December 2012 - tor-commits - lists.torproject.org

[ooni-probe/master] Catch socket.gaierror
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 47891d7bdfda807d02cf7b982fa92aa4a888edaa Author: aagbsn <aagbsn(a)extc.org> Date: Fri Dec 7 03:31:59 2012 +0000 Catch socket.gaierror Import SOCKSError, ResponseNeverReceived Add error logging for unknown failure types Log entire failure instance Try to catch more details about errors --- ooni/nettest.py | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/ooni/nettest.py b/ooni/nettest.py index 22a35c9..fcc945a 100644 --- a/ooni/nettest.py +++ b/ooni/nettest.py @@ -8,8 +8,13 @@ from twisted.internet import defer, utils from twisted.python import usage from twisted.internet.error import ConnectionRefusedError, DNSLookupError, TCPTimedOutError +from twisted.internet.defer import TimeoutError +from twisted.web._newclient import ResponseNeverReceived from ooni.utils import log +from ooni.utils.txagentwithsocks import SOCKSError + +from socket import gaierror def failureToString(failure): """ @@ -24,10 +29,15 @@ def failureToString(failure): A string representing the HTTP response error message. """ + string = None if isinstance(failure.value, ConnectionRefusedError): log.err("Connection refused. The backend may be down") string = 'connection_refused_error' + elif isinstance(failure.value, gaierror): + log.err("Address family for hostname not supported") + string = 'address_family_not_supported_error' + elif isinstance(failure.value, SOCKSError): log.err("Sock error. The SOCKS proxy may be down") string = 'socks_error' @@ -43,6 +53,13 @@ def failureToString(failure): elif isinstance(failure.value, ResponseNeverReceived): log.err("Response Never Received") string = 'response_never_received' + + elif isinstance(failure.value, TimeoutError): + log.err("Deferred Timed Out Error") + string = 'deferred_timed_out_error' + + else: + log.err("Unknown failure type: %s" % type(failure)) return string class NoPostProcessor(Exception):

1 0

[ooni-probe/master] Refactor reporting and trap gaierror, TimeoutError
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 57a7123de2fa15bdd700468cab8416d710d8fd56 Author: aagbsn <aagbsn(a)extc.org> Date: Fri Dec 7 03:32:23 2012 +0000 Refactor reporting and trap gaierror, TimeoutError --- ooni/templates/dnst.py | 57 +++++++++++++++++++++++------------------------ 1 files changed, 28 insertions(+), 29 deletions(-) diff --git a/ooni/templates/dnst.py b/ooni/templates/dnst.py index 01678cb..ece1ff4 100644 --- a/ooni/templates/dnst.py +++ b/ooni/templates/dnst.py @@ -4,13 +4,15 @@ # :licence: see LICENSE from twisted.internet import defer +from twisted.internet.defer import TimeoutError from twisted.names import client, dns from twisted.names.client import Resolver from twisted.names.error import DNSQueryRefusedError from ooni.utils import log -from ooni.nettest import NetTestCase +from ooni.nettest import NetTestCase, failureToString +from socket import gaierror class DNSTest(NetTestCase): name = "Base DNS Test" @@ -39,23 +41,14 @@ class DNSTest(NetTestCase): for answer in message.answers: if answer.type is 12: name = answer.payload.name - - result = {} - result['resolver'] = dns_server - result['query_type'] = 'PTR' - result['query'] = repr(query) - result['answers'] = answers - result['name'] = name - self.report['queries'].append(result) + self.addToReport(query, resolver=dns_server, + query_type = 'PTR', answers=answers, name=name) return name def gotError(failure): - log.exception(failure) - result = {} - result['resolver'] = dns_server - result['query_type'] = 'PTR' - result['query'] = repr(query) - result['error'] = str(failure) + failure.trap(gaierror, TimeoutError) + self.addToReport(query, resolver=dns_server, + query_type = 'PTR', failure=failure) return None resolver = Resolver(servers=[dns_server]) @@ -86,23 +79,15 @@ class DNSTest(NetTestCase): # tuple r = (repr(answer), repr(answer.payload)) answers.append(r) - result = {} - result['resolver'] = dns_server - result['query_type'] = 'A' - result['query'] = repr(query) - result['answers'] = answers - result['addrs'] = addrs - self.report['queries'].append(result) + self.addToReport(query, resolver=dns_server, query_type='A', + answers=answers, addrs=addrs) return addrs def gotError(failure): - log.exception(failure) - result = {} - result['resolver'] = dns_server - result['query_type'] = 'A' - result['query'] = repr(query) - result['error'] = str(failure) - return None + failure.trap(gaierror, TimeoutError) + self.addToReport(query, resolver=dns_server, query_type='A', + failure=failure) + return failure resolver = Resolver(servers=[dns_server]) d = resolver.queryUDP(query, timeout=self.queryTimeout) @@ -110,3 +95,17 @@ class DNSTest(NetTestCase): d.addErrback(gotError) return d + def addToReport(self, query, resolver=None, query_type=None, + answers=None, name=None, addrs=None, failure=None): + log.debug("Adding %s to report)" % query) + result = {} + result['resolver'] = resolver + result['query_type'] = query_type + result['query'] = repr(query) + if failure: + result['failure'] = failureToString(failure) + if answers: + result['answers'] = answers + if name: result['name'] = name + if addrs: result['addrs'] = addrs + self.report['queries'].append(result)

