March 2013 - tor-commits - lists.torproject.org

[tor/master] Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit e270a066a6262784be317f003f6102430db24880 Merge: 8b4195f f8960ea Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Mar 10 23:01:58 2013 -0400 Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4 changes/6783_big_hammer | 6 ++++++ src/or/config.c | 5 +++++ src/or/directory.c | 13 +++++++++++++ src/or/or.h | 11 +++++++++++ 4 files changed, 35 insertions(+), 0 deletions(-)

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.4'
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit aa3126b5b4c1d3144941f069afbaa83b9bf99e20 Merge: e4c5001 e270a06 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Mar 10 23:03:17 2013 -0400 Merge remote-tracking branch 'origin/maint-0.2.4' changes/6783_big_hammer | 6 ++++++ src/or/config.c | 5 +++++ src/or/directory.c | 13 +++++++++++++ src/or/or.h | 11 +++++++++++ 4 files changed, 35 insertions(+), 0 deletions(-)

1 0

[tor/maint-0.2.4] Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit e4614d30e58007be1d44613d039891b6f131f50f Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Nov 28 11:09:37 2012 -0500 Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests I have no idea whether b0rken clients will DoS the network if the v2 authorities all turn this on or not. It's experimental. See #6783 for a description of how to test it more or less safely, and please be careful! --- changes/6783_big_hammer | 6 ++++++ src/or/config.c | 1 + src/or/directory.c | 13 +++++++++++++ src/or/or.h | 10 ++++++++++ 4 files changed, 30 insertions(+), 0 deletions(-) diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer new file mode 100644 index 0000000..2ff3249 --- /dev/null +++ b/changes/6783_big_hammer @@ -0,0 +1,6 @@ + o Major features (deprecation): + - There's now a "DisableV2DirectoryInfo_" option that prevents us + from serving any directory requests for v2 directory information. + This is for us to test disabling the old deprecated V2 directory + format, so that we can see whether doing so has any effect on + network load. Part of a fix for bug 6783. diff --git a/src/or/config.c b/src/or/config.c index f888426..7e020b8 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -213,6 +213,7 @@ static config_var_t option_vars_[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), + V(DisableV2DirectoryInfo_, BOOL, "1"), V(DynamicDHGroups, BOOL, "0"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), diff --git a/src/or/directory.c b/src/or/directory.c index 6b61fc6..38a423c 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, const char *key = url + strlen("/tor/status/"); long lifetime = NETWORKSTATUS_CACHE_LIFETIME; + if (options->DisableV2DirectoryInfo_ && !is_v3) { + static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800); + char *m; + write_http_status_line(conn, 404, "Not found"); + smartlist_free(dir_fps); + geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND); + if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) { + log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m); + tor_free(m); + } + goto done; + } + if (!is_v3) { dirserv_get_networkstatus_v2_fingerprints(dir_fps, key); if (!strcmpstart(key, "fp/")) diff --git a/src/or/or.h b/src/or/or.h index 45eb467..0f5dbd6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3999,6 +3999,16 @@ typedef struct { /** Fraction: */ double PathsNeededToBuildCircuits; + + /** Do we serve v2 directory info at all? This is a temporary option, since + * we'd like to disable v2 directory serving entirely, but we need a way to + * make it temporarily disableable, in order to do fast testing and be + * able to turn it back on if it turns out to be non-workable. + * + * XXXX024 Don't actually leave this in. + */ + int DisableV2DirectoryInfo_; + } or_options_t; /** Persistent state for an onion router, as saved to disk. */

1 0

[tor/maint-0.2.4] Tweak bug6783 patch.
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit 926b3d77f18d2345a70f953560f5a5312992aa73 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Mar 6 15:19:04 2013 -0500 Tweak bug6783 patch. --- src/or/config.c | 4 ++++ src/or/or.h | 3 ++- 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 7e020b8..1337056 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2380,6 +2380,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive."); } + if (options->DisableV2DirectoryInfo_ && ! authdir_mode(options)) { + REJECT("DisableV2DirectoryInfo_ set, but we aren't an authority."); + } + if (options->ExcludeExitNodes || options->ExcludeNodes) { options->ExcludeExitNodesUnion_ = routerset_new(); routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeExitNodes); diff --git a/src/or/or.h b/src/or/or.h index 0f5dbd6..c2cd8a6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4005,7 +4005,8 @@ typedef struct { * make it temporarily disableable, in order to do fast testing and be * able to turn it back on if it turns out to be non-workable. * - * XXXX024 Don't actually leave this in. + * XXXX025 Make this always-on, or always-off. Right now, it's only + * enableable for authorities. */ int DisableV2DirectoryInfo_;

