February 2012 - tor-commits - lists.torproject.org

[obfsproxy/master] Do not log errno unless BEV_EVENT_ERROR is set: it was confusing
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 9fe5f1c79b0161a6aecfa3dc7c80204fe9ddfee1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Feb 12 22:02:38 2012 -0500 Do not log errno unless BEV_EVENT_ERROR is set: it was confusing --- src/network.c | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/network.c b/src/network.c index bcd5be9..3ad859f 100644 --- a/src/network.c +++ b/src/network.c @@ -816,8 +816,14 @@ error_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; int errcode = EVUTIL_SOCKET_ERROR(); - log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str(conn->peername), - what, errcode); + if (what & BEV_EVENT_ERROR) { + log_debug("%s for %s: what=0x%04x errno=%d", __func__, + safe_str(conn->peername), + what, errcode); + } else { + log_debug("%s for %s: what=0x%04x", __func__, + safe_str(conn->peername), what); + } /* It should be impossible to get here with BEV_EVENT_CONNECTED. */ obfs_assert(!(what & BEV_EVENT_CONNECTED));

1 0

r25406: {website} link to the recent stories about tor and iran. (website/trunk/press/en)
by Andrew Lewman 13 Feb '12

13 Feb '12

Author: phobos Date: 2012-02-13 00:51:12 +0000 (Mon, 13 Feb 2012) New Revision: 25406 Modified: website/trunk/press/en/inthemedia.wml Log: link to the recent stories about tor and iran. Modified: website/trunk/press/en/inthemedia.wml =================================================================== --- website/trunk/press/en/inthemedia.wml 2012-02-11 20:11:53 UTC (rev 25405) +++ website/trunk/press/en/inthemedia.wml 2012-02-13 00:51:12 UTC (rev 25406) @@ -32,7 +32,32 @@ <th>Topic</th> </tr> </thead> +<tr> +<td>2012 Feb 11</td> +<td>ITP</td> +<td><a href="http://www.itp.net/587901-iran-increases-web-censorship">Iran increases web censorship</a></td> +</tr> <tr style="background-color: #e5e5e5;"> +<td>2012 Feb 10</td> +<td>CNet News</td> +<td><a href="http://news.cnet.com/8301-13578_3-57375166-38/tor-anonymity-project-looks-t…">Tor anonymity project looks to help Iranians sidestep Net ban</a></td> +</tr> +<tr> +<td>2012 Feb 10</td> +<td>Linkiesta</td> +<td><a href="http://www.linkiesta.it/hacker-iran-internet">Contro i dissidenti in Internet, la guerra in Iran è già iniziata</a></td> +</tr> +<tr style="background-color: #e5e5e5;"> +<td>2012 Feb 10</td> +<td>Forbes</td> +<td><a href="http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-on…">As Iran Cracks Down Online, Tor Tests Undetectable Encrypted Connections</a></td> +</tr> +<tr> +<td>2012 Jan 24</td> +<td>PC Welt</td> +<td><a href="http://www.pcwelt.de/news/SSL-Verschluesselung-HTTPS-Everywhere-in-neuer-Ve…">HTTPS Everywhere in neuer Version</a></td> +</tr> +<tr style="background-color: #e5e5e5;"> <td>2011 Dec 30</td> <td>BNR Digital</td> <td><a href="http://www.bnr.nl/programma/bnrdigitaal/224190-1112/hoe-censuurbestrijder-t…">Hoe censuurbestrijder Tor wordt gecensureerd</a></td>

1 0

[tor/master] Unpack a smartlist_foreach and add an assert: try to hunt #5102
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 61452299d1067298a2865deb6398b1fb269b2a81 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Feb 12 19:42:35 2012 -0500 Unpack a smartlist_foreach and add an assert: try to hunt #5102 --- src/or/circuitbuild.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 07598e2..7c404e6 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -3906,14 +3906,14 @@ entry_guard_register_connect_status(const char *digest, int succeeded, if (! entry_guards) return 0; - SMARTLIST_FOREACH(entry_guards, entry_guard_t *, e, - { - if (tor_memeq(e->identity, digest, DIGEST_LEN)) { - entry = e; - idx = e_sl_idx; - break; - } - }); + SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) { + tor_assert(e); + if (tor_memeq(e->identity, digest, DIGEST_LEN)) { + entry = e; + idx = e_sl_idx; + break; + } + } SMARTLIST_FOREACH_END(e); if (!entry) return 0;

1 0

[obfsproxy/master] Merge remote-tracking branch 'asn/bug5098'
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 3dc1832319219ab82281ab873ab2c8fb3878b521 Merge: aee59f0 443aea0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Feb 12 19:36:18 2012 -0500 Merge remote-tracking branch 'asn/bug5098' src/main.h | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-)

1 0

[obfsproxy/master] Remove the tor_main() prototype from src/main.h.
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 443aea0b1de188fe8af9c2ac8fa8bd143a3c6105 Author: George Kadianakis <desnacked(a)riseup.net> Date: Mon Feb 13 00:31:01 2012 +0200 Remove the tor_main() prototype from src/main.h. --- src/main.h | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/src/main.h b/src/main.h index 65900b3..716479a 100644 --- a/src/main.h +++ b/src/main.h @@ -11,8 +11,6 @@ #ifndef MAIN_H #define MAIN_H -int tor_main(int argc, char *argv[]); - void finish_shutdown(void); void obfsproxy_init();

