February 2014 - tor-commits - lists.torproject.org

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.4'
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit 9bd77019cafcd9b8f4b76c875103093f5b4594e1 Merge: c857276 d21b24b Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 13:06:40 2014 -0500 Merge remote-tracking branch 'origin/maint-0.2.4'

1 0

[tor/master] Merge branch 'bug11047'
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit 0efa2821c7e1865d8f515df735fd8ad0db5ff467 Merge: 9bd7701 68ed487 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 13:06:55 2014 -0500 Merge branch 'bug11047' changes/bug11047 | 9 +++++++++ configure.ac | 7 +++++++ 2 files changed, 16 insertions(+)

1 0

[tor/master] pass our compiler -fasynchronous-unwind-tables by default
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit 68ed4878ca97902c8b909d88dd855d71e6647376 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 11:41:53 2014 -0500 pass our compiler -fasynchronous-unwind-tables by default This should make more platforms (in particular, ones with compilers where -fomit-frame-pointer is on by default but table generation isn't) support backtrace generation. Thanks to cypherpunks for this one. Fixes bug 11047; bugfix on 0.2.5.2-alpha. --- changes/bug11047 | 9 +++++++++ configure.ac | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/changes/bug11047 b/changes/bug11047 new file mode 100644 index 0000000..25acd8e --- /dev/null +++ b/changes/bug11047 @@ -0,0 +1,9 @@ + o Minor bugfixes: + + - Build using the -fasynchronous-unwind-tables option so that more + platforms (in particular, ones like 32-bit Intel where the + -fomit-frame-pointer option is on by default and table + generation is not) will support generating backtraces. This + doesn't yet add Windows support yet; only Linux, OSX, and some BSD + are affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix + on 0.2.5.2-alpha. diff --git a/configure.ac b/configure.ac index 871ca56..187fadc 100644 --- a/configure.ac +++ b/configure.ac @@ -649,6 +649,13 @@ CFLAGS="$saved_CFLAGS" AC_SUBST(F_OMIT_FRAME_POINTER) dnl ------------------------------------------------------ +dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it +dnl for us, as GCC 4.6 and later do at many optimization levels), then +dnl we should try to add -fasynchronous-unwind-tables so that our backtrace +dnl code will work. +TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables) + +dnl ------------------------------------------------------ dnl Where do you live, libnatpmp? And how do we call you? dnl There are no packages for Debian or Redhat as of this patch

1 0

[tor/maint-0.2.4] Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit d21b24b3b6f4d8203c44cec7709a7f7a12a540df Merge: e616f5b 1068e50 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 13:05:25 2014 -0500 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 changes/feature9777 | 3 ++ src/or/circuitbuild.c | 77 +++++++++++++++++++++++++++++++++++++++++++------ src/or/circuitlist.c | 10 ++++++- src/or/circuitlist.h | 1 + 4 files changed, 81 insertions(+), 10 deletions(-)