1 0

[stem/master] Reducing ExitPolicyRule's memory requirements
by atagar＠torproject.org 07 Dec '12

07 Dec '12

commit 45403096a550186cfbecc035cd54c125e3b0237c Author: Damian Johnson <atagar(a)torproject.org> Date: Thu Dec 6 22:44:17 2012 -0800 Reducing ExitPolicyRule's memory requirements Frequently there's several ExitPolicyRule entries per an exit policy, so when we pull the consensus we get quite a few instances of this class. Making the following changes to reduce the memory requirements... * Dropping the rule attribute. The string representation of the rule should be good enough, if not better for callers. * Replacing the address_type attribute with a method for getting it. This lets us store the address type as an integer within our class. * Replacing the mask attribute with a method for getting it. The ip mask representation is very rarely useful, so there's little reason to store it unless it's requested. * Lazily loading the integer reprentation of our address and mask, both speeding up our constructor and avoiding it entirely if our caller never uses is_match() This lowers the memory requirement for loading the full consensus on my netbook from 5.5% to 5.1% (a 7% drop). This is a drop in the bucket compared to the prior commit, but between the faster constructor runtime and squeezing out a little more performance it's still worth it. --- stem/exit_policy.py | 156 +++++++++++++++++++++++++++----------- stem/util/connection.py | 4 + test/unit/exit_policy/policy.py | 9 +-- test/unit/exit_policy/rule.py | 14 ++-- 4 files changed, 124 insertions(+), 59 deletions(-) diff --git a/stem/exit_policy.py b/stem/exit_policy.py index a6ae028..f9f0eb8 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -33,7 +33,9 @@ exiting to a destination is permissible or not. For instance... ExitPolicyRule - Single rule of an exit policy chain |- is_address_wildcard - checks if we'll accept any address |- is_port_wildcard - checks if we'll accept any port + |- get_address_type - provides the protocol our ip address belongs to |- is_match - checks if we match a given destination + |- get_mask - provides the address representation of our mask +- __str__ - string representation for this rule .. data:: AddressType (enum) @@ -309,6 +311,7 @@ class MicrodescriptorExitPolicy(ExitPolicy): raise ValueError(exc_msg) super(MicrodescriptorExitPolicy, self).__init__(*rules) + self.set_default_allowed(not self.is_accept) def __str__(self): return self._policy @@ -334,12 +337,9 @@ class ExitPolicyRule(object): This should be treated as an immutable object. - :var str rule: rule that we were originally created from :var bool is_accept: indicates if exiting is allowed or disallowed - :var stem.exit_policy.AddressType address_type: type of address that we have :var str address: address that this rule is for - :var str mask: subnet mask for the address (ex. "255.255.255.0") :var int masked_bits: number of bits the subnet mask represents, **None** if the mask can't have a bit representation @@ -352,8 +352,6 @@ class ExitPolicyRule(object): """ def __init__(self, rule): - self.rule = rule - # policy ::= "accept" exitpattern | "reject" exitpattern # exitpattern ::= addrspec ":" portspec @@ -375,24 +373,27 @@ class ExitPolicyRule(object): raise ValueError("An exitpattern must be of the form 'addrspec:portspec': %s" % rule) self.address = None - self.address_type = None - self.mask = self.masked_bits = None + self._address_type = None + self.masked_bits = None self.min_port = self.max_port = None + # Our mask in ip notation (ex. "255.255.255.0"). This is only set if we + # either have a custom mask that can't be represented by a number of bits, + # or the user has called mask(), lazily loading this. + + self._mask = None + addrspec, portspec = exitpattern.rsplit(":", 1) - self._apply_addrspec(addrspec) - self._apply_portspec(portspec) + self._apply_addrspec(rule, addrspec) + self._apply_portspec(rule, portspec) - # Pre-calculating the integer representation of our mask and masked - # address. These are used by our is_match() method to compare ourselves to + # The integer representation of our mask and masked address. These are + # lazily loaded and used by our is_match() method to compare ourselves to # other addresses. - if