September 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] Add a VoteOnHidServDirectoriesV2 configuration option
by arma＠torproject.org 09 Sep '11

09 Sep '11

commit 1546054d81fcc3462c37aca8a35a510d7f770533 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Tue May 10 02:06:07 2011 -0700 Add a VoteOnHidServDirectoriesV2 configuration option --- changes/bug2649a | 5 +++++ doc/tor.1.txt | 5 +++++ src/or/config.c | 1 + src/or/dirserv.c | 16 +++++++++++----- src/or/dirvote.h | 2 +- src/or/networkstatus.c | 2 +- src/or/or.h | 3 +++ 7 files changed, 27 insertions(+), 7 deletions(-) diff --git a/changes/bug2649a b/changes/bug2649a new file mode 100644 index 0000000..4ee31eb --- /dev/null +++ b/changes/bug2649a @@ -0,0 +1,5 @@ + o Minor features: + - Add a VoteOnHidServDirectoriesV2 configuration option to allow + directory authorities to abstain from voting on assignment of + the HSDir consensus flag. Related to bug 2649. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 8aa32e8..9c81198 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1335,6 +1335,11 @@ DIRECTORY AUTHORITY SERVER OPTIONS that fine-grained information about nodes can be discarded when it hasn't changed for a given amount of time. (Default: 24 hours) +**VoteOnHidServDirectoriesV2** **0**|**1**:: + When this option is set in addition to **AuthoritativeDirectory**, Tor + votes on whether to accept relays as hidden service directories. + (Default: 1) + HIDDEN SERVICE OPTIONS ---------------------- diff --git a/src/or/config.c b/src/or/config.c index 44cecf3..96696fe 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -402,6 +402,7 @@ static config_var_t _option_vars[] = { NULL), VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL), V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"), + V(VoteOnHidServDirectoriesV2, BOOL, "1"), V(_UsingTestNetworkDefaults, BOOL, "0"), { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } diff --git a/src/or/dirserv.c b/src/or/dirserv.c index d114d86..4da0c4f 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2262,7 +2262,7 @@ void set_routerstatus_from_routerinfo(routerstatus_t *rs, routerinfo_t *ri, time_t now, int naming, int listbadexits, - int listbaddirs) + int listbaddirs, int vote_on_hsdirs) { int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); @@ -2306,7 +2306,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_bad_directory = listbaddirs && ri->is_bad_directory; rs->is_bad_exit = listbadexits && ri->is_bad_exit; ri->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, now); - rs->is_hs_dir = ri->is_hs_dir; + rs->is_hs_dir = vote_on_hsdirs && ri->is_hs_dir; rs->is_v2_dir = ri->dir_port != 0; if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME)) @@ -2538,6 +2538,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, int naming = options->NamingAuthoritativeDir; int listbadexits = options->AuthDirListBadExits; int listbaddirs = options->AuthDirListBadDirs; + int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2; routerlist_t *rl = router_get_routerlist(); time_t now = time(NULL); time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH; @@ -2601,7 +2602,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; set_routerstatus_from_routerinfo(rs, ri, now, - naming, listbadexits, listbaddirs); + naming, listbadexits, listbaddirs, + vote_on_hsdirs); if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) clear_status_flags_on_sybil(rs); @@ -2678,7 +2680,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, v3_out->server_versions = server_versions; v3_out->known_flags = smartlist_create(); smartlist_split_string(v3_out->known_flags, - "Authority Exit Fast Guard HSDir Stable V2Dir Valid", + "Authority Exit Fast Guard Stable V2Dir Valid", 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); if (vote_on_reachability) smartlist_add(v3_out->known_flags, tor_strdup("Running")); @@ -2690,6 +2692,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, smartlist_add(v3_out->known_flags, tor_strdup("Named")); smartlist_add(v3_out->known_flags, tor_strdup("Unnamed")); } + if (vote_on_hsdirs) + smartlist_add(v3_out->known_flags, tor_strdup("HSDir")); smartlist_sort_strings(v3_out->known_flags); if (options->ConsensusParams) { @@ -2754,6 +2758,7 @@ generate_v2_networkstatus_opinion(void) int versioning = options->VersioningAuthoritativeDir; int listbaddirs = options->AuthDirListBadDirs; int listbadexits = options->AuthDirListBadExits; + int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2; const char *contact; char *version_lines = NULL; smartlist_t *routers = NULL; @@ -2846,7 +2851,8 @@ generate_v2_networkstatus_opinion(void) char *version = version_from_platform(ri->platform); set_routerstatus_from_routerinfo(&rs, ri, now, - naming, listbadexits, listbaddirs); + naming, listbadexits, listbaddirs, + vote_on_hsdirs); if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) clear_status_flags_on_sybil(&rs); diff --git a/src/or/dirvote.h b/src/or/dirvote.h index 67540a3..de11fcf 100644 --- a/src/or/dirvote.h +++ b/src/or/dirvote.h @@ -62,7 +62,7 @@ const cached_dir_t *dirvote_get_vote(const char *fp, int flags); void set_routerstatus_from_routerinfo(routerstatus_t *rs, routerinfo_t *ri, time_t now, int naming, int listbadexits, - int listbaddirs); + int listbaddirs, int vote_on_hsdirs); void router_clear_status_flags(routerinfo_t *ri); networkstatus_t * dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 1aa4e4a..b0ef74b 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -2105,7 +2105,7 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now) if (bridge_auth && ri->purpose == ROUTER_PURPOSE_BRIDGE) dirserv_set_router_is_running(ri, now); /* then generate and write out status lines for each of them */ - set_routerstatus_from_routerinfo(&rs, ri, now, 0, 0, 0); + set_routerstatus_from_routerinfo(&rs, ri, now, 0, 0, 0, 0); smartlist_add(statuses, networkstatus_getinfo_helper_single(&rs)); }); diff --git a/src/or/or.h b/src/or/or.h index 456dce2..70308e0 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2517,8 +2517,11 @@ typedef struct { * we don't need to? */ int HidServDirectoryV2; /**< Do we participate in the HS DHT? */ + int VoteOnHidServDirectoriesV2; /**< As a directory authority, vote on + * assignment of the HSDir flag? */ int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden * service directories after what time? */ + int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ int AllDirActionsPrivate; /**< Should every directory action be sent * through a Tor circuit? */

1 0

[torspec/master] Merge remote-tracking branch 'asn/bug3656'
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit b5ad8d69ee9ca9219220b4eca6ca7b46ce5c42af Merge: 87ad7d4 8a1ed07 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 9 13:17:18 2011 -0400 Merge remote-tracking branch 'asn/bug3656' proposals/180-pluggable-transport.txt | 19 ++++++++++++------- 1 files changed, 12 insertions(+), 7 deletions(-)