1 0

[tor/maint-0.2.4] Discard circuit paths on which nobody supports ntor
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit 1068e50aecefac8469991884afc08b6ecb24e740 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Feb 6 17:08:50 2014 -0500 Discard circuit paths on which nobody supports ntor Right now this accounts for about 1% of circuits over all, but if you pick a guard that's running 0.2.3, it will be about 6% of the circuits running through that guard. Making sure that every circuit has at least one ntor link means that we're getting plausibly good forward secrecy on every circuit. This implements ticket 9777, --- changes/feature9777 | 3 ++ src/or/circuitbuild.c | 77 +++++++++++++++++++++++++++++++++++++++++++------ src/or/circuitlist.c | 10 ++++++- src/or/circuitlist.h | 1 + 4 files changed, 81 insertions(+), 10 deletions(-) diff --git a/changes/feature9777 b/changes/feature9777 new file mode 100644 index 0000000..312b5e0 --- /dev/null +++ b/changes/feature9777 @@ -0,0 +1,3 @@ + o Minor features: + - Avoid using circuit paths if no node in the path supports the ntor + circuit extension handshake. Implements ticket 9777. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 43d2ffe..e47a278 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -72,6 +72,9 @@ static void pathbias_count_use_failed(origin_circuit_t *circ); static void pathbias_measure_use_rate(entry_guard_t *guard); static void pathbias_measure_close_rate(entry_guard_t *guard); static void pathbias_scale_use_rates(entry_guard_t *guard); +#ifdef CURVE25519_ENABLED +static int circuits_can_use_ntor(void); +#endif /** This function tries to get a channel to the specified endpoint, * and then calls command_setup_channel() to give it the right @@ -284,21 +287,74 @@ circuit_rep_hist_note_result(origin_circuit_t *circ) } while (hop!=circ->cpath); } +#ifdef CURVE25519_ENABLED +/** Return 1 iff at least one node in circ's cpath supports ntor. */ +static int +circuit_cpath_supports_ntor(const origin_circuit_t *circ) +{ + crypt_path_t *head = circ->cpath, *cpath = circ->cpath; + + cpath = head; + do { + if (cpath->extend_info && + !tor_mem_is_zero( + (const char*)cpath->extend_info->curve25519_onion_key.public_key, + CURVE25519_PUBKEY_LEN)) + return 1; + + cpath = cpath->next; + } while (cpath != head); + + return 0; +} +#else +#define circuit_cpath_supports_ntor(circ) 0 +#endif + /** Pick all the entries in our cpath. Stop and return 0 when we're * happy, or return -1 if an error occurs. */ static int onion_populate_cpath(origin_circuit_t *circ) { - int r; - again: - r = onion_extend_cpath(circ); - if (r < 0) { - log_info(LD_CIRC,"Generating cpath hop failed."); - return -1; + int n_tries = 0; +#ifdef CURVE25519_ENABLED + const int using_ntor = circuits_can_use_ntor(); +#else + const int using_ntor = 0; +#endif + +#define MAX_POPULATE_ATTEMPTS 32 + + while (1) { + int r = onion_extend_cpath(circ); + if (r < 0) { + log_info(LD_CIRC,"Generating cpath hop failed."); + return -1; + } + if (r == 1) { + /* This circuit doesn't need/shouldn't be forced to have an ntor hop */ + if (circ->build_state->desired_path_len <= 1 || ! using_ntor) + return 0; + + /* This circuit has an ntor hop. great! */ + if (circuit_cpath_supports_ntor(circ)) + return 0; + + /* No node in the circuit supports ntor. Have we already tried too many + * times? */ + if (++n_tries >= MAX_POPULATE_ATTEMPTS) + break; + + /* Clear the path and retry */ + circuit_clear_cpath(circ); + } } - if (r == 0) - goto again; - return 0; /* if r == 1 */ + log_warn(LD_CIRC, "I tried for %d times, but I couldn't build a %d-hop " + "circuit with at least one node that supports ntor.", + MAX_POPULATE_ATTEMPTS, + circ->build_state->desired_path_len); + + return -1; } /** Create and return a new origin circuit. Initialize its purpose and @@ -3475,6 +3531,9 @@ onion_next_hop_in_cpath(crypt_path_t *cpath) /** Choose a suitable next hop in the cpath <b>head_ptr</b>, * based on <b>state</b>. Append the hop info to head_ptr. + * + * Return 1 if the path is complete, 0 if we successfully added a hop, + * and -1 on error. */ static int onion_extend_cpath(origin_circuit_t *circ) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index b0e24a5..c7b15e4 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -709,7 +709,7 @@ circuit_free_cpath(crypt_path_t *cpath) if (!cpath) return; - /* it's a doubly linked list, so we have to notice when we've + /* it's a circular list, so we have to notice when we've * gone through it once. */ while (cpath->next && cpath->next != head) { victim = cpath; @@ -720,6 +720,14 @@ circuit_free_cpath(crypt_path_t *cpath) circuit_free_cpath_node(cpath); } +/** Remove all the items in the cpath on <b>circ</b>.*/ +void +circuit_clear_cpath(origin_circuit_t *circ) +{ + circuit_free_cpath(circ->cpath); + circ->cpath = NULL; +} + /** Release all storage held by circuits. */ void circuit_free_all(void) diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index 874f68c..acc4b81 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -50,6 +50,7 @@ void circuit_mark_all_dirty_circs_as_unusable(void); void circuit_mark_for_close_(circuit_t *circ, int reason, int line, const char *file); int circuit_get_cpath_len(origin_circuit_t *circ); +void circuit_clear_cpath(origin_circuit_t *circ); crypt_path_t *circuit_get_cpath_hop(origin_circuit_t *circ, int hopnum); void circuit_get_all_pending_on_channel(smartlist_t *out, channel_t *chan);

1 0

[stem/master] Recognize platform line for node-Tor relays
by atagar＠torproject.org 24 Feb '14

