Add TorBackend::Socks to connect to a Tor daemon over a TCP SOCKS5 proxy

nabijaczleweli · nabijaczleweli · commit 06b6da5fb15f · 2025-10-26T05:47:40.000+01:00
diff --git a/monero-rpc-pool/Cargo.toml b/monero-rpc-pool/Cargo.toml
@@ -38,6 +38,7 @@ tracing-subscriber = { workspace = true }
 # Async runtime
 crossbeam = "0.8.4"
 tokio = { workspace = true, features = ["full"] }
+tokio-socks = "0.5"
 
 # Serialization
 chrono = { version = "0.4", features = ["serde"] }
diff --git a/monero-rpc-pool/src/tor.rs b/monero-rpc-pool/src/tor.rs
@@ -1,5 +1,7 @@
+use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr};
 use swap_tor::TorBackend;
 use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_socks::TargetAddr;
 
 /// Trait alias for a stream that can be used with hyper
 pub trait HyperStream: AsyncRead + AsyncWrite + Unpin + Send {}
@@ -19,14 +21,61 @@ impl TorBackendRpc for TorBackend {
     fn ready_for_traffic(&self) -> bool {
         match self {
             TorBackend::Arti(arti) => arti.bootstrap_status().ready_for_traffic(),
+            TorBackend::Socks(..) => true,
             TorBackend::None => false,
         }
     }
 
     async fn connect(&self, address: (&str, u16)) -> anyhow::Result<Box<dyn HyperStream>> {
         match self {
             TorBackend::Arti(tor_client) => Ok(Box::new(tor_client.connect(address).await?)),
+            TorBackend::Socks(proxy) => Ok(Box::new(proxy.proxy(pair_to_socks(address)).await?)),
             TorBackend::None => Ok(Box::new(tokio::net::TcpStream::connect(address).await?)),
         }
     }
 }
+
+// Parse order matches tokio::net::ToSocketAddrs
+fn pair_to_socks((host, port): (&str, u16)) -> TargetAddr {
+    if let Ok(addr) = host.parse::<Ipv4Addr>() {
+        TargetAddr::Ip(SocketAddr::new(addr.into(), 10))
+    } else if let Ok(addr) = host.parse::<Ipv6Addr>() {
+        TargetAddr::Ip(SocketAddr::new(addr.into(), 10))
+    } else {
+        TargetAddr::Domain(host.into(), port)
+    }
+}
+#[cfg(test)]
+mod tests {
+    use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr};
+    use tokio_socks::TargetAddr;
+
+    #[test]
+    fn pair_to_socks() {
+        assert_eq!(
+            [
+                ("ip.tld", 10),
+                ("dns.ip4.tld", 11),
+                ("dns.ip6.tld", 12),
+                (
+                    "cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd.onion",
+                    13
+                ),
+                ("127.0.0.1", 10),
+                ("::1", 10),
+            ]
+            .map(super::pair_to_socks),
+            [
+                TargetAddr::Domain("ip.tld".into(), 10),
+                TargetAddr::Domain("dns.ip4.tld".into(), 11),
+                TargetAddr::Domain("dns.ip6.tld".into(), 12),
+                TargetAddr::Domain(
+                    "cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd.onion".into(),
+                    13,
+                ),
+                TargetAddr::Ip(SocketAddr::new(Ipv4Addr::LOCALHOST.into(), 10)),
+                TargetAddr::Ip(SocketAddr::new(Ipv6Addr::LOCALHOST.into(), 10)),
+            ],
+        );
+    }
+}
diff --git a/swap-tor/Cargo.toml b/swap-tor/Cargo.toml
@@ -3,7 +3,7 @@ name = "swap-tor"
 version = "3.2.0-rc.4"
 authors = ["наб <nabijaczleweli@nabijaczleweli.xyz>"]
 edition = "2021"
-description = "Arti Tor back-end."
+description = "Arti/SOCKS5 Tor back-end."
 
