June 2014 - tor-commits - lists.torproject.org

[tor/master] Merge remote-tracking branch 'andrea/bug10616'
by nickm＠torproject.org 04 Jun '14

04 Jun '14

commit 0073c5b517c7e42188214fa5b8c7b61fac6ba248 Merge: e74c360 9815029 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 4 15:12:45 2014 -0400 Merge remote-tracking branch 'andrea/bug10616' changes/bug10616 | 4 ++++ src/or/connection_edge.c | 22 +++++++++++++++------- 2 files changed, 19 insertions(+), 7 deletions(-)

1 0

[tor/master] Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply()
by nickm＠torproject.org 04 Jun '14

04 Jun '14

commit 2de0281879be5abe8cb5a00ecf88549b3ed5c405 Author: Andrea Shepard <andrea(a)torproject.org> Date: Tue Jun 3 14:37:49 2014 -0700 Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply() --- src/or/connection_edge.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index a8ad9ec..49f9ba4 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2295,13 +2295,21 @@ connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, endreason == END_STREAM_REASON_RESOURCELIMIT) { if (!conn->edge_.on_circuit || !CIRCUIT_IS_ORIGIN(conn->edge_.on_circuit)) { - // DNS remaps can trigger this. So can failed hidden service - // lookups. - log_info(LD_BUG, - "No origin circuit for successful SOCKS stream "U64_FORMAT - ". Reason: %d", - U64_PRINTF_ARG(ENTRY_TO_CONN(conn)->global_identifier), - endreason); + if (endreason != END_STREAM_REASON_RESOLVEFAILED) { + log_info(LD_BUG, + "No origin circuit for successful SOCKS stream "U64_FORMAT + ". Reason: %d", + U64_PRINTF_ARG(ENTRY_TO_CONN(conn)->global_identifier), + endreason); + } + /* + * Else DNS remaps and failed hidden service lookups can send us + * here with END_STREAM_REASON_RESOLVEFAILED; ignore it + * + * Perhaps we could make the test more precise; we can tell hidden + * services by conn->edge_.renddata != NULL; anything analogous for + * the DNS remap case? + */ } else { // XXX: Hrmm. It looks like optimistic data can't go through this // codepath, but someone should probably test it and make sure.

1 0

[tor/master] Add changes file for bug10616
by nickm＠torproject.org 04 Jun '14

04 Jun '14

commit 9815029a2f1568cffb24919f151400b00ab82041 Author: Andrea Shepard <andrea(a)torproject.org> Date: Tue Jun 3 14:41:51 2014 -0700 Add changes file for bug10616 --- changes/bug10616 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/changes/bug10616 b/changes/bug10616 new file mode 100644 index 0000000..26f0bda --- /dev/null +++ b/changes/bug10616 @@ -0,0 +1,4 @@ + o Bugfixes: + - Squelch a spurious LD_BUG message "No origin circuit for successful + SOCKS stream" in certain hidden service failure cases; fixes bug + #10616.

1 0

[obfs-flash/master] - fix launching obfs3_flashproxy
by infinity0＠torproject.org 04 Jun '14

04 Jun '14

commit 29929c7f049f2ee738da2ca4e0c5cd6847cb4143 Author: Ximin Luo <infinity0(a)torproject.org> Date: Wed Jun 4 19:22:01 2014 +0100 - fix launching obfs3_flashproxy --- obfs-flash-client | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/obfs-flash-client b/obfs-flash-client index cc45d40..963d48a 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -415,7 +415,9 @@ def main(*args): if opts.f: file_contents = opts.f.read() configuration = Config.parse(file_contents) - pt_method_names = configuration.alias_map.keys() + pt_method_names = configuration.alias_map.keys() + else: + pt_method_names = ["obfs3_flashproxy"] client = ClientTransportPlugin() client.init(pt_method_names) # Initialize our possible methods to all the chains listed by the fog file and stored in alias map. @@ -429,7 +431,7 @@ def main(*args): if configuration: pt_launch_pair(reactor, client, opts.callback_port, configuration, pt_method_names[0]) else: - logging.warn("No configuration file specified. Defaulting to launching obfs|flashproxy pair.") + logging.warn("No configuration file specified. Defaulting to launching obfs3|flashproxy pair.") obfs3_flashproxy(reactor, client, opts.callback_port, opts.fp_remote, opts.fp_arg or []) reactor.run(installSignalHandlers=0)

1 0

[obfs-flash/master] Added a configuration class which reads in a fog-file. Added example fog-file. Added launching from a fog-file.
by infinity0＠torproject.org 04 Jun '14