self.is_address_wildcard(): - # is_match() will short circuit so these are unused - self._mask_bin = self._addr_bin = None - else: - self._mask_bin = int(stem.util.connection.get_address_binary(self.mask), 2) - self._addr_bin = int(stem.util.connection.get_address_binary(self.address), 2) & self._mask_bin + self._mask_bin = self._addr_bin = None + + # Lazily loaded string representation of our policy. self._str_representation = None @@ -406,7 +407,7 @@ class ExitPolicyRule(object): :returns: **bool** for if our address matching is a wildcard """ - return self.address_type == AddressType.WILDCARD + return self._address_type == _address_type_to_int(AddressType.WILDCARD) def is_port_wildcard(self): """ @@ -432,10 +433,12 @@ class ExitPolicyRule(object): # validate our input and check if the argument doesn't match our address type if address is not None: + address_type = self.get_address_type() + if stem.util.connection.is_valid_ip_address(address): - if self.address_type == AddressType.IPv6: return False + if address_type == AddressType.IPv6: return False elif stem.util.connection.is_valid_ipv6_address(address, allow_brackets = True): - if self.address_type == AddressType.IPv4: return False + if address_type == AddressType.IPv4: return False address = address.lstrip("[").rstrip("]") else: @@ -453,8 +456,8 @@ class ExitPolicyRule(object): return False else: comparison_addr_bin = int(stem.util.connection.get_address_binary(address), 2) - comparison_addr_bin &= self._mask_bin - if self._addr_bin != comparison_addr_bin: return False + comparison_addr_bin &= self._get_mask_bin() + if self._get_address_bin() != comparison_addr_bin: return False if not self.is_port_wildcard(): if port is None: @@ -464,6 +467,43 @@ class ExitPolicyRule(object): return True + def get_address_type(self): + """ + Provides the :data:`~stem.exit_policy.AddressType: for our policy. + + :returns: :data:`~stem.exit_policy.AddressType: for the type of address that we have + """ + + return _int_to_address_type(self._address_type) + + def get_mask(self, cache = True): + """ + Provides the address represented by our mask. This is **None** if our + address type is a wildcard. + + :param bool cache: caches the result if **True** + + :returns: str of our subnet mask for the address (ex. "255.255.255.0") + """ + + # Lazy loading our mask because it very infrequently requested. There's + # no reason to usually usse memory for it. + + address_type = self.get_address_type() + + if not self._mask: + if address_type == AddressType.WILDCARD: + mask = None + elif address_type == AddressType.IPv4: + mask = stem.util.connection.get_mask(self.masked_bits) + elif address_type == AddressType.IPv6: + mask = stem.util.connection.get_mask_ipv6(self.masked_bits) + + if not cache: return mask + self._mask = mask + + return self._mask + def __str__(self): """ Provides the string representation of our policy. This does not @@ -479,7 +519,9 @@ class ExitPolicyRule(object): if self.is_address_wildcard(): label += "*:" else: - if self.address_type == AddressType.IPv4: + address_type = self.get_address_type() + + if address_type == AddressType.IPv4: label += self.address else: label += "[%s]" % self.address @@ -489,12 +531,13 @@ class ExitPolicyRule(object): # - use our masked bit count if we can # - use the mask itself otherwise - if self.mask in (stem.util.connection.FULL_IPv4_MASK, stem.util.connection.FULL_IPv6_MASK): + if (address_type == AddressType.IPv4 and self.masked_bits == 32) or \ + (address_type == AddressType.IPv6 and self.masked_bits == 128): label += ":" - elif not self.masked_bits is None: + elif self.masked_bits is not None: label += "/%i:" % self.masked_bits else: - label += "/%s:" % self.mask + label += "/%s:" % self.get_mask() if self.is_port_wildcard(): label += "*" @@ -507,7 +550,23 @@ class ExitPolicyRule(object): return self._str_representation - def _apply_addrspec(self, addrspec): + def _get_mask_bin(self): + # provides an integer representation of our mask + + if self._mask_bin is None: + self._mask_bin = int(stem.util.connection.get_address_binary(self.get_mask(False)), 2) + + return self._mask_bin + + def _get_address_bin(self): + # provides an integer representation of our address + + if self._addr_bin is None: + self._addr_bin = int(stem.util.connection.get_address_binary(self.address), 