24 Feb '14

commit 1f2ea0f2eb5ab19d272b72e022bd5f0266662780 Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Feb 22 07:11:43 2014 -0800 Recognize platform line for node-Tor relays We have a few relays in the wild running node-Tor, a JS counterpart for tor... https://github.com/Ayms/node-Tor These relays have a 'node-' prefix on their platform lines. For instance... 'platform node-Tor 0.1.0 on Linux x86_64' https://atlas.torproject.org/#details/E0671CF9CB593F27CD389CD4DD819BF9448EA… Caught by sysrqb on... https://trac.torproject.org/11008 --- stem/descriptor/server_descriptor.py | 2 +- test/unit/descriptor/server_descriptor.py | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 5537de7..a88594b 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -440,7 +440,7 @@ class ServerDescriptor(Descriptor): # There's no guarantee that we'll be able to pick these out the # version, but might as well try to save our caller the effort. - platform_match = re.match("^Tor (\S*).* on (.*)$", value) + platform_match = re.match("^(?:node-)?Tor (\S*).* on (.*)$", value) if platform_match: version_str, self.operating_system = platform_match.groups() diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py index b0af7cc..6308535 100644 --- a/test/unit/descriptor/server_descriptor.py +++ b/test/unit/descriptor/server_descriptor.py @@ -9,6 +9,7 @@ import unittest import stem.descriptor.server_descriptor import stem.exit_policy import stem.prereq +import stem.version import stem.util.str_tools from stem.descriptor.server_descriptor import RelayDescriptor, BridgeDescriptor @@ -143,6 +144,17 @@ class TestServerDescriptor(unittest.TestCase): desc = RelayDescriptor(desc_text, validate = False) self.assertEquals(b"", desc.platform) + @patch('stem.descriptor.server_descriptor.RelayDescriptor._verify_digest', Mock()) + def test_platform_for_node_tor(self): + """ + Parse a platform line belonging to a node-Tor relay. + """ + + desc = get_relay_server_descriptor({"platform": "node-Tor 0.1.0 on Linux x86_64"}) + self.assertEquals(b"node-Tor 0.1.0 on Linux x86_64", desc.platform) + self.assertEquals(stem.version.Version("0.1.0"), desc.tor_version) + self.assertEquals("Linux x86_64", desc.operating_system) + def test_protocols_no_circuit_versions(self): """ Constructs with a protocols line without circuit versions.

1 0

[stem/master] Controller methods get_ports() and get_listeners()
by atagar＠torproject.org 24 Feb '14

