June 2011 - tor-commits - lists.torproject.org

[flashproxy/rtmfp] Serve /crossdomain.xml.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit 8eb56ea0f43e48fecf8a564005c8446ca3477448 Author: David Fifield <david(a)bamsoftware.com> Date: Fri May 20 05:17:00 2011 -0700 Serve /crossdomain.xml. --- facilitator.py | 20 ++++++++++++++++++++ 1 files changed, 20 insertions(+), 0 deletions(-) diff --git a/facilitator.py b/facilitator.py index 56a9774..5c33ea2 100755 --- a/facilitator.py +++ b/facilitator.py @@ -11,6 +11,7 @@ import sys import threading import time import urllib +import urlparse DEFAULT_ADDRESS = "0.0.0.0" DEFAULT_PORT = 9002 @@ -191,6 +192,12 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(self): log(u"proxy %s connects" % format_addr(self.client_address)) + path = urlparse.urlsplit(self.path)[2] + + if path == u"/crossdomain.xml": + self.send_crossdomain() + return + reg = REGS.fetch() if reg: log(u"proxy %s gets %s (now %d)" % (format_addr(self.client_address), unicode(reg), len(REGS))) @@ -231,6 +238,19 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): self.send_response(200) self.end_headers() + def send_crossdomain(self): + crossdomain = """\ +<cross-domain-policy> +<allow-access-from domain="*"/> +</cross-domain-policy> +""" + self.send_response(200) + # Content-Type must be one of a few whitelisted types. + # http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#_Co… + self.send_header("Content-Type", "application/xml") + self.end_headers() + self.wfile.write(crossdomain) + def send_error(self, code, message = None): self.send_response(code) self.end_headers()

1 0

[flashproxy/rtmfp] Fix further syntax error in f23dc0aa, thanks rransom.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit f1f8f33074f2d03dced8676dcfb213fb5b9262af Author: David Fifield <david(a)bamsoftware.com> Date: Wed Jun 8 13:53:33 2011 -0700 Fix further syntax error in f23dc0aa, thanks rransom. --- connector.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/connector.py b/connector.py index c2c648e..27fff61 100755 --- a/connector.py +++ b/connector.py @@ -386,7 +386,7 @@ while True: remotes.remove(fd) fd.close() else: - log(u"Data from unconnected remote %s (%d bytes)." % format_addr(fd.getpeername()), len(data)) + log(u"Data from unconnected remote %s (%d bytes)." % (format_addr(fd.getpeername()), len(data))) fd.buf += data if len(fd.buf) >= UNCONNECTED_BUFFER_LIMIT: log(u"Refusing to buffer more than %d bytes from local %s." % (UNCONNECTED_BUFFER_LIMIT, format_addr(fd.getpeername())))

1 0

[flashproxy/rtmfp] Switching swfcat.as to point to David's facilitator by default instead of Nate's
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit c16f7d998686c84d30b4f6e4177659e3845888b7 Author: Nate Hardison <hardison(a)stanford.edu> Date: Thu Jun 9 17:59:57 2011 -0700 Switching swfcat.as to point to David's facilitator by default instead of Nate's --- swfcat.as | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/swfcat.as b/swfcat.as index 627a3cd..1bb2ff5 100644 --- a/swfcat.as +++ b/swfcat.as @@ -27,9 +27,9 @@ package private const DEFAULT_CIRRUS_ADDR:String = "rtmfp://p2p.rtmfp.net"; private const DEFAULT_CIRRUS_KEY:String = RTMFP::CIRRUS_KEY; - /* Nate's facilitator -- serves a crossdomain policy */ + /* David's facilitator. */ private const DEFAULT_FACILITATOR_ADDR:Object = { - host: "128.12.179.80", + host: "173.255.221.44", port: 9002 };