1 0

[obfsproxy/master] bug5079: Scrub IPs before displaying them in logs.
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 15ab15881a9216d75ee66cf825f298a8445fd8f0 Author: Chris Ball <chris(a)printf.net> Date: Sun Feb 12 19:26:22 2012 -0500 bug5079: Scrub IPs before displaying them in logs. Scrubbing is turned on by default and can be disabled with "--no-safe-logging". The scrubbing implemented here goes farther than Tor, in that it scrubs the client addresses too; this avoids putting live obfsproxy bridge addresses in the log. As a side effect, protocol traffic between obfsproxy and Tor is no longer logged -- it can also contain addresses. --- src/main.c | 7 +++- src/managed.c | 10 ++++-- src/network.c | 100 +++++++++++++++++++++++++++++++------------------------- src/util.c | 9 +++++ src/util.h | 4 ++ 5 files changed, 81 insertions(+), 49 deletions(-) diff --git a/src/main.c b/src/main.c index 7ebdd51..31878f9 100644 --- a/src/main.c +++ b/src/main.c @@ -35,6 +35,8 @@ static struct event *sig_term; /* Pluggable transport proxy mode. ('External' or 'Managed') */ static int is_external_proxy=1; +/* Whether to scrub connection addresses -- on by default */ +int safe_logging=1; /** Prints the obfsproxy usage instructions then exits. @@ -52,7 +54,8 @@ usage(void) fprintf(stderr, "\n* obfsproxy_args:\n" "--log-file=<file> ~ set logfile\n" "--log-min-severity=warn|info|debug ~ set minimum logging severity\n" - "--no-log ~ disable logging\n"); + "--no-log ~ disable logging\n" + "--no-safe-logging ~ disable safe (scrubbed address) logging\n"); exit(1); } @@ -164,6 +167,8 @@ handle_obfsproxy_args(const char *const *argv) } logsev_set=1; + } else if (!strncmp(argv[i], "--no-safe-logging", 18)) { + safe_logging=0; } else if (!strncmp(argv[i], "--managed", 10)) { is_external_proxy=0; } else { diff --git a/src/managed.c b/src/managed.c index 01814f8..2c3f967 100644 --- a/src/managed.c +++ b/src/managed.c @@ -153,9 +153,13 @@ print_protocol_line(const char *format, ...) vprintf(format, ap); fflush(stdout); - /* log the protocol message */ - log_debug("We sent:"); - log_debug_raw(format, ap2); + /* log the protocol message -- unless safe_logging is on, in which case + * we censor it because the METHOD line contains the bridge address. + */ + if (!safe_logging) { + log_debug("We sent:"); + log_debug_raw(format, ap2); + } va_end(ap); va_end(ap2); diff --git a/src/network.c b/src/network.c index e61e82d..5e3e788 100644 --- a/src/network.c +++ b/src/network.c @@ -236,7 +236,7 @@ open_listeners(struct event_base *base, config_t *cfg) if (!lsn->listener) { log_warn("Failed to open listening socket on %s: %s", - lsn->address, + safe_str_client(lsn->address), evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); listener_free(lsn); return 0; @@ -299,7 +299,7 @@ listener_cb(struct evconnlistener *evcl, evutil_socket_t fd, if (!conn || !buf) { log_warn("%s: failed to set up new connection from %s.", - lsn->address, peername); + safe_str_client(lsn->address), safe_str_client(peername)); if (buf) bufferevent_free(buf); else @@ -313,8 +313,10 @@ listener_cb(struct evconnlistener *evcl, evutil_socket_t fd, if (!connections) connections = smartlist_create(); smartlist_add(connections, conn); - log_debug("%s: new connection from %s (%d total)", lsn->address, peername, - smartlist_len(connections)); + log_debug("%s: new connection from %s (%d total)", + safe_str_client(lsn->address), + safe_str_client(peername), + smartlist_len(connections)); conn->peername = peername; conn->buffer = buf; @@ -336,7 +338,7 @@ simple_client_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SIMPLE_CLIENT); - log_debug("%s: simple client connection", conn->peername); + log_debug("%s: simple client connection", safe_str_client(conn->peername)); bufferevent_setcb(conn->buffer, upstream_read_cb, NULL, error_cb, conn); @@ -345,7 +347,7 @@ simple_client_listener_cb(conn_t *conn) return; } - log_debug("%s: setup complete", conn->peername); + log_debug("%s: setup complete", safe_str_client(conn->peername)); } /** @@ -357,7 +359,7 @@ socks_client_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SOCKS_CLIENT); - log_debug("%s: socks client connection", conn->peername); + log_debug("%s: socks client connection", safe_str_client(conn->peername)); circuit_create_socks(conn); @@ -367,7 +369,7 @@ socks_client_listener_cb(conn_t *conn) /* Do not create a circuit at this time; the socks handler will do it after it learns the remote peer address. */ - log_debug("%s: setup complete", conn->peername); + log_debug("%s: setup complete", safe_str_client(conn->peername)); } /** @@ -379,7 +381,7 @@ simple_server_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SIMPLE_SERVER); - log_debug("%s: server connection", conn->peername); + log_debug("%s: server connection", safe_str_client(conn->peername)); bufferevent_setcb(conn->buffer, downstream_read_cb, NULL, error_cb, conn); @@ -388,7 +390,7 @@ simple_server_listener_cb(conn_t *conn) return; } - log_debug("%s: setup complete", conn->peername); + log_debug("%s: setup complete", safe_str_client(conn->peername)); } /** @@ -403,7 +405,7 @@ conn_free(conn_t *conn) if (connections) { smartlist_remove(connections, conn); log_debug("Closing connection with %s; %d remaining", - conn->peername ? conn->peername : "'unknown'", + safe_str_client(conn->peername) ? safe_str_client(conn->peername) : "'unknown'", smartlist_len(connections)); } if (conn->peername) @@ -430,7 +432,7 @@ static void conn_free_on_flush(struct