2) & self._mask_bin + + return self._addr_bin + + def _apply_addrspec(self, rule, addrspec): # Parses the addrspec... # addrspec ::= "*" | ip4spec | ip6spec @@ -517,34 +576,34 @@ class ExitPolicyRule(object): self.address, addr_extra = addrspec, None if addrspec == "*": - self.address_type = AddressType.WILDCARD - self.address = self.mask = self.masked_bits = None + self._address_type = _address_type_to_int(AddressType.WILDCARD) + self.address = self.masked_bits = None elif stem.util.connection.is_valid_ip_address(self.address): # ipv4spec ::= ip4 | ip4 "/" num_ip4_bits | ip4 "/" ip4mask # ip4 ::= an IPv4 address in dotted-quad format # ip4mask ::= an IPv4 mask in dotted-quad format # num_ip4_bits ::= an integer between 0 and 32 - self.address_type = AddressType.IPv4 + self._address_type = _address_type_to_int(AddressType.IPv4) if addr_extra is None: - self.mask = stem.util.connection.FULL_IPv4_MASK self.masked_bits = 32 elif stem.util.connection.is_valid_ip_address(addr_extra): # provided with an ip4mask - self.mask = addr_extra - try: self.masked_bits = stem.util.connection.get_masked_bits(addr_extra) except ValueError: # mask can't be represented as a number of bits (ex. "255.255.0.255") + self._mask = addr_extra self.masked_bits = None elif addr_extra.isdigit(): # provided with a num_ip4_bits - self.mask = stem.util.connection.get_mask(int(addr_extra)) self.masked_bits = int(addr_extra) + + if self.masked_bits < 0 or self.masked_bits > 32: + raise ValueError("IPv4 masks must be in the range of 0-32 bits") else: - raise ValueError("The '%s' isn't a mask nor number of bits: %s" % (addr_extra, self.rule)) + raise ValueError("The '%s' isn't a mask nor number of bits: %s" % (addr_extra, rule)) elif self.address.startswith("[") and self.address.endswith("]") and \ stem.util.connection.is_valid_ipv6_address(self.address[1:-1]): # ip6spec ::= ip6 | ip6 "/" num_ip6_bits @@ -552,21 +611,22 @@ class ExitPolicyRule(object): # num_ip6_bits ::= an integer between 0 and 128 self.address = stem.util.connection.expand_ipv6_address(self.address[1:-1].upper()) - self.address_type = AddressType.IPv6 + self._address_type = _address_type_to_int(AddressType.IPv6) if addr_extra is None: - self.mask = stem.util.connection.FULL_IPv6_MASK self.masked_bits = 128 elif addr_extra.isdigit(): # provided with a num_ip6_bits - self.mask = stem.util.connection.get_mask_ipv6(int(addr_extra)) self.masked_bits = int(addr_extra) + + if self.masked_bits < 0 or self.masked_bits > 128: + raise ValueError("IPv6 masks must be in the range of 0-128 bits") else: - raise ValueError("The '%s' isn't a number of bits: %s" % (addr_extra, self.rule)) + raise ValueError("The '%s' isn't a number of bits: %s" % (addr_extra, rule)) else: - raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % self.rule) + raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % rule) - def _apply_portspec(self, portspec): + def _apply_portspec(self, rule, portspec): # Parses the portspec... # portspec ::= "*" | port | port "-" port # port ::= an integer between 1 and 65535, inclusive. @@ -581,7 +641,7 @@ class ExitPolicyRule(object): if stem.util.connection.is_valid_port(portspec, allow_zero = True): self.min_port = self.max_port = int(portspec) else: - raise ValueError("'%s' isn't within a valid port range: %s" % (portspec, self.rule)) + raise ValueError("'%s' isn't within a valid port range: %s" % (portspec, rule)) elif "-" in portspec: # provided with a port range port_comp = portspec.split("-", 1) @@ -591,11 +651,11 @@ class ExitPolicyRule(object): self.max_port = int(port_comp[1]) if self.min_port > self.max_port: - raise ValueError("Port range has a lower bound that's greater than its upper bound: %s" % self.rule) + raise ValueError("Port range has a lower bound that's greater than its upper bound: %s" % rule) else: - raise ValueError("Malformed port range: %s" % self.rule) + raise ValueError("Malformed port range: %s" % rule) else: - raise ValueError("Port value isn't a wildcard, integer, or range: %s" % self.rule) + raise ValueError("Port value isn't a wildcard, integer, or range: %s" % rule) def __eq__(self, other): if isinstance(other, ExitPolicyRule): @@ -608,3 +668,9 @@ class ExitPolicyRule(object): else: return False +def _address_type_to_int(address_type): + return AddressType.index_of(address_type) + +def _int_to_address_type(address_type_int): + return AddressType[AddressType.keys()[address_type_int]] + diff --git a/stem/util/connection.py b/stem/util/connection.py index a21cde8..0417c87 100644 --- a/stem/util/connection.py +++ b/stem/util/connection.py @@ -165,6 +165,8 @@ def get_mask(bits): if bits > 32 or bits < 0: raise ValueError("A mask can only be 0-32 bits, got %i" % bits) + elif bits == 32: + return FULL_IPv4_MASK # get the binary representation of the mask mask_bin = get_binary(2 ** bits - 1, 32)[::-1] @@ -213,6 +215,8 @@ def get_mask_ipv6(bits): if bits > 128 or bits < 0: raise ValueError("A mask can only be 0-128 bits, got %i" % bits) + elif bits == 128: + return FULL_IPv6_MASK # get the binary representation of the mask mask_bin = get_binary(2 ** bits - 1, 128)[::-1] diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py index 0714ef9..67fbf68 100644 --- a/test/unit/exit_policy/policy.py +++ b/test/unit/exit_policy/policy.py @@ -154,22 +154,19 @@ class TestExitPolicy(unittest.TestCase): if expect_success: self.fail() def test_microdescriptor_attributes(self): - # checks that its is_accept and ports attributes are properly set + # checks that its is_accept attribute is properly set # single port policy = MicrodescriptorExitPolicy('accept 443') self.assertTrue(policy.is_accept) - self.assertEquals(set([443]), policy.ports) # multiple ports policy = MicrodescriptorExitPolicy('accept 80,443') self.assertTrue(policy.is_accept) - self.assertEquals(set([80, 443]), policy.ports) # port range policy = MicrodescriptorExitPolicy('reject 1-1024') self.assertFalse(policy.is_accept) - self.assertEquals(set(range(1, 1025)), policy.ports) def test_microdescriptor_can_exit_to(self): test_inputs = { @@ -188,6 +185,6 @@ class TestExitPolicy(unittest.TestCase): # address argument should be ignored policy = MicrodescriptorExitPolicy('accept 80,443') - self.assertFalse(policy.can_exit_to('blah', 79)) - self.assertTrue(policy.can_exit_to('blah', 80)) + self.assertFalse(policy.can_exit_to('127.0.0.1', 79)) + self.assertTrue(policy.can_exit_to('127.0.0.1', 80)) diff --git a/test/unit/exit_policy/rule.py b/test/unit/exit_policy/rule.py index 55e0c76..994b899 100644 --- a/test/unit/exit_policy/rule.py +++ b/test/unit/exit_policy/rule.py @@ -46,7 +46,6 @@ class TestExitPolicyRule(unittest.TestCase): for rule_arg in test_inputs: rule = ExitPolicyRule(rule_arg) - self.assertEquals(rule_arg, rule.rule) self.assertEquals(rule_arg, str(rule)) def test_str_changed(self): @@ -60,7 +59,6 @@ class TestExitPolicyRule(unittest.TestCase): for rule_arg, expected_str in test_inputs.items(): rule = ExitPolicyRule(rule_arg) - self.assertEquals(rule_arg, rule.rule) self.assertEquals(expected_str, str(rule)) def test_valid_wildcard(self): @@ -103,9 +101,9 @@ class TestExitPolicyRule(unittest.TestCase): def test_wildcard_attributes(self): rule = ExitPolicyRule("reject *:*") - self.assertEquals(AddressType.WILDCARD, rule.address_type) + self.assertEquals(AddressType.WILDCARD, rule.get_address_type()) self.assertEquals(None, rule.address) - self.assertEquals(None, rule.mask) + self.assertEquals(None, rule.get_mask()) self.assertEquals(None, rule.masked_bits) self.assertEquals(1, rule.min_port) self.assertEquals(65535, rule.max_port) @@ -122,9 +120,9 @@ class TestExitPolicyRule(unittest.TestCase): address, mask, masked_bits = attr rule = ExitPolicyRule("accept %s:*" % rule_addr) - self.assertEquals(AddressType.IPv4, rule.address_type) + self.assertEquals(AddressType.IPv4, rule.get_address_type()) self.assertEquals(address, rule.address) - self.assertEquals(mask, rule.mask) + self.assertEquals(mask, rule.get_mask()) self.assertEquals(masked_bits, rule.masked_bits) def test_invalid_ipv4_addresses(self): @@ -161,9 +159,9 @@ class TestExitPolicyRule(unittest.TestCase): address, mask, masked_bits = attr rule = ExitPolicyRule("accept %s:*" % rule_addr) - self.assertEquals(AddressType.IPv6, rule.address_type) + self.assertEquals(AddressType.IPv6, rule.get_address_type()) self.assertEquals(address, rule.address) - self.assertEquals(mask, rule.mask) + self.assertEquals(mask, rule.get_mask()) self.assertEquals(masked_bits, rule.masked_bits) def test_invalid_ipv6_addresses(self):