24 Feb '14

commit 6c0962943c96a4683ce1634399289340f84b8b8a Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Feb 24 09:13:01 2014 -0800 Controller methods get_ports() and get_listeners() Determining tor's control or socks port was once as simple as... GETCONF ControlPort However, tor has expanded its config options so these often provide more information than just the port number. Back in commit 3a2875f Sean added a get_socks_listeners() method that uses 'GETINFO net/listeners/socks' to determine tor's socks port, and falls back on config options if that's unavailable. This change deprecates get_socks_listeners() in favor of more generic get_ports() and get_listeners() methods. The get_listeners() behaves like get_socks_listeners() but for several listener types, while get_ports() provides just the port numbers for local connections. --- docs/change_log.rst | 6 ++ stem/control.py | 139 ++++++++++++++++++++++++++++++++++---- test/integ/control/controller.py | 52 +++++++++++++- test/unit/control/controller.py | 51 +++++++++++++- 4 files changed, 230 insertions(+), 18 deletions(-) diff --git a/docs/change_log.rst b/docs/change_log.rst index ab52e5f..dc43e4f 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -42,6 +42,7 @@ The following are only available within stem's `git repository * **Controller** * Added :func:`~stem.control.Controller.is_newnym_available` and :func:`~stem.control.Controller.get_newnym_wait` methods to the :class:`~stem.control.Controller` + * Added :func:`~stem.control.Controller.get_ports` and :func:`~stem.control.Controller.get_listeners` methods to the :class:`~stem.control.Controller` * Added the id attribute to the :class:`~stem.response.events.ORConnEvent` (:spec:`6f2919a`) * Added `support for CONN_BW events <api/response.html#stem.response.events.ConnectionBandwidthEvent>`_ (:spec:`6f2919a`) * Added `support for CIRC_BW events <api/response.html#stem.response.events.CircuitBandwidthEvent>`_ (:spec:`6f2919a`) @@ -53,6 +54,11 @@ The following are only available within stem's `git repository * Added :func:`stem.util.connection.port_usage` * Added :func:`stem.util.system.files_with_suffix` + * **Website** + + * Expanded the `client usage tutorial <tutorials/to_russia_with_love.html>`_ + to include an example for determining what exit tor uses for a connection. + .. _version_1.1: Version 1.1 diff --git a/stem/control.py b/stem/control.py index 0b611f5..9dff578 100644 --- a/stem/control.py +++ b/stem/control.py @@ -21,7 +21,8 @@ providing its own for interacting at a higher level. |- get_info - issues a GETINFO query for a parameter |- get_version - provides our tor version |- get_exit_policy - provides our exit policy - |- get_socks_listeners - provides where tor is listening for SOCKS connections + |- get_ports - provides the local ports where tor is listening for connections + |- get_listeners - provides the addresses and ports where tor is listening for connections |- get_protocolinfo - information about the controller interface |- get_user - provides the user tor is running as |- get_pid - provides the pid of our tor process @@ -135,6 +136,22 @@ providing its own for interacting at a higher level. **STREAM_BW** :class:`stem.response.events.StreamBwEvent` **WARN** :class:`stem.response.events.LogEvent` ===================== =========== + +.. data:: Listener (enum) + + Purposes for inbound connections that Tor handles. + + ============= =========== + Listener Description + ============= =========== + **OR** traffic we're relaying as a member of the network (torrc's **ORPort** and **ORListenAddress**) + **DIR** mirroring for tor descriptor content (torrc's **DirPort** and **DirListenAddress**) + **SOCKS** client traffic we're sending over Tor (torrc's **SocksPort** and **SocksListenAddress**) + **TRANS** transparent proxy handling (torrc's **TransPort** and **TransListenAddress**) + **NATD** forwarding for ipfw NATD connections (torrc's **NatdPort** and **NatdListenAddress**) + **DNS** DNS lookups for our traffic (torrc's **DNSPort** and **DNSListenAddress**) + **CONTROL** controller applications (torrc's **ControlPort** and **ControlListenAddress**) + ============= =========== """ import io @@ -194,6 +211,16 @@ EventType = stem.util.enum.UppercaseEnum( "CIRC_MINOR", ) +Listener = stem.util.enum.UppercaseEnum( + "OR", + "DIR", + "SOCKS", + "TRANS", + "NATD", + "DNS", + "CONTROL", +) + # Configuration options that are fetched by a special key. The keys are # lowercase to make case insensitive lookups easier. @@ -937,13 +964,44 @@ class Controller(BaseController): else: return default - def get_socks_listeners(self, default = UNDEFINED): + def get_ports(self, listener_type, default = UNDEFINED): """ - Provides the SOCKS **(address, port)** tuples that tor has open. + Provides the local ports where tor is listening for the given type of + connections. This is similar to + :func:`~stem.control.Controller.get_listeners`, but doesn't provide + addresses