bufferevent *bev, void *arg) { conn_t *conn = arg; - log_debug("%s for %s", __func__, conn->peername); + log_debug("%s for %s", __func__, safe_str_client(conn->peername)); if (evbuffer_get_length(bufferevent_get_output(bev)) == 0) conn_free(conn); @@ -506,20 +508,20 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) conn_t *newconn; if (!addr) { - log_warn("%s: no target addresses available", conn->peername); + log_warn("%s: no target addresses available", safe_str_client(conn->peername)); return NULL; } buf = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE); if (!buf) { - log_warn("%s: unable to create outbound socket buffer", conn->peername); + log_warn("%s: unable to create outbound socket buffer", safe_str_client(conn->peername)); return NULL; } newconn = proto_conn_create(conn->cfg); if (!newconn) { log_warn("%s: failed to allocate state for outbound connection", - conn->peername); + safe_str_client(conn->peername)); bufferevent_free(buf); return NULL; } @@ -532,7 +534,7 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) if (bufferevent_socket_connect(buf, addr->ai_addr, addr->ai_addrlen) >= 0) goto success; log_info("%s: connection to %s failed: %s", - conn->peername, peername, + safe_str_client(conn->peername), safe_str_client(peername), evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); free(peername); addr = addr->ai_next; @@ -546,7 +548,7 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) success: log_info("%s (%s): Successful outbound connection to '%s'.", - conn->peername, conn->cfg->vtable->name, peername); + safe_str_client(conn->peername), conn->cfg->vtable->name, safe_str_client(peername)); bufferevent_enable(buf, EV_READ|EV_WRITE); newconn->peername = peername; obfs_assert(connections); @@ -567,13 +569,13 @@ open_outbound_hostname(conn_t *conn, int af, const char *addr, uint16_t port) buf = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE); if (!buf) { - log_warn("%s: unable to create outbound socket buffer", conn->peername); + log_warn("%s: unable to create outbound socket buffer", safe_str_client(conn->peername)); return NULL; } newconn = proto_conn_create(conn->cfg); if (!newconn) { log_warn("%s: failed to allocate state for outbound connection", - conn->peername); + safe_str_client(conn->peername)); bufferevent_free(buf); return NULL; } @@ -604,7 +606,7 @@ open_outbound_hostname(conn_t *conn, int af, const char *addr, uint16_t port) if (bufferevent_socket_connect_hostname(buf, get_evdns_base(), af, addr, port) < 0) { log_warn("%s: outbound connection to %s:%u failed: %s", - conn->peername, addr, port, + safe_str_client(conn->peername), addr, port, evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); conn_free(newconn); return NULL; @@ -626,7 +628,8 @@ socks_read_cb(struct bufferevent *bev, void *arg) socks_state_t *socks; enum socks_ret socks_ret; - log_debug("%s: %s", conn->peername, __func__); + log_debug("%s: %s", safe_str_client(conn->peername), __func__); + obfs_assert(conn->circuit); obfs_assert(conn->circuit->socks_state); socks = conn->circuit->socks_state; @@ -642,8 +645,9 @@ socks_read_cb(struct bufferevent *bev, void *arg) const char *addr=NULL; r = socks_state_get_address(socks, &af, &addr, &port); obfs_assert(r==0); + log_info("%s: socks: trying to connect to %s:%u", - conn->peername, addr, port); + safe_str_client(conn->peername), safe_str_client(addr), port); if (circuit_add_down(conn->circuit, open_outbound_hostname(conn, af, addr, port))) { /* XXXX send socks reply */ @@ -686,7 +690,7 @@ upstream_read_cb(struct bufferevent *bev, void *arg) { conn_t *up = arg; conn_t *down; - log_debug("%s: %s, %lu bytes available", up->peername, __func__, + log_debug("%s: %s, %lu bytes available", safe_str_client(up->peername), __func__, (unsigned long)evbuffer_get_length(bufferevent_get_input(bev))); obfs_assert(up->buffer == bev); @@ -699,10 +703,12 @@ upstream_read_cb(struct bufferevent *bev, void *arg) if (proto_send(up, bufferevent_get_input(up->buffer), bufferevent_get_output(down->buffer))) { - log_debug("%s: error during transmit.", up->peername); + log_debug("%s: error during transmit.", + safe_str_client(up->peername)); conn_free(up); } else { - log_debug("%s: transmitted %lu bytes", down->peername, + log_debug("%s: transmitted %lu bytes", + safe_str_client(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(down->buffer))); } @@ -720,7 +726,8 @@ downstream_read_cb(struct bufferevent *bev, void *arg) conn_t *up; enum recv_ret r; - log_debug("%s: %s, %lu bytes available", down->peername, __func__, + log_debug("%s: %s, %lu bytes available", + safe_str_client(down->peername), __func__, (unsigned long)evbuffer_get_length(bufferevent_get_input(bev))); obfs_assert(down->buffer == bev); @@ -736,23 +743,23 @@ downstream_read_cb(struct bufferevent *bev, void *arg) bufferevent_get_output(up->buffer)); if (r == RECV_BAD) { - log_debug("%s: error during receive.", down->peername); + log_debug("%s: error during receive.", safe_str_client(down->peername)); conn_free(down); } else { - log_debug("%s: forwarded %lu bytes", down->peername, + log_debug("%s: forwarded %lu bytes", safe_str_client(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(up->buffer))); if (r == RECV_SEND_PENDING) { - log_debug("%s: reply of %lu bytes", down->peername, + log_debug("%s: reply of %lu bytes", safe_str_client(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_input(up->buffer))); if (proto_send(up, bufferevent_get_input(up->buffer), bufferevent_get_output(down->buffer)) < 