Changelog
+Daniel S (4 Jan 2008)
+- Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the
+ proxy do the host name resolving and only if --socks5ip (or
+ CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and
+ pass on the IP address only to the proxy.
+
Yang Tse (3 Jan 2008)
- Modified test harness to allow SCP, SFTP and SOCKS4 tests to run with
OpenSSH 2.9.9, SunSSH 1.0 or later versions. SOCKS5 tests need OpenSSH
Curl and libcurl 7.17.2
Public curl releases: 103
- Command line options: 124
- curl_easy_setopt() options: 148
+ Command line options: 125
+ curl_easy_setopt() options: 149
Public functions in libcurl: 55
Public web site mirrors: 42
Known libcurl bindings: 36
o CURLOPT_PROXY_TRANSFER_MODE was added
o --no-keep-alive was added
o --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
+ o --socks5ip added (CURLOPT_SOCKS5_RESOLVE_LOCAL for libcurl)
This release includes the following bugfixes:
o bad connection re-use check with environment variable-activated proxy use
o --libcurl now generates a return statement as well
o socklen_t is no longer used in the public includes
+ o SOCKS5 uses now let the proxy resolve the host names by default
This release includes the following known bugs:
Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
Emil Romanus, Alessandro Vesely, Ray Pekowski, Spacen Jasset, Andrew Moise,
Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot, Gary Maxwell,
- Dmitry Kurochkin, Mohun Biswas, Richard Atterer
+ Dmitry Kurochkin, Mohun Biswas, Richard Atterer, Maxim Perenesenko
Thanks! (and sorry if I forgot to mention someone)
If this option is used several times, the last one will be used.
.IP "--socks5 <host[:port]>"
-Use the specified SOCKS5 proxy. If the port number is not specified, it is
-assumed at port 1080. (Added in 7.11.1)
+Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If
+the port number is not specified, it is assumed at port 1080. (Added in
+7.11.1)
+
+This option overrides any previous use of \fI-x/--proxy\fP, as they are
+mutually exclusive.
+
+If this option is used several times, the last one will be used. (This option
+was previously wrongly documented and used as --socks without the number
+appended.)
+.IP "--socks5ip <host[:port]>"
+Use the specified SOCKS5 proxy - but resolve the host name locally. If the
+port number is not specified, it is assumed at port 1080. (Added in 7.17.2)
This option overrides any previous use of \fI-x/--proxy\fP, as they are
mutually exclusive.
.\" * $Id$
.\" **************************************************************************
.\"
-.TH curl_easy_setopt 3 "30 Aug 2007" "libcurl 7.17.0" "libcurl Manual"
+.TH curl_easy_setopt 3 "4 Jan 2008" "libcurl 7.17.2" "libcurl Manual"
.SH NAME
curl_easy_setopt \- set options for a curl easy handle
.SH SYNOPSIS
this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_SOCKS4\fP (added in 7.15.2),
\fICURLPROXY_SOCKS5\fP and \fICURLPROXY_SOCKS4A\fP (added in 7.17.2). The HTTP
type is default. (Added in 7.10)
+
+See also \fIURLOPT_SOCKS5_RESOLVE_LOCAL\fP.
.IP CURLOPT_HTTPPROXYTUNNEL
Set the parameter to non-zero to get the library to tunnel all operations
through a given HTTP proxy. There is a big difference between using a proxy
and to tunnel through it. If you don't know what this means, you probably
don't want this tunneling option.
+.IP CURLOPT_SOCKS5_RESOLVE_LOCAL
+Set the parameter to 1 to get the library to resolve the host name locally
+instead of passing it to the proxy to resolve, when using a SOCKS5 proxy.