nor include non-local endpoints. + :param stem.control.Listener listener_type: connection type being handled + by the ports we return :param object default: response if the query fails - :returns: list of **(address, port)** tuples for the available SOCKS + :returns: **list** of **ints** for the local ports where tor handles + connections of the given type + + :raises: :class:`stem.ControllerError` if unable to determine the ports + and no default was provided + """ + + try: + return [port for (addr, port) in self.get_listeners(listener_type) if addr == '127.0.0.1'] + except stem.ControllerError as exc: + if default == UNDEFINED: + raise exc + else: + return default + + def get_listeners(self, listener_type, default = UNDEFINED): + """ + Provides the addresses and ports where tor is listening for connections of + the given type. This is similar to + :func:`~stem.control.Controller.get_ports` but includes listener addresses + and non-local endpoints. + + :param stem.control.Listener listener_type: connection type being handled + by the listeners we return + :param object default: response if the query fails + + :returns: **list** of **(address, port)** tuples for the available listeners :raises: :class:`stem.ControllerError` if unable to determine the listeners @@ -952,35 +1010,69 @@ class Controller(BaseController): try: proxy_addrs = [] + query = 'net/listeners/%s' % listener_type.lower() try: - for listener in self.get_info("net/listeners/socks").split(): + for listener in self.get_info(query).split(): if not (listener.startswith('"') and listener.endswith('"')): - raise stem.ProtocolError("'GETINFO net/listeners/socks' responses are expected to be quoted: %s" % listener) + raise stem.ProtocolError("'GETINFO %s' responses are expected to be quoted: %s" % (query, listener)) elif not ':' in listener: - raise stem.ProtocolError("'GETINFO net/listeners/socks' had a listener without a colon: %s" % listener) + raise stem.ProtocolError("'GETINFO %s' had a listener without a colon: %s" % (query, listener)) listener = listener[1:-1] # strip quotes addr, port = listener.split(':') + + # Skip unix sockets, for instance... + # + # GETINFO net/listeners/control + # 250-net/listeners/control="unix:/tmp/tor/socket" + # 250 OK + + if addr == 'unix': + continue + proxy_addrs.append((addr, port)) except stem.InvalidArguments: - # tor version is old (pre-tor-0.2.2.26-beta), use get_conf() instead - socks_port = self.get_conf('SocksPort') - - for listener in self.get_conf('SocksListenAddress', multiple = True): + # Tor version is old (pre-tor-0.2.2.26-beta), use get_conf() instead. + # Some options (like the ORPort) can have optional attributes after the + # actual port number. + + port_option = { + Listener.OR: 'ORPort', + Listener.DIR: 'DirPort', + Listener.SOCKS: 'SocksPort', + Listener.TRANS: 'TransPort', + Listener.NATD: 'NatdPort', + Listener.DNS: 'DNSPort', + Listener.CONTROL: 'ControlPort', + }[listener_type] + + listener_option = { + Listener.OR: 'ORListenAddress', + Listener.DIR: 'DirListenAddress', + Listener.SOCKS: 'SocksListenAddress', + Listener.TRANS: 'TransListenAddress', + Listener.NATD: 'NatdListenAddress', + Listener.DNS: 'DNSListenAddress', + Listener.CONTROL: 'ControlListenAddress', + }[listener_type] + + port_value = self.get_conf(port_option).split()[0] + + for listener in self.get_conf(listener_option, multiple = True): if ':' in listener: addr, port = listener.split(':') proxy_addrs.append((addr, port)) else: - proxy_addrs.append((listener, socks_port)) + proxy_addrs.append((listener, port_value)) # validate that address/ports are valid, and convert ports to ints for addr, port in proxy_addrs: if not stem.util.connection.is_valid_ipv4_address(addr): - raise stem.ProtocolError("Invalid address for a SOCKS listener: %s" % addr) + raise stem.ProtocolError("Invalid address for a %s listener: %s" % (listener_type, addr)) elif not stem.util.connection.is_valid_port(port): - raise stem.ProtocolError("Invalid port for a SOCKS listener: %s" % port) + raise stem.ProtocolError("Invalid port for a %s listener: %s" % (listener_type, port)) return [(addr, int(port)) for (addr, port) in proxy_addrs] except Exception as exc: @@ -989,6 +1081,25 @@ class Controller(BaseController): else: return default + def get_socks_listeners(self, default = UNDEFINED): + """ + Provides the SOCKS **(address, port)** tuples that tor has open. + + .. deprecated:: 1.2.0 + Use :func:`~stem.control.Controller.get_listeners` with + **Listener.SOCKS** instead. + + :param object default: response if the query fails + + :returns: list of **(address, port)** tuples for the available SOCKS + listeners + + :raises: :class:`stem.ControllerError` if unable to determine the listeners + and no default was provided + """ + + return self.get_listeners(Listener.SOCKS, default) + def get_protocolinfo(self, default = UNDEFINED): """ A convenience method to get the protocol info of the controller. diff --git