1 0

[stem/master] Vastly lowering memory usage for exit policies
by atagar＠torproject.org 07 Dec '12

07 Dec '12

commit bbd702c81e1923bfbab236d0d3649fd2f87b3d95 Author: Damian Johnson <atagar(a)torproject.org> Date: Thu Dec 6 22:05:07 2012 -0800 Vastly lowering memory usage for exit policies A pox upon good indentions. When dealing with microdescriptor exit policies I enumerated all ports involved, the goal being to provide constant time is_match() lookups. We certainly did that, but there's quite a few valid ports and enumerating them for all relays has consistantly cost so much memory on my system that it triggers the OOM killer. Dropping the port set optimization. Memory usage trumps is_match() performance. Reading the full consensus into memory now takes 5.5% of the memory on my netbook, verses before where it would locked me up. --- stem/exit_policy.py | 12 ------------ 1 files changed, 0 insertions(+), 12 deletions(-) diff --git a/stem/exit_policy.py b/stem/exit_policy.py index ce56551..a6ae028 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -264,7 +264,6 @@ class MicrodescriptorExitPolicy(ExitPolicy): BEGIN request, and might get end-reason-exit-policy if they guessed wrong, in which case they'll have to try elsewhere. - :var set ports: ports that this policy includes :var bool is_accept: **True** if these are ports that we accept, **False** if they're ports that we reject @@ -279,7 +278,6 @@ class MicrodescriptorExitPolicy(ExitPolicy): # PortList ::= PortList "," PortOrRange # PortOrRange ::= INT "-" INT / INT - self.ports = set() self._policy = policy if policy.startswith("accept"): @@ -305,7 +303,6 @@ class MicrodescriptorExitPolicy(ExitPolicy): try: rule = ExitPolicyRule(rule_str) - self.ports.update(range(rule.min_port, rule.max_port + 1)) rules.append(rule) except ValueError, exc: exc_msg = "Policy '%s' is malformed. %s" % (self._policy, str(exc).replace(rule_str, port_entry)) @@ -313,15 +310,6 @@ class MicrodescriptorExitPolicy(ExitPolicy): super(MicrodescriptorExitPolicy, self).__init__(*rules) - def can_exit_to(self, address = None, port = None): - # we can greatly simplify our check since our policies don't concern - # addresses or masks - - if port in self.ports: - return self.is_accept - else: - return not self.is_accept - def __str__(self): return self._policy

1 0

[ooni-probe/master] This fixes a broken commit and fixes scripts/before_i_commit.sh
by ioerror＠torproject.org 07 Dec '12

07 Dec '12

commit 47c345d0274f34ec28d318603f6f39b6cb081106 Author: Jacob Appelbaum <jacob(a)appelbaum.net> Date: Fri Dec 7 11:49:23 2012 +0630 This fixes a broken commit and fixes scripts/before_i_commit.sh Normally, I would not put two fixes into one commit - however, git master was broken. The fix in txscapy.py fixes it such that I can run tests at all. The fix in scripts/before_i_commit.sh allows me to actually run the thing. It now depends on bash and as a result, it works properly. If we actually want this this to run on an older unix machine, such a user can fix it to work with a /bin/sh that isn't based on bash or later implementations. The previous version of scripts/before_i_commit.sh erased all .yamloo files and as a result, erased a lot of import data. If we run tests, we should not ever erase the data automatically. --- ooni/utils/txscapy.py | 2 +- scripts/before_i_commit.sh | 21 +++++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ooni/utils/txscapy.py b/ooni/utils/txscapy.py index fc021f1..62bde94 100644 --- a/ooni/utils/txscapy.py +++ b/ooni/utils/txscapy.py @@ -22,6 +22,7 @@ try: from scapy.arch import pcapdnet config.pcap_dnet = True + from scapy.all import Gen, SetGen, MTU except ImportError, e: log.err("pypcap or dnet not installed. " @@ -86,7 +87,6 @@ class ScapyFactory(abstract.FileDescriptor): https://github.com/enki/muXTCP/blob/master/scapyLink.py """ def __init__(self, interface, super_socket=None, timeout=5): - from scapy.all import Gen, SetGen, MTU abstract.FileDescriptor.__init__(self, reactor) if interface == 'auto': diff --git a/scripts/before_i_commit.sh b/scripts/before_i_commit.sh index 69975ff..918b137 100755 --- a/scripts/before_i_commit.sh +++ b/scripts/before_i_commit.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This script should be run before you commit to verify that the basic tests # are working as they should # Once you have run it you can inspect the log file via @@ -10,10 +10,24 @@ # rm *.yamloo; rm before_i_commit.log # -rm before_i_commit.log +if [ -f before_i_commit.log ]; +then + # this is technically the date it was moved, not the date it was created + mv before_i_commit.log before_i_commit-`date +%s`.log; + touch before_i_commit.log; +else + touch before_i_commit.log; +fi find . -type f -name "*.py[co]" -delete +if [ -f env/bin/activate ]; +then + source env/bin/activate; +else + echo "Assuming that your virtual environment is pre-configured..."; +fi + ./bin/ooniprobe -i decks/before_i_commit.testdeck echo "Below you should not see anything" @@ -25,5 +39,4 @@ echo "Read through the log file and fix it." echo "If you are having some problems fixing some things that have to do with" echo "the core of OONI, let's first discuss it on IRC, or open a ticket" read -cat *yamloo | less -rm -f *yamloo +#cat *.yamloo | less