04 Jun '14

commit a0688866101db87c5e4692dd8523c3c338efbcb5 Author: Quinn Jarrell <qjarrell(a)gosynapsify.com> Date: Mon Jun 2 15:30:46 2014 -0400 Added a configuration class which reads in a fog-file. Added example fog-file. Added launching from a fog-file. --- example-fog-config | 13 ++++ obfs-flash-client | 206 +++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 178 insertions(+), 41 deletions(-) diff --git a/example-fog-config b/example-fog-config new file mode 100644 index 0000000..746e5ad --- /dev/null +++ b/example-fog-config @@ -0,0 +1,13 @@ +#Based off of ticket #9744 +#Client transports are setup like so: +#ClientTransportPlugin name commandline +#For instance to launch obfs3, the client transport line should be this +#ClientTransportPlugin obfs3 obfsproxy managed +# +#For chaining transports together, an alias line is used. +#Alias chainname firsttransportname|secondtransportname +#tor expects alias to use underscores instead of pipes. So an alias links the tor version of a plugin chain to the actual plugins. See ticket #9580 + +ClientTransportPlugin dummy obfsproxy managed +ClientTransportPlugin b64 obfsproxy managed +Alias dummy_b64 dummy|b64 diff --git a/obfs-flash-client b/obfs-flash-client index 32c0c9c..cc45d40 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -25,7 +25,10 @@ from twisted.protocols.portforward import ProxyServer as _ProxyServer from twisted.python import log from txsocksx.client import SOCKS4ClientEndpoint -PT_METHOD_NAME = "obfs3_flashproxy" +import shlex + +import logging + def pt_child_env(managed_ver, env=os.environ): """ @@ -38,7 +41,7 @@ def pt_child_env(managed_ver, env=os.environ): cur_env.append(('TOR_PT_MANAGED_TRANSPORT_VER', ','.join(managed_ver))) return cur_env -class CMethod(namedtuple('MethodSpec', 'name protocol addrport args opts')): +class MethodSpec(namedtuple('MethodSpec', 'name protocol addrport args opts')): @classmethod def fromLine(cls, line): args = line.rstrip('\n').split(' ') @@ -47,7 +50,7 @@ class CMethod(namedtuple('MethodSpec', 'name protocol addrport args opts')): addrport = parse_addr_spec(args[2]) args = args[3][-5:].split(',') if len(args) > 3 and args[3].startswith("ARGS=") else [] opts = args[4][-9:].split(',') if len(args) > 4 and args[4].startswith("OPT-ARGS=") else [] - return CMethod(name, protocol, addrport, args, opts) + return MethodSpec(name, protocol, addrport, args, opts) def branch(parent): """ @@ -103,7 +106,7 @@ class ManagedTransportProtocolV1(LineReceiver): if version != self.protocol_version: self._abort(ValueError("child used unsupported managed transport version: %s" % version)) elif kw == "CMETHOD": - cmethod = CMethod.fromLine(args) + cmethod = MethodSpec.fromLine(args) self.cmethods[cmethod.name] = cmethod elif kw == "CMETHODS" and args == "DONE": self._fireCMethodsDone().callback(self.cmethods) @@ -218,99 +221,220 @@ if sys.platform == "win32": self.proto.makeConnection(self) -def pt_launch_child(reactor, client, methodnames, cmdline): +def pt_launch_child(reactor, client, methodnames, pt_method_name, cmdline): """Launch a child PT and ensure it has the right transport methods.""" cur_env = pt_child_env(ManagedTransportProtocolV1.protocol_version) + environment = dict(cur_env + { + "TOR_PT_CLIENT_TRANSPORTS": ",".join(methodnames), + }.items()) sub_proc = Popen(cmdline, stdout = PIPE, - env = dict(cur_env + { - "TOR_PT_CLIENT_TRANSPORTS": ",".join(methodnames), - }.items()), + env = environment, ) sub_protocol = ManagedTransportProtocolV1() # we ought to pass reactor=reactor in below, but this breaks Twisted 12 StandardIO(sub_protocol, stdin=sub_proc.stdout.fileno()) methoddefers = [sub_protocol.whenCMethodsDone().addCallback( - partial(pt_require_child, client, name)) + partial(pt_require_child, client, name, pt_method_name)) for name in methodnames] return sub_proc, sub_protocol, methoddefers -def pt_require_child(client, childmethod, cmethods): +def pt_require_child(client, childmethod, pt_method_name, cmethods): """Callback for checking a child PT has the right transport methods.""" if childmethod not in cmethods: - client.reportMethodError(PT_METHOD_NAME, "failed to start required child transport: %s" % childmethod) + client.reportMethodError(pt_method_name, "failed to start required child transport: %s" % childmethod) raise ValueError() return cmethods[childmethod] -def obfs3_flashproxy(reactor, client, obfs_out, fp_remote, fp_args=[], fp_local=0): +def pt_launch_pair(reactor, client, callback_port, configuration, pt_method_name): """ - Set up the obfs3_flashproxy combined PT. - + Launches a pair of pluggable transports. Currently only supports chaining two transports together. + The pair is set by pt_method_names :param twisted.internet.interfaces.IReactor reactor: Reactor to install this PT to. :param pyptlib.client.ClientTransportPlugin client: PT client API. - :param int obfs_out: Local listen port for obfsproxy to connect to. - :param str fp_remote: Listen address for remote flashproxy connections. - :param int fp_local: Local listen port for local flashproxy connections. + :param int callback_port: Local listen port for the first PT to connect to. + :param Config configuration: The configuration structure for this pair. + :param String pt_method_name: The name of the pt chain to launch. Ex: "obfs3_flashproxy" """ - ob_client = os.getenv("OBFSPROXY", "obfsproxy") - fp_client = os.getenv("FLASHPROXY_CLIENT", "flashproxy-client") + #TODO Modify pt_launch_pair to launch more than 2 transports + + if pt_method_name in configuration.alias_map: + pt_chain = configuration.alias_map[pt_method_name] + else: + logging.error('Pluggable Transport Combination %s not found in configuration alias map.' % pt_method_name) + raise KeyError() - # start fp and ensure that it launches OK - _, _, fp_defer = pt_launch_child(reactor, client, - ["flashproxy"], [fp_client, "--transport", "obfs3|websocket"] + fp_args + - ['127.0.0.1:%s' % fp_local, fp_remote]) + defer_list = [] - # start ob and ensure that it launches OK - _, _, ob_defer = pt_launch_child(reactor, client, - ["obfs3"], [ob_client, "managed"]) + for pt in pt_chain: + if pt in configuration.transport_map: + pt_cmdline = configuration.transport_map[pt] + else: + logging.error("Pluggable transport %s not found in transport_map. Check your configuration file." % str(pt)) + raise ValueError() + _, _, defer = pt_launch_child(reactor, client, [pt], pt_method_name, pt_cmdline) + defer_list.extend(defer) + whenAllDone = DeferredList(defer_list, consumeErrors=False) - whenAllDone = DeferredList(fp_defer + ob_defer, consumeErrors=True) def allDone(success_list): - success = all(r[0] for r in success_list) + """ + :param success_list: A list of tuples containing a launch status boolean, MethodSpec pairs. + Ex: [(True, MethodSpec(name='dummy', protocol='socks4', addrport=('127.0.0.1', 58982), args=[], opts=[])), + (True, MethodSpec(name='b64', protocol='socks4', addrport=('127.0.0.1', 58981), args=[], opts=[]))] + """ + + success = all(r[0] for r in success_list if r[1].name in pt_chain) # failure was already reported by pt_require_child, just return if not success: return - fp_result = [r[1] for r in success_list if r[1].name == "flashproxy"][0] - ob_result = [r[1] for r in success_list if r[1].name == "obfs3"][0] - fp_port = fp_result.addrport[1] # if port was 0, read the actual port + result1 = [r[1] for r in success_list if r[1].name == pt_chain[0]][0] # Normally obfs3 result + result2 = [r[1] for r in success_list if r[1].name == pt_chain[1]][0] # Normally flashproxy result + destination_port = result2.addrport[1] # if port was 0, read the actual port # shim to wrap obfs data output to SOCKS input for flashproxy - reactor.listenTCP(interface='127.0.0.1', port=obfs_out, factory= - SOCKS4WrapperFactory('127.0.0.1', fp_port, '0.0.1.0', 1)) - + reactor.listenTCP(interface='127.0.0.1', port=callback_port, factory= + SOCKS4WrapperFactory('127.0.0.1', destination_port, '0.0.1.0', 1)) # now report success of the overall composed PT - client.reportMethodSuccess(PT_METHOD_NAME, ob_result.protocol, ob_result.addrport) + client.reportMethodSuccess(pt_method_name, result1.protocol, result1.addrport) client.reportMethodsEnd() whenAllDone.addCallback(allDone) +class Config(): + # Transport map links a pluggable transport name to the a commandline to launch it. + # Ex: {'b64' : 'exec obfsproxy managed'} + transport_map = None + + #Alias map links a pluggable transport chain name to a list of individual pluggable transports + # Ex: {'dummy_b64_dummy2' : ['dummy''b64''dummy2']} + alias_map = None + + def __init__(self, transport_map, alias_map): + self.transport_map = transport_map + self.alias_map = alias_map + + def __repr__(self): + return "Config(%s, %s)" % (self.transport_map, self.alias_map) + + def __str__(self): + return "Config Object with transport_map: %s, and alias_map %s." % (self.transport_map, self.alias_map) + + @classmethod + def parse(cls, config_string): + """ + Reads a configuration string and returns an instance of configuration. Uses shlex to parse configuration lines. + :param String config_string: The string which will be parsed to populate the transport_map and alias_map hash tables. + See the file example-fog-config for format. + """ + # TODO Add possibility of reading a ClientTransportPlugin with multiple transport types + # Ex: ClientTransportPlugin obfs3,scramblesuit obfsclient --option=value + + line_counter = 0 + lines = config_string.split('\n') + transport_map = {} + alias_map = {} + + for line in lines: + line_counter += 1 + if len(line) > 0 and line[0] != '#' : # Check for empty lines and comment tags on the first + line = line.strip() + delimited_tokens = shlex.split(line) + if len(delimited_tokens) > 1: + config_line_type = delimited_tokens[0] # This can be either Alias or ClientTransportPlugin + if config_line_type == 'ClientTransportPlugin': + cls.parse_transport_line(transport_map, delimited_tokens, line_counter) + elif config_line_type == 'Alias': + cls.parse_alias_line(alias_map, transport_map, delimited_tokens, line_counter) + else: + logging.warn("Configuration file has unknown line %s: '%s'" % (line_counter, line)) + return cls(transport_map, alias_map) + + @classmethod + def parse_transport_line(cls, transport_map, delimited_tokens, line_counter): + transport_name = delimited_tokens[1] + transport_cmdline = delimited_tokens[2:] + if transport_name in transport_map: + raise ValueError('Configuration file has duplicate ClientTransportPlugin lines. Duplicate line is at line number %s' % line_counter) + transport_map[transport_name] = transport_cmdline + + @classmethod + def parse_alias_line(cls, alias_map, transport_map, delimited_tokens, line_counter): + alias_name = delimited_tokens[1] # Example: "obfs3_flashproxy" + alias_path = delimited_tokens[2].split('|') # Example: "obfs3|flashproxy" + if alias_name in alias_map: + raise ValueError('Configuration file has duplicate Alias lines. Duplicate line is at line number %s' % line_counter) + for pt_name in alias_path: + if pt_name not in transport_map: + raise KeyError('Transport map is missing pluggable transport %s needed for chain %s. Check your configuration file for a ClientTransportPlugin line can launch %s' % (pt_name, alias_name, pt_name)) + alias_map[alias_name] = alias_path + +def obfs3_flashproxy(reactor, client, callback_port, fp_remote, fp_args=[], fp_local=0): + """ + Set up the obfs3_flashproxy combined PT. + + :param twisted.internet.interfaces.IReactor reactor: Reactor to install this PT to. + :param pyptlib.client.ClientTransportPlugin client: PT client API. + :param int callback_port: Local listen port for obfsproxy to connect to. + :param str fp_remote: Listen address for remote flashproxy connections. + :param int fp_local: Local listen port for local flashproxy connections. + """ + + ob_client = os.getenv("OBFSPROXY", "obfsproxy") + fp_client = os.getenv("FLASHPROXY_CLIENT", "flashproxy-client") + + fp_cmdline = [fp_client, "--transport", '"obfs3|websocket"'] + fp_args + ['127.0.0.1:%s' % fp_local, fp_remote] + obfs_cmd_line = [ob_client, "managed"] + + transport_map = {'obfs3': obfs_cmd_line, 'flashproxy': fp_cmdline} + alias_map = {'obfs3_flashproxy': ['obfs3', 'flashproxy']} + + configuration = Config(transport_map, alias_map) + pt_launch_pair(reactor, client, callback_port, configuration, "obfs3_flashproxy") # Launch + def main(*args): parser = argparse.ArgumentParser() - parser.add_argument("obfs_out", help="local listen port for obfsproxy to " - "connect to. This must match the appropriate 'Bridge %s' line in your " - "torrc." % PT_METHOD_NAME, + parser.add_argument("callback_port", help="local listen port for obfsproxy to " + "connect to. This must match the appropriate bridge line in your " # TODO print bridge line + "torrc.", metavar='PORT', type=int) parser.add_argument("fp_remote", help="remote connections listen address " "for flashproxy, default %(default)s", metavar='REMOTE:PORT', nargs='?', default=":9000") parser.add_argument("--fp-arg", help="arguments for flashproxy-client", metavar='ARG', action='append') + parser.add_argument("-f", help="fog configuration file path", + metavar='FOGFILE', type=argparse.FileType('r')) + # TODO(infinity0): add an "external" mode, which would require us to run # obfsproxy in external mode too. opts = parser.parse_args(args) + # ensure str address is valid _, _, = parse_addr_spec(opts.fp_remote, defhost="0.0.0.0") + configuration = None + + if opts.f: + file_contents = opts.f.read() + configuration = Config.parse(file_contents) + pt_method_names = configuration.alias_map.keys() client = ClientTransportPlugin() - client.init([PT_METHOD_NAME]) + client.init(pt_method_names) # Initialize our possible methods to all the chains listed by the fog file and stored in alias map. if not client.getTransports(): - print >> sys.stderr, "no transports to serve" + logging.error("no transports to serve. pt_method_names may be invalid.") return 1 from twisted.internet import reactor auto_killall(1, cleanup=reactor.stop) - obfs3_flashproxy(reactor, client, opts.obfs_out, opts.fp_remote, opts.fp_arg or []) + #TODO Change from launching a single pair to launching multiple chains. + if configuration: + pt_launch_pair(reactor, client, opts.callback_port, configuration, pt_method_names[0]) + else: + logging.warn("No configuration file specified. Defaulting to launching obfs|flashproxy pair.") + obfs3_flashproxy(reactor, client, opts.callback_port, opts.fp_remote, opts.fp_arg or []) + reactor.run(installSignalHandlers=0) return 0 if __name__ == "__main__": sys.exit(main(*sys.argv[1:])) +