1 0

[tor/maint-0.2.4] set DisableV2DirectoryInfo_ off by default
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit f8960ea22bde03ae7c4cd60af395a541fb36354c Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Mar 10 20:40:15 2013 -0400 set DisableV2DirectoryInfo_ off by default since it's only enableable by authorities, nobody else would be able to start their tor --- src/or/config.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 1337056..dad5719 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -213,7 +213,7 @@ static config_var_t option_vars_[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), - V(DisableV2DirectoryInfo_, BOOL, "1"), + V(DisableV2DirectoryInfo_, BOOL, "0"), V(DynamicDHGroups, BOOL, "0"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL),

1 0

[tor/maint-0.2.4] Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit e270a066a6262784be317f003f6102430db24880 Merge: 8b4195f f8960ea Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Mar 10 23:01:58 2013 -0400 Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4 changes/6783_big_hammer | 6 ++++++ src/or/config.c | 5 +++++ src/or/directory.c | 13 +++++++++++++ src/or/or.h | 11 +++++++++++ 4 files changed, 35 insertions(+), 0 deletions(-)

1 0

[tor/master] Fix typos in a few log messages
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit 8b4195f0217d24bae6dfac944b469dc05b30bcd6 Author: Benjamin Kerensa <bkerensa(a)ubuntu.com> Date: Sun Mar 10 18:45:23 2013 -0700 Fix typos in a few log messages --- src/or/routerset.c | 2 +- src/or/transports.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/or/routerset.c b/src/or/routerset.c index 1eca5b6..2e41f7f 100644 --- a/src/or/routerset.c +++ b/src/or/routerset.c @@ -141,7 +141,7 @@ routerset_parse(routerset_t *target, const char *s, const char *description) log_debug(LD_CONFIG, "Adding address %s to %s", nick, description); smartlist_add(target->policies, p); } else { - log_warn(LD_CONFIG, "Entry '%s' in %s is misformed.", nick, + log_warn(LD_CONFIG, "Entry '%s' in %s is malformed.", nick, description); r = -1; tor_free(nick); diff --git a/src/or/transports.c b/src/or/transports.c index 647b293..945d422 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -339,12 +339,12 @@ transport_add_from_config(const tor_addr_t *addr, uint16_t port, transport_free(t); return -1; case 1: - log_info(LD_GENERAL, "Succesfully registered transport %s at %s.", + log_info(LD_GENERAL, "Successfully registered transport %s at %s.", t->name, fmt_addrport(&t->addr, t->port)); transport_free(t); /* falling */ return 0; case 0: - log_info(LD_GENERAL, "Succesfully registered transport %s at %s.", + log_info(LD_GENERAL, "Successfully registered transport %s at %s.", t->name, fmt_addrport(&t->addr, t->port)); return 0; } @@ -676,10 +676,10 @@ register_client_proxy(const managed_proxy_t *mp) transport_free(transport_tmp); break; case 0: - log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + log_info(LD_GENERAL, "Successfully registered transport %s", t->name); break; case 1: - log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + log_info(LD_GENERAL, "Successfully registered transport %s", t->name); transport_free(transport_tmp); break; }

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.4'
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit e4c5001bad3729ab187ad1ba0e2bfd6912786756 Merge: 4235425 8b4195f Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Mar 10 23:00:13 2013 -0400 Merge remote-tracking branch 'origin/maint-0.2.4' src/or/routerset.c | 2 +- src/or/transports.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)

1 0

[tor/maint-0.2.4] Fix typos in a few log messages
by nickm＠torproject.org 10 Mar '13