1 0

[ooni-probe/master] Improve the appearance of stdout output
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 48da99388163157f8c371b0207958d8804f7d574 Author: Arturo Filastò <art(a)fuffa.org> Date: Fri Dec 7 03:52:35 2012 +0100 Improve the appearance of stdout output * No longer use the python logging interface * Include only the timestamp and component name in the ooniprobe log --- ooni/reporter.py | 3 ++- ooni/runner.py | 3 +-- ooni/utils/log.py | 33 ++++++++++++++++++--------------- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/ooni/reporter.py b/ooni/reporter.py index 602b687..12e4dc8 100644 --- a/ooni/reporter.py +++ b/ooni/reporter.py @@ -116,7 +116,7 @@ def getTestDetails(options): config.privacy.includeasn or \ config.privacy.includecountry or \ config.privacy.includecity: - log.msg("Running geo IP lookup via check.torproject.org") + log.msg("We will include some geo data in the report") client_geodata = geodata.IPToLocation(config.probe_ip) if config.privacy.includeip: @@ -132,6 +132,7 @@ def getTestDetails(options): # XXX this regexp should probably go inside of geodata client_geodata['asn'] = \ re.search('AS\d+', client_geodata['asn']).group(0) + log.msg("Your AS number is: %s" % client_geodata['asn']) if client_geodata and not config.privacy.includecity: client_geodata['city'] = None diff --git a/ooni/runner.py b/ooni/runner.py index 2936a99..53e4e55 100644 --- a/ooni/runner.py +++ b/ooni/runner.py @@ -171,7 +171,7 @@ def runTestCasesWithInput(test_cases, test_input, yaml_reporter, tests_report = {} def test_done(result, test_instance, test_name): - log.msg("Successfully finished running %s" % test_name) + log.msg("Finished running %s" % test_name) log.debug("Deferred callback result: %s" % result) tests_report[test_name] = dict(test_instance.report) if not oonib_reporter: @@ -356,7 +356,6 @@ def updateProgressMeters(test_filename, input_unit_factory, """ Update the progress meters for keeping track of test state. """ - log.msg("Setting up progress meters") if not config.state.test_filename: config.state[test_filename] = Storage() diff --git a/ooni/utils/log.py b/ooni/utils/log.py index 9ab8880..0740c10 100644 --- a/ooni/utils/log.py +++ b/ooni/utils/log.py @@ -1,9 +1,10 @@ import sys import os -import traceback import logging +import traceback from twisted.python import log as txlog +from twisted.python import util from twisted.python.failure import Failure from twisted.python.logfile import DailyLogFile @@ -14,6 +15,15 @@ from ooni import config ## IPv6 destination warnings": logging.getLogger("scapy.runtime").setLevel(logging.ERROR) +class LogWithNoPrefix(txlog.FileLogObserver): + def emit(self, eventDict): + text = txlog.textFromEventDict(eventDict) + if text is None: + return + + util.untilConcludes(self.write, "%s\n" % text) + util.untilConcludes(self.flush) # Hoorj! + def start(logfile=None, application_name="ooniprobe"): daily_logfile = None @@ -27,29 +37,22 @@ def start(logfile=None, application_name="ooniprobe"): txlog.msg("Starting %s on %s (%s UTC)" % (application_name, otime.prettyDateNow(), otime.utcPrettyDateNow())) - logging.basicConfig() - python_logging = txlog.PythonLoggingObserver(application_name) - - if config.advanced.debug: - python_logging.logger.setLevel(logging.DEBUG) - else: - python_logging.logger.setLevel(logging.INFO) - - txlog.startLoggingWithObserver(python_logging.emit) + txlog.startLoggingWithObserver(LogWithNoPrefix(sys.stdout).emit) txlog.addObserver(txlog.FileLogObserver(daily_logfile).emit) def stop(): - txlog.msg("Stopping OONI") + print "Stopping OONI" def msg(msg, *arg, **kw): - txlog.msg(msg, logLevel=logging.INFO, *arg, **kw) + print "%s" % msg def debug(msg, *arg, **kw): - txlog.msg(msg, logLevel=logging.DEBUG, *arg, **kw) + if config.advanced.debug: + print "[D] %s" % msg def err(msg, *arg, **kw): - txlog.err("Error: " + str(msg), logLevel=logging.ERROR, *arg, **kw) + print "[!] %s" % msg def exception(error): """ @@ -71,7 +74,7 @@ class LoggerFactory(object): def start(self, application): # XXX parametrize this - start('/tmp/oonib.log', "OONIB") + start('oonib.log', "OONIB") def stop(self): txlog.msg("Stopping OONIB")