1 0

[tor/master] Merge remote-tracking branch 'public/bug12195'
by nickm＠torproject.org 04 Jun '14

04 Jun '14

commit e74c3601567ab0ca14c5e2a7b9b40b416a47001e Merge: ea44287 84ed086 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 4 12:16:03 2014 -0400 Merge remote-tracking branch 'public/bug12195' changes/bug12195 | 7 +++++++ src/or/command.c | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --cc src/or/command.c index 9b3ff16,f638fad..105bdc6 --- a/src/or/command.c +++ b/src/or/command.c @@@ -526,9 -500,9 +527,10 @@@ command_process_destroy_cell(cell_t *ce log_debug(LD_OR,"Received for circID %u.",(unsigned)cell->circ_id); reason = (uint8_t)cell->payload[0]; + circ->received_destroy = 1; if (!CIRCUIT_IS_ORIGIN(circ) && + chan == TO_OR_CIRCUIT(circ)->p_chan && cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) { /* the destroy came from behind */ circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);

1 0

[tor/master] Fix ancient code that only checked circ_id, not circ_id and chan
by nickm＠torproject.org 04 Jun '14

04 Jun '14

commit 84ed086d4858ed14de4a4a8bfc3283a73b7c4657 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 3 18:19:08 2014 -0400 Fix ancient code that only checked circ_id, not circ_id and chan This code mis-handled the case where a circuit got the same circuit ID in both directions. I found three instances of it in the codebase, by grepping for [pn]_circ_id. Because of the issue in command_process_relay_cell(), this would have made roughly one circuit in a million completely nonfunctional. Fixes bug 12195. --- changes/bug12195 | 7 +++++++ src/or/command.c | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/changes/bug12195 b/changes/bug12195 new file mode 100644 index 0000000..f798129 --- /dev/null +++ b/changes/bug12195 @@ -0,0 +1,7 @@ + o Major bugfixes: + - When a circuit accidentally has the same circuit ID for its + forward and reverse direction, correctly detect the direction of + cells using that circuit. Previously, this would have made + roughly one circuit in a million non-functional. Fixes bug + 12195; this is a bugfix on every version of Tor. + diff --git a/src/or/command.c b/src/or/command.c index 699b02f..f638fad 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -349,7 +349,7 @@ command_process_created_cell(cell_t *cell, channel_t *chan) return; } - if (circ->n_circ_id != cell->circ_id) { + if (circ->n_circ_id != cell->circ_id || circ->n_chan != chan) { log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL, "got created cell from Tor client? Closing."); circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL); @@ -434,6 +434,7 @@ command_process_relay_cell(cell_t *cell, channel_t *chan) } if (!CIRCUIT_IS_ORIGIN(circ) && + chan == TO_OR_CIRCUIT(circ)->p_chan && cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) direction = CELL_DIRECTION_OUT; else @@ -501,6 +502,7 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan) reason = (uint8_t)cell->payload[0]; if (!CIRCUIT_IS_ORIGIN(circ) && + chan == TO_OR_CIRCUIT(circ)->p_chan && cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) { /* the destroy came from behind */ circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);

1 0

[stem/master] Accounting for unattached streams in the exit_used example
by atagar＠torproject.org 04 Jun '14