10 Mar '13

commit 8b4195f0217d24bae6dfac944b469dc05b30bcd6 Author: Benjamin Kerensa <bkerensa(a)ubuntu.com> Date: Sun Mar 10 18:45:23 2013 -0700 Fix typos in a few log messages --- src/or/routerset.c | 2 +- src/or/transports.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/or/routerset.c b/src/or/routerset.c index 1eca5b6..2e41f7f 100644 --- a/src/or/routerset.c +++ b/src/or/routerset.c @@ -141,7 +141,7 @@ routerset_parse(routerset_t *target, const char *s, const char *description) log_debug(LD_CONFIG, "Adding address %s to %s", nick, description); smartlist_add(target->policies, p); } else { - log_warn(LD_CONFIG, "Entry '%s' in %s is misformed.", nick, + log_warn(LD_CONFIG, "Entry '%s' in %s is malformed.", nick, description); r = -1; tor_free(nick); diff --git a/src/or/transports.c b/src/or/transports.c index 647b293..945d422 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -339,12 +339,12 @@ transport_add_from_config(const tor_addr_t *addr, uint16_t port, transport_free(t); return -1; case 1: - log_info(LD_GENERAL, "Succesfully registered transport %s at %s.", + log_info(LD_GENERAL, "Successfully registered transport %s at %s.", t->name, fmt_addrport(&t->addr, t->port)); transport_free(t); /* falling */ return 0; case 0: - log_info(LD_GENERAL, "Succesfully registered transport %s at %s.", + log_info(LD_GENERAL, "Successfully registered transport %s at %s.", t->name, fmt_addrport(&t->addr, t->port)); return 0; } @@ -676,10 +676,10 @@ register_client_proxy(const managed_proxy_t *mp) transport_free(transport_tmp); break; case 0: - log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + log_info(LD_GENERAL, "Successfully registered transport %s", t->name); break; case 1: - log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + log_info(LD_GENERAL, "Successfully registered transport %s", t->name); transport_free(transport_tmp); break; }

