DESCRIPTION
Torsocks library overloads the libc symbols use for Internet communication such as connect(2) system call. Using that technique, the library sends everything through the Tor network including DNS resolution done by the application.
For DNS, gethostbyname(3) family functions are rerouted through Tor. Please note that the ISC res_* API is currently not supported.
Here is an example on how to use torsocks library with ssh(1):
$ LD_PRELOAD=/path/to/libtorsocks.so ssh -l kalexander -p 1234 prism.nsa.gov [...]
SHELL USAGE
Set LD_PRELOAD to load the library then use applications as normal. The syntax to force preload of the library for different shells is specified below:
Bash, Ksh and Bourne shell:
$ export LD_PRELOAD=/path/to/libtorsocks.so
C Shell:
$ setenv LD_PRELOAD=/path/to/libtorsocks.so
This process can be automated (for Bash, Bourne and Korn shell users) for a single command or for all commands in a shell session by using the torsocks(1) script.
You can also setup torsocks(1) in such a way that all processes automatically use it, a very useful configuration. Please refer to the torsocks script documentation for more information.
ENVIRONMENT VARIABLES
- TORSOCKS_CONF_FILE
-
This environment variable overrides the default location of the torsocks
configuration file. This variable is not honored if the program torsocks is
embedded in is setuid.
- TORSOCKS_LOG_LEVEL
-
Enable logging level of torsocks library. By default, warnings and errors are
printed (level 3). Note that each level includes the lower ones except the 1
which disables any possible logging. (default: 3)
1 No log at all. 2 Error messages. 3 Warning messages. 4 Notice messages. 5 Debug messages.
- TORSOCKS_LOG_TIME
-
Control whether or not the time is added to each logging line. (default: 1)
- TORSOCKS_LOG_FILE_PATH
-
If set, torsocks will log in the file set by this variable. (default: stderr)
- TORSOCKS_USERNAME
-
Set the username for the SOCKS5 authentication method. Password MUST be set
also with the variable below.
- TORSOCKS_PASSWORD
-
Set the password for the SOCKS5 authentication method. Username MUST be set
also with the variable above.
- TORSOCKS_TOR_ADDRESS
-
Set the Tor address. (default: 127.0.0.1)
- TORSOCKS_TOR_PORT
-
Set the Tor port. (default: 9050)
- TORSOCKS_ALLOW_INBOUND
-
Allow inbound connections so the application can accept and listen for
connections.
- TORSOCKS_ISOLATE_PID
-
Set the username and password for the SOCKS5 authentication method to a
PID/current time based value automatically. Username and Password MUST NOT
be set.
KNOWN ISSUES
DNS
Torsocks is not able to send DNS queries through Tor since UDP is not supported. Thus, any UDP socket is denied. However, DNS queries that can be intercept are sent to Tor and sent back to the caller.ERRORS
Torsocks might generate error messages and print them to stderr when there are problems with the configuration file or the SOCKS negotiation with the Tor daemon. The TORSOCKS_LOG_LEVEL environment variable controls that behavior as well as the log file option. Keep in mind that this library can output on the stderr of the application.
LIMITATIONS
Outgoing TCP connections can only be proxified through the Tor network.
Torsocks forces the libc resolver to use TCP for name queries, if it does this it does it regardless of whether or not the DNS to be queried is local or not. This introduces overhead and should only be used when needed.
Torsocks uses ELF dynamic loader features to intercept dynamic function calls from programs in which it is embedded. As a result, non-ELF executables, or executables that make system calls directly with the system call trap (int 0x80).
FILES
/etc/tor/torsocks.conf - default torsocks configuration file