1 0

[flashproxy/rtmfp] Use a URLLoader to query the HTTP facilitator.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit 5ae83e1cc6ce4bd38958538bbdbecf955a6bfc65 Author: David Fifield <david(a)bamsoftware.com> Date: Mon May 30 21:18:16 2011 -0700 Use a URLLoader to query the HTTP facilitator. --- swfcat.as | 54 +++++++++++++++++++++++++++++------------------------- 1 files changed, 29 insertions(+), 25 deletions(-) diff --git a/swfcat.as b/swfcat.as index 05da498..130b061 100644 --- a/swfcat.as +++ b/swfcat.as @@ -6,6 +6,9 @@ package import flash.text.TextField; import flash.text.TextFormat; import flash.net.Socket; + import flash.net.URLLoader; + import flash.net.URLLoaderDataFormat; + import flash.net.URLRequest; import flash.events.Event; import flash.events.IOErrorEvent; import flash.events.ProgressEvent; @@ -36,9 +39,6 @@ package // Seconds. private const RATE_LIMIT_HISTORY:Number = 5.0; - // Socket to facilitator. - private var s_f:Socket; - /* TextField for debug output. */ private var output_text:TextField; @@ -183,45 +183,49 @@ package /* The main logic begins here, after start-up issues are taken care of. */ private function main():void { + var fac_url:String; + var loader:URLLoader; + if (num_proxy_pairs >= MAX_NUM_PROXY_PAIRS) { setTimeout(main, FACILITATOR_POLL_INTERVAL); return; } - s_f = new Socket(); - - s_f.addEventListener(Event.CONNECT, fac_connected); - s_f.addEventListener(Event.CLOSE, function (e:Event):void { - puts("Facilitator: closed connection."); - setTimeout(main, FACILITATOR_POLL_INTERVAL); - }); - s_f.addEventListener(IOErrorEvent.IO_ERROR, function (e:IOErrorEvent):void { + loader = new URLLoader(); + /* Get the x-www-form-urlencoded values. */ + loader.dataFormat = URLLoaderDataFormat.VARIABLES; + loader.addEventListener(Event.COMPLETE, fac_complete); + loader.addEventListener(IOErrorEvent.IO_ERROR, function (e:IOErrorEvent):void { puts("Facilitator: I/O error: " + e.text + "."); }); - s_f.addEventListener(SecurityErrorEvent.SECURITY_ERROR, function (e:SecurityErrorEvent):void { + loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, function (e:SecurityErrorEvent):void { puts("Facilitator: security error: " + e.text + "."); }); - puts("Facilitator: connecting to " + fac_addr.host + ":" + fac_addr.port + "."); - s_f.connect(fac_addr.host, fac_addr.port); - } - - private function fac_connected(e:Event):void - { - puts("Facilitator: connected."); - - s_f.addEventListener(ProgressEvent.SOCKET_DATA, fac_data); - - s_f.writeUTFBytes("GET / HTTP/1.0\r\n\r\n"); + fac_url = "http://" + encodeURIComponent(fac_addr.host) + + ":" + encodeURIComponent(fac_addr.port) + "/"; + puts("Facilitator: connecting to " + fac_url + "."); + loader.load(new URLRequest(fac_url)); } - private function fac_data(e:ProgressEvent):void + private function fac_complete(e:Event):void { + var loader:URLLoader; var client_spec:String; var client_addr:Object; var proxy_pair:Object; - client_spec = s_f.readMultiByte(e.bytesLoaded, "utf-8"); + setTimeout(main, FACILITATOR_POLL_INTERVAL); + + loader = e.target as URLLoader; + client_spec = loader.data.client; + if (client_spec == "") { + puts("No clients."); + return; + } else if (!client_spec) { + puts("Error: missing \"client\" in response."); + return; + } puts("Facilitator: got \"" + client_spec + "\"."); client_addr = parse_addr_spec(client_spec);