0) { - log_debug("%s: error during reply.", down->peername); + log_debug("%s: error during reply.", safe_str_client(down->peername)); conn_free(down); } else { - log_debug("%s: transmitted %lu bytes", down->peername, + log_debug("%s: transmitted %lu bytes", safe_str_client(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(down->buffer))); } @@ -772,7 +779,7 @@ error_or_eof(conn_t *conn) struct bufferevent *bev_err = conn->buffer; struct bufferevent *bev_flush; - log_debug("%s for %s", __func__, conn->peername); + log_debug("%s for %s", __func__, safe_str_client(conn->peername)); if (!circ || !circ->upstream || !circ->downstream || !circ->is_open || circ->is_flushing) { conn_free(conn); @@ -809,7 +816,7 @@ error_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; int errcode = EVUTIL_SOCKET_ERROR(); - log_debug("%s for %s: what=0x%04x errno=%d", __func__, conn->peername, + log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str_client(conn->peername), what, errcode); /* It should be impossible to get here with BEV_EVENT_CONNECTED. */ @@ -817,12 +824,12 @@ error_cb(struct bufferevent *bev, short what, void *arg) if (what & BEV_EVENT_ERROR) { log_warn("Error talking to %s: %s", - conn->peername, + safe_str_client(conn->peername), evutil_socket_error_to_string(errcode)); } else if (what & BEV_EVENT_EOF) { - log_info("EOF from %s", conn->peername); + log_info("EOF from %s", safe_str_client(conn->peername)); } else if (what & BEV_EVENT_TIMEOUT) { - log_info("Timeout talking to %s", conn->peername); + log_info("Timeout talking to %s", safe_str_client(conn->peername)); } error_or_eof(conn); } @@ -836,7 +843,7 @@ flush_error_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; int errcode = EVUTIL_SOCKET_ERROR(); - log_debug("%s for %s: what=0x%04x errno=%d", __func__, conn->peername, + log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str_client(conn->peername), what, errcode); /* It should be impossible to get here with BEV_EVENT_CONNECTED. */ @@ -846,7 +853,7 @@ flush_error_cb(struct bufferevent *bev, short what, void *arg) obfs_assert(conn->circuit->is_flushing); log_warn("Error during flush of connection with %s: %s", - conn->peername, + safe_str_client(conn->peername), evutil_socket_error_to_string(errcode)); conn_free(conn); return; @@ -862,7 +869,7 @@ static void pending_conn_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; - log_debug("%s: %s", conn->peername, __func__); + log_debug("%s: %s", safe_str_client(conn->peername), __func__); /* Upon successful connection, enable traffic on both sides of the connection, and replace this callback with the regular error_cb */ @@ -873,12 +880,12 @@ pending_conn_cb(struct bufferevent *bev, short what, void *arg) circ->is_open = 1; - log_debug("%s: Successful connection", conn->peername); + log_debug("%s: Successful connection", safe_str_client(conn->peername)); /* Queue handshake, if any. */ if (proto_handshake(circ->downstream, bufferevent_get_output(circ->downstream->buffer))<0) { - log_debug("%s: Error during handshake", conn->peername); + log_debug("%s: Error during handshake", safe_str_client(conn->peername)); conn_free(conn); return; } @@ -910,7 +917,7 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) conn_t *up; socks_state_t *socks; - log_debug("%s: %s", down->peername, __func__); + log_debug("%s: %s", safe_str_client(down->peername), __func__); obfs_assert(circ); obfs_assert(circ->upstream); @@ -958,10 +965,12 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) connected to. */ char *peername = printable_address(sa, slen); + if (down->peername) { log_debug("We connected to our SOCKS destination! " "Replacing peername '%s' with '%s'", - down->peername, peername); + safe_str_client(down->peername), + safe_str_client(peername)); free(down->peername); } down->peername = peername; @@ -980,7 +989,8 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) circ->socks_state = NULL; circ->is_open = 1; log_debug("%s: Successful outbound connection to %s", - up->peername, down->peername); + safe_str_client(up->peername), + safe_str_client(down->peername)); bufferevent_setcb(up->buffer, upstream_read_cb, NULL, error_cb, up); bufferevent_setcb(down->buffer, downstream_read_cb, NULL, error_cb, down); @@ -989,7 +999,7 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) /* Queue handshake, if any. */ if (proto_handshake(down, bufferevent_get_output(down->buffer))) { - log_debug("%s: Error during handshake", down->peername); + log_debug("%s: Error during handshake", safe_str_client(down->peername)); conn_free(down); return; } diff --git a/src/util.c b/src/util.c index f2089df..7ab3567 100644 --- a/src/util.c +++ b/src/util.c @@ -215,6 +215,15 @@ resolve_address_port(const char *address, int nodns, int passive, return ai; } +const char * +safe_str_client(const char *address) +{ + if (safe_logging) + return "[scrubbed]"; + else + return address; +} + char * printable_address(struct sockaddr *addr, socklen_t addrlen) { diff --git a/src/util.h b/src/util.h index 3396abf..5b758cf 100644 --- a/src/util.h +++ b/src/util.h @@ -153,6 +153,10 @@ int obfs_snprintf(char *str, size_t size, "yyyy-mm-dd hh:mm:ss" (without quotes). */ #define ISO_TIME_LEN 19 +/** Safely log an address, scrubbing if necessary. */ +extern int safe_logging; /* defined in main.c */ +const char * safe_str_client(const char *address); + /** Set the log method, and open the logfile 'filename' if appropriate. */ int log_set_method(int method, const char *filename);