a/test/integ/control/controller.py b/test/integ/control/controller.py index d034853..e8bfe3e 100644 --- a/test/integ/control/controller.py +++ b/test/integ/control/controller.py @@ -22,7 +22,7 @@ import test.network import test.runner from stem import Flag, Signal -from stem.control import EventType, State +from stem.control import EventType, Listener, State from stem.exit_policy import ExitPolicy from stem.version import Requirement @@ -593,9 +593,55 @@ class TestController(unittest.TestCase): controller.save_conf() controller.reset_conf("__OwningControllerProcess") - def test_get_socks_ports(self): + def test_get_ports(self): """ - Test Controller.get_socks_ports against a running tor instance. + Test Controller.get_ports against a running tor instance. + """ + + if test.runner.require_control(self): + return + + runner = test.runner.get_runner() + + with runner.get_tor_controller() as controller: + self.assertEqual([], controller.get_ports(Listener.OR)) + self.assertEqual([], controller.get_ports(Listener.DIR)) + self.assertEqual([test.runner.SOCKS_PORT], controller.get_ports(Listener.SOCKS)) + self.assertEqual([], controller.get_ports(Listener.TRANS)) + self.assertEqual([], controller.get_ports(Listener.NATD)) + self.assertEqual([], controller.get_ports(Listener.DNS)) + + if test.runner.Torrc.PORT in runner.get_options(): + self.assertEqual([test.runner.CONTROL_PORT], controller.get_ports(Listener.CONTROL)) + else: + self.assertEqual([], controller.get_ports(Listener.CONTROL)) + + def test_get_listeners(self): + """ + Test Controller.get_listeners against a running tor instance. + """ + + if test.runner.require_control(self): + return + + runner = test.runner.get_runner() + + with runner.get_tor_controller() as controller: + self.assertEqual([], controller.get_listeners(Listener.OR)) + self.assertEqual([], controller.get_listeners(Listener.DIR)) + self.assertEqual([('127.0.0.1', test.runner.SOCKS_PORT)], controller.get_listeners(Listener.SOCKS)) + self.assertEqual([], controller.get_listeners(Listener.TRANS)) + self.assertEqual([], controller.get_listeners(Listener.NATD)) + self.assertEqual([], controller.get_listeners(Listener.DNS)) + + if test.runner.Torrc.PORT in runner.get_options(): + self.assertEqual([('127.0.0.1', test.runner.CONTROL_PORT)], controller.get_listeners(Listener.CONTROL)) + else: + self.assertEqual([], controller.get_listeners(Listener.CONTROL)) + + def test_get_socks_listeners(self): + """ + Test Controller.get_socks_listeners against a running tor instance. """ if test.runner.require_control(self): diff --git a/test/unit/control/controller.py b/test/unit/control/controller.py index 14dceea..171a781 100644 --- a/test/unit/control/controller.py +++ b/test/unit/control/controller.py @@ -13,7 +13,7 @@ import stem.util.system import stem.version from stem import InvalidArguments, InvalidRequest, ProtocolError, UnsatisfiableRequest -from stem.control import _parse_circ_path, Controller, EventType +from stem.control import _parse_circ_path, Listener, Controller, EventType from stem.exit_policy import ExitPolicy from test import mocking @@ -126,6 +126,55 @@ class TestControl(unittest.TestCase): @patch('stem.control.Controller.get_info') @patch('stem.control.Controller.get_conf') + def test_get_ports(self, get_conf_mock, get_info_mock): + """ + Exercises the get_ports() and get_listeners() methods. + """ + + # Exercise as an old version of tor that doesn't support the 'GETINFO + # net/listeners/*' options. + + get_info_mock.side_effect = InvalidArguments + + get_conf_mock.side_effect = lambda param, **kwargs: { + "ControlPort": "9050", + "ControlListenAddress": ["127.0.0.1"], + }[param] + + self.assertEqual([('127.0.0.1', 9050)], self.controller.get_listeners(Listener.CONTROL)) + self.assertEqual([9050], self.controller.get_ports(Listener.CONTROL)) + + # non-local addresss + + get_conf_mock.side_effect = lambda param, **kwargs: { + "ControlPort": "9050", + "ControlListenAddress": ["27.4.4.1"], + }[param] + + self.assertEqual([('27.4.4.1', 9050)], self.controller.get_listeners(Listener.CONTROL)) + self.assertEqual([], self.controller.get_ports(Listener.CONTROL)) + + # Exercise via the GETINFO option. + + get_info_mock.side_effect = None + get_info_mock.return_value = '"127.0.0.1:1112" "127.0.0.1:1114"' + + self.assertEqual( + [('127.0.0.1', 1112), ('127.0.0.1', 1114)], + self.controller.get_listeners(Listener.CONTROL) + ) + + self.assertEqual([1112, 1114], self.controller.get_ports(Listener.CONTROL)) + + # unix socket file + + get_info_mock.return_value = '"unix:/tmp/tor/socket"' + + self.assertEqual([], self.controller.get_listeners(Listener.CONTROL)) + self.assertEqual([], self.controller.get_ports(Listener.CONTROL)) + + @patch('stem.control.Controller.get_info') + @patch('stem.control.Controller.get_conf') def test_get_socks_listeners_old(self, get_conf_mock, get_info_mock): """ Exercises the get_socks_listeners() method as though talking to an old tor