1 0

[obfsproxy/master] Refactor main.[ch] to support managed mode.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 34132ac65fb2535156e55279c524dfd847f2c03d Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:35:20 2011 +0200 Refactor main.[ch] to support managed mode. Also, add new entry-point for obfsproxy at obfs_main.c, so that the unittest binary can link against main.c. --- src/main.c | 166 +++++++++++++++++++++++++++++++++++++----------------- src/main.h | 7 ++ src/obfs_main.c | 16 +++++ 3 files changed, 137 insertions(+), 52 deletions(-) diff --git a/src/main.c b/src/main.c index 06729be..abf5e94 100644 --- a/src/main.c +++ b/src/main.c @@ -8,6 +8,7 @@ #include "crypt.h" #include "network.h" #include "protocol.h" +#include "managed.h" #include <errno.h> #include <signal.h> @@ -17,6 +18,11 @@ #include <event2/dns.h> static struct event_base *the_event_base; +static struct event *sig_int; +static struct event *sig_term; + +/* Pluggable transport proxy mode. ('External' or 'Managed') */ +static int is_external_proxy=1; /** Prints the obfsproxy usage instructions then exits. @@ -75,6 +81,15 @@ handle_signal_cb(evutil_socket_t fd, short what, void *arg) } } +/** + Returns the libevent event base used by obfsproxy. +*/ +struct event_base * +get_event_base(void) +{ + return the_event_base; +} + /** Stop obfsproxy's event loop. Final cleanup happens in main(). */ void finish_shutdown(void) @@ -143,6 +158,17 @@ handle_obfsproxy_args(const char *const *argv) exit(1); } logsev_set=1; + } else if (!strncmp(argv[i], "--managed", 10)) { + if (logsev_set) { + printf("You can't combine --managed with other log options.\n"); + exit(1); + } + if (log_set_method(LOG_METHOD_NULL, NULL) < 0) { + printf("Error at setting logging severity.\n"); + exit(1); + } + logsev_set=1; + is_external_proxy=0; } else { log_warn("Unrecognizable obfsproxy argument '%s'", argv[i]); exit(1); @@ -153,17 +179,76 @@ handle_obfsproxy_args(const char *const *argv) return i; } -int -main(int argc, const char *const *argv) +/** + Initialize basic components of obfsproxy. +*/ +void +obfsproxy_init() +{ + /* Ugly method to fix a Windows problem: + http://archives.seul.org/libevent/users/Oct-2010/msg00049.html */ +#ifdef _WIN32 + WSADATA wsaData; + WSAStartup(0x101, &wsaData); +#endif + + /* Initialize crypto */ + if (initialize_crypto() < 0) { + log_error("Failed to initialize cryptography."); + } + + /* Initialize libevent */ + the_event_base = event_base_new(); + if (!the_event_base) { + log_error("Failed to initialize networking."); + } + + /* ASN should this happen only when SOCKS is enabled? */ + if (init_evdns_base(the_event_base)) { + log_error("Failed to initialize DNS resolver."); + } + + /* Handle signals. */ +#ifdef SIGPIPE + signal(SIGPIPE, SIG_IGN); +#endif + sig_int = evsignal_new(the_event_base, SIGINT, + handle_signal_cb, NULL); + sig_term = evsignal_new(the_event_base, SIGTERM, + handle_signal_cb, NULL); + if (event_add(sig_int,NULL) || event_add(sig_term,NULL)) { + log_error("Failed to initialize signal handling."); + } +} + +/** + Clean the mess that obfsproxy made all over this computer's memory. +*/ +void +obfsproxy_cleanup() +{ + /* We have landed. */ + log_info("Exiting."); + + close_all_listeners(); + evdns_base_free(get_evdns_base(), 0); + event_free(sig_int); + event_free(sig_term); + event_base_free(get_event_base()); + + cleanup_crypto(); + close_obfsproxy_logfile(); +} + +/** + Launch external proxy. +*/ +static int +launch_external(const char *const *begin) { - struct event *sig_int; - struct event *sig_term; smartlist_t *configs = smartlist_create(); - const char *const *begin; const char *const *end; - /* Handle optional obfsproxy arguments. */ - begin = argv + handle_obfsproxy_args(argv); /* Find the subsets of argv that define each configuration. Each configuration's subset consists of the entries in argv from @@ -201,42 +286,7 @@ main(int argc, const char *const *argv) obfs_assert(smartlist_len(configs) > 0); /* Configurations have been established; proceed with initialization. */ - - /* Ugly method to fix a Windows problem: - http://archives.seul.org/libevent/users/Oct-2010/msg00049.html */ -#ifdef _WIN32 - WSADATA wsaData; - WSAStartup(0x101, &wsaData); -#endif - - /* Initialize crypto */ - if (initialize_crypto() < 0) { - log_error("Failed to initialize cryptography."); - } - - /* Initialize libevent */ - the_event_base = event_base_new(); - if (!the_event_base) { - log_error("Failed to initialize networking."); - } - - /* ASN should this happen only when SOCKS is enabled? */ - if (init_evdns_base(the_event_base)) { - log_error("Failed to initialize DNS resolver."); - } - - /* Handle signals. */ -#ifdef SIGPIPE - signal(SIGPIPE, SIG_IGN); -#endif - sig_int = evsignal_new(the_event_base, SIGINT, - handle_signal_cb, NULL); - sig_term = evsignal_new(the_event_base, SIGTERM, - handle_signal_cb, NULL); - if (event_add(sig_int,NULL) || event_add(sig_term,NULL)) { - log_error("Failed to initialize signal handling."); - return 1; - } + obfsproxy_init(); /* Open listeners for each configuration. */ SMARTLIST_FOREACH(configs, config_t *, cfg, { @@ -249,20 +299,32 @@ main(int argc, const char *const *argv) /* We are go for launch. */ event_base_dispatch(the_event_base); - /* We have landed. */ - log_info("Exiting."); + /* Cleanup and exit! */ + obfsproxy_cleanup(); - close_all_listeners(); SMARTLIST_FOREACH(configs, config_t *, cfg, config_free(cfg)); smartlist_free(configs); - evdns_base_free(get_evdns_base(), 0); - event_free(sig_int); - event_free(sig_term); - event_base_free(the_event_base); + return 0; +} - cleanup_crypto(); - close_obfsproxy_logfile(); +/** Entry point */ +int +obfs_main(int argc, const char *const *argv) +{ + const char *const *begin; + + /* Handle optional obfsproxy arguments. */ + begin = argv + handle_obfsproxy_args(argv); + + if (is_external_proxy) { + if (launch_external(begin)) + return 0; + } else { + if (launch_managed_proxy() < 0) + return 0; + } return 0; } + diff --git a/src/main.h b/src/main.h index 8814499..b323b59 100644 --- a/src/main.h +++ b/src/main.h @@ -5,6 +5,13 @@ #ifndef MAIN_H #define MAIN_H +int tor_main(int argc, char *argv[]); + void finish_shutdown(void); +void obfsproxy_init(); +void obfsproxy_cleanup(); + +struct event_base *get_event_base(void); + #endif diff --git a/src/obfs_main.c b/src/obfs_main.c new file mode 100644 index 0000000..c891e05 --- /dev/null +++ b/src/obfs_main.c @@ -0,0 +1,16 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +int obfs_main(int argc, char *argv[]); + +/** + Simply calls obfs_main() from main.c; + it allows our unittests binary to link against main.c. +*/ +int +main(int argc, char *argv[]) +{ + return obfs_main(argc, argv); +} +

