NFQPacket, hostname string, pinfo *procsnitch.Info
}
func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
if basicAllowPacket(pkt) {
pkt.Accept()
return
}
isudp := pkt.Packet.Layer(layers.LayerTypeUDP) != nil
if isudp {
srcport, _ := getPacketUDPPorts(pkt)
@ -422,7 +427,6 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
return
} */
ppath := "*"
strictness := procsnitch.MATCH_STRICT
@ -451,11 +455,11 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
}
}
log.Debugf("filterPacket [%s] %s", ppath, printPacket(pkt, fw.dns.Lookup(dstip, pinfo.Pid), nil))
if basicAllowPacket(pkt) {
/* if basicAllowPacket(pkt) {
pkt.Accept()
//log.Notice("XXX: passed basicallowpacket")
return
}
*/
policy := fw.PolicyForPath(ppath)
//log.Notice("XXX: flunked basicallowpacket; policy = ", policy)
policy.processPacket(pkt, pinfo, optstring)
@ -662,7 +666,8 @@ func basicAllowPacket(pkt *nfqueue.NFQPacket) bool {
dstip.IsLinkLocalMulticast() ||
(pkt.Packet.Layer(layers.LayerTypeTCP) == nil &&
pkt.Packet.Layer(layers.LayerTypeUDP) == nil &&
pkt.Packet.Layer(layers.LayerTypeICMPv4) == nil)
pkt.Packet.Layer(layers.LayerTypeICMPv4) == nil &&
pkt.Packet.Layer(layers.LayerTypeICMPv6) == nil)
}
func getPacketIPAddrs(pkt *nfqueue.NFQPacket) (net.IP, net.IP) {

@ -158,10 +158,12 @@ func (c *socksChainSession) sessionWorker() {
return
}
// Randomize username and password to force a new TOR circuit with each connection
rndbytes := []byte("sgfw" + strconv.Itoa(int(time.Now().UnixNano()) ^ os.Getpid()))
c.req.Auth.Uname = rndbytes
c.req.Auth.Passwd = rndbytes
if len(c.req.Auth.Uname) == 0 && len(c.req.Auth.Passwd) == 0 {
// Randomize username and password to force a new TOR circuit with each connection
rndbytes := []byte("sgfw" + strconv.Itoa(int(time.Now().UnixNano()) ^ os.Getpid()))
c.req.Auth.Uname = rndbytes
c.req.Auth.Passwd = rndbytes
}
switch c.req.Cmd {
case CommandTorResolve, CommandTorResolvePTR:

Loading…
Cancel
Save