1454850 - Mislabelled options relating to SOCKS4, SOCKS5 and server-side DNS resolution

Status: RESOLVED FIXED

(Core :: Networking: Proxy, defect, P3)

Description

[Adrien de Croy]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Steps to reproduce:

used about:config to enable server-side dns resolution for SOCKS.

Set FF to use SOCKS4.



Actual results:

FF used SOCKS4a, DNS resolution still occured on SOCKS server.


Expected results:

using SOCKS4a is kinda cool, however it's not what is advertised.

Some SOCKS servers don't support SOCKS4a, only SOCKS4 and/or SOCKS5.  The user is possibly unaware of this unadvertised side-effect.

In the proxy config UI, the checkbox (disabled) which reflects the configuration point states it only applies for SOCKS5, which is incorrect.

I'd suggest taking out the SOCKS5 reference, and making it explicit that if the option is set that SOCKS4a will be used not SOCKS4 if SOCKS4 is selected.

Comment 1

[Stefan [:StefanG_QA]]

Based on other similar reports I think the correct component would be Core::Networking. Please change if this is not the right component.

Comment 2

[Michal Novotny [:michal]]

Maybe we should ignore network.proxy.socks_remote_dns when using SOCK4 protocol. The comment even says that we don't use it: https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/netwerk/base/nsProtocolProxyService.cpp#1312.
At the first look the code seems to be incorrect and there should be IMO (type == kProxyType_SOCKS && mSOCKSProxyRemoteDNS) instead.

And at other places we ignore socks version completely:
https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/netwerk/base/nsProtocolProxyService.cpp#2326
https://searchfox.org/mozilla-central/rev/8f06c1b9a080b84435a2906e420fe102e1ed780b/netwerk/base/nsProtocolProxyService.cpp#2364

Comment 3

[Adrien de Croy]

Why not just change the label and retain the ability to use SOCKS4a?

Anyone using 4a and relying on this won't thank you for removing the ability just because it's labelled wrong and comments don't match.  It's actually useful.  Just fix the label, it's less risky as well.

Comment 4

[itsuart]

Run onto this bug. Checkbox says that DNS resolution will happen only if SOCKS5 proxy, yet FF tries to do that with SOCKS4 too.
SOCKS4 proxies don't support that mode of operation and reject such requests and FF thinks that there is no internet connection.

Comment 5

[itsuart]

Related case (FF does try to "connect" to address 0.0.0.1): https://bugzilla.mozilla.org/show_bug.cgi?id=761181

Comment 6

[Wayne Mery (:wsmwk)]

Do you still see this when using a current version?

Comment 7

[itsuart]

Yes. Steps to reproduce:

• Navigate to "Connection Settings" options screen
• choose SOCKS5 proxy
• check the "Proxy DNS when using SOCKS5"
• choose SOCKS4 proxy
  Note that "Proxy DNS..." checkbox is still checked.
• Try to connect to SOCKS4 proxy
• Connection fails with FF trying to connect to 0.0.0.1:443

Expected behaviour: FF doesn't try to proxy DNS if SOCKS4 proxy is selected.

Comment 8

[Wayne Mery (:wsmwk)]

istuart, Thanks for the update

(adrien appears to be gone)

Comment 9

[Adrien de Croy]

(In reply to Wayne Mery (:wsmwk) from comment #8)

istuart, Thanks for the update

(adrien appears to be gone)

still lurking

Comment 10

[Manuel Bucher [:manuel]]

Attachment: Bug 1454850 - Add "Proxy DNS when using SOCKS v4" option to proxy preferences r=#necko

With Bug 1741375 this is a separate config variable.

Comment 11

[Pulsebot]

Pushed by mbucher@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f4e4ed8628bc
Add "Proxy DNS when using SOCKS v4" option to proxy preferences r=necko-reviewers,fluent-reviewers,settings-reviewers,bolsson,Gijs,valentin

Comment 12

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/f4e4ed8628bc