+
+Note that libcurl before 7.17.2 always resolved the host name locally even
+when SOCKS5 was used. (Added in 7.17.2)
.IP CURLOPT_INTERFACE
Pass a char * as parameter. This set the interface name to use as outgoing
network interface. The name can be an interface name, an IP address or a host
/* set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy */
CINIT(PROXY_TRANSFER_MODE, LONG, 166),
+ /* Set using of SOCKS5 to resolve host names locally instead of sending them
+ to the proxy to let it resolve them. Valid only if CURLOPT_PROXYTYPE ==
+ CURLPROXY_SOCKS5, otherwise ignored. */
+ CINIT(SOCKS5_RESOLVE_LOCAL, LONG, 167),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
curl_socket_t sock = conn->sock[sockindex];
struct SessionHandle *data = conn->data;
long timeout;
+ bool socks5_resolve_local = data->set.socks5_resolve_local;
+ const size_t hostname_len = strlen(hostname);
+ int packetsize = 0;
+
+ /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+ if(!socks5_resolve_local && hostname_len > 255)
+ {
+ infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
+ "length > 255 [actual len=%d]\n", hostname_len);
+ socks5_resolve_local = TRUE;
+ }
/* get timeout */
if(data->set.timeout && data->set.connecttimeout) {
socksreq[0] = 5; /* version (SOCKS5) */
socksreq[1] = 1; /* connect */
socksreq[2] = 0; /* must be zero */
- socksreq[3] = 1; /* IPv4 = 1 */
- {
+ if(!socks5_resolve_local) {
+ packetsize = 5 + hostname_len + 2;
+
+ socksreq[3] = 3; /* ATYP: domain name = 3 */
+ socksreq[4] = (char) hostname_len; /* address length */
+ memcpy(&socksreq[5], hostname, hostname_len); /* address bytes w/o NULL */
+
+ *((unsigned short*)&socksreq[hostname_len+5]) =
+ htons((unsigned short)remote_port);
+ }
+ else {
struct Curl_dns_entry *dns;
Curl_addrinfo *hp=NULL;
int rc = Curl_resolv(conn, hostname, remote_port, &dns);
+ packetsize = 10;
+
+ socksreq[3] = 1; /* IPv4 = 1 */
+
if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_HOST;
hostname);
return CURLE_COULDNT_RESOLVE_HOST;
}
+
+ *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
}
- *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
+ code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
+ if((code != CURLE_OK) || (written != packetsize)) {
+ failf(data, "Failed to send SOCKS5 connect request.");
+ return CURLE_COULDNT_CONNECT;
+ }
- {
- const int packetsize = 10;
+ packetsize = 10; /* minimum packet size is 10 */
+
+ result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+ &actualread, timeout);
+ if((result != CURLE_OK) || (actualread != packetsize)) {
+ failf(data, "Failed to receive SOCKS5 connect request ack.");
+ return CURLE_COULDNT_CONNECT;
+ }
- code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
- if((code != CURLE_OK) || (written != packetsize)) {
- failf(data, "Failed to send SOCKS5 connect request.");
+ if(socksreq[0] != 5) { /* version */
+ failf(data,
+ "SOCKS5 reply has wrong version, version should be 5.");
+ return CURLE_COULDNT_CONNECT;
+ }
+ if(socksreq[1] != 0) { /* Anything besides 0 is an error */
+ failf(data,
+ "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+ (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+ (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+ (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
+ socksreq[1]);
return CURLE_COULDNT_CONNECT;
- }
+ }
- result = blockread_all(conn, sock, (char *)socksreq, packetsize,
+ /* Fix: in general, returned BND.ADDR is variable length parameter by RFC
+ 1928, so the reply packet should be read until the end to avoid errors at
+ subsequent protocol level.
+
+ +----+-----+-------+------+----------+----------+
+ |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
+ +----+-----+-------+------+----------+----------+
+ | 1 | 1 | X'00' | 1 | Variable | 2 |
+ +----+-----+-------+------+----------+----------+
+
+ ATYP:
+ o IP v4 address: X'01', BND.ADDR = 4 byte
+ o domain name: X'03', BND.ADDR = [ 1 byte length, string ]
+ o IP v6 address: X'04', BND.ADDR = 16 byte
+ */
+
+ /* Calculate real packet size */
+ if(socksreq[3] == 3) {
+ /* domain name */
+ int addrlen = (int) socksreq[4];
+ packetsize = 5 + addrlen + 2;
+ }
+ else if(socksreq[3] == 4) {
+ /* IPv6 */
+ packetsize = 4 + 16 + 2;
+ }
+
+ /* At this point we already read first 10 bytes */
+ if(packetsize > 10) {
+ packetsize -= 10;