1 0

[ooni-probe/master] Update parser to the changes in the report format
by art＠torproject.org 07 Dec '12

07 Dec '12

commit fe25e0d68647af689c4015f1728cd7dd2d48b7ee Author: Arturo Filastò <art(a)fuffa.org> Date: Fri Dec 7 03:10:29 2012 +0100 Update parser to the changes in the report format --- scripts/example_parser.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/scripts/example_parser.py b/scripts/example_parser.py index 6c0dfab..050312b 100644 --- a/scripts/example_parser.py +++ b/scripts/example_parser.py @@ -15,7 +15,7 @@ print "Test name: %s" % report_header['test_name'] print "Test version: %s" % report_header['test_version'] for report_entry in yamloo: - print "Test: %s" % report_entry['test'] + print "Test: %s" % report_entry['test_name'] print "Input: %s" % report_entry['input'] print "Report: %s" % report_entry['report']

1 0

[ooni-probe/master] Add a very simple example on how to securely parse the ooniprobe reports
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 83b0a8e394f281ac41abe0be52c7560e285e0967 Author: Arturo Filastò <art(a)fuffa.org> Date: Fri Dec 7 03:08:08 2012 +0100 Add a very simple example on how to securely parse the ooniprobe reports --- scripts/example_parser.py | 22 ++++++++++++++++++++++ 1 files changed, 22 insertions(+), 0 deletions(-) diff --git a/scripts/example_parser.py b/scripts/example_parser.py new file mode 100644 index 0000000..6c0dfab --- /dev/null +++ b/scripts/example_parser.py @@ -0,0 +1,22 @@ +# This is an example of how to parse ooniprobe reports + +import yaml +import sys +print "Opening %s" % sys.argv[1] +f = open(sys.argv[1]) +yamloo = yaml.safe_load_all(f) + +report_header = yamloo.next() +print "ASN: %s" % report_header['probe_asn'] +print "CC: %s" % report_header['probe_cc'] +print "IP: %s" % report_header['probe_ip'] +print "Start Time: %s" % report_header['start_time'] +print "Test name: %s" % report_header['test_name'] +print "Test version: %s" % report_header['test_version'] + +for report_entry in yamloo: + print "Test: %s" % report_entry['test'] + print "Input: %s" % report_entry['input'] + print "Report: %s" % report_entry['report'] + +f.close()

1 0

[ooni-probe/master] Tor2webMode takes a boolean 0|1
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 2425894859b7d8cf578a9dc9568adfdfc4626c73 Author: Arturo Filastò <art(a)fuffa.org> Date: Fri Dec 7 02:07:31 2012 +0100 Tor2webMode takes a boolean 0|1 --- oonib/runner.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/oonib/runner.py b/oonib/runner.py index 44cfe9c..407f10d 100644 --- a/oonib/runner.py +++ b/oonib/runner.py @@ -41,7 +41,7 @@ def startTor(): torconfig = txtorcon.TorConfig() torconfig.SocksPort = 9055 if config.main.tor2webmode: - torconfig.Tor2webMode = True + torconfig.Tor2webMode = 1 torconfig.save() d = txtorcon.launch_tor(torconfig, reactor, tor_binary=config.main.tor_binary,

1 0

[ooni-probe/master] Set the default ASN to 0
by art＠torproject.org 07 Dec '12

07 Dec '12

commit 06072dd64fa6544b980a841c73179fd96f8c35e9 Author: Arturo Filastò <art(a)fuffa.org> Date: Fri Dec 7 02:30:39 2012 +0100 Set the default ASN to 0 * Should be good as per http://tools.ietf.org/html/draft-ietf-idr-as0-06 --- ooni/reporter.py | 2 +- oonib/report/file_collector.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/ooni/reporter.py b/ooni/reporter.py index 460b584..602b687 100644 --- a/ooni/reporter.py +++ b/ooni/reporter.py @@ -127,7 +127,7 @@ def getTestDetails(options): # Here we unset all the client geodata if the option to not include then # has been specified if client_geodata and not config.privacy.includeasn: - client_geodata['asn'] = None + client_geodata['asn'] = 'AS0' else: # XXX this regexp should probably go inside of geodata client_geodata['asn'] = \ diff --git a/oonib/report/file_collector.py b/oonib/report/file_collector.py index 636576b..6d5584c 100644 --- a/oonib/report/file_collector.py +++ b/oonib/report/file_collector.py @@ -56,6 +56,9 @@ def parseNewReportRequest(request): } parsed_request = json.loads(request) + if not parsed_request['probe_asn']: + parsed_request['probe_asn'] = 'AS0' + for k, regexp in expected_request.items(): try: value_to_check = parsed_request[k]

1 0