04 Jun '14

commit f46974987106e3246482158e009491faa07bbae4 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jun 4 08:58:38 2014 -0700 Accounting for unattached streams in the exit_used example Issue mentioned on... https://stem.torproject.org/tutorials/examples/exit_used.html --- docs/tutorials/examples/exit_used.rst | 2 +- stem/response/events.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/examples/exit_used.rst b/docs/tutorials/examples/exit_used.rst index a4011f1..26a9a63 100644 --- a/docs/tutorials/examples/exit_used.rst +++ b/docs/tutorials/examples/exit_used.rst @@ -32,7 +32,7 @@ the requests going through Tor... def stream_event(controller, event): - if event.status == StreamStatus.SUCCEEDED: + if event.status == StreamStatus.SUCCEEDED and event.circ_id: circ = controller.get_circuit(event.circ_id) exit_fingerprint = circ.path[-1][0] diff --git a/stem/response/events.py b/stem/response/events.py index 773769f..582eb22 100644 --- a/stem/response/events.py +++ b/stem/response/events.py @@ -876,7 +876,8 @@ class StreamEvent(Event): :var str id: stream identifier :var stem.StreamStatus status: reported status for the stream - :var str circ_id: circuit that the stream is attached to + :var str circ_id: circuit that the stream is attached to, this is **None** of + the stream is unattached :var str target: destination of the stream :var str target_address: destination address (ip, hostname, or '(Tor_internal)') :var int target_port: destination port

1 0

[stem/master] Changing descriptor archive links from Metrics to CollecTor
by atagar＠torproject.org 04 Jun '14

04 Jun '14

commit a54d6430f802c270f70ee9cf850a34ec67245f02 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jun 4 08:46:35 2014 -0700 Changing descriptor archive links from Metrics to CollecTor Karsten just released CollecTor, a site that's replacing the Metrics archive. Adjusting our links... https://lists.torproject.org/pipermail/tor-dev/2014-June/006942.html --- docs/change_log.rst | 2 +- docs/tutorials/mirror_mirror_on_the_wall.rst | 4 ++-- stem/descriptor/__init__.py | 2 +- stem/descriptor/extrainfo_descriptor.py | 8 +++++--- stem/descriptor/networkstatus.py | 9 ++++++--- stem/descriptor/server_descriptor.py | 12 ++++++++---- 6 files changed, 23 insertions(+), 14 deletions(-) diff --git a/docs/change_log.rst b/docs/change_log.rst index cc68644..58fca66 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -60,7 +60,7 @@ among numerous other improvements and fixes. * Added `support for CIRC_BW events <api/response.html#stem.response.events.CircuitBandwidthEvent>`_ (:spec:`6f2919a`) * Added `support for CELL_STATS events <api/response.html#stem.response.events.CellStatsEvent>`_ (:spec:`6f2919a`) * Added `support for TB_EMPTY events <api/response.html#stem.response.events.TokenBucketEmptyEvent>`_ (:spec:`6f2919a`) - * Added `support for HS_DESC events <api/response.html#stem.response.events.HSDescEvent>`_ (:spec:`a67ac4d`, :trac:`10807`) + * Added `support for HS_DESC events <api/response.html#stem.response.events.HSDescEvent>`_ (:trac:`10807`, :spec:`a67ac4d`) * Changed :func:`~stem.control.Controller.get_network_status` and :func:`~stem.control.Controller.get_network_statuses` to provide :class:`~stem.descriptor.router_status_entry.RouterStatusEntryMicroV3` if Tor is using microdescriptors (:trac:`7646`) * The :func:`~stem.connection.connect_port` and :func:`~stem.connection.connect_socket_file` didn't properly mark the Controller it returned as being authenticated, causing event listening among other things to fail * The :func:`~stem.control.Controller.add_event_listener` method couldn't accept event types that Stem didn't already recognize diff --git a/docs/tutorials/mirror_mirror_on_the_wall.rst b/docs/tutorials/mirror_mirror_on_the_wall.rst index a5ba5e6..0db54c3 100644 --- a/docs/tutorials/mirror_mirror_on_the_wall.rst +++ b/docs/tutorials/mirror_mirror_on_the_wall.rst @@ -64,8 +64,8 @@ Listing the current relays in the Tor network is as easy as... Where can I get past descriptors? --------------------------------- -Descriptor archives are available on `Tor's metrics site -<https://metrics.torproject.org/data.html>`_. These archives can be read with +Descriptor archives are available from `CollecTor +<https://collector.torproject.org/>`_. These archives can be read with the `DescriptorReader <../api/descriptor/reader.html>`_... :: diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py index 4270cb9..887ab5b 100644 --- a/stem/descriptor/__init__.py +++ b/stem/descriptor/__init__.py @@ -87,7 +87,7 @@ def parse_file(descriptor_file, descriptor_type = None, validate = True, documen tries to determine the descriptor type based on the following... * The @type annotation on the first line. These are generally only found in - the `descriptor archives <https://metrics.torproject.org>`_. + the `CollecTor archives <https://collector.torproject.org/formats.html#relay-descriptors>`_. * The filename if it matches something from tor's data directory. For instance, tor's 'cached-descriptors' contains server descriptors. diff --git a/stem/descriptor/extrainfo_descriptor.py b/stem/descriptor/extrainfo_descriptor.py index da81567..72bc672 100644 --- a/stem/descriptor/extrainfo_descriptor.py +++ b/stem/descriptor/extrainfo_descriptor.py @@ -14,13 +14,15 @@ usage statistics. Tor clients cannot request these documents for bridges. Extra-info descriptors are available from a few sources... -* if you have 'DownloadExtraInfo 1' in your torrc... +* If you have 'DownloadExtraInfo 1' in your torrc... * control port via 'GETINFO extra-info/digest/\*' queries * the 'cached-extrainfo' file in tor's data directory -* tor metrics, at https://metrics.torproject.org/data.html -* directory authorities and mirrors via their DirPort +* Archived descriptors provided by CollecTor + (https://collector.torproject.org/) + +* Directory authorities and mirrors via their DirPort. **Module Overview:** diff --git a/stem/descriptor/networkstatus.py b/stem/descriptor/networkstatus.py index 6cf0880..2310683 100644 --- a/stem/descriptor/networkstatus.py +++ b/stem/descriptor/networkstatus.py @@ -5,9 +5,12 @@ Parsing for Tor network status documents. This supports both the v2 and v3 dir-spec. Documents can be obtained from a few sources... -* the 'cached-consensus' file in tor's data directory -* tor metrics, at https://metrics.torproject.org/data.html -* directory authorities and mirrors via their DirPort +* The 'cached-consensus' file in Tor's data directory. + +* Archived descriptors provided by CollecTor + (https://collector.torproject.org/) + +* Directory authorities and mirrors via their DirPort. ... and contain the following sections... diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 9416582..78e8741 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -6,10 +6,14 @@ Parsing for Tor server descriptors, which contains the infrequently changing information about a Tor relay (contact information, exit policy, public keys, etc). This information is provided from a few sources... -* control port via 'GETINFO desc/\*' queries -* the 'cached-descriptors' file in tor's data directory -* tor metrics, at https://metrics.torproject.org/data.html -* directory authorities and mirrors via their DirPort +* The control port via 'GETINFO desc/\*' queries. + +* The 'cached-descriptors' file in Tor's data directory. + +* Archived descriptors provided by CollecTor + (https://collector.torproject.org/) + +* Directory authorities and mirrors via their DirPort. **Module Overview:**

1 0

[metrics-db/master] Extend new CollecTor homepage.
by karsten＠torproject.org 04 Jun '14