1 0

[stem/master] Tutorial section for determining the exit you're using
by atagar＠torproject.org 24 Feb '14

24 Feb '14

commit a6f0255673a949ca9950007aa07f2c35359e79ca Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Feb 22 07:42:44 2014 -0800 Tutorial section for determining the exit you're using Neat idea from Arturo for a tutorial section showing users how to determine the exit node they're using at a given time. --- docs/tutorials/to_russia_with_love.rst | 74 +++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/docs/tutorials/to_russia_with_love.rst b/docs/tutorials/to_russia_with_love.rst index 4124a08..8e75e80 100644 --- a/docs/tutorials/to_russia_with_love.rst +++ b/docs/tutorials/to_russia_with_love.rst @@ -4,6 +4,7 @@ To Russia With Love * :ref:`using-socksipy` * :ref:`using-pycurl` * :ref:`reading-twitter` +* :ref:`determine-the-exit-you-re-using` .. _using-socksipy: @@ -97,7 +98,7 @@ Besides SocksiPy, you can also use `PycURL <http://pycurl.sourceforge.net/>`_ to import pycurl def query(url): - """ + """ Uses pycurl to fetch a site using the proxy on the SOCKS_PORT. """ @@ -172,3 +173,74 @@ Now lets do somthing a little more interesting, and read a Twitter feed over Tor .. image:: /_static/twitter_output.png +.. _determine-the-exit-you-re-using: + +Determine The Exit You're Using +--------------------------------- + +Finally, lets say you're using Tor and one day you run into something odd. Maybe a misconfigured relay, or maybe one that's being malicious. How can you figure out what exit you're using? + +Here's a simple script that prints information about the exits used to service the requests going through Tor... + +:: + + import functools + + from stem import StreamStatus + from stem.control import EventType, Controller + + def main(): + print "Tracking requests for tor exits. Press 'enter' to end." + print + + with Controller.from_port() as controller: + controller.authenticate() + + stream_listener = functools.partial(stream_event, controller) + controller.add_event_listener(stream_listener, EventType.STREAM) + + raw_input() # wait for user to press enter + + + def stream_event(controller, event): + if event.status == StreamStatus.SUCCEEDED: + circ = controller.get_circuit(event.circ_id) + + exit_fingerprint = circ.path[-1][0] + exit_relay = controller.get_network_status(exit_fingerprint) + + print "Exit relay for our connection to %s" % (event.target) + print " address: %s:%i" % (exit_relay.address, exit_relay.or_port) + print " fingerprint: %s" % exit_relay.fingerprint + print " nickname: %s" % exit_relay.nickname + print " locale: %s" % controller.get_info("ip-to-country/%s" % exit_relay.address, 'unknown') + print + + + if __name__ == '__main__': + main() + +Now if you make a request over tor... + +:: + + % curl --socks4a 127.0.0.1:9050 google.com + <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> + <TITLE>301 Moved</TITLE></HEAD><BODY> + <H1>301 Moved</H1> + The document has moved + <A HREF="http://www.google.com/">here</A>. + </BODY></HTML> + +... this script will tell you about the exit... + +:: + + % python example.py + Tracking requests for tor exits. Press 'enter' to end. + + Exit relay for our connection to 64.15.112.44:80 + address: 31.172.30.2:443 + fingerprint: A59E1E7C7EAEE083D756EE1FF6EC31CA3D8651D7 + nickname: chaoscomputerclub19 + locale: unknown

1 0

[tor/master] Include instructions on generating geoip files.
by nickm＠torproject.org 24 Feb '14

24 Feb '14

commit c857276bd79c5a92eba83e85d1cbe189b52b7244 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Fri Feb 21 19:13:33 2014 +0000 Include instructions on generating geoip files. Implements #10924. --- src/config/mmdb-convert.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/config/mmdb-convert.py b/src/config/mmdb-convert.py index 80fe6a0..21d170a 100644 --- a/src/config/mmdb-convert.py +++ b/src/config/mmdb-convert.py @@ -416,6 +416,13 @@ def dump_tree(entries, node, dump_item, prefix=""): else: assert node == None +GEOIP_FILE_HEADER = """\ +# Last updated based on %s Maxmind GeoLite2 Country +# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz +# gunzip GeoLite2-Country.mmdb.gz +# python mmdb-convert.py GeoLite2-Country.mmdb +""" + def write_geoip_file(filename, metadata, the_tree, dump_item, fmt_item): """Write the entries in the_tree to filename.""" entries = [] @@ -423,7 +430,7 @@ def write_geoip_file(filename, metadata, the_tree, dump_item, fmt_item): fobj = open(filename, 'w') build_epoch = metadata[0].map['build_epoch'].int_val() - fobj.write("# Last updated based on %s Maxmind GeoLite2 Country\n"% + fobj.write(GEOIP_FILE_HEADER % time.strftime('%B %-d %Y', time.gmtime(build_epoch))) unwritten = None

1 0

[arm/master] Moving flag and version status colors to config
by atagar＠torproject.org 24 Feb '14