1 0

[obfsproxy/master] Introduce managed.[ch] to the world.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit d3ea7d5c0461d237ec3c1e437bc6609d0d0a1075 Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:35:30 2011 +0200 Introduce managed.[ch] to the world. --- src/managed.c | 670 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/managed.h | 16 ++ 2 files changed, 686 insertions(+), 0 deletions(-) diff --git a/src/managed.c b/src/managed.c new file mode 100644 index 0000000..979bc38 --- /dev/null +++ b/src/managed.c @@ -0,0 +1,670 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +#include "util.h" + +#define MANAGED_PRIVATE +#include "managed.h" +#include "network.h" +#include "protocol.h" +#include "main.h" + +#include "container.h" + +#include <event2/event.h> +#include <event2/listener.h> + +#include <arpa/inet.h> /* for inet_ntoa() */ + +/** Holds all the parameters provided by tor through environment + variables. */ +typedef struct managed_env_vars_t { + char *state_loc; /* where we should store our state */ + char *conf_proto_version; /* managed proxy configuration protocols tor supports */ + char *transports; /* pluggable transports tor wants us to launch */ + + /* server-only */ + char *extended_port; /* extended OR port tor wants us to use */ + char *or_port; /* ORPort that tor uses */ + char *bindaddrs; /* address to listen for client proxy connections */ +} managed_env_vars_t; + +/** Holds data for this managed proxy. */ +typedef struct managed_proxy_t { + unsigned int is_server : 1; /* whether we are a server or a client */ + + managed_env_vars_t vars; /* environment variables */ + + smartlist_t *configs; /* configs created */ +} managed_proxy_t; + +/* Holds the status of the environment variables parsing, so that we + can report a granular error if something fails. */ +enum env_parsing_status { + ST_ENV_SMOOTH, + ST_ENV_FAIL_STATE_LOC, + ST_ENV_FAIL_CONF_PROTO_VER, + ST_ENV_FAIL_CLIENT_TRANSPORTS, + ST_ENV_FAIL_EXTENDED_PORT, + ST_ENV_FAIL_ORPORT, + ST_ENV_FAIL_BINDADDR, + ST_ENV_FAIL_SERVER_TRANSPORTS, +}; + +/* Holds the status of a listener launch. */ +enum launch_status { + ST_LAUNCH_SMOOTH, + ST_LAUNCH_FAIL_SETUP, + ST_LAUNCH_FAIL_LSN, +}; + +/** Managed proxy protocol strings */ +#define PROTO_ENV_ERROR "ENV-ERROR" +#define PROTO_NEG_SUCCESS "VERSION" +#define PROTO_NEG_FAIL "VERSION-ERROR no-version\n" +#define PROTO_CMETHOD "CMETHOD" +#define PROTO_SMETHOD "SMETHOD" +#define PROTO_CMETHOD_ERROR "CMETHOD-ERROR" +#define PROTO_SMETHOD_ERROR "SMETHOD-ERROR" +#define PROTO_CMETHODS_DONE "CMETHODS DONE\n" +#define PROTO_SMETHODS_DONE "SMETHODS DONE\n" + +static int handle_environment(managed_proxy_t *proxy); +static int conf_proto_version_negotiation(const managed_proxy_t *proxy); +static int launch_listeners(const managed_proxy_t *proxy); +static void print_method_line(const char *transport, + const managed_proxy_t *proxy, + config_t *cfg); +static void print_method_error_line(const char *protocol, + const managed_proxy_t *proxy, + enum launch_status status); +static const char *get_launch_error_message(enum launch_status status); + +static void print_method_done_line(const managed_proxy_t *proxy); + +static const char *get_env_parsing_error_message(enum env_parsing_status status); + +static void proxy_free(managed_proxy_t *proxy); +static int is_supported_conf_protocol(const char *name); +static void print_protocol_line(const char *format, ...); + +static int validate_environment(managed_proxy_t *proxy); + +const char *supported_conf_protocols[] = { "1" }; +const size_t n_supported_conf_protocols = + sizeof(supported_conf_protocols)/sizeof(supported_conf_protocols[0]); + +/** + This function fires up the managed proxy. + It first reads the environment that tor should have prepared, and then + launches the appropriate listeners. + + Returns 0 if we managed to launch at least one proxy, + returns -1 if something went wrong or we didn't launch any proxies. +*/ +int +launch_managed_proxy(void) +{ + int r=-1; + managed_proxy_t *proxy = xzalloc(sizeof(managed_proxy_t)); + proxy->configs = smartlist_create(); + + obfsproxy_init(); + + if (handle_environment(proxy) < 0) + goto done; + + if (validate_environment(proxy) < 0) + goto done; + + if (conf_proto_version_negotiation(proxy) < 0) + goto done; + + if (launch_listeners(proxy) < 0) + goto done; + + /* Kickstart libevent */ + event_base_dispatch(get_event_base()); + + r=0; + + done: + obfsproxy_cleanup(); + proxy_free(proxy); + + return r; +} + +/** + Make sure that we got *all* the necessary environment variables off tor. +*/ +static inline void +assert_proxy_env(managed_proxy_t *proxy) +{ + obfs_assert(proxy); + + obfs_assert(proxy->vars.state_loc); + obfs_assert(proxy->vars.conf_proto_version); + obfs_assert(proxy->vars.transports); + if (proxy->is_server) { + obfs_assert(proxy->vars.extended_port); + obfs_assert(proxy->vars.or_port); + obfs_assert(proxy->vars.bindaddrs); + } else { + obfs_assert(!proxy->vars.extended_port); + obfs_assert(!proxy->vars.or_port); + obfs_assert(!proxy->vars.bindaddrs); + } +} + +/** + Validates the environment variables that we got off tor. +*/ +static int +validate_environment(managed_proxy_t *proxy) +{ + enum env_parsing_status status; + + assert_proxy_env(proxy); + + if (proxy->is_server) { + if (validate_bindaddrs(proxy->vars.bindaddrs, proxy->vars.transports) < 0) { + status = ST_ENV_FAIL_BINDADDR; + goto err; + } + } + + return 0; + + err: + print_protocol_line("%s %s\n", PROTO_ENV_ERROR, + get_env_parsing_error_message(status)); + + return -1; +} + +/** + Free memory allocated by 'proxy'. +*/ +static void +proxy_free(managed_proxy_t *proxy) +{ + free(proxy->vars.state_loc); + free(proxy->vars.conf_proto_version); + free(proxy->vars.transports); + free(proxy->vars.extended_port); + free(proxy->vars.or_port); + free(proxy->vars.bindaddrs); + + SMARTLIST_FOREACH(proxy->configs, config_t *, cfg, config_free(cfg)); + smartlist_free(proxy->configs); + + free(proxy); +} + +/** + Given a smartlist of listener configs; launch them all and print + method lines as appropriate. Return 0 if at least a listener was + spawned, -1 otherwise. +*/ +static int +open_listeners_managed(const managed_proxy_t *proxy) +{ + int ret=-1; + const char *transport; + + /* Open listeners for each configuration. */ + SMARTLIST_FOREACH_BEGIN(proxy->configs, config_t *, cfg) { + transport = get_transport_name_from_config(cfg); + + if (open_listeners(get_event_base(), cfg)) { + ret=0; /* success! launched at least one listener. */ + print_method_line(transport, proxy, cfg); + } else { /* fail. print a method error line. */ + print_method_error_line(transport, proxy, ST_LAUNCH_FAIL_LSN); + } + } SMARTLIST_FOREACH_END(cfg); + + return ret; +} + +/** + Launch all server listeners that tor wants us to launch. +*/ +static int +launch_server_listeners(const managed_proxy_t *proxy) +{ + int ret=-1; + int i, n_transports; + const char *transport = NULL; + const char *bindaddr_temp = NULL; + const char *bindaddr = NULL; + config_t *cfg = NULL; + + /* list of transports */ + smartlist_t *transports = smartlist_create(); + /* a list of "<transport>-<bindaddr>" strings */ + smartlist_t *bindaddrs = smartlist_create(); + + /* split the comma-separated transports/bindaddrs to their smartlists */ + smartlist_split_string(transports, proxy->vars.transports, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + smartlist_split_string(bindaddrs, proxy->vars.bindaddrs, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + n_transports = smartlist_len(transports); + + /* Iterate transports; match them with their bindaddr; create their + config_t. */ + for (i=0;i<n_transports;i++) { + transport = smartlist_get(transports, i); + bindaddr_temp = smartlist_get(bindaddrs, i); + + obfs_assert(strlen(bindaddr_temp) > strlen(transport)+1); + + bindaddr = bindaddr_temp+strlen(transport)+1; /* +1 for the dash */ + + cfg = config_create_managed(proxy->is_server, + transport, bindaddr, proxy->vars.or_port); + if (cfg) /* if a config was created; put it in the config smartlist */ + smartlist_add(proxy->configs, cfg); + else /* otherwise, spit a method error line */ + print_method_error_line(transport, proxy, ST_LAUNCH_FAIL_SETUP); + } + + /* open listeners */ + ret = open_listeners_managed(proxy); + + SMARTLIST_FOREACH(bindaddrs, char *, cp, free(cp)); + smartlist_free(bindaddrs); + SMARTLIST_FOREACH(transports, char *, cp, free(cp)); + smartlist_free(transports); + + print_method_done_line(proxy); /* print {C,S}METHODS DONE */ + + return ret; +} + +/** + Launch all client listeners that tor wants us to launch. +*/ +static int +launch_client_listeners(const managed_proxy_t *proxy) +{ + int ret=-1; + config_t *cfg = NULL; + + /* list of transports */ + smartlist_t *transports = smartlist_create(); + + smartlist_split_string(transports, proxy->vars.transports, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + SMARTLIST_FOREACH_BEGIN(transports, char *, transport) { + /* clients should find their own listen port */ + cfg = config_create_managed(proxy->is_server, + transport, "127.0.0.1:0", proxy->vars.or_port); + if (cfg) /* if config was created; put it in the config smartlist */ + smartlist_add(proxy->configs, cfg); + else + print_method_error_line(transport, proxy, ST_LAUNCH_FAIL_SETUP); + } SMARTLIST_FOREACH_END(transport); + + /* open listeners */ + ret = open_listeners_managed(proxy); + + SMARTLIST_FOREACH(transports, char *, cp, free(cp)); + smartlist_free(transports); + + print_method_done_line(proxy); /* print {C,S}METHODS DONE */ + + return ret; +} + +/** + Launch all listeners that tor wants us to launch. + Return 0 if at least a listener was launched, -1 otherwise. +*/ +static inline int +launch_listeners(const managed_proxy_t *proxy) +{ + if (proxy->is_server) + return launch_server_listeners(proxy); + else + return launch_client_listeners(proxy); +} + +/** + Given: + * comma-separated list of "<transport>-<bindaddr>" strings in 'all_bindaddrs'. + * comma-separated list of "<transport>" strings in 'all_transports'. + + Return: + * 0, if + - all <transport> strings in 'all_bindaddrs' match with <transport> + strings in 'all_transports' (order matters). + AND + - if all <bindaddr> strings in 'all_bindaddrs' are valid addrports. + * -1, otherwise. +*/ +int +validate_bindaddrs(const char *all_bindaddrs, const char *all_transports) +{ + int ret,i,n_bindaddrs,n_transports; + struct evutil_addrinfo *bindaddr_test; + char *bindaddr = NULL; + char *transport = NULL; + + /* a list of "<proto>-<bindaddr>" strings */ + smartlist_t *bindaddrs = smartlist_create(); + /* a list holding (<proto>, <bindaddr>) for each 'bindaddrs' entry */ + smartlist_t *split_bindaddr = NULL; + /* a list of "<proto>" strings */ + smartlist_t *transports = smartlist_create(); + + smartlist_split_string(bindaddrs, all_bindaddrs, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + smartlist_split_string(transports, all_transports, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + n_bindaddrs = smartlist_len(bindaddrs); + n_transports = smartlist_len(transports); + + if (n_bindaddrs != n_transports) + goto err; + + for (i=0;i<n_bindaddrs;i++) { + bindaddr = smartlist_get(bindaddrs, i); + transport = smartlist_get(transports, i); + + split_bindaddr = smartlist_create(); + smartlist_split_string(split_bindaddr, bindaddr, "-", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + /* (<proto>, <bindaddr>) */ + if (smartlist_len(split_bindaddr) != 2) + goto err; + + /* "all <transport> strings in 'all_bindaddrs' match with <transport> + strings in 'all_transports' (order matters)." */ + if (strcmp(smartlist_get(split_bindaddr,0), transport)) + goto err; + + /* "if all <bindaddr> strings in 'all_bindaddrs' are valid addrports." */ + bindaddr_test = resolve_address_port(smartlist_get(split_bindaddr, 1), + 1, 1, NULL); + if (!bindaddr_test) + goto err; + + evutil_freeaddrinfo(bindaddr_test); + SMARTLIST_FOREACH(split_bindaddr, char *, cp, free(cp)); + smartlist_free(split_bindaddr); + split_bindaddr = NULL; + } + + ret = 0; + goto done; + + err: + ret = -1; + + done: + SMARTLIST_FOREACH(bindaddrs, char *, cp, free(cp)); + smartlist_free(bindaddrs); + SMARTLIST_FOREACH(transports, char *, cp, free(cp)); + smartlist_free(transports); + if (split_bindaddr) { + SMARTLIST_FOREACH(split_bindaddr, char *, cp, free(cp)); + smartlist_free(split_bindaddr); + } + + return ret; +} + +/** + Read the environment variables defined in the + 180-pluggable-transport.txt spec and fill 'proxy' accordingly. + + Return 0 if all necessary environment variables were set properly. + Return -1 otherwise. +*/ +static int +handle_environment(managed_proxy_t *proxy) +{ + char *tmp; + enum env_parsing_status status=ST_ENV_SMOOTH; + + tmp = getenv("TOR_PT_STATE_LOCATION"); + if (!tmp) { + status = ST_ENV_FAIL_STATE_LOC; + goto err; + } + proxy->vars.state_loc = xstrdup(tmp); + + tmp = getenv("TOR_PT_MANAGED_TRANSPORT_VER"); + if (!tmp) { + status = ST_ENV_FAIL_CONF_PROTO_VER; + goto err; + } + proxy->vars.conf_proto_version = xstrdup(tmp); + + tmp = getenv("TOR_PT_CLIENT_TRANSPORTS"); + if (tmp) { + proxy->vars.transports = xstrdup(tmp); + proxy->is_server = 0; + } else { + proxy->is_server = 1; + } + + if (proxy->is_server) { + tmp = getenv("TOR_PT_EXTENDED_SERVER_PORT"); + if (!tmp) { + status = ST_ENV_FAIL_EXTENDED_PORT; + goto err; + } + proxy->vars.extended_port = xstrdup(tmp); + + tmp = getenv("TOR_PT_ORPORT"); + if (!tmp) { + status = ST_ENV_FAIL_ORPORT; + goto err; + } + proxy->vars.or_port = xstrdup(tmp); + + tmp = getenv("TOR_PT_SERVER_BINDADDR"); + if (tmp) { + proxy->vars.bindaddrs = xstrdup(tmp); + } else { + status = ST_ENV_FAIL_BINDADDR; + goto err; + } + + tmp = getenv("TOR_PT_SERVER_TRANSPORTS"); + if (!tmp) { + status = ST_ENV_FAIL_SERVER_TRANSPORTS; + goto err; + } + proxy->vars.transports = xstrdup(tmp); + } + + return 0; + + err: + print_protocol_line("%s %s\n", PROTO_ENV_ERROR, + get_env_parsing_error_message(status)); + + return -1; +} + +/** + Given the name of a protocol we tried to launch in 'protocol' + the managed proxy parameters in 'proxy' and a listener launch + status in 'status', print a line of the form: + CMETHOD-ERROR <methodname> "<errormessage>" + to signify a listener launching failure. +*/ +static inline void +print_method_error_line(const char *protocol, + const managed_proxy_t *proxy, + enum launch_status status) +{ + print_protocol_line("%s %s %s\n", + proxy->is_server ? + PROTO_SMETHOD_ERROR : PROTO_CMETHOD_ERROR, + protocol, + get_launch_error_message(status)); +} + +/** + Print a CMETHOD/SMETHOD line saying that we launched 'transport' + with 'cfg' under 'proxy'. +*/ +static void +print_method_line(const char *transport, const managed_proxy_t *proxy, + config_t *cfg) +{ + struct evconnlistener *listener = get_evconnlistener_by_config(cfg); + obfs_assert(listener); + + struct sockaddr_in saddr; + memset(&saddr,0,sizeof(struct sockaddr_in)); + socklen_t slen = sizeof(saddr); + + obfs_assert(!(getsockname(evconnlistener_get_fd(listener), + (struct sockaddr *)&saddr, &slen) < 0)); + + if (proxy->is_server) { + print_protocol_line("%s %s %s:%hu\n", + PROTO_SMETHOD, + transport, + inet_ntoa(saddr.sin_addr), + ntohs(saddr.sin_port)); + } else { + print_protocol_line("%s %s %s %s:%hu\n", + PROTO_CMETHOD, + transport, + "socks5", + inet_ntoa(saddr.sin_addr), + ntohs(saddr.sin_port)); + + } +} + +/** + Print the '{S,C}METHOD DONE' message. +*/ +static inline void +print_method_done_line(const managed_proxy_t *proxy) +{ + print_protocol_line("%s", proxy->is_server ? + PROTO_SMETHODS_DONE : PROTO_CMETHODS_DONE); +} + +/** + Return true if 'name' matches the name of a supported managed proxy + configuration protocol. +*/ +static inline int +is_supported_conf_protocol(const char *name) { + int f; + for (f=0;f<n_supported_conf_protocols;f++) { + if (!strcmp(name,supported_conf_protocols[f])) + return 1; + } + return 0; +} + +/** + Finish the configuration protocol version negotiation by printing + whether we support any of the suggested configuration protocols in + stdout, according to the 180 spec. + + Return: + * 0: if we actually found and selected a protocol. + * -1: if we couldn't find a common supported protocol or if we + couldn't even parse tor's supported protocol list. + + XXX: in the future we should return the protocol version we + selected. let's keep it simple for now since we have just one + protocol version. +*/ +static int +conf_proto_version_negotiation(const managed_proxy_t *proxy) +{ + int r=-1; + + smartlist_t *versions = smartlist_create(); + smartlist_split_string(versions, proxy->vars.conf_proto_version, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + SMARTLIST_FOREACH_BEGIN(versions, char *, version) { + if (is_supported_conf_protocol(version)) { + print_protocol_line("%s %s\n", PROTO_NEG_SUCCESS, version); + r=0; + goto done; + } + } SMARTLIST_FOREACH_END(version); + + /* we get here if we couldn't find a supported protocol */ + print_protocol_line("%s", PROTO_NEG_FAIL); + + done: + SMARTLIST_FOREACH(versions, char *, cp, free(cp)); + smartlist_free(versions); + + return r; +} + +/** + Return a string containing the error we encountered while parsing + the environment variables, according to 'status'. +*/ +static inline const char * +get_env_parsing_error_message(enum env_parsing_status status) +{ + switch(status) { + case ST_ENV_SMOOTH: return "no error"; + case ST_ENV_FAIL_STATE_LOC: return "failed on TOR_PT_STATE_LOCATION"; + case ST_ENV_FAIL_CONF_PROTO_VER: return "failed on TOR_PT_MANAGED_TRANSPORT_VER"; + case ST_ENV_FAIL_CLIENT_TRANSPORTS: return "failed on TOR_PT_CLIENT_TRANSPORTS"; + case ST_ENV_FAIL_EXTENDED_PORT: return "failed on TOR_PT_EXTENDED_SERVER_PORT"; + case ST_ENV_FAIL_ORPORT: return "failed on TOR_PT_ORPORT"; + case ST_ENV_FAIL_BINDADDR: return "failed on TOR_PT_SERVER_BINDADDR"; + case ST_ENV_FAIL_SERVER_TRANSPORTS: return "failed on TOR_PT_SERVER_TRANSPORTS"; + default: + obfs_assert(0); return "UNKNOWN"; + } +} + +/** + Return a string containing the error we encountered while + launching a listener, according to 'status'. +*/ +static inline const char * +get_launch_error_message(enum launch_status status) +{ + switch (status) { + case ST_LAUNCH_SMOOTH: return "no error"; + case ST_LAUNCH_FAIL_SETUP: return "could not setup protocol"; + case ST_LAUNCH_FAIL_LSN: return "could not launch listener"; + default: + obfs_assert(0); return "UNKNOWN"; + } +} + +/** + This function is used for obfsproxy to communicate with tor. + Practically a wrapper of printf, it prints 'format' and the + fflushes stdout so that the output is always immediately available + to tor. +*/ +static void +print_protocol_line(const char *format, ...) +{ + va_list ap; + va_start(ap,format); + vprintf(format, ap); + fflush(stdout); + va_end(ap); +} diff --git a/src/managed.h b/src/managed.h new file mode 100644 index 0000000..2b14c2b --- /dev/null +++ b/src/managed.h @@ -0,0 +1,16 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +#ifndef MANAGED_H +#define MANAGED_H + +int launch_managed_proxy(); + +#ifdef MANAGED_PRIVATE + +int validate_bindaddrs(const char *all_bindaddrs, const char *all_transports); + +#endif /* MANAGED_PRIVATE */ + +#endif