04 Jun '14

commit 447e394f0c69124ee8254f55e3762e1b1e4efd73 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Wed Jun 4 17:19:42 2014 +0200 Extend new CollecTor homepage. At this point, everything relevant from the metrics website should be included. --- web/css/style.css | 31 +-- web/formats.html | 551 +++++++++++++++++++++++++++++++++++++++++++++++++++++ web/index.html | 151 +++++++++++---- 3 files changed, 673 insertions(+), 60 deletions(-) diff --git a/web/css/style.css b/web/css/style.css index 9978a5d..344d8e6 100644 --- a/web/css/style.css +++ b/web/css/style.css @@ -1,38 +1,13 @@ body { font-family: "Open Sans","lucida grande","Segoe UI",arial,verdana, "lucida sans unicode",tahoma,sans-serif; background: #fafafa; font-size: 13px; line-height: 22px; color: #222; } -h1 { font-size: 20px; font-weight: normal; text-align: center; } -h3 { color: #7D4698; position: relative } a { color: #7D4698; text-decoration: none; font-weight: bold; } -ul { list-style: none; padding: 0; margin: 0; } p { margin: 0; padding: 10px; } a[name] { padding: 0; margin: 0; } .box { max-width: 850px; width: 100%; margin: 0 auto 30px auto; padding-bottom: 30px; background: white; border: 1px solid #eee; } .box > * { margin-left: 30px; margin-right: 30px; } -.box h3 a { visibility: hidden; } -.box:hover h3 a { visibility: visible; } -.api-request { border-bottom: 1px solid #eee; position: relative } -.request-url, .request-type, .request-response { padding: 8px 10px; - vertical-align: middle } -.request-type { color: #57145F; display: inline-block; } -.request-url { color: #333; font-size: 18px; } -.request-response { position: absolute; color: #666; right: 0; } -h3 .request-response { padding: 0 !important; } -.api-urls>li:last-child { border-bottom: 0; } -.required-true, .required-false, .typeof { display: inline-block; - vertical-align: middle; padding: 5px 10px; } -.required-true { color: #1d7508; } -.required-false { color: #aaa; } -.properties { margin-top: 10px; margin-bottom: 10px; - border: 1px solid #eee; } -.properties li { padding: 5px 0; } -.properties li ul { border: 1px solid #eee; margin: 10px 10px 10px 40px; - background: white; } -.properties .properties { margin-left: 10px; } -.properties li:nth-child(even) { background: #fafafa; } -.properties p { padding: 10px 15px; } -.properties b { padding: 5px 10px; display: inline-block; - vertical-align: middle; } -.api-urls{ margin-top: 30px; margin-bottom: 30px; } +.box h2 a { visibility: hidden; } +.box:hover h2 a { visibility: visible; } +h3 .type-annotation { float: right; color: #666; } diff --git a/web/formats.html b/web/formats.html new file mode 100644 index 0000000..68fddee --- /dev/null +++ b/web/formats.html @@ -0,0 +1,551 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<html> +<head> +<title>CollecTor — What is in the data?</title> +<link href="css/style.css" type="text/css" rel="stylesheet"> +<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> +<link href="favicon.ico" type="image/x-icon" rel="shortcut icon"> +</head> +<body> + +<div class="box"> + +<h1><a href="index.html">CollecTor</a> —</h1> +<h2>What is in the data?</h2> + +<p> +The Tor network data provided here comes from five different sources which +are explained in more detail on this page. +You may either read through the entire page or jump to the type of data +you're most interested in: + +<ul> +<li><a href="#relay-descriptors">Tor relay descriptors</a></li> +<li><a href="#bridge-descriptors">Tor bridge descriptors</a></li> +<li><a href="#bridge-pool-assignments">BridgeDB's bridge pool +assignments</a></li> +<li><a href="#exit-lists">TorDNSEL's exit lists</a></li> +<li><a href="#torperf">Torperf's performance data</a></li> +</ul> + +<p> +Each descriptor provided here contains an <tt>@type</tt> annotation using +the format <tt>@type $descriptortype $major.$minor</tt>. +Any tool that processes these descriptors may parse files without meta +data or with an unknown descriptor type at its own risk, can safely parse +files with known descriptor type and same major version number, and should +not parse files with known descriptor type and higher major version +number. +</p> + +</div>  + +<div class="box"> + +<a name="relay-descriptors"></a> +<h2>Tor relay descriptors <a href="#relay-descriptors">#</a></h2> + +<p> +Relays and directory authorities publish relay descriptors, so that +clients can select relays for their paths through the Tor network. +All these relay descriptors are specified in the +<a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt">Tor +directory protocol, version 3</a> specification document (or in the +earlier protocol versions +<a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec-v2.txt">2</a> or +<a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/attic/dir-spec-v1.txt">1</a>). +This page shall give a quick overview of what relay descriptors are +available. +</p> + +<h3>Server descriptors +(<a href="archive/relay-descriptors/server-descriptors/">archive</a>, +<a href="recent/relay-descriptors/server-descriptors/">recent</a>) +<span class="type-annotation"><tt>@type server-descriptor 1.0</tt></span> +</h3> + +<p> +Server descriptors contain information that relays publish about +themselves. +Tor clients once downloaded this information, but now they use +microdescriptors instead. +The server descriptors in +<a href="archive/relay-descriptors/server-descriptors/">archive</a> +contain one descriptor per file, whereas the files in +<a href="recent/relay-descriptors/server-descriptors/">recent</a> +contain all descriptors collected in an hour concatenated into a single +file. +</p> + +<h3>Extra-info descriptors +(<a href="archive/relay-descriptors/extra-infos/">archive</a>, +<a href="recent/relay-descriptors/extra-infos/">recent</a>) +<span class="type-annotation"><tt>@type extra-info 1.0</tt></span> +</h3> + +<p> +Extra-info descriptors contain relay information that Tor clients do not +need in order to function. +This is self-published, like server descriptors, but not downloaded by +clients by default. +The extra-info descriptors in +<a href="archive/relay-descriptors/extra-infos/">archive</a> +contain one descriptor per file, whereas the files in +<a href="recent/relay-descriptors/extra-infos/">recent</a> +contain all descriptors collected in an hour concatenated into a single +file. +</p> + +<h3>Network status consensuses +(<a href="archive/relay-descriptors/consensuses/">archive</a>, +<a href="recent/relay-descriptors/consensuses/">recent</a>) +<span class="type-annotation"><tt>@type network-status-consensus-3 +1.0</tt></span> +</h3> + +<p> +Though Tor relays are decentralized, the directories that track the +overall network are not. +These central points are called directory authorities, and every hour they +publish a document called a consensus, or network status document. +The consensus in turn is made up of router status entries containing +flags, heuristics used for relay selection, etc. +</p> + +<h3>Network status votes +(<a href="archive/relay-descriptors/votes/">archive</a>, +<a href="recent/relay-descriptors/votes/">recent</a>) +<span class="type-annotation"><tt>@type network-status-vote-3 +1.0</tt></span> +</h3> + +<p> +The directory authorities exchange votes every hour to come up with a +common consensus. +Vote documents are by far the largest documents provided here. +</p> + +<h3>Directory key certificates +(<a href="archive/relay-descriptors/certs.xz">archive</a>) +<span class="type-annotation"><tt>@type dir-key-certificate-3 +1.0</tt></span> +</h3> + +<p> +The directory authorities sign their votes and the consensus with their +key that they publish in a key certificate. +These key certificates change once every few months, so they are only +available in the +<a href="archive/relay-descriptors/certs.xz">archive</a>. +</p> + +<h3>Microdescriptor consensuses +(<a