1 0

[flashproxy/rtmfp] Make the facilitator use real HTTP in its responses.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit a3c045f340661c9256d08de86dc70e055feae25a Author: David Fifield <david(a)bamsoftware.com> Date: Fri May 20 05:07:48 2011 -0700 Make the facilitator use real HTTP in its responses. --- README | 12 +++++++----- design.txt | 24 ++++++++++++------------ facilitator.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 47 insertions(+), 18 deletions(-) diff --git a/README b/README index 067f92e..4e58907 100644 --- a/README +++ b/README @@ -87,16 +87,18 @@ with the caveat that the server also has to serve a crossdomain policy. The Tor client needs to be able to listen for an incoming connection, which generally means not being behind NAT. -Clients register with the facilitator by sending an HTTP-like message: +Clients register with the facilitator by sending an HTTP message: POST / HTTP/1.0\r\n \r\n client=:9000 - -The Flash proxy also gets a client address using something like HTTP: +The Flash proxy also gets a client address over HTTP: GET / HTTP/1.0\r\n \r\n -The server sends back an address specification (no HTTP header): - 192.168.0.102:8888 +The server sends back an address specification in an HTTP respose. + HTTP/1.0 200 OK\r\n + Server: BaseHTTP/0.3 Python/2.5.2\r\n + \r\n + client=1.2.3.4%3A9000 == ActionScript programming diff --git a/design.txt b/design.txt index 4776b73..abc53a4 100644 --- a/design.txt +++ b/design.txt @@ -108,10 +108,11 @@ Design of Flash proxies client=[<address>]:<port> - (The facilitator sends back no data in response.) If the connector - omits the [<address>] part, the facilitator will automatically fill it - in based on the HTTP client address, which means the connector doesn't - have to know its external address. + The facilitator sends a 200 reply if the registration was successful + and an error status otherwise. If the connector omits the [<address>] + part, the facilitator will automatically fill it in based on the HTTP + client address, which means the connector doesn't have to know its + external address. The connector solves the impedance mismatch between the Tor client and the Flash proxy, both of which want to make outgoing connections to @@ -136,22 +137,21 @@ Design of Flash proxies GET / HTTP/1.0 - The response is not really HTTP: the data follows immediately with no - HTTP header. An empty document means that there are no clients - registered. Otherwise, the response looks like this: + The response code is 200 and the body looks like this: - <address>:<port> + client=[<address>:<port>] - Both <address> and <port> are required. + If <address>:<port> is missing, it means that there are no client + registrations for this proxy. The Flash proxy may serve more than one relay–client pair at once. It limits its own bandwidth to 10 KB/s (combined upload/download). 8. Behavior of the facilitator - The faciliator is a pseudo-HTTP server that handles client POST - registrations and proxy GET requests according to the formats given - above. The facilitator listens on port 9002. + The faciliator is a HTTP server that handles client POST registrations + and proxy GET requests according to the formats given above. The + facilitator listens on port 9002. In the current implementation, the facilitator forgets a client registration after giving it to a Flash proxy. The client must diff --git a/facilitator.py b/facilitator.py index d5bac75..56a9774 100755 --- a/facilitator.py +++ b/facilitator.py @@ -10,6 +10,7 @@ import socket import sys import threading import time +import urllib DEFAULT_ADDRESS = "0.0.0.0" DEFAULT_PORT = 9002 @@ -193,20 +194,23 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): reg = REGS.fetch() if reg: log(u"proxy %s gets %s (now %d)" % (format_addr(self.client_address), unicode(reg), len(REGS))) - self.request.send(str(reg)) + self.send_client(reg) else: log(u"proxy %s gets none" % format_addr(self.client_address)) + self.send_client(None) def do_POST(self): data = self.rfile.readline(1024).strip() try: vals = cgi.parse_qs(data, False, True) except ValueError, e: + self.send_error(400) log(u"client %s POST syntax error: %s" % (format_addr(self.client_address), repr(str(e)))) return client_specs = vals.get("client") if client_specs is None or len(client_specs) != 1: + self.send_error(400) log(u"client %s missing \"client\" param" % format_addr(self.client_address)) return val = client_specs[0] @@ -214,6 +218,7 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): try: reg = Reg.parse(val, self.client_address[0]) except ValueError, e: + self.send_error(400) log(u"client %s syntax error in %s: %s" % (format_addr(self.client_address), repr(val), repr(str(e)))) return @@ -223,10 +228,32 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): else: log(u"client %s %s (already present, now %d)" % (format_addr(self.client_address), unicode(reg), len(REGS))) + self.send_response(200) + self.end_headers() + + def send_error(self, code, message = None): + self.send_response(code) + self.end_headers() + if message: + self.wfile.write(message) + def log_message(self, format, *args): msg = format % args log(u"message from HTTP handler for %s: %s" % (format_addr(self.client_address), repr(msg))) + def send_client(self, reg): + if reg: + client_str = str(reg) + else: + # Send an empty string rather than a 404 or similar because Flash + # Player's URLLoader can't always distinguish a 404 from, say, + # "server not found." + client_str = "" + self.send_response(200) + self.send_header("Content-Type", "x-www-form-urlencoded") + self.end_headers() + self.request.send(urllib.urlencode({"client": client_str})) + REGS = RegSet() opts, args = getopt.gnu_getopt(sys.argv[1:], "dhl:", ["debug", "help", "log="])