1 0

[obfsproxy/master] Rename safe_str_client to safe_str
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit aee59f0e53b9969c60bd47a5cfcf5fc6997e99a7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Feb 12 19:28:29 2012 -0500 Rename safe_str_client to safe_str --- src/network.c | 94 ++++++++++++++++++++++++++++---------------------------- src/util.c | 2 +- src/util.h | 2 +- 3 files changed, 49 insertions(+), 49 deletions(-) diff --git a/src/network.c b/src/network.c index 5e3e788..bcd5be9 100644 --- a/src/network.c +++ b/src/network.c @@ -236,7 +236,7 @@ open_listeners(struct event_base *base, config_t *cfg) if (!lsn->listener) { log_warn("Failed to open listening socket on %s: %s", - safe_str_client(lsn->address), + safe_str(lsn->address), evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); listener_free(lsn); return 0; @@ -299,7 +299,7 @@ listener_cb(struct evconnlistener *evcl, evutil_socket_t fd, if (!conn || !buf) { log_warn("%s: failed to set up new connection from %s.", - safe_str_client(lsn->address), safe_str_client(peername)); + safe_str(lsn->address), safe_str(peername)); if (buf) bufferevent_free(buf); else @@ -314,8 +314,8 @@ listener_cb(struct evconnlistener *evcl, evutil_socket_t fd, connections = smartlist_create(); smartlist_add(connections, conn); log_debug("%s: new connection from %s (%d total)", - safe_str_client(lsn->address), - safe_str_client(peername), + safe_str(lsn->address), + safe_str(peername), smartlist_len(connections)); conn->peername = peername; @@ -338,7 +338,7 @@ simple_client_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SIMPLE_CLIENT); - log_debug("%s: simple client connection", safe_str_client(conn->peername)); + log_debug("%s: simple client connection", safe_str(conn->peername)); bufferevent_setcb(conn->buffer, upstream_read_cb, NULL, error_cb, conn); @@ -347,7 +347,7 @@ simple_client_listener_cb(conn_t *conn) return; } - log_debug("%s: setup complete", safe_str_client(conn->peername)); + log_debug("%s: setup complete", safe_str(conn->peername)); } /** @@ -359,7 +359,7 @@ socks_client_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SOCKS_CLIENT); - log_debug("%s: socks client connection", safe_str_client(conn->peername)); + log_debug("%s: socks client connection", safe_str(conn->peername)); circuit_create_socks(conn); @@ -369,7 +369,7 @@ socks_client_listener_cb(conn_t *conn) /* Do not create a circuit at this time; the socks handler will do it after it learns the remote peer address. */ - log_debug("%s: setup complete", safe_str_client(conn->peername)); + log_debug("%s: setup complete", safe_str(conn->peername)); } /** @@ -381,7 +381,7 @@ simple_server_listener_cb(conn_t *conn) { obfs_assert(conn); obfs_assert(conn->mode == LSN_SIMPLE_SERVER); - log_debug("%s: server connection", safe_str_client(conn->peername)); + log_debug("%s: server connection", safe_str(conn->peername)); bufferevent_setcb(conn->buffer, downstream_read_cb, NULL, error_cb, conn); @@ -390,7 +390,7 @@ simple_server_listener_cb(conn_t *conn) return; } - log_debug("%s: setup complete", safe_str_client(conn->peername)); + log_debug("%s: setup complete", safe_str(conn->peername)); } /** @@ -405,7 +405,7 @@ conn_free(conn_t *conn) if (connections) { smartlist_remove(connections, conn); log_debug("Closing connection with %s; %d remaining", - safe_str_client(conn->peername) ? safe_str_client(conn->peername) : "'unknown'", + safe_str(conn->peername) ? safe_str(conn->peername) : "'unknown'", smartlist_len(connections)); } if (conn->peername) @@ -432,7 +432,7 @@ static void conn_free_on_flush(struct bufferevent *bev, void *arg) { conn_t *conn = arg; - log_debug("%s for %s", __func__, safe_str_client(conn->peername)); + log_debug("%s for %s", __func__, safe_str(conn->peername)); if (evbuffer_get_length(bufferevent_get_output(bev)) == 0) conn_free(conn); @@ -508,20 +508,20 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) conn_t *newconn; if (!addr) { - log_warn("%s: no target addresses available", safe_str_client(conn->peername)); + log_warn("%s: no target addresses available", safe_str(conn->peername)); return NULL; } buf = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE); if (!buf) { - log_warn("%s: unable to create outbound socket buffer", safe_str_client(conn->peername)); + log_warn("%s: unable to create outbound socket buffer", safe_str(conn->peername)); return NULL; } newconn = proto_conn_create(conn->cfg); if (!newconn) { log_warn("%s: failed to allocate state for outbound connection", - safe_str_client(conn->peername)); + safe_str(conn->peername)); bufferevent_free(buf); return NULL; } @@ -534,7 +534,7 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) if (bufferevent_socket_connect(buf, addr->ai_addr, addr->ai_addrlen) >= 0) goto success; log_info("%s: connection to %s failed: %s", - safe_str_client(conn->peername), safe_str_client(peername), + safe_str(conn->peername), safe_str(peername), evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); free(peername); addr = addr->ai_next; @@ -548,7 +548,7 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) success: log_info("%s (%s): Successful outbound connection to '%s'.", - safe_str_client(conn->peername), conn->cfg->vtable->name, safe_str_client(peername)); + safe_str(conn->peername), conn->cfg->vtable->name, safe_str(peername)); bufferevent_enable(buf, EV_READ|EV_WRITE); newconn->peername = peername; obfs_assert(connections); @@ -569,13 +569,13 @@ open_outbound_hostname(conn_t *conn, int af, const char *addr, uint16_t port) buf = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE); if (!buf) { - log_warn("%s: unable to create outbound socket buffer", safe_str_client(conn->peername)); + log_warn("%s: unable to create outbound socket buffer", safe_str(conn->peername)); return NULL; } newconn = proto_conn_create(conn->cfg); if (!newconn) { log_warn("%s: failed to allocate state for outbound connection", - safe_str_client(conn->peername)); + safe_str(conn->peername)); bufferevent_free(buf); return NULL; } @@ -606,7 +606,7 @@ open_outbound_hostname(conn_t *conn, int af, const char *addr, uint16_t port) if (bufferevent_socket_connect_hostname(buf, get_evdns_base(), af, addr, port) < 0) { log_warn("%s: outbound connection to %s:%u failed: %s", - safe_str_client(conn->peername), addr, port, + safe_str(conn->peername), addr, port, evutil_socket_error_to_string(EVUTIL_SOCKET_ERROR())); conn_free(newconn); return NULL; @@ -628,7 +628,7 @@ socks_read_cb(struct bufferevent *bev, void *arg) socks_state_t *socks; enum socks_ret socks_ret; - log_debug("%s: %s", safe_str_client(conn->peername), __func__); + log_debug("%s: %s", safe_str(conn->peername), __func__); obfs_assert(conn->circuit); obfs_assert(conn->circuit->socks_state); @@ -647,7 +647,7 @@ socks_read_cb(struct bufferevent *bev, void *arg) obfs_assert(r==0); log_info("%s: socks: trying to connect to %s:%u", - safe_str_client(conn->peername), safe_str_client(addr), port); + safe_str(conn->peername), safe_str(addr), port); if (circuit_add_down(conn->circuit, open_outbound_hostname(conn, af, addr, port))) { /* XXXX send socks reply */ @@ -690,7 +690,7 @@ upstream_read_cb(struct bufferevent *bev, void *arg) { conn_t *up = arg; conn_t *down; - log_debug("%s: %s, %lu bytes available", safe_str_client(up->peername), __func__, + log_debug("%s: %s, %lu bytes available", safe_str(up->peername), __func__, (unsigned long)evbuffer_get_length(bufferevent_get_input(bev))); obfs_assert(up->buffer == bev); @@ -704,11 +704,11 @@ upstream_read_cb(struct bufferevent *bev, void *arg) bufferevent_get_input(up->buffer), bufferevent_get_output(down->buffer))) { log_debug("%s: error during transmit.", - safe_str_client(up->peername)); + safe_str(up->peername)); conn_free(up); } else { log_debug("%s: transmitted %lu bytes", - safe_str_client(down->peername), + safe_str(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(down->buffer))); } @@ -727,7 +727,7 @@ downstream_read_cb(struct bufferevent *bev, void *arg) enum recv_ret r; log_debug("%s: %s, %lu bytes available", - safe_str_client(down->peername), __func__, + safe_str(down->peername), __func__, (unsigned long)evbuffer_get_length(bufferevent_get_input(bev))); obfs_assert(down->buffer == bev); @@ -743,23 +743,23 @@ downstream_read_cb(struct bufferevent *bev, void *arg) bufferevent_get_output(up->buffer)); if (r == RECV_BAD) { - log_debug("%s: error during receive.", safe_str_client(down->peername)); + log_debug("%s: error during receive.", safe_str(down->peername)); conn_free(down); } else { - log_debug("%s: forwarded %lu bytes", safe_str_client(down->peername), + log_debug("%s: forwarded %lu bytes", safe_str(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(up->buffer))); if (r == RECV_SEND_PENDING) { - log_debug("%s: reply of %lu bytes", safe_str_client(down->peername), + log_debug("%s: reply of %lu bytes", safe_str(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_input(up->buffer))); if (proto_send(up, bufferevent_get_input(up->buffer), bufferevent_get_output(down->buffer)) < 0) { - log_debug("%s: error during reply.", safe_str_client(down->peername)); + log_debug("%s: error during reply.", safe_str(down->peername)); conn_free(down); } else { - log_debug("%s: transmitted %lu bytes", safe_str_client(down->peername), + log_debug("%s: transmitted %lu bytes", safe_str(down->peername), (unsigned long) evbuffer_get_length(bufferevent_get_output(down->buffer))); } @@ -779,7 +779,7 @@ error_or_eof(conn_t *conn) struct bufferevent *bev_err = conn->buffer; struct bufferevent *bev_flush; - log_debug("%s for %s", __func__, safe_str_client(conn->peername)); + log_debug("%s for %s", __func__, safe_str(conn->peername)); if (!circ || !circ->upstream || !circ->downstream || !circ->is_open || circ->is_flushing) { conn_free(conn); @@ -816,7 +816,7 @@ error_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; int errcode = EVUTIL_SOCKET_ERROR(); - log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str_client(conn->peername), + log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str(conn->peername), what, errcode); /* It should be impossible to get here with BEV_EVENT_CONNECTED. */ @@ -824,12 +824,12 @@ error_cb(struct bufferevent *bev, short what, void *arg) if (what & BEV_EVENT_ERROR) { log_warn("Error talking to %s: %s", - safe_str_client(conn->peername), + safe_str(conn->peername), evutil_socket_error_to_string(errcode)); } else if (what & BEV_EVENT_EOF) { - log_info("EOF from %s", safe_str_client(conn->peername)); + log_info("EOF from %s", safe_str(conn->peername)); } else if (what & BEV_EVENT_TIMEOUT) { - log_info("Timeout talking to %s", safe_str_client(conn->peername)); + log_info("Timeout talking to %s", safe_str(conn->peername)); } error_or_eof(conn); } @@ -843,7 +843,7 @@ flush_error_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; int errcode = EVUTIL_SOCKET_ERROR(); - log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str_client(conn->peername), + log_debug("%s for %s: what=0x%04x errno=%d", __func__, safe_str(conn->peername), what, errcode); /* It should be impossible to get here with BEV_EVENT_CONNECTED. */ @@ -853,7 +853,7 @@ flush_error_cb(struct bufferevent *bev, short what, void *arg) obfs_assert(conn->circuit->is_flushing); log_warn("Error during flush of connection with %s: %s", - safe_str_client(conn->peername), + safe_str(conn->peername), evutil_socket_error_to_string(errcode)); conn_free(conn); return; @@ -869,7 +869,7 @@ static void pending_conn_cb(struct bufferevent *bev, short what, void *arg) { conn_t *conn = arg; - log_debug("%s: %s", safe_str_client(conn->peername), __func__); + log_debug("%s: %s", safe_str(conn->peername), __func__); /* Upon successful connection, enable traffic on both sides of the connection, and replace this callback with the regular error_cb */ @@ -880,12 +880,12 @@ pending_conn_cb(struct bufferevent *bev, short what, void *arg) circ->is_open = 1; - log_debug("%s: Successful connection", safe_str_client(conn->peername)); + log_debug("%s: Successful connection", safe_str(conn->peername)); /* Queue handshake, if any. */ if (proto_handshake(circ->downstream, bufferevent_get_output(circ->downstream->buffer))<0) { - log_debug("%s: Error during handshake", safe_str_client(conn->peername)); + log_debug("%s: Error during handshake", safe_str(conn->peername)); conn_free(conn); return; } @@ -917,7 +917,7 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) conn_t *up; socks_state_t *socks; - log_debug("%s: %s", safe_str_client(down->peername), __func__); + log_debug("%s: %s", safe_str(down->peername), __func__); obfs_assert(circ); obfs_assert(circ->upstream); @@ -969,8 +969,8 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) if (down->peername) { log_debug("We connected to our SOCKS destination! " "Replacing peername '%s' with '%s'", - safe_str_client(down->peername), - safe_str_client(peername)); + safe_str(down->peername), + safe_str(peername)); free(down->peername); } down->peername = peername; @@ -989,8 +989,8 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) circ->socks_state = NULL; circ->is_open = 1; log_debug("%s: Successful outbound connection to %s", - safe_str_client(up->peername), - safe_str_client(down->peername)); + safe_str(up->peername), + safe_str(down->peername)); bufferevent_setcb(up->buffer, upstream_read_cb, NULL, error_cb, up); bufferevent_setcb(down->buffer, downstream_read_cb, NULL, error_cb, down); @@ -999,7 +999,7 @@ pending_socks_cb(struct bufferevent *bev, short what, void *arg) /* Queue handshake, if any. */ if (proto_handshake(down, bufferevent_get_output(down->buffer))) { - log_debug("%s: Error during handshake", safe_str_client(down->peername)); + log_debug("%s: Error during handshake", safe_str(down->peername)); conn_free(down); return; } diff --git a/src/util.c b/src/util.c index 7ab3567..5701d2f 100644 --- a/src/util.c +++ b/src/util.c @@ -216,7 +216,7 @@ resolve_address_port(const char *address, int nodns, int passive, } const char * -safe_str_client(const char *address) +safe_str(const char *address) { if (safe_logging) return "[scrubbed]"; diff --git a/src/util.h b/src/util.h index 5b758cf..940ff0a 100644 --- a/src/util.h +++ b/src/util.h @@ -155,7 +155,7 @@ int obfs_snprintf(char *str, size_t size, /** Safely log an address, scrubbing if necessary. */ extern int safe_logging; /* defined in main.c */ -const char * safe_str_client(const char *address); +const char * safe_str(const char *address); /** Set the log method, and open the logfile 'filename' if appropriate. */ int log_set_method(int method, const char *filename);