href="archive/relay-descriptors/microdescs/">archive</a>, +<a href="recent/relay-descriptors/microdescs/">recent</a>) +<span class="type-annotation"><tt>@type +network-status-microdesc-consensus-3 1.0</tt></span> +</h3> + +<p> +Tor clients used to download all server descriptors of active relays, but +now they only download the smaller microdescriptors which are derived from +server descriptors. +The microdescriptor consensus lists all active relays and references their +currently used microdescriptor. +The tarballs in +<a href="archive/relay-descriptors/microdescs/">archive</a> +contain both microdescriptor consensuses and referenced microdescriptors +together. +</p> + +<h3>Microdescriptors +(<a href="archive/relay-descriptors/microdescs/">archive</a>, +<a href="recent/relay-descriptors/microdescs/">recent</a>) +<span class="type-annotation"><tt>@type microdescriptor 1.0</tt></span> +</h3> + +<p> +Microdescriptors are minimalistic documents that just includes the +information necessary for Tor clients to work. +The tarballs in +<a href="archive/relay-descriptors/microdescs/">archive</a> +contain both microdescriptor consensuses and referenced microdescriptors +together. +The microdescriptors in +<a href="archive/relay-descriptors/microdescs/">archive</a> +contain one descriptor per file, whereas the files in +<a href="recent/relay-descriptors/microdescs/">recent</a> +contain all descriptors collected in an hour concatenated into a single +file. +</p> + +<h3>Version 2 network statuses +(<a href="archive/relay-descriptors/statuses/">archive</a>) +<span class="type-annotation"><tt>@type network-status-2 1.0</tt></span> +</h3> + +<p> +Version 2 network statuses have been published by the directory +authorities before consensuses have been introduced. +In contrast to consensuses, each directory authority published their own +authoritative view on the network, and clients combined these documents +locally. +We stopped archiving version 2 network statuses in 2012. +</p> + +<h3>Version 1 directories +(<a href="archive/relay-descriptors/tor/">archive</a>) +<span class="type-annotation"><tt>@type directory 1.0</tt></span> +</h3> + +<p> +The first directory protocol version combined the list of active relays +with server descriptors in a single directory document. +We stopped archiving version 1 directories in 2007. +</p> + +</div>  + +<div class="box"> + +<a name="bridge-descriptors"></a> +<h2>Tor bridge descriptors <a href="#bridge-descriptors">#</a></h2> + +<p> +Bridges and the bridge authority publish bridge descriptors that are used +by censored clients to connect to the Tor network. +We cannot, however, make bridge descriptors available as we do with relay +descriptors, because that would defeat the purpose of making bridges hard +to enumerate for censors. +We therefore sanitize bridge descriptors by removing all potentially +identifying information and publish sanitized versions here. +The sanitizing steps are as follows: +</p> + +<ol> +<li><b>Replace the bridge identity with its SHA1 value:</b> Clients +can request a bridge's current descriptor by sending its identity string +to the bridge authority. +This is a feature to make bridges on dynamic IP addresses useful. +Therefore, the original identities (and anything that could be used to +derive them) need to be removed from the descriptors. +The bridge identity is replaced with its SHA1 hash value. +The idea is to have a consistent replacement that remains stable over +months or even years (without keeping a secret for a keyed hash +function).</li> +<li><b>Remove all cryptographic keys and signatures:</b> It would be +straightforward to learn about the bridge identity from the bridge's +public key. +Replacing keys by newly generated ones seemed to be unnecessary (and would +involve keeping a state over months/years), so that all cryptographic +objects have simply been removed.</li> +<li><b>Replace IP address with IP address hash:</b> Of course, IP +addresses need to be sanitized, too. +<ul><li>IPv4 addresses are replaced with <tt>10.x.x.x</tt> with +<tt>x.x.x</tt> being the 3 byte output of +<tt>H(IP address | bridge identity | secret)[:3]</tt>. +The input <tt>IP address</tt> is the 4-byte long binary representation of +the bridge's current IP address. +The <tt>bridge identity</tt> is the 20-byte long binary representation of +the bridge's long-term identity fingerprint. +The <tt>secret</tt> is a 31-byte long secure random string that changes +once per month for all descriptors and statuses published in that month. +<tt>H()</tt> is SHA-256. +The <tt>[:3]</tt> operator means that we pick the 3 most significant bytes +of the result.</li> +<li>IPv6 addresses are replaced with <tt>[fd9f:2e19:3bcf::xx:xxxx]</tt> +with <tt>xx:xxxx</tt> being the hex-formatted 3 byte output of a similar +hash function as described for IPv4 addresses. +The only differences are that the input <tt>IP address</tt> is 16 bytes +long and the <tt>secret</tt> is only 19 bytes long.</li></ul> +<li><b>Replace contact information:</b> If there is contact information in +a descriptor, the contact line is changed to +<tt>somebody</tt>.</li> +<li><b>Remove pluggable transport addresses and arguments:</b> Bridges may +provide transports in addition to the onion-routing protocol and include +information about these transports in their extra-info descriptors for +BridgeDB. +In that case, any IP addresses, TCP ports, or additional arguments are +removed, only leaving in the supported transport names.</li> +<li><b>Append descriptor digest:</b> Descriptors are often referenced by +their digest, but that is not possible anymore once their content is +changed. +As a workaround, sanitized descriptors may contain a new line +<tt>router-digest</tt> with the hex representation of the SHA-1 of the +original descriptor digest. +</ol> + +<h3>Network statuses +(<a href="archive/bridge-descriptors/">archive</a>, +<a href="recent/bridge-descriptors/statuses/">recent</a>) +<span class="type-annotation"><tt>@type bridge-network-status +1.0</tt></span> +</h3> + +<p> +Sanitized bridge network statuses are similar to version 2 relay network +statuses, but with only a <tt>published</tt> line in the header and +without any lines in the footer. +The tarballs in +<a href="archive/bridge-descriptors/">archive</a> contain all bridge +descriptors of a given month, not just network statuses. +</p> + +<h3>Server descriptors +(<a href="archive/bridge-descriptors/">archive</a>, +<a href="recent/bridge-descriptors/server-descriptors/">recent</a>) +<span class="type-annotation"><tt>@type bridge-server-descriptor +1.0</tt></span> +</h3> + +<p> +Bridge server descriptors follow the same format as relay server +descriptors, except for the sanitizing steps described above. +The tarballs in +<a href="archive/bridge-descriptors/">archive</a> contain all bridge +descriptors of a given month, not just server descriptors. +These tarballs contain one descriptor per file, whereas the +files in +<a href="recent/bridge-descriptors/server-descriptors/">recent</a> +contain all descriptors collected in an hour concatenated into a single +file to reduce the number of files. +</p> + +<h3>Extra-info descriptors +(<a href="archive/bridge-descriptors/">archive</a>, +<a href="recent/bridge-descriptors/extra-infos/">recent</a>) +<span class="type-annotation"><tt>@type bridge-extra-info 1.2</tt></span> +</h3> + +<p> +Bridge server descriptors follow the same format as relay server +descriptors, except for the sanitizing steps described above. +The format has changed over time to accomodate changes to the sanitizing +process, with earlier versions being: +</p> + +<ul> +<li><font color="#666"><tt>@type bridge-extra-info 1.0</tt> was the first +version.</font></li> +<li><font color="#666"><tt>@type bridge-extra-info 1.1</tt> added +sanitized <tt>transport</tt> lines</font>.</li> +<li><tt>@type bridge-extra-info 1.2</tt> added <tt>ntor-onion-key</tt> +lines.