1 0

[flashproxy/rtmfp] Do getaddrinfo on the HOST and PORT from the command line to convert
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit 4401b29b2c28566b1e808d606e3834504afc064e Author: David Fifield <david(a)bamsoftware.com> Date: Thu May 26 23:05:19 2011 -0700 Do getaddrinfo on the HOST and PORT from the command line to convert text port identifier to numbers. --- facilitator.py | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/facilitator.py b/facilitator.py index c9859db..d5bac75 100755 --- a/facilitator.py +++ b/facilitator.py @@ -259,13 +259,15 @@ else: usage(sys.stderr) sys.exit(1) +addrinfo = socket.getaddrinfo(address[0], address[1], 0, socket.SOCK_STREAM, socket.IPPROTO_TCP)[0] + class Server(SocketServer.ThreadingMixIn, BaseHTTPServer.HTTPServer): pass # Setup the server -server = Server(address, Handler) +server = Server(addrinfo[4], Handler) -log(u"start on %s" % format_addr(address)) +log(u"start on %s" % format_addr(addrinfo[4])) if options.daemonize: log(u"daemonizing")

1 0

[flashproxy/rtmfp] Fix a syntax error in "data from unconnected remote" message.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit f23dc0aa8b122c7be6b6ead300b255388041e57a Author: David Fifield <david(a)bamsoftware.com> Date: Wed Jun 8 09:49:32 2011 -0700 Fix a syntax error in "data from unconnected remote" message. --- connector.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/connector.py b/connector.py index 78db084..c2c648e 100755 --- a/connector.py +++ b/connector.py @@ -386,7 +386,7 @@ while True: remotes.remove(fd) fd.close() else: - log(u"Data from unconnected remote %s (%d bytes)." % format_addr(fd.getpeername(), len(data))) + log(u"Data from unconnected remote %s (%d bytes)." % format_addr(fd.getpeername()), len(data)) fd.buf += data if len(fd.buf) >= UNCONNECTED_BUFFER_LIMIT: log(u"Refusing to buffer more than %d bytes from local %s." % (UNCONNECTED_BUFFER_LIMIT, format_addr(fd.getpeername())))

1 0

[flashproxy/master] Use cgi.FieldStorage for parsing postdata.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit dd7cfb9c0c32b839287ffefe5bc2527009cd99f9 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Jun 10 05:58:55 2011 -0700 Use cgi.FieldStorage for parsing postdata. --- facilitator.py | 20 +++++++------------- 1 files changed, 7 insertions(+), 13 deletions(-) diff --git a/facilitator.py b/facilitator.py index 7fc9484..801d0ad 100755 --- a/facilitator.py +++ b/facilitator.py @@ -219,29 +219,23 @@ class Handler(BaseHTTPServer.BaseHTTPRequestHandler): self.send_client(None) def do_POST(self): - data = self.rfile.readline(1024).strip() - try: - vals = cgi.parse_qs(data, False, True) - except ValueError, e: - self.send_error(400) - log(u"client %s POST syntax error: %s" % (format_addr(self.client_address), repr(str(e)))) - return + data = cgi.FieldStorage(fp = self.rfile, headers = self.headers, + environ = {"REQUEST_METHOD": "POST"}) - client_specs = vals.get("client") - if client_specs is None or len(client_specs) != 1: + client_spec = data.getfirst("client") + if client_spec is None: self.send_error(400) log(u"client %s missing \"client\" param" % format_addr(self.client_address)) return - val = client_specs[0] try: - reg = Reg.parse(val, self.client_address[0]) + reg = Reg.parse(client_spec, self.client_address[0]) except ValueError, e: self.send_error(400) - log(u"client %s syntax error in %s: %s" % (format_addr(self.client_address), repr(val), repr(str(e)))) + log(u"client %s syntax error in %s: %s" % (format_addr(self.client_address), repr(client_spec), repr(str(e)))) return - log(u"client %s regs %s -> %s" % (format_addr(self.client_address), val, unicode(reg))) + log(u"client %s regs %s -> %s" % (format_addr(self.client_address), client_spec, unicode(reg))) if REGS.add(reg): log(u"client %s %s (now %d)" % (format_addr(self.client_address), unicode(reg), len(REGS))) else:

1 0

[flashproxy/master] Put the resolved relay address at the top of the facilitator log.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit 62049e7cb19cf014b29c6e78b9e1b67c2f3c1c5f Author: David Fifield <david(a)bamsoftware.com> Date: Fri Jun 10 03:42:49 2011 -0700 Put the resolved relay address at the top of the facilitator log. --- facilitator.py | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/facilitator.py b/facilitator.py index be7543a..7fc9484 100755 --- a/facilitator.py +++ b/facilitator.py @@ -345,6 +345,7 @@ class Server(SocketServer.ThreadingMixIn, BaseHTTPServer.HTTPServer): server = Server(addrinfo[4], Handler) log(u"start on %s" % format_addr(addrinfo[4])) +log(u"using relay address %s" % options.relay_spec) if options.daemonize: log(u"daemonizing")

1 0

[flashproxy/master] Check whether s_c and s_r exist before checking for connectedness.
by dcf＠torproject.org 10 Jun '11

10 Jun '11

commit 0f17fa91026c6d42e866700ddb85c3094934654f Author: David Fifield <david(a)bamsoftware.com> Date: Fri Jun 10 03:05:46 2011 -0700 Check whether s_c and s_r exist before checking for connectedness. --- swfcat.as | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/swfcat.as b/swfcat.as index 8c91ae8..2afde01 100644 --- a/swfcat.as +++ b/swfcat.as @@ -429,19 +429,19 @@ class ProxyPair extends EventDispatcher s_r.addEventListener(Event.CONNECT, relay_connected); s_r.addEventListener(Event.CLOSE, function (e:Event):void { log("Relay: closed."); - if (s_c.connected) + if (s_c && s_c.connected) s_c.close(); dispatchEvent(new Event(Event.COMPLETE)); }); s_r.addEventListener(IOErrorEvent.IO_ERROR, function (e:IOErrorEvent):void { log("Relay: I/O error: " + e.text + "."); - if (s_c.connected) + if (s_c && s_c.connected) s_c.close(); dispatchEvent(new Event(Event.COMPLETE)); }); s_r.addEventListener(SecurityErrorEvent.SECURITY_ERROR, function (e:SecurityErrorEvent):void { log("Relay: security error: " + e.text + "."); - if (s_c.connected) + if (s_c && s_c.connected) s_c.close(); dispatchEvent(new Event(Event.COMPLETE)); }); @@ -460,19 +460,19 @@ class ProxyPair extends EventDispatcher s_c.addEventListener(Event.CONNECT, client_connected); s_c.addEventListener(Event.CLOSE, function (e:Event):void { log("Client: closed."); - if (s_r.connected) + if (s_r && s_r.connected) s_r.close(); dispatchEvent(new Event(Event.COMPLETE)); }); s_c.addEventListener(IOErrorEvent.IO_ERROR, function (e:IOErrorEvent):void { log("Client: I/O error: " + e.text + "."); - if (s_r.connected) + if (s_r && s_r.connected) s_r.close(); dispatchEvent(new Event(Event.COMPLETE)); }); s_c.addEventListener(SecurityErrorEvent.SECURITY_ERROR, function (e:SecurityErrorEvent):void { log("Client: security error: " + e.text + "."); - if (s_r.connected) + if (s_r && s_r.connected) s_r.close(); dispatchEvent(new Event(Event.COMPLETE)); });

1 0