24 Feb '14

commit df481c6ba04361210da781080c9c53608d762a65 Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Feb 15 14:08:53 2014 -0800 Moving flag and version status colors to config Moving some static configuration data from our source to a new attributes configuration. --- arm/config/attributes.cfg | 25 +++++++++++++++++++++++++ arm/header_panel.py | 37 ++++++------------------------------- arm/util/ui_tools.py | 2 +- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/arm/config/attributes.cfg b/arm/config/attributes.cfg new file mode 100644 index 0000000..340cbdc --- /dev/null +++ b/arm/config/attributes.cfg @@ -0,0 +1,25 @@ +# General configuration data used by arm. + +attr.flag_colors Authority => white +attr.flag_colors BadExit => red +attr.flag_colors BadDirectory => red +attr.flag_colors Exit => cyan +attr.flag_colors Fast => yellow +attr.flag_colors Guard => green +attr.flag_colors HSDir => magenta +attr.flag_colors Named => blue +attr.flag_colors Stable => blue +attr.flag_colors Running => yellow +attr.flag_colors Unnamed => magenta +attr.flag_colors Valid => green +attr.flag_colors V2Dir => cyan +attr.flag_colors V3Dir => white + +attr.version_status_colors new => blue +attr.version_status_colors new in series => blue +attr.version_status_colors obsolete => red +attr.version_status_colors recommended => green +attr.version_status_colors old => red +attr.version_status_colors unrecommended => red +attr.version_status_colors unknown => cyan + diff --git a/arm/header_panel.py b/arm/header_panel.py index 6232da3..de3c5a8 100644 --- a/arm/header_panel.py +++ b/arm/header_panel.py @@ -36,35 +36,10 @@ from util import panel, ui_tools, tor_controller MIN_DUAL_COL_WIDTH = 141 -FLAG_COLORS = { - "Authority": "white", - "BadExit": "red", - "BadDirectory": "red", - "Exit": "cyan", - "Fast": "yellow", - "Guard": "green", - "HSDir": "magenta", - "Named": "blue", - "Stable": "blue", - "Running": "yellow", - "Unnamed": "magenta", - "Valid": "green", - "V2Dir": "cyan", - "V3Dir": "white", -} - -VERSION_STATUS_COLORS = { - "new": "blue", - "new in series": "blue", - "obsolete": "red", - "recommended": "green", - "old": "red", - "unrecommended": "red", - "unknown": "cyan", -} - -CONFIG = conf.config_dict("arm", { - "features.showFdUsage": False, +CONFIG = conf.config_dict('arm', { + 'attr.flag_colors': {}, + 'attr.version_status_colors': {}, + 'features.showFdUsage': False, }) @@ -238,7 +213,7 @@ class HeaderPanel(panel.Panel, threading.Thread): if 7 + len(self.vals["tor/version"]) + len(self.vals["tor/versionStatus"]) <= content_space: if self.vals["tor/version"] != "Unknown": - version_color = VERSION_STATUS_COLORS[self.vals["tor/versionStatus"]] if self.vals["tor/versionStatus"] in VERSION_STATUS_COLORS else "white" + version_color = CONFIG['attr.version_status_colors'].get(self.vals["tor/versionStatus"], 'white') label_prefix = "Tor %s (" % self.vals["tor/version"] self.addstr(0, 43, label_prefix) @@ -380,7 +355,7 @@ class HeaderPanel(panel.Panel, threading.Thread): if len(self.vals["tor/flags"]) > 0: for i in range(len(self.vals["tor/flags"])): flag = self.vals["tor/flags"][i] - flag_color = FLAG_COLORS[flag] if flag in FLAG_COLORS.keys() else "white" + flag_color = CONFIG['attr.flag_colors'].get(flag, 'white') self.addstr(y, x, flag, curses.A_BOLD | ui_tools.get_color(flag_color)) x += len(flag) diff --git a/arm/util/ui_tools.py b/arm/util/ui_tools.py index 9e4a622..2b24b83 100644 --- a/arm/util/ui_tools.py +++ b/arm/util/ui_tools.py @@ -129,7 +129,7 @@ def _color_attr(): if not CONFIG['features.colorInterface']: COLOR_ATTR = DEFAULT_COLOR_ATTR elif curses.has_colors(): - color_attr = dict([(color, 0) for color in COLOR_LIST]) + color_attr = dict(DEFAULT_COLOR_ATTR) for color_pair, color_name in enumerate(COLOR_LIST): foreground_color = COLOR_LIST[color_name]

1 0