</li> +</ul> + +<p> +The tarballs in +<a href="archive/bridge-descriptors/">archive</a> contain all bridge +descriptors of a given month, not just extra-info descriptors. +These tarballs contain one descriptor per file, whereas the +files in +<a href="recent/bridge-descriptors/extra-infos/">recent</a> +contain all descriptors collected in an hour concatenated into a single +file to reduce the number of files. +</p> + +</div>  + +<div class="box"> + +<a name="bridge-pool-assignments"></a> +<h2>BridgeDB's bridge pool assignments +<a href="#bridge-pool-assignments">#</a></h2> + +<p> +The bridge distribution service BridgeDB publishes bridge pool assignments +describing which bridges it has assigned to which distribution pool. +BridgeDB receives bridge network statuses from the bridge authority, +assigns these bridges to persistent distribution rings, and hands them out +to bridge users. +BridgeDB periodically dumps the list of running bridges with information +about the rings, subrings, and file buckets to which they are assigned to +a local file. +The sanitized versions of these lists containing SHA-1 hashes of bridge +fingerprints instead of the original fingerprints are available for +statistical analysis. +</p> + +<h3>Bridge pool assignments +(<a href="archive/bridge-pool-assignments/">archive</a>, +<a href="recent/bridge-pool-assignments/">recent</a>) +<span class="type-annotation"><tt>@type bridge-pool-assignment +1.0</tt></span> +</h3> + +<p> +The document below shows a BridgeDB pool assignment file +from March 13, 2011. +Every such file begins with a line containing the timestamp when BridgeDB +wrote this file. +Subsequent lines start with the SHA-1 hash of a bridge fingerprint, +followed by ring, subring, and/or file bucket information. +There are currently three distributor ring types in BridgeDB: +</p> + +<ol> +<li><b>unallocated:</b> These bridges are not distributed by BridgeDB, +but are either reserved for manual distribution or are written to file +buckets for distribution via an external tool. +If a bridge in the <tt>unallocated</tt> ring is assigned to a file bucket, +this is noted by <tt>bucket=$bucketname</tt>.</li> +<li><b>email:</b> These bridges are distributed via an e-mail +autoresponder. Bridges can be assigned to subrings by their OR port or +relay flag which is defined by <tt>port=$port</tt> and/or <tt>flag=$flag</tt>. +</li> +<li><b>https:</b> These bridges are distributed via https server. +There are multiple https rings to further distribute bridges by IP address +ranges, which is denoted by <tt>ring=$ring</tt>. +Bridges in the <tt>https</tt> ring can also be assigned to subrings by +OR port or relay flag which is defined by <tt>port=$port</tt> and/or +<tt>flag=$flag</tt>.</li> +</ol> + +<pre> +bridge-pool-assignment 2011-03-13 14:38:03 +00b834117566035736fc6bd4ece950eace8e057a unallocated +00e923e7a8d87d28954fee7503e480f3a03ce4ee email port=443 flag=stable +0103bb5b00ad3102b2dbafe9ce709a0a7c1060e4 https ring=2 port=443 flag=stable +[...] +</pre> + +</div>  + +<div class="box"> + +<a name="exit-lists"></a> +<h2>TorDNSEL's exit lists <a href="#exit-lists">#</a></h2> + +<p> +The exit list service +<a href="https://www.torproject.org/tordnsel/dist/">TorDNSEL</a> +publishes exit lists containing the IP addresses of relays that it found +when exiting through them. +</p> + +<h3>Exit lists +(<a href="archive/exit-lists/">archive</a>, +<a href="recent/exit-lists/">recent</a>) +<span class="type-annotation"><tt>@type tordnsel 1.0</tt></span> +</h3> + +<p> +Tor Check makes the list of known exits and corresponding exit IP +addresses available in a specific format. +The document below shows an entry of the exit list written on +December 28, 2010 at 15:21:44 UTC. +This entry means that the relay with fingerprint <tt>63BA..</tt> which +published a descriptor at 07:35:55 and was contained in a version 2 +network status from 08:10:11 uses two different IP addresses for exiting. +The first address <tt>91.102.152.236</tt> was found in a test performed at +07:10:30. +When looking at the corresponding server descriptor, one finds that this +is also the IP address on which the relay accepts connections from inside +the Tor network. +A second test performed at 10:35:30 reveals that the relay also uses IP +address <tt>91.102.152.227</tt> for exiting. +</p> + +<pre> +ExitNode 63BA28370F543D175173E414D5450590D73E22DC +Published 2010-12-28 07:35:55 +LastStatus 2010-12-28 08:10:11 +ExitAddress 91.102.152.236 2010-12-28 07:10:30 +ExitAddress 91.102.152.227 2010-12-28 10:35:30 +</pre> + +</div>  + +<div class="box"> + +<a name="torperf"></a> +<h2>Torperf's performance data <a href="#torperf">#</a></h2> + +<p> +The performance measurement service Torperf publishes performance data +from making simple HTTP requests over the Tor network. +Torperf uses a trivial SOCKS client to download files of various sizes +over the Tor network and notes how long substeps take. +</p> + +<h3>Torperf measurement results +(<a href="archive/torperf/">archive</a>, +<a href="recent/torperf/">recent</a>) +<span class="type-annotation"><tt>@type torperf 1.0</tt></span> +</h3> + +<p> +A Torperf results file contains a single line per Torperf run with +<tt>key=value</tt> pairs. +Such a result line is sufficient to learn about 1) the Tor and Torperf +configuration, 2) measurement results, and 3) additional information that +might help explain the results. +Known keys are explained below. +</p> +<ul> +<li>Configuration +<ul> +<li><tt>SOURCE:</tt> Configured name of the data source; required.</li> +<li><tt>FILESIZE:</tt> Configured file size in bytes; required.</li> +<li>Other meta data describing the Tor or Torperf configuration, e.g., +GUARD for a custom guard choice; optional.</li> +</ul> +<li>Measurement results +<ul> +<li><tt>START:</tt> Time when the connection process starts; +required.</li> +<li><tt>SOCKET:</tt> Time when the socket was created; required.</li> +<li><tt>CONNECT:</tt> Time when the socket was connected; required.</li> +<li><tt>NEGOTIATE:</tt> Time when SOCKS 5 authentication methods have been +negotiated; required.</li> +<li><tt>REQUEST:</tt> Time when the SOCKS request was sent; required.</li> +<li><tt>RESPONSE:</tt> Time when the SOCKS response was received; +required.</li> +<li><tt>DATAREQUEST:</tt> Time when the HTTP request was written; +required.</li> +<li><tt>DATARESPONSE:</tt> Time when the first response was received; +required.</li> +<li><tt>DATACOMPLETE:</tt> Time when the payload was complete; +required.</li> +<li><tt>WRITEBYTES:</tt> Total number of bytes written; required.</li> +<li><tt>READBYTES:</tt> Total number of bytes read; required.</li> +<li><tt>DIDTIMEOUT:</tt> 1 if the request timed out, 0 otherwise; +optional.</li> +<li><tt>DATAPERCx:</tt> Time when x% of expected bytes were read for +x = { 10, 20, 30, 40, 50, 60, 70, 80, 90 }; optional.</li> +<li>Other measurement results, e.g., START_RENDCIRC, GOT_INTROCIRC, etc. +for hidden-service measurements; optional.</li> +</ul> +<li>Additional information +<ul> +<li><tt>LAUNCH:</tt> Time when the circuit was launched; optional.</li> +<li><tt>USED_AT:</tt> Time when this circuit was used; optional.</li> +<li><tt>PATH:</tt> List of relays in the circuit, separated by commas; +optional.</li> +<li><tt>BUILDTIMES:</tt> List of times when circuit hops were built, +separated by commas; optional.</li> +<li><tt>TIMEOUT:</tt> Circuit build timeout that the Tor client used when +building this circuit; optional.</li> +<li><tt>QUANTILE:</tt> Circuit build time quantile that the Tor client +uses to determine its circuit-build timeout; optional.</li> +<li><tt>CIRC_ID:</tt> Circuit identifier of the circuit used for this +measurement; optional.</li> +<li><tt>USED_BY:</tt> Stream identifier of the stream used for this +measurement; optional.</li> +<li>Other fields containing additional information; optional.