1 0

[obfsproxy/master] Add managed.c unittests.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit faf66db4d199dd468dc4f7df7614df07c582dc37 Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:36:22 2011 +0200 Add managed.c unittests. --- src/test/unittest.c | 2 + src/test/unittest_managed.c | 64 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 0 deletions(-) diff --git a/src/test/unittest.c b/src/test/unittest.c index 5f2613c..26d5566 100644 --- a/src/test/unittest.c +++ b/src/test/unittest.c @@ -10,6 +10,7 @@ extern struct testcase_t crypt_tests[]; extern struct testcase_t socks_tests[]; extern struct testcase_t dummy_tests[]; extern struct testcase_t obfs2_tests[]; +extern struct testcase_t managed_tests[]; struct testgroup_t groups[] = { { "container/", container_tests }, @@ -17,6 +18,7 @@ struct testgroup_t groups[] = { { "socks/", socks_tests }, { "dummy/", dummy_tests }, { "obfs2/", obfs2_tests }, + { "managed/", managed_tests }, END_OF_GROUPS }; diff --git a/src/test/unittest_managed.c b/src/test/unittest_managed.c new file mode 100644 index 0000000..5346300 --- /dev/null +++ b/src/test/unittest_managed.c @@ -0,0 +1,64 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +#include "util.h" + +#define MANAGED_PRIVATE +#include "managed.h" + +#include "tinytest_macros.h" + +static void +test_managed_bindaddr_validation(void *unused) +{ + struct option_parsing_case { + int result; + int should_succeed; + const char *bindaddrs; + const char *transports; + }; + static struct option_parsing_case cases[] = { + /* correct */ + { 0, 1, "april-127.0.0.1:2,paris-127.0.0.1:3", "april,paris"}, + /* correct */ + { 0, 1, "april-127.0.0.1:2", "april" }, + /* wrong; transport names */ + { 0, 0, "april-127.0.0.1:2,paris-127.0.0.1:3", "april,pari"}, + /* wrong; no port */ + { 0, 0, "april-127.0.0.1:2,paris-127.0.0.1", "april,paris"}, + /* wrong; wrong port */ + { 0, 0, "april-127.0.0.1:2,paris-127.0.0.1:a", "april,paris"}, + /* wrong; wrong address */ + { 0, 0, "april-127.0.0.1:2,paris-address:5555", "april,paris"}, + /* wrong; bad balance */ + { 0, 0, "april-127.0.0.1:2,paris-127.0.01:3", "april"}, + /* wrong; funky bindaddr */ + { 0, 0, "april-127.0.0.1:2-in,paris-127.0.01:3", "april,paris"}, + /* wrong; funky bindaddr */ + { 0, 0, "april,paris-127.0.01:3", "april,paris"}, + + { 0, 0, NULL, NULL } + }; + + /* Suppress logs for the duration of this function. */ + log_set_method(LOG_METHOD_NULL, NULL); + + struct option_parsing_case *c; + for (c = cases; c->bindaddrs; c++) { + c->result = validate_bindaddrs(c->bindaddrs, c->transports); + tt_int_op(c->result, ==, c->should_succeed ? 0 : -1); + } + + end: + /* Unsuspend logging */ + log_set_method(LOG_METHOD_STDERR, NULL); +} + +#define T(name) \ + { #name, test_managed_##name, 0, NULL, NULL } + +struct testcase_t managed_tests[] = { + T(bindaddr_validation), + END_OF_TESTCASES +};

1 0

[obfsproxy/master] You will probably want a Makefile for all this as well.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit d73d374f23c4be5b0ca2fccacfb34f847e2e8566 Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:41:23 2011 +0200 You will probably want a Makefile for all this as well. --- Makefile.am | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index eb35e15..1be20d1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,6 +12,9 @@ noinst_PROGRAMS = unittests libobfsproxy_a_SOURCES = \ src/container.c \ src/crypt.c \ + src/external.c \ + src/main.c \ + src/managed.c \ src/network.c \ src/protocol.c \ src/socks.c \ @@ -22,8 +25,7 @@ if NEED_SHA256 libobfsproxy_a_SOURCES += src/sha256.c endif -obfsproxy_SOURCES = \ - src/main.c +obfsproxy_SOURCES = src/obfs_main.c unittests_SOURCES = \ src/test/tinytest.c \ @@ -32,13 +34,16 @@ unittests_SOURCES = \ src/test/unittest_crypt.c \ src/test/unittest_socks.c \ src/test/unittest_dummy.c \ + src/test/unittest_managed.c \ src/test/unittest_obfs2.c noinst_HEADERS = \ src/container.h \ src/crypt.h \ + src/external.h \ src/ht.h \ src/main.h \ + src/managed.h \ src/network.h \ src/protocol.h \ src/sha256.h \

1 0

[obfsproxy/master] Add some managed proxy stuff in {network, protocol}.[ch].
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit b20922a55c97a82d88b0edd05083d1149522fc92 Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:35:44 2011 +0200 Add some managed proxy stuff in {network,protocol}.[ch]. --- src/network.c | 23 ++++++++++++++++++++--- src/network.h | 9 +++++++++ src/protocol.c | 33 +++++++++++++++++++++++++++++++++ src/protocol.h | 9 +++++++++ 4 files changed, 71 insertions(+), 3 deletions(-) diff --git a/src/network.c b/src/network.c index 62a45b8..0fd5e4d 100644 --- a/src/network.c +++ b/src/network.c @@ -4,6 +4,7 @@ #include "util.h" +#define NETWORK_PRIVATE #include "network.h" #include "container.h" @@ -81,7 +82,6 @@ static void simple_server_listener_cb(conn_t *conn); static void conn_free(conn_t *conn); static void conn_free_on_flush(struct bufferevent *bev, void *arg); -static int circuit_create(conn_t *up, conn_t *down); static void circuit_create_socks(conn_t *up); static int circuit_add_down(circuit_t *circuit, conn_t *down); static void circuit_free(circuit_t *circuit); @@ -97,6 +97,22 @@ static void pending_conn_cb(struct bufferevent *bev, short what, void *arg); static void pending_socks_cb(struct bufferevent *bev, short what, void *arg); /** + Return the evconnlistener that uses 'cfg'. +*/ +struct evconnlistener * +get_evconnlistener_by_config(config_t *cfg) +{ + obfs_assert(listeners); /* ? */ + + SMARTLIST_FOREACH_BEGIN(listeners, listener_t *, l) { + if (l->cfg == cfg) + return l->listener; + } SMARTLIST_FOREACH_END(l); + + return NULL; +} + +/** Puts obfsproxy's networking subsystem on "closing time" mode. This means that we stop accepting new connections and we shutdown when the last connection is closed. @@ -128,7 +144,8 @@ start_shutdown(int barbaric) /** This function opens listening sockets configured according to the - provided 'config_t'. Returns 1 on success, 0 on failure. + provided 'config_t'. + Returns 1 on success, 0 on failure. */ int open_listeners(struct event_base *base, config_t *cfg) @@ -355,7 +372,7 @@ conn_free_on_flush(struct bufferevent *bev, void *arg) conn_free(conn); } -static int +int circuit_create(conn_t *up, conn_t *down) { if (!up || !down) diff --git a/src/network.h b/src/network.h index fa15f48..97e3d8c 100644 --- a/src/network.h +++ b/src/network.h @@ -9,6 +9,8 @@ int open_listeners(struct event_base *base, config_t *cfg); void close_all_listeners(void); +struct evconnlistener *get_evconnlistener_by_config(config_t *cfg); + void start_shutdown(int barbaric); /** @@ -58,4 +60,11 @@ struct circuit_t { unsigned int is_flushing : 1; }; +#ifdef NETWORK_PRIVATE + +int circuit_create(conn_t *up, conn_t *down); + +#endif + + #endif diff --git a/src/protocol.c b/src/protocol.c index 65eacf8..14437e6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -39,6 +39,39 @@ config_create(int n_options, const char *const *options) } /** + Return the transport name for 'cfg'. +*/ +const char * +get_transport_name_from_config(config_t *cfg) +{ + obfs_assert(cfg); + obfs_assert(cfg->vtable); + obfs_assert(cfg->vtable->name); + + return cfg->vtable->name; +} + +/** + Create a config_t for a managed proxy listener. +*/ +config_t * +config_create_managed(int is_server, const char *protocol, + const char *bindaddr, const char *orport) +{ + size_t i; + for (i = 0; i < n_supported_protocols; i++) + if (!strcmp(protocol, supported_protocols[i]->name)) { + /* Remove the first element of 'options' (which is always the + protocol name) from the list passed to the init method. */ + return supported_protocols[i]->config_create_managed(is_server, + protocol, + bindaddr, orport); + } + + return NULL; +} + +/** This function destroys the protocol-specific part of a listener object. */ void diff --git a/src/protocol.h b/src/protocol.h index 989b6db..ede91f1 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,6 +17,8 @@ struct config_t const struct protocol_vtable *vtable; }; +const char *get_transport_name_from_config(config_t *cfg); + /** This struct defines a protocol and its methods; note that not all of them are methods on the same object in the C++ sense. @@ -34,6 +36,9 @@ struct protocol_vtable 'options' array. */ config_t *(*config_create)(int n_options, const char *const *options); + config_t *(*config_create_managed)(int is_server, const char *protocol, + const char *bindaddr, const char *orport); + /** Destroy the provided 'config_t' object. */ void (*config_free)(config_t *cfg); @@ -81,6 +86,7 @@ struct protocol_vtable const protocol_vtable name##_vtable = { \ #name, \ name##_config_create, \ + name##_config_create_managed, \ name##_config_free, \ name##_config_get_listen_addrs, \ name##_config_get_target_addr, \ @@ -90,6 +96,9 @@ struct protocol_vtable } config_t *config_create(int n_options, const char *const *options); +config_t *config_create_managed(int is_server, const char *protocol, + const char *bindaddr, const char *orport); + void config_free(config_t *cfg); struct evutil_addrinfo *config_get_listen_addrs(config_t *cfg, size_t n);

