Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.

shw_dev
shw 8 years ago
parent de4f6ac206
commit acf62b63d1

@ -395,6 +395,11 @@ func printPacket(pkt *nfqueue.NFQPacket, hostname string, pinfo *procsnitch.Info
} }
func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) { func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
if basicAllowPacket(pkt) {
pkt.Accept()
return
}
isudp := pkt.Packet.Layer(layers.LayerTypeUDP) != nil isudp := pkt.Packet.Layer(layers.LayerTypeUDP) != nil
if isudp { if isudp {
srcport, _ := getPacketUDPPorts(pkt) srcport, _ := getPacketUDPPorts(pkt)
@ -422,7 +427,6 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
return return
} */ } */
ppath := "*" ppath := "*"
strictness := procsnitch.MATCH_STRICT strictness := procsnitch.MATCH_STRICT
@ -451,11 +455,11 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
} }
} }
log.Debugf("filterPacket [%s] %s", ppath, printPacket(pkt, fw.dns.Lookup(dstip, pinfo.Pid), nil)) log.Debugf("filterPacket [%s] %s", ppath, printPacket(pkt, fw.dns.Lookup(dstip, pinfo.Pid), nil))
if basicAllowPacket(pkt) { /* if basicAllowPacket(pkt) {
pkt.Accept() pkt.Accept()
//log.Notice("XXX: passed basicallowpacket")
return return
} }
*/
policy := fw.PolicyForPath(ppath) policy := fw.PolicyForPath(ppath)
//log.Notice("XXX: flunked basicallowpacket; policy = ", policy) //log.Notice("XXX: flunked basicallowpacket; policy = ", policy)
policy.processPacket(pkt, pinfo, optstring) policy.processPacket(pkt, pinfo, optstring)
@ -662,7 +666,8 @@ func basicAllowPacket(pkt *nfqueue.NFQPacket) bool {
dstip.IsLinkLocalMulticast() || dstip.IsLinkLocalMulticast() ||
(pkt.Packet.Layer(layers.LayerTypeTCP) == nil && (pkt.Packet.Layer(layers.LayerTypeTCP) == nil &&
pkt.Packet.Layer(layers.LayerTypeUDP) == nil && pkt.Packet.Layer(layers.LayerTypeUDP) == nil &&
pkt.Packet.Layer(layers.LayerTypeICMPv4) == nil) pkt.Packet.Layer(layers.LayerTypeICMPv4) == nil &&
pkt.Packet.Layer(layers.LayerTypeICMPv6) == nil)
} }
func getPacketIPAddrs(pkt *nfqueue.NFQPacket) (net.IP, net.IP) { func getPacketIPAddrs(pkt *nfqueue.NFQPacket) (net.IP, net.IP) {

@ -158,10 +158,12 @@ func (c *socksChainSession) sessionWorker() {
return return
} }
if len(c.req.Auth.Uname) == 0 && len(c.req.Auth.Passwd) == 0 {
// Randomize username and password to force a new TOR circuit with each connection // Randomize username and password to force a new TOR circuit with each connection
rndbytes := []byte("sgfw" + strconv.Itoa(int(time.Now().UnixNano()) ^ os.Getpid())) rndbytes := []byte("sgfw" + strconv.Itoa(int(time.Now().UnixNano()) ^ os.Getpid()))
c.req.Auth.Uname = rndbytes c.req.Auth.Uname = rndbytes
c.req.Auth.Passwd = rndbytes c.req.Auth.Passwd = rndbytes
}
switch c.req.Cmd { switch c.req.Cmd {
case CommandTorResolve, CommandTorResolvePTR: case CommandTorResolve, CommandTorResolvePTR:

Loading…
Cancel
Save