1 0

[stem/master] 'To Russia With Love' tutorial
by atagar＠torproject.org 10 Mar '13

10 Mar '13

commit ecc5f7bcd7d9669521e3b3b9275b18dff98c4270 Author: Damian Johnson <atagar(a)torproject.org> Date: Sun Mar 10 11:28:58 2013 -0700 'To Russia With Love' tutorial Soviet themed tutorial for programmatically starting tor and reading a site through it. I've been wanting to write this for quite a long time... https://trac.torproject.org/7505 --- .../label/resources/to_russia_with_love.xcf | Bin 0 -> 5699 bytes docs/_static/label/to_russia_with_love.png | Bin 0 -> 2924 bytes docs/_static/locale_selection_output.png | Bin 0 -> 37229 bytes docs/_static/section/tutorial/soviet.png | Bin 0 -> 4679 bytes docs/contents.rst | 1 + docs/tutorial.rst | 16 +++++ docs/tutorial/to_russia_with_love.rst | 70 ++++++++++++++++++++ 7 files changed, 87 insertions(+), 0 deletions(-) diff --git a/docs/_static/label/resources/to_russia_with_love.xcf b/docs/_static/label/resources/to_russia_with_love.xcf new file mode 100644 index 0000000..1fa449e Binary files /dev/null and b/docs/_static/label/resources/to_russia_with_love.xcf differ diff --git a/docs/_static/label/to_russia_with_love.png b/docs/_static/label/to_russia_with_love.png new file mode 100644 index 0000000..9a2d1c6 Binary files /dev/null and b/docs/_static/label/to_russia_with_love.png differ diff --git a/docs/_static/locale_selection_output.png b/docs/_static/locale_selection_output.png new file mode 100644 index 0000000..2afbaa7 Binary files /dev/null and b/docs/_static/locale_selection_output.png differ diff --git a/docs/_static/section/tutorial/soviet.png b/docs/_static/section/tutorial/soviet.png new file mode 100644 index 0000000..c54c3d8 Binary files /dev/null and b/docs/_static/section/tutorial/soviet.png differ diff --git a/docs/contents.rst b/docs/contents.rst index fbf2495..d2fee6a 100644 --- a/docs/contents.rst +++ b/docs/contents.rst @@ -6,6 +6,7 @@ Contents tutorial tutorial/the_little_relay_that_could + tutorial/to_russia_with_love tutorial/mirror_mirror_on_the_wall download diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 68572fd..967682b 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -9,6 +9,12 @@ Tutorial License: Public Domain Alternate: https://openclipart.org/detail/1128/train-roadsign-by-ryanlerch + * To Russia With Love - soviet.png + Source: https://openclipart.org/detail/146017/flag-of-the-soviet-union-by-marxist-l… + Author: Unknown + License: Public Domain (not a subject of copyright according the Russian civil code) + Alternate: https://openclipart.org/detail/85555/communist-sabbatarian-ribbon-by-rones-… + * Mirror Mirror On The Wall - mirror.png Source: https://openclipart.org/detail/152155/mirror-frame-by-gsagri04 Author: Unknown (gsagri04?) @@ -31,6 +37,16 @@ feet wet by jumping straight in with some tutorials... "Hello World" for talking with Tor. This will step you through configuring Tor and writing your first script to talk with it. + * - .. image:: /_static/section/tutorial/soviet.png + :target: tutorial/to_russia_with_love.html + + - .. image:: /_static/label/to_russia_with_love.png + :target: tutorial/to_russia_with_love.html + + Rather than talking to Tor, we'll now talk **through** it. In this + tutorial we'll programmatically start Tor then use it to read a site + through mother Russia! + * - .. image:: /_static/section/tutorial/mirror.png :target: tutorial/mirror_mirror_on_the_wall.html diff --git a/docs/tutorial/to_russia_with_love.rst b/docs/tutorial/to_russia_with_love.rst new file mode 100644 index 0000000..7fb7c66 --- /dev/null +++ b/docs/tutorial/to_russia_with_love.rst @@ -0,0 +1,70 @@ +To Russia With Love +=================== + +Say it's 1982, the height of the Cold War, and you're a journalist doing a piece on how the Internet looks from behind the Iron Curtain. Ignoring the minor detail that the Internet doesn't yet exist, we'll walk you through how you could do it - no passport required! + +The Internet isn't uniform. Localization, censorship, and selective service based on your IP's geographic location can make the Internet a very different place depending on where you're coming from. + +Tor relays are scattered all over the world and, as such, you can pretend to be from any place running an exit. This can be especially useful to evade pesky geolocational restrictions, such as news sites that refuse to work while you're traveling abroad. + +Tor makes `configuring your exit locale <https://www.torproject.org/docs/faq.html.en#ChooseEntryExit>`_ easy through the **ExitNodes** torrc option. Note that you don't need a control port (or even stem) to do this, though they can be useful if you later want to do something more elaborate. + +In the following example we're using stem to `start Tor <../api/process.html>`_, then reading a site through it with `PycURL <http://pycurl.sourceforge.net/>`_. This is not always reliable (some relays are lemons) so you may need to run this more than once. + +**Do not rely on the following not to leak.** Though it seems to work, DNS resolution and other edge cases might expose your real IP. If you have a suggestion for how to improve this example then please `let me know <http://www.atagar.com/contact/>`_! + +:: + + import StringIO + + import pycurl + import stem.process + + from stem.util import term + + SOCKS_PORT = 7000 + + def curl(url): + """ + Uses pycurl to fetch a site using the proxy on the SOCKS_PORT. + """ + + output = StringIO.StringIO() + + query = pycurl.Curl() + query.setopt(pycurl.URL, url) + query.setopt(pycurl.PROXY, 'localhost') + query.setopt(pycurl.PROXYPORT, SOCKS_PORT) + query.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_SOCKS5) + query.setopt(pycurl.WRITEFUNCTION, output.write) + + try: + query.perform() + return output.getvalue() + except pycurl.error, exc: + return "Unable to reach %s (%s)" % (url, exc) + + # Start an instance of tor configured to only exit through Russia. This prints + # tor's bootstrap information as it starts. + + def print_bootstrap_lines(line): + if "Bootstrapped " in line: + print term.format(line, term.Color.BLUE) + + print term.format("Starting Tor:\n", term.Attr.BOLD) + + tor_process = stem.process.launch_tor_with_config( + config = { + 'SocksPort': str(SOCKS_PORT), + 'ExitNodes': '{ru}', + }, + init_msg_handler = print_bootstrap_lines, + ) + + print term.format("\nChecking our endpoint:\n", term.Attr.BOLD) + print term.format(curl("http://www.atagar.com/echo.php"), term.Color.BLUE) + + tor_process.kill() # stops tor + +.. image:: /_static/locale_selection_output.png +

1 0