Hi,
I've become interested in one problem stated on tor web pages which deals with redirecting all traffic to tor (in windows).
Redirecting traffic to tor seems to seek the goal of preventing traffic leaks. Openvpn does it's tunneling by rerouting all traffic to virtual network device and by changing dns resolver to the one on the remote tunnel side.
Using openvpn's code, there is one possible way to prevent trafic leaks - by initializing fake route for all network traffic except for tor's, so only tor traffic can leave to the network. To try it, I have written simple .so library, that is linked to openvpn and uses openvpn code to manipulate routes (and possibly dns settings). Library gets loaded with tor using LD_PRELOAD and hooks connect and close calls on sockets.
It works in the following way:
1) default route is overriden with fake one - now no traffic except dns can leave (assuming dns server is default gateway) 2) with each tor's connect, a route is added so traffic is routed through old route and not fake one, on close call the route is deleted - now only tor traffic and dns can leave 3) dns is set up to use tor's resolver - now only tor traffic will leave (assuming dns is properly redirected) 4) local connections fe. from web browser to local privoxy and from local privoxy to tor socks proxy are working, so this could be in principle used to help user with web browser gain more safety.
The drawback is that to manipulate routes, one needs admin privileges. But this shouldn't be a problem - LD_PRELOAD way of doing things was the fastest to try this out.
Although this is rather crude, it should prevent traffic leaks. What do you think about this? Could it be to some use? I have already tested all points except number 3), which would need more work, so before it I have to ask for your opinions - whether this is a waste of time or not. Please let me know.
Roman
PS: sorry for the noise with messages to various lists - i've got somewhat excited that there is a possibility for me to help with something useful..
On Wed, Apr 6, 2011 at 11:01 AM, rp romanpauk@gmail.com wrote: [...]
Although this is rather crude, it should prevent traffic leaks. What do you think about this? Could it be to some use? I have already tested all points except number 3), which would need more work, so before it I have to ask for your opinions - whether this is a waste of time or not. Please let me know.
Hello, Roman! This is interesting stuff, but the mention of LD_PRELOAD makes me wonder how this compares to Torsocks. In particular, what can you do with this approach that the Torsocks approach can't achieve?
Also, hooking connect isn't enough: you can send network traffic with sendto and sendmsg over an unconnected socket; I bet there are other ways to do it too.
yrs,