Building tsocks on Mac OS X

I recently told you about a cool piece of software called tsocks which allows non-SOCKS-aware applications to use SOCKS by using LD_PRELOAD to intercept their socket calls and route them through a SOCKS server.

Installing on Debian was simple as the software was written for Linux and there is a Debian package available for it. Installing on FreeBSD is also simple as it turns out that someone did a FreeBSD port for it.

It took some patching to get tsocks (version 1.8 beta 5) to compile on Mac OS X. Here’s how I did it:

wget '' && \
tar -xzf tsocks-1.8beta5.tar.gz && cd tsocks-1.8 && \
wget '' && \
patch < tsocks-1.8_macosx.patch && autoconf && \
./configure && make && sudo make install

Download tsocks-1.8_macosx.patch

Doing this patch was an education for me about Autoconf as well as how Mac OS X dynamic linking works.

The patch address issues such as:

  • Using gcc-4.0 ended up causing link errors for me so I force use of gcc-3.3.
  • Linking dynamic libraries requires special linker options, as does linking object files with multiply defined symbols.
  • Libraries typically have a .dylib extension rather than .so (because OS X uses the proprietary Mach-O object file format instead of ELF).
  • LD_PRELOAD is not supported. Instead I had to use OS X variables - DYLD_INSERT_LIBRARIES and DYLD_FORCE_FLAT_NAMESPACES.
  • The code itself needed a few minor patches in order to compile; the use of typedefs like socklen_t instead of non-portable types like int and the use of the OS X gcc extension __attribute__ ((constructor)) to defined a dynamic library initialization function.
  • I needed to do a bunch of autoconf stuff to support all of this and to make it so that the tsocks shell script gets generated to accomodate all of these differences.

Of course after doing all of this, I found out that there is a tsocks DarwinPort, which builds but doesn't seem to work because it still tries to use LD_PRELOAD.

27 thoughts on “Building tsocks on Mac OS X

  1. Does this tweaked version for osx still require the tsocks.conf file in /etc?

  2. Yep, it still needs the tsocks.conf file.

    What’s reallya bummer about this is that I’ve been able to get it to work for command-line apps like ssh, but I can’t get it to work with Aqua apps like Firefox, Safari, Thunderbird, etc.

    It seems that these apps crash immediately on startup when DYLD\_FORCE\_FLAT\_NAMESPACES is set.

    Anybody have any ideas of how to get around this?

  3. When i compile on 1.4.5 i get an error at the end of ./configure. i tried to installed wih darwin ports but i cannot access the internet page it requires to download. thanks

  4. It would be most excellent if you would contribute your hard work and tsocks expertise to the DP project’s tsocks port. I think you’d find it would maximize the effects of your hard work. If you are willing to adapt your instructions for the DP port please post what patches would be required to make the tsocks DP port work correctly. There is already a bug filed for the port and it sounds like you know of additional flaws.

    You could probably even be the maintainer for the port if you wish. If I can help in anyway to assist you in contributing please let me know; I have no specific knowedge of tsocks but I contribute to the project so I could help.

  5. I tried installing the darwin ports version and I keep getting an error: 12:50:53 libtsocks(23015): Error 56 attempting to connect to SOCKS server (Socket is already connected)

    And when I tried to do the patch mentioned in your post on an Intel Mac, it got angry at me. I ran configure and it blew up at me.

    I have successfully installed it on a PPC, just haven’t gotten it to use the SOCKS proxy yet. :/

  6. When i run ./configure i get the following error:

    checking for gcc… gcc-3.3
    checking for C compiler default output file name… configure: error: C compiler cannot create executables

    Does anyone have a clue how I can fix this?

  7. Also, when I successfully installed it from darwinports i got this when running tsocks:

    dyld: could not load inserted library: /opt/local/lib/libtsocks.dylib

    Trace/BPT trap

    I just want to play some World of Warcraft… =(

  8. I installed the 1.8 beta 5.1 version from Darwin Ports. I was able to run Aqua apps like safari from a terminal window with no changes. This is on 10.3, from a zsh shell (although that latter shouldn’t matter).

    Some apps required using ‘open’ (namely Entourage).

    Couple of examples:

    % tsocks /Applications/ &

    % tsocks open “/Applications/Microsoft Office 2004/Microsoft Entourage”

  9. Skip that. I was on crack. Hadn’t disconnected the vpn so it was using that connection.

  10. Hey man, thanks for doing this, it works, except for some reason I had to hack it back to using stock gcc and manually set the FLATNAMESPACE environment flag.

    (I’m using 10.4.8)

  11. It seems like gcc-3.3 is for PPC only in the XCode distribution.
    /usr/libexec/gcc/darwin/i386 in Midnight Commander :

    !default ( -> 4.0 )

    and that’s all! No any cc1, cc1plus, gnat1 etc.

  12. but I can’t get it to work with Aqua apps like Firefox, Safari, Thunderbird, etc.

    For Apple’s apps, it seems that they’re using its own proxy setting. Check out System Preferences — Network — choose your net access, click Configure — click on Proxies Tab; there’s an option titled “SOCKS Proxy”. There you go.

    Blimey, that’s VERY deeply buried indeed.

  13. Most of MacOSX application is static linked, or something like that…

    So, Don’t expect that tsocks’ll work with MacOSX default applications (safari, etc)

  14. Can you please post more details how did you make it work? I wanted to compile but cannot install gcc42 from fink.

    Thanks a lot for help.

  15. Working great ! got through a corporate proxy like this, really nice !!

    Some notes:

    * I built it using your patch (running exactly the command, except for the download from that has changed). The instruction scripts worked perfectly. Of course, you need to have XCode installed (some people seem to have problems because they don’t have the correct version of XCode for their machine)

    * after that, it took me some time to understand that you not only need to have two variables set: not only DYLD_INSERT_LIBRARIES, but also DYLD_FORCE_FLAT_NAMESPACE. The current version of tsocks only sets DYLD_INSERT_LIBRARIES . For example, from the command line you can write (I ended up creating an alias):

    export DYLD_INSERT_LIBRARIES=/lib/libtsocks.dylib

    * Then, to run Mail you need to run from the command line (after having set the env variables above):

    open /Applications/

    Any other way of running Mail doesn’t seem to work.

    I couldn’t get Safari to work, nor some command lines (ping, wget…), but I found workaround (FireFox + SwitchProxy is easier to set up 😀 )

    In any case, Thank you Marc for the instructions

  16. Pingback: Patrick Collison » blog » tsocks: a nifty utility now working on OS X

  17. sound great,
    nevertheless I can’t get the patch file,
    Have you any idea where can I find your patch ?
    Thanks by advance

  18. Pingback: Tunneling Everything through SOCKS5 | 603

  19. thanks for your effort, using macports behind restrictive firewall works again!

  20. I tried your patch recipe (thanks for making it available here !) on Mac OS 10.7.2 (Lion) but I saw that when using tsocks to ssh to a host behind the firewall, ssh seemed to stall.

    I also tried the tsocks version which came with MacPorts (1.8.4) which had the same problem when using host names but worked when using IP addresses (I’m using a tsocks.conf which works on Ubuntu with tsocks 1.8beta5-9.1).

    Looking at what is different between the version including your patch (1.8beta5) and the MacPorts version, I see that the MacPorts version sets the environment variable DYLD_FORCE_FLAT_NAMESPACE to 1. This seems to solve the problem with the patched 1.8beta5 version. I.e. with the following I got it to work properly (bash/zsh syntax):

    source /usr/bin/tsocks on
    ssh host-behind-firewall

Leave a Reply

Your email address will not be published.