1 0

[obfsproxy/master] Add support for managed proxies to dummy and obfs2.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 80d91a5305f2a3fdf2d9f074867643e874718dde Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:36:16 2011 +0200 Add support for managed proxies to dummy and obfs2. --- src/protocols/dummy.c | 37 +++++++++++++++++++++++++++++++++++++ src/protocols/obfs2.c | 45 +++++++++++++++++++++++++++++++++++++++++++-- src/test/unittest_obfs2.c | 5 +++++ 3 files changed, 85 insertions(+), 2 deletions(-) diff --git a/src/protocols/dummy.c b/src/protocols/dummy.c index 6489f58..27e6340 100644 --- a/src/protocols/dummy.c +++ b/src/protocols/dummy.c @@ -101,6 +101,43 @@ dummy_config_create(int n_options, const char *const *options) return NULL; } +/** + Return a config_t for a managed proxy listener. +*/ +static config_t * +dummy_config_create_managed(int is_server, const char *protocol, + const char *bindaddr, const char *orport) +{ + const char* defport; + + dummy_config_t *cfg = xzalloc(sizeof(dummy_config_t)); + cfg->super.vtable = &dummy_vtable; + + if (is_server) { + defport = "11253"; /* 2bf5 */ + cfg->mode = LSN_SIMPLE_SERVER; + } else { + defport = "23548"; /* 5bf5 */ + cfg->mode = LSN_SOCKS_CLIENT; + } + + cfg->listen_addr = resolve_address_port(bindaddr, 1, 1, defport); + if (!cfg->listen_addr) + goto err; + + if (is_server) { + cfg->target_addr = resolve_address_port(orport, 1, 0, NULL); + if (!cfg->target_addr) + goto err; + } + + return &cfg->super; + + err: + dummy_config_free(&cfg->super); + return NULL; +} + /** Retrieve the 'n'th set of listen addresses for this configuration. */ static struct evutil_addrinfo * dummy_config_get_listen_addrs(config_t *cfg, size_t n) diff --git a/src/protocols/obfs2.c b/src/protocols/obfs2.c index 366bc45..42a1c04 100644 --- a/src/protocols/obfs2.c +++ b/src/protocols/obfs2.c @@ -44,7 +44,11 @@ shared_seed_nonzero(const uchar *seed) return memcmp(seed, SHARED_ZERO_SEED, SHARED_SECRET_LENGTH) != 0; } -/** stupid function returning the other conn of the circuit */ +/** + Stupid temporary function returning the other conn of a circuit. + For example, if 'conn' is the downstream connection on a circuit, + this function returns the upstream connection. +*/ static inline conn_t * get_other_conn(conn_t *conn) { @@ -99,6 +103,43 @@ obfs2_config_create(int n_options, const char *const *options) } /** + Populate a config_t for a managed proxy listener. +*/ +static config_t * +obfs2_config_create_managed(int is_server, const char *protocol, + const char *bindaddr, const char *orport) +{ + const char* defport; + + obfs2_config_t *cfg = xzalloc(sizeof(obfs2_config_t)); + cfg->super.vtable = &obfs2_vtable; + + if (is_server) { + defport = "11253"; /* 2bf5 */ + cfg->mode = LSN_SIMPLE_SERVER; + } else { + defport = "23548"; /* 5bf5 */ + cfg->mode = LSN_SOCKS_CLIENT; + } + + cfg->listen_addr = resolve_address_port(bindaddr, 1, 1, defport); + if (!cfg->listen_addr) + goto err; + + if (is_server) { + cfg->target_addr = resolve_address_port(orport, 1, 0, NULL); + if (!cfg->target_addr) + goto err; + } + + return &cfg->super; + + err: + obfs2_config_free(&cfg->super); + return NULL; +} + +/** Helper: Parses 'options' and fills 'cfg'. */ int @@ -195,7 +236,7 @@ obfs2_config_get_target_addr(config_t *cfg) } /* - This is called everytime we get a connection for the dummy + This is called everytime we get a connection for the obfs2 protocol. */ diff --git a/src/test/unittest_obfs2.c b/src/test/unittest_obfs2.c index 211f6af..6e14b1e 100644 --- a/src/test/unittest_obfs2.c +++ b/src/test/unittest_obfs2.c @@ -7,6 +7,7 @@ #define PROTOCOL_OBFS2_PRIVATE #define CRYPT_PRIVATE +#define NETWORK_PRIVATE #include "protocols/obfs2.h" #include "crypt.h" @@ -192,6 +193,10 @@ test_obfs2_transfer(void *state) int n; struct evbuffer_iovec v[2]; + /* evil trick to bypass get_other_conn() */ + circuit_create(s->conn_client, s->conn_client); + circuit_create(s->conn_server, s->conn_server); + /* Handshake */ tt_int_op(0, <=, proto_handshake(s->conn_client, s->output_buffer)); tt_assert(RECV_GOOD == proto_recv(s->conn_server, s->output_buffer,