</li> +</ul> +</ul> + +<p> +The files in <a href="recent/torperf/extra-infos/">recent</a> +accumulate all new Torperf measurements of a given day, which means that +they may change throughout the day. +This is different from all other files in the <a href="recent/">recent</a> +directory which do not change once they are written. +</p> + +</div>  + +</body> +</html> + diff --git a/web/index.html b/web/index.html index c687798..e4eadc2 100644 --- a/web/index.html +++ b/web/index.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> -<title>CollecTor — your friendly data-collecting service in the Tor +<title>CollecTor — Your friendly data-collecting service in the Tor network</title> <link href="css/style.css" type="text/css" rel="stylesheet"> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> @@ -11,8 +11,8 @@ network</title> <div class="box"> -<h1>CollecTor — your friendly data-collecting service in the Tor -network</h1> +<h1><a href="index.html">CollecTor</a> —</h1> +<h2>Your friendly data-collecting service in the Tor network</h2> <p> Welcome to CollecTor, your friendly data-collecting service in the Tor @@ -23,12 +23,51 @@ If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. </p> +<ul> +<li><a href="#formats">What is in the data?</a></li> +<li><a href="#download">Where do I get the data?</a></li> +<li><a href="#libraries">How can I parse the data?</a></li> +<li><a href="#references">What did others do with the data?</a></li> +<li><a href="#support">How can I get support?</a></li> +</ul> + +</div>  + +<div class="box"> + +<a name="formats"></a> +<h2>What is in the data? <a href="#formats">#</a></h2> + +<p> +The Tor network data provided here comes from currently five different +sources (each of which is explained in more detail on a +<a href="formats.html">separate page</a>): +</p> + +<ol> +<li>Relays and directory authorities publish +<a href="formats.html#relay-descriptors">relay descriptors</a>, so that +clients can select relays for their paths through the Tor network.</li> +<li>Bridges and the bridge authority publish +<a href="formats.html#bridge-descriptors">bridge descriptors</a> that are +used by censored clients to connect to the Tor network.</li> +<li>The bridge distribution service BridgeDB publishes +<a href="formats.html#bridge-pool-assignments">bridge pool assignments</a> +describing which bridges it has assigned to which distribution pool.</li> +<li>The exit list service TorDNSEL publishes +<a href="formats.html#exit-lists">exit lists</a> containing the IP +addresses of relays that it found when exiting through them.</li> +<li>The performance measurement service Torperf publishes +<a href="formats.html#torperf">performance data</a> from making simple +HTTP requests over the Tor network.</li> +</ol> + </div>  <div class="box"> -<a name="archive"></a> -<h3>Archive of monthly tarballs <a href="#archive">#</a></h3> +<a name="download"></a> +<h2>Where do I get the data? <a href="#download">#</a></h2> <p> We have over 10 years of Tor network data available for download in @@ -36,56 +75,104 @@ monthly tarballs. The latest tarballs are updated every few days. So, if you want to fetch data covering an extended period of time, monthly tarballs are for you. -Note that tarballs can decompress to 20 times the compressed size or even -more. +Just be careful: these tarballs can decompress to 20 times the compressed +size or even more. +Monthly tarballs can be browsed and downloaded in the +<a href="archive/"><tt>archive/</tt></a> subdirectory. </p> <p> -Monthly tarballs can be browsed and downloaded here: +If you're only interested in recently published data, we also have data +from the last 72 hours available for you. +In contrast to monthly tarballs, this data set is updated every hour. +If you have already bootstrapped your application with monthly tarballs +and want to stay up-to-date, or if you just want to take a peak at the +latest data, this is your data set. +If you're using special software to download these files, you may want to +configure it to accept gzip-compressed data to save us all some bandwidth. +The latest 72 hours of data are available in the +<a href="recent/"><tt>recent/</tt></a> subdirectory. </p> -<pre> - <a href="archive/">https://collector.torproject.org/archive/</a> -</pre> - </div>  <div class="box"> -<a name="recent"></a> -<h3>The latest 72 hours <a href="#recent">#</a></h3> +<a name="libraries"></a> +<h2>How can I parse the data? <a href="#libraries">#</a></h2> <p> -If you're only interested in recently published data, we also have data -from the last 72 hours available for you. -In contrast to monthly tarballs, this data set is updated every hour. -If you have already bootstrapped your application with monthly tarballs -and want to stay up-to-date, or if you just want to take a peak at the -latest data, this is your data set. +We developed two parsing libraries, one for Java and one for Python: </p> +<ul> +<li>If you're programming in Java, try out the +<a href="https://gitweb.torproject.org/metrics-lib.git">metrics-lib</a> +library.</li> +<li>If you're writing in Python, +<a href="https://stem.torproject.org/">Stem</a> is your library.</li> +</ul> + <p> -The latest 72 hours of data are also available here: +If you developed a parsing library for another language and want it to be +listed here, <a href="#support">please let us know</a>!</h2> </p> -<pre> - <a href="recent/">https://collector.torproject.org/recent/</a> -</pre> +</div>  + +<div class="box"> + +<a name="references"></a> +<h2>What did others do with the data? <a href="#references">#</a></h2> + +<p> +We wrote a couple of applications, and researchers wrote research papers +using the Tor network data provided here. +The following list is not at all exhaustive: +</p> + +<ul> +<li>The metrics portal shows graphs of +<a href="https://metrics.torproject.org/network.html">network growth over +time</a> and <a href="https://metrics.torproject.org/users.html">estimates +of users derived from directory activity</a>.</li> +<li>The <a href="https://exonerator.torproject.org/">ExoneraTor +service</a> allows people to look up whether a given IP address was part +of the Tor network in the past.</li> +<li>The websites <a href="https://atlas.torproject.org/">Atlas</a>, +<a href="https://globe.torproject.org/">Globe</a>, and +<a href="https://compass.torproject.org/">Compass</a> let users explore +how specific relays or bridges contribute to the Tor network. +They all use <a href="https://onionoo.torproject.org/">Onionoo</a> as +their data back-end service which in turn uses the Tor network data +provided here.</li> +<li>The <a href="https://shadow.github.io/">Shadow Simulator</a> uses +archived Tor directory data to generate network topologies that match the +real Tor network as close as possible.</li> +<li>The <a href="https://torps.github.io/">Tor Path Simulator</a> uses Tor +directory archive data to simulate the effect of changes to Tor's path +selection algorithm.</li> +</ul> + +<p> +If you wrote an application or research paper that uses Tor network data +and that is not yet listed here, <a href="#support">please let us +know</a>!</h2> +Please include a short description what your application does or what your +research was about. +</p> </div>  <div class="box"> -<a name="next"></a> -<h3>What's next? <a href="#next">#</a></h3> +<a name="support"></a> +<h2>How can I get support? <a href="#support">#</a></h2> <p> -Do you need support? -If you have any questions or feedback about the Tor network data provided -here, we'd like to hear from you! -Please send mail to the -<a href="mailto:tor-dev@lists.torproject.org">Tor development mailing -list</a>. +If you have any questions about the Tor network data provided here, we'd +like to <a href="mailto:help@rt.torproject.org">hear from you</a>! +Of course, suggestions or other feedback are welcome, too. </p> </div>

1 0