 [dependencies]
 anyhow = { workspace = true }
diff --git a/swap-tor/src/lib.rs b/swap-tor/src/lib.rs
@@ -1,15 +1,152 @@
 use arti_client::TorClient;
 use libp2p::core::multiaddr::Protocol;
 use libp2p::core::transport::{ListenerId, TransportEvent};
+use libp2p::{Multiaddr, Transport, TransportError};
+use std::future::Future;
+use std::net::SocketAddr;
+use std::pin::Pin;
 use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::net::TcpStream;
+use tokio_socks::tcp::Socks5Stream;
+use tokio_socks::TargetAddr;
 use tor_rtcompat::tokio::TokioRustlsRuntime;
 
+fn onion3_to_dotonion(service: &[u8; 35]) -> String {
+    let mut domain = data_encoding::BASE32.encode(service).to_lowercase();
+    domain.push_str(".onion");
+    domain
+}
+fn multi_to_socks(addr: &Multiaddr) -> Option<TargetAddr<'static>> {
+    let mut addr = addr.iter();
+    match (addr.next()?, addr.next()) {
+        (
+            Protocol::Dns(domain) | Protocol::Dns4(domain) | Protocol::Dns6(domain),
+            Some(Protocol::Tcp(port)),
+        ) => Some(TargetAddr::Domain(domain.into_owned().into(), port)),
+        (Protocol::Onion3(service), _) => Some(TargetAddr::Domain(
+            onion3_to_dotonion(service.hash()).into(),
+            service.port(),
+        )),
+        (Protocol::Ip4(ip), Some(Protocol::Tcp(port))) => {
+            Some(TargetAddr::Ip(SocketAddr::from((ip, port))))
+        }
+        (Protocol::Ip6(ip), Some(Protocol::Tcp(port))) => {
+            Some(TargetAddr::Ip(SocketAddr::from((ip, port))))
+        }
+        _ => None,
+    }
+}
+#[cfg(test)]
+mod tests {
+    use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr};
+    use tokio_socks::TargetAddr;
+
+    const MULTIS: [&str; 6] = [
+        "/dns/ip.tld/tcp/10",
+        "/dns4/dns.ip4.tld/tcp/11",
+        "/dns6/dns.ip6.tld/tcp/12",
+        "/onion3/cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd:13",
+        "/ip4/127.0.0.1/tcp/10",
+        "/ip6/::1/tcp/10",
+    ];
+
+    #[test]
+    fn multi_to_socks() {
+        assert_eq!(
+            MULTIS.map(|ma| super::multi_to_socks(&ma.parse().unwrap()).unwrap()),
+            [
+                TargetAddr::Domain("ip.tld".into(), 10),
+                TargetAddr::Domain("dns.ip4.tld".into(), 11),
+                TargetAddr::Domain("dns.ip6.tld".into(), 12),
+                TargetAddr::Domain(
+                    "cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd.onion".into(),
+                    13,
+                ),
+                TargetAddr::Ip(SocketAddr::new(Ipv4Addr::LOCALHOST.into(), 10)),
+                TargetAddr::Ip(SocketAddr::new(Ipv6Addr::LOCALHOST.into(), 10)),
+            ],
+        );
+    }
+}
+
+pub struct Socks5Transport(SocksServerAddress);
+impl Transport for Socks5Transport {
+    type Output = tokio_util::compat::Compat<TcpStream>;
+    type Error = tokio_socks::Error;
+    type ListenerUpgrade = std::future::Pending<Result<Self::Output, Self::Error>>;
+    type Dial = Pin<Box<dyn Future<Output = Result<Self::Output, Self::Error>> + Send + 'static>>;
+
+    fn listen_on(
+        &mut self,
+        _: ListenerId,
+        addr: Multiaddr,
+    ) -> Result<(), TransportError<Self::Error>> {
+        Err(TransportError::MultiaddrNotSupported(addr))
+    }
+
+    fn remove_listener(&mut self, _: ListenerId) -> bool {
+        false
+    }
+
+    fn dial(&mut self, addr: Multiaddr) -> Result<Self::Dial, TransportError<Self::Error>> {
+        let target = multi_to_socks(&addr).ok_or(TransportError::MultiaddrNotSupported(addr))?;
+        let proxy = self.0;
+
+        Ok(Box::pin(async move {
+            Ok(tokio_util::compat::TokioAsyncReadCompatExt::compat(
+                proxy.proxy(target).await?,
+            ))
+        }))
+    }
+
+    fn dial_as_listener(
+        &mut self,
+        addr: Multiaddr,
+    ) -> Result<Self::Dial, TransportError<Self::Error>> {
+        self.dial(addr)
+    }
+
+    fn poll(
+        self: Pin<&mut Self>,
+        _: &mut Context<'_>,
+    ) -> Poll<TransportEvent<Self::ListenerUpgrade, Self::Error>> {
+        Poll::Pending
+    }
+
+    fn address_translation(&self, _: &Multiaddr, _: &Multiaddr) -> Option<Multiaddr> {
+        None
+    }
+}
+
+#[derive(Debug, Copy, Clone)]
+pub struct SocksServerAddress(pub SocketAddr);
+
+impl SocksServerAddress {
+    pub fn transport(self) -> Socks5Transport {
+        tracing::debug!("Using SOCKS5 proxy at {:?}", self.0);
+        Socks5Transport(self)
+    }
+
+    pub async fn connect(&self) -> std::io::Result<TcpStream> {
+        TcpStream::connect(self.0).await
+    }
+
+    pub async fn proxy(&self, target: TargetAddr<'_>) -> Result<TcpStream, tokio_socks::Error> {
+        Socks5Stream::connect_with_socket(self.connect().await?, target)
+            .await
+            .map(Socks5Stream::into_inner)
+    }
+}
+
 pub type TcpTransport = libp2p::dns::tokio::Transport<libp2p::tcp::tokio::Transport>;
 
