tsocks patches

If you don't know what this is about, visit tsocks.sourceforge.net

The two patches here both address the same issue, in different ways.

By default, tsocks will assume that all connections should go through tsocks, with the exception of the nets specified in the "local" parameters, or via a "path" statement. I've found the need to have tsocks operate in the reverse way. ie: Assume that nothing should go through tsocks, with the exception of the nets specified in the configuration file.

That mode of functionality would be particularly helpful if you're using tsocks in conjunction with "ssh -D" for a kind of "Poor Man's VPN."

The latest released version of tsocks, 1.8-beta5, doesn't support such a thing, and these patches add it in.


My first attempt: tsocks-1.8-remotepath.patch

This patch adds in a new type of path construct called "remotepath" which is the first thing checked when tsocks determines if it should socksify a connection. For instance:

remotepath {
	reaches = 192.168.0.0/255.255.255.0
	server = 127.0.0.1
}
local = 0.0.0.0/0.0.0.0
So, everything's local, except for 192.168.0.0/24. Internally the code for this was a bit lame, and it seemed silly to create a whole different path type just for this. Feel free to take a look at the patch, of course, but I feel that the second version is much better. This patch seems to work, but I abandoned it before I'd consider it near "done" to go pursue the second method.
My second attempt: tsocks-1.8-remote.patch

This patch adds a new directive for the config file called "remote." To wit:

remote = 192.168.0.0/255.255.255.0
server = 127.0.0.1
As soon as tsocks encounters a "remote" directive, it will switch into the mode where it assumes that nothing but the specified nets will go through the socks server. This syntax is, I feel, much more intuitive, and it also allows you to use paths in the same way as you used to. Let's say you've got 192.168.0.0/24 and 192.168.1.0/24 which have to go through your default socks sever running on 127.0.0.1, and then you've got another net, 10.11.12.0/24, which has to go through the socks server at 10.0.0.2:
remote = 192.168.0.0/255.255.255.0
remote = 192.168.1.0/255.255.255.0
server = 127.0.0.1

path {
	reaches = 10.11.12.0/255.255.255.0
	server = 10.0.0.2
}
Any connections made to IP addresses outside those specified ranges will just be plain ol' connections going along without the benefit of socks.

This patch seems to work pretty well for me, so good luck. The usual disclaimers apply, of course. Don't blame me if packets go flying off where they shouldn't go, or this patch totally blows up your computer.