+ result = blockread_all(conn, sock, (char *)&socksreq[10], packetsize,
&actualread, timeout);
if((result != CURLE_OK) || (actualread != packetsize)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
return CURLE_COULDNT_CONNECT;
}
-
- if(socksreq[0] != 5) { /* version */
- failf(data,
- "SOCKS5 reply has wrong version, version should be 5.");
- return CURLE_COULDNT_CONNECT;
- }
- if(socksreq[1] != 0) { /* Anything besides 0 is an error */
- failf(data,
- "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
- (unsigned char)socksreq[4], (unsigned char)socksreq[5],
- (unsigned char)socksreq[6], (unsigned char)socksreq[7],
- (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
- socksreq[1]);
- return CURLE_COULDNT_CONNECT;
- }
}
Curl_nonblock(sock, TRUE);
}
break;
+ case CURLOPT_SOCKS5_RESOLVE_LOCAL:
+ /*
+ * Enable or disable using of SOCKS5 proxy server to resolve domain names
+ * instead of using platform API like gethostbyname_r etc
+ */
+ data->set.socks5_resolve_local = (bool)(0 != va_arg(param, long));
+ break;
+
default:
/* unknown tag and its companion, just ignore: */
result = CURLE_FAILED_INIT; /* correct this */
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
long new_directory_perms; /* Permissions to use when creating remote dirs */
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
via an HTTP proxy */
-
+ bool socks5_resolve_local; /* resolve host names locally even if a SOCKS5
+ proxy in use. Valid only if CURLOPT_PROXYTYPE
+ == CURLPROXY_SOCKS5, otherwise ignored. */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
};
bool raw;
bool post301;
bool nokeepalive;
+ bool socks5_resolve_local; /* don't use SOCKS5 proxy server to resolve
+ domain names */
struct OutStruct *outs;
};
" -S/--show-error Show error. With -s, make curl show errors when they occur",
" --socks4 <host[:port]> Use SOCKS4 proxy on given host + port",
" --socks4a <host[:port]> Use SOCKS4a proxy on given host + port",
- " --socks5 <host[:port]> Use SOCKS5 proxy on given host + port",
+ " --socks5 <host[:port]> Use SOCKS5 proxy and let the proxy resolve names",
+ " --socks5ip <host[:port]> Use SOCKS5 proxy on given host + port",
" --stderr <file> Where to redirect stderr. - means stdout",
" -t/--telnet-option <OPT=val> Set telnet option",
" --trace <file> Write a debug trace to the given file",
{"*z", "disable-eprt", FALSE},
{"$a", "ftp-ssl", FALSE},
{"$b", "ftp-pasv", FALSE},
- {"$c", "socks5", TRUE},
- {"$c", "socks", TRUE}, /* this is how the option was documented but
- we prefer the --socks5 version for explicit
- version */
+ {"$c", "socks5ip", TRUE},
+ {"$c", "socks", TRUE}, /* this is how the option once was documented
+ but we prefer the --socks5 version for
+ explicit version */
{"$d", "tcp-nodelay",FALSE},
{"$e", "proxy-digest", FALSE},
{"$f", "proxy-basic", FALSE},
{"$#", "raw", FALSE},
{"$0", "post301", FALSE},
{"$1", "no-keep-alive", FALSE},
+ {"$2", "socks5", TRUE},
{"0", "http1.0", FALSE},
{"1", "tlsv1", FALSE},
free(config->ftpport);
config->ftpport = NULL;
break;
- case 'c': /* --socks5 specifies a socks5 proxy to use */
+ case 'c': /* --socks5ip specifies a socks5 proxy to use, but resolves
+ the name locally and passes on the resolved address */
GetStr(&config->socksproxy, nextarg);
config->socksver = CURLPROXY_SOCKS5;
+ config->socks5_resolve_local = TRUE;
break;
case 't': /* --socks4 specifies a socks4 proxy to use */
GetStr(&config->socksproxy, nextarg);
GetStr(&config->socksproxy, nextarg);
config->socksver = CURLPROXY_SOCKS4A;
break;
+ case '2': /* --socks5 specifies a socks5 proxy and enables name resolving
+ with the proxy */
+ GetStr(&config->socksproxy, nextarg);
+ config->socksver = CURLPROXY_SOCKS5;
+ config->socks5_resolve_local = FALSE;
+ break;
case 'd': /* --tcp-nodelay option */
config->tcp_nodelay ^= TRUE;
break;
my_setopt(curl, CURLOPT_SSH_PUBLIC_KEYFILE, config->pubkey);
/* SSH host key md5 checking allows us to fail if we are
- * not talking to who we think we should
+ * not talking to who we think we should
*/
my_setopt(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, config->hostpubmd5);
if(config->socksproxy) {
my_setopt(curl, CURLOPT_PROXY, config->socksproxy);
my_setopt(curl, CURLOPT_PROXYTYPE, config->socksver);
+ if(config->socksver==CURLPROXY_SOCKS5)
+ /* added in 7.17.2 */
+ my_setopt(curl, CURLOPT_SOCKS5_RESOLVE_LOCAL,
+ config->socks5_resolve_local);
}
/* curl 7.13.0 */