 #[derive(Clone)]
 pub enum TorBackend {
     /// Private Tor client
     Arti(Arc<TorClient<TokioRustlsRuntime>>),
+    /// Talking through a Tor SOCKS5 proxy
+    Socks(SocksServerAddress),
     /// No Tor at all
     None,
 }
@@ -18,6 +155,7 @@ impl std::fmt::Debug for TorBackend {
     fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
         f.write_str(match self {
             TorBackend::Arti(..) => "Arti",
+            TorBackend::Socks(..) => "Socks",
             TorBackend::None => "None",
         })
     }
diff --git a/swap/src/common/tor.rs b/swap/src/common/tor.rs
@@ -1,5 +1,4 @@
-use std::sync::Arc;
-use std::{path::Path, time::Duration};
+use std::{path::Path, sync::Arc, time::Duration};
 
 use crate::cli::api::tauri_bindings::{
     TauriBackgroundProgress, TauriEmitter, TauriHandle, TorBootstrapStatus,
@@ -34,11 +33,17 @@ pub trait TorBackendSwap {
         arti_transport_hook: impl FnOnce(&mut TorTransport),
     ) -> std::io::Result<IntoTransportT>;
 }
-type IntoTransportT = OrTransport<OptionalTransport<TorTransport>, TcpTransport>;
+type IntoTransportT = OrTransport<
+    OrTransport<OptionalTransport<TorTransport>, OptionalTransport<Socks5Transport>>,
+    TcpTransport,
+>;
 impl TorBackendSwap for TorBackend {
     async fn bootstrap(&self, tauri_handle: Option<TauriHandle>) -> anyhow::Result<()> {
         match self {
             TorBackend::Arti(arti) => bootstrap_arti_tor_client(arti, tauri_handle).await?,
+            TorBackend::Socks(addr) => {
+                addr.connect().await?; // validate the remote is actually listening
+            }
             TorBackend::None => {}
         }
         Ok(())
@@ -49,7 +54,7 @@ impl TorBackendSwap for TorBackend {
         match self {
             TorBackend::Arti(..) if enable_monero_tor => self.clone(),
             TorBackend::Arti(..) => TorBackend::None,
-            TorBackend::None => self.clone(),
+            TorBackend::Socks(..) | TorBackend::None => self.clone(),
         }
     }
 
@@ -69,9 +74,18 @@ impl TorBackendSwap for TorBackend {
                 let mut tor_transport =
                     TorTransport::from_client(tor_client, arti_address_conversion);
                 arti_transport_hook(&mut tor_transport);
-                OptionalTransport::some(tor_transport)
+                OrTransport::new(
+                    OptionalTransport::some(tor_transport),
+                    OptionalTransport::none(),
+                )
+            }
+            TorBackend::Socks(universal_config) => OrTransport::new(
+                OptionalTransport::none(),
+                OptionalTransport::some(universal_config.transport()),
+            ),
+            TorBackend::None => {
+                OrTransport::new(OptionalTransport::none(), OptionalTransport::none())
             }
-            TorBackend::None => OptionalTransport::none(),
         };
         Ok(tor.or_transport(tcp_with_dns))
     }