1 0

[obfsproxy/master] Log the result of a connection, instead of the attempt.
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit e8562b1d0af2652bc8c4e9f5842d2ca91fcdfe18 Author: George Kadianakis <desnacked(a)riseup.net> Date: Mon Feb 13 00:07:34 2012 +0200 Log the result of a connection, instead of the attempt. --- src/network.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/network.c b/src/network.c index 27eb2ee..e61e82d 100644 --- a/src/network.c +++ b/src/network.c @@ -529,8 +529,6 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) do { peername = printable_address(addr->ai_addr, addr->ai_addrlen); - log_info("%s (%s): trying to connect to %s", - conn->peername, conn->cfg->vtable->name, peername); if (bufferevent_socket_connect(buf, addr->ai_addr, addr->ai_addrlen) >= 0) goto success; log_info("%s: connection to %s failed: %s", @@ -547,6 +545,8 @@ open_outbound(conn_t *conn, bufferevent_data_cb readcb) return NULL; success: + log_info("%s (%s): Successful outbound connection to '%s'.", + conn->peername, conn->cfg->vtable->name, peername); bufferevent_enable(buf, EV_READ|EV_WRITE); newconn->peername = peername; obfs_assert(connections);

1 0

[tor/master] Fix #5097 on Windows, too
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 93dbc17a1aa77c574977a3a13e4829a0599e787d Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Feb 12 15:44:10 2012 -0800 Fix #5097 on Windows, too --- src/or/transports.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/src/or/transports.c b/src/or/transports.c index c7a63cb..3d8e11d 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -1000,8 +1000,6 @@ set_managed_proxy_environment(LPVOID *envp, const managed_proxy_t *mp) bindaddr_tmp = get_bindaddr_for_server_proxy(mp); tor_asprintf(&bindaddr_env, "TOR_PT_SERVER_BINDADDR=%s", bindaddr_tmp); - strcpy(extended_env, "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200"); - smartlist_add(envs, orport_env); smartlist_add(envs, extended_env); smartlist_add(envs, bindaddr_env);

1 0

[tor/master] Fix bug #5097: remove bogus envvar from managed proxies' environment
by nickm＠torproject.org 13 Feb '12

13 Feb '12

commit 0e9663d4397e9f1b87e789b5e1b166f06177dd18 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Feb 12 00:10:28 2012 -0800 Fix bug #5097: remove bogus envvar from managed proxies' environment --- changes/bug5097 | 9 +++++++++ src/or/transports.c | 2 -- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/changes/bug5097 b/changes/bug5097 new file mode 100644 index 0000000..770e9b5 --- /dev/null +++ b/changes/bug5097 @@ -0,0 +1,9 @@ + o Minor bugfixes: + + - Don't put "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200" in a + managed pluggable transport server proxy's environment. + Previously, we would put it there, even though Tor doesn't + implement an 'extended server port' yet, and even though Tor + almost certainly isn't listening to that address. Bugfix on + 0.2.3.6-alpha. + diff --git a/src/or/transports.c b/src/or/transports.c index 3e5501e..c7a63cb 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -1087,8 +1087,6 @@ set_managed_proxy_environment(char ***envp, const managed_proxy_t *mp) router_get_advertised_or_port(options)); tor_asprintf(tmp++, "TOR_PT_SERVER_BINDADDR=%s", bindaddr); tor_asprintf(tmp++, "TOR_PT_SERVER_TRANSPORTS=%s", transports_to_launch); - /* XXX temp*/ - tor_asprintf(tmp++, "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200"); } else { tor_asprintf(tmp++, "TOR_PT_CLIENT_TRANSPORTS=%s", transports_to_launch); }

1 0