1 0

[obfsproxy/master] Create external.[ch] by moving stuff from main.[ch] there.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit eb0ee4e6b47be563234a4765fd6c4946f267de5a Author: George Kadianakis <desnacked(a)gmail.com> Date: Sat Aug 20 06:40:54 2011 +0200 Create external.[ch] by moving stuff from main.[ch] there. --- src/external.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/external.h | 10 +++++++ src/main.c | 75 +++----------------------------------------------- src/main.h | 3 ++ 4 files changed, 100 insertions(+), 70 deletions(-) diff --git a/src/external.c b/src/external.c new file mode 100644 index 0000000..35b1315 --- /dev/null +++ b/src/external.c @@ -0,0 +1,82 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +#include "util.h" + +#include "container.h" +#include "crypt.h" +#include "network.h" +#include "protocol.h" +#include "managed.h" +#include "main.h" + +#include <event2/event.h> + +/** + Launch external proxy. +*/ +int +launch_external_proxy(const char *const *begin) +{ + smartlist_t *configs = smartlist_create(); + const char *const *end; + + + /* Find the subsets of argv that define each configuration. + Each configuration's subset consists of the entries in argv from + its recognized protocol name, up to but not including the next + recognized protocol name. */ + if (!*begin || !is_supported_protocol(*begin)) + usage(); + + do { + end = begin+1; + while (*end && !is_supported_protocol(*end)) + end++; + if (log_do_debug()) { + smartlist_t *s = smartlist_create(); + char *joined; + const char *const *p; + for (p = begin; p < end; p++) + smartlist_add(s, (void *)*p); + joined = smartlist_join_strings(s, " ", 0, NULL); + log_debug("Configuration %d: %s", smartlist_len(configs)+1, joined); + free(joined); + smartlist_free(s); + } + if (end == begin+1) { + log_warn("No arguments for configuration %d", smartlist_len(configs)+1); + usage(); + } else { + config_t *cfg = config_create(end - begin, begin); + if (!cfg) + return 2; /* diagnostic already issued */ + smartlist_add(configs, cfg); + } + begin = end; + } while (*begin); + obfs_assert(smartlist_len(configs) > 0); + + /* Configurations have been established; proceed with initialization. */ + obfsproxy_init(); + + /* Open listeners for each configuration. */ + SMARTLIST_FOREACH(configs, config_t *, cfg, { + if (!open_listeners(get_event_base(), cfg)) { + log_error("Failed to open listeners for configuration %d", cfg_sl_idx+1); + return 1; + } + }); + + /* We are go for launch. */ + event_base_dispatch(get_event_base()); + + /* Cleanup and exit! */ + obfsproxy_cleanup(); + + SMARTLIST_FOREACH(configs, config_t *, cfg, config_free(cfg)); + smartlist_free(configs); + + return 0; +} diff --git a/src/external.h b/src/external.h new file mode 100644 index 0000000..6bfcb46 --- /dev/null +++ b/src/external.h @@ -0,0 +1,10 @@ +/* Copyright 2011 Nick Mathewson, George Kadianakis + See LICENSE for other credits and copying information +*/ + +#ifndef EXTERNAL_H +#define EXTERNAL_H + +int launch_external_proxy(const char *const *begin); + +#endif diff --git a/src/main.c b/src/main.c index abf5e94..8e76d9c 100644 --- a/src/main.c +++ b/src/main.c @@ -8,7 +8,9 @@ #include "crypt.h" #include "network.h" #include "protocol.h" + #include "managed.h" +#include "external.h" #include <errno.h> #include <signal.h> @@ -27,7 +29,7 @@ static int is_external_proxy=1; /** Prints the obfsproxy usage instructions then exits. */ -static void ATTR_NORETURN +void ATTR_NORETURN usage(void) { int i; @@ -99,7 +101,7 @@ finish_shutdown(void) } /** Return 1 if 'name' is the name of a supported protocol, otherwise 0. */ -static int +int is_supported_protocol(const char *name) { int i; @@ -240,73 +242,6 @@ obfsproxy_cleanup() close_obfsproxy_logfile(); } -/** - Launch external proxy. -*/ -static int -launch_external(const char *const *begin) -{ - smartlist_t *configs = smartlist_create(); - const char *const *end; - - - /* Find the subsets of argv that define each configuration. - Each configuration's subset consists of the entries in argv from - its recognized protocol name, up to but not including the next - recognized protocol name. */ - if (!*begin || !is_supported_protocol(*begin)) - usage(); - - do { - end = begin+1; - while (*end && !is_supported_protocol(*end)) - end++; - if (log_do_debug()) { - smartlist_t *s = smartlist_create(); - char *joined; - const char *const *p; - for (p = begin; p < end; p++) - smartlist_add(s, (void *)*p); - joined = smartlist_join_strings(s, " ", 0, NULL); - log_debug("Configuration %d: %s", smartlist_len(configs)+1, joined); - free(joined); - smartlist_free(s); - } - if (end == begin+1) { - log_warn("No arguments for configuration %d", smartlist_len(configs)+1); - usage(); - } else { - config_t *cfg = config_create(end - begin, begin); - if (!cfg) - return 2; /* diagnostic already issued */ - smartlist_add(configs, cfg); - } - begin = end; - } while (*begin); - obfs_assert(smartlist_len(configs) > 0); - - /* Configurations have been established; proceed with initialization. */ - obfsproxy_init(); - - /* Open listeners for each configuration. */ - SMARTLIST_FOREACH(configs, config_t *, cfg, { - if (!open_listeners(the_event_base, cfg)) { - log_error("Failed to open listeners for configuration %d", cfg_sl_idx+1); - return 1; - } - }); - - /* We are go for launch. */ - event_base_dispatch(the_event_base); - - /* Cleanup and exit! */ - obfsproxy_cleanup(); - - SMARTLIST_FOREACH(configs, config_t *, cfg, config_free(cfg)); - smartlist_free(configs); - - return 0; -} /** Entry point */ int @@ -318,7 +253,7 @@ obfs_main(int argc, const char *const *argv) begin = argv + handle_obfsproxy_args(argv); if (is_external_proxy) { - if (launch_external(begin)) + if (launch_external_proxy(begin)) return 0; } else { if (launch_managed_proxy() < 0) diff --git a/src/main.h b/src/main.h index b323b59..538cfdd 100644 --- a/src/main.h +++ b/src/main.h @@ -12,6 +12,9 @@ void finish_shutdown(void); void obfsproxy_init(); void obfsproxy_cleanup(); +int is_supported_protocol(const char *name); +void ATTR_NORETURN usage(void); + struct event_base *get_event_base(void); #endif

1 0

[obfsproxy/master] Fix obfsproxy's return codes.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 4c86afb3968eea417ed4c290445f732d3a228642 Author: George Kadianakis <desnacked(a)gmail.com> Date: Mon Aug 22 00:07:56 2011 +0200 Fix obfsproxy's return codes. --- src/external.c | 3 +-- src/main.c | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/external.c b/src/external.c index 35b1315..e05deca 100644 --- a/src/external.c +++ b/src/external.c @@ -51,7 +51,7 @@ launch_external_proxy(const char *const *begin) } else { config_t *cfg = config_create(end - begin, begin); if (!cfg) - return 2; /* diagnostic already issued */ + return -1; /* diagnostic already issued */ smartlist_add(configs, cfg); } begin = end; @@ -65,7 +65,6 @@ launch_external_proxy(const char *const *begin) SMARTLIST_FOREACH(configs, config_t *, cfg, { if (!open_listeners(get_event_base(), cfg)) { log_error("Failed to open listeners for configuration %d", cfg_sl_idx+1); - return 1; } }); diff --git a/src/main.c b/src/main.c index 8e76d9c..c7515a2 100644 --- a/src/main.c +++ b/src/main.c @@ -253,11 +253,11 @@ obfs_main(int argc, const char *const *argv) begin = argv + handle_obfsproxy_args(argv); if (is_external_proxy) { - if (launch_external_proxy(begin)) - return 0; + if (launch_external_proxy(begin) < 0) + return 1; } else { if (launch_managed_proxy() < 0) - return 0; + return 1; } return 0;

1 0