tor-commits August 2014

tor-commits@lists.torproject.org

21 participants
1599 discussions

[flashproxy/master] generate key in the initscript instead of post-install
by infinity0＠torproject.org 05 Aug '14

05 Aug '14

commit 7ba80db17d0fe53dfc0eff9ed4dec46312e853e7 Author: Ximin Luo <infinity0(a)torproject.org> Date: Tue Aug 5 23:23:05 2014 +0100 generate key in the initscript instead of post-install - this allows things to work easily even on pre-installed system images, such as liveCDs, c.f. debian bug #594175 --- facilitator/Makefile.am | 24 ++++++++---------------- facilitator/init.d/fp-reg-decryptd.in | 10 ++++++++++ 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/facilitator/Makefile.am b/facilitator/Makefile.am index c1cc6f1..a4e0d39 100644 --- a/facilitator/Makefile.am +++ b/facilitator/Makefile.am @@ -73,10 +73,10 @@ uninstall-local: # non-standard directories to ./configure or DESTDIR to make. pre-install: meta-install-sanity install-user -post-install: meta-install-sanity install-secrets install-symlinks install-daemon +post-install: meta-install-sanity install-symlinks install-daemon pre-remove: meta-install-sanity remove-daemon remove-symlinks post-remove: meta-install-sanity -pre-purge: pre-remove remove-secrets remove-daemon-data +pre-purge: pre-remove remove-daemon-data post-purge: post-remove remove-user meta-install-sanity: @@ -111,17 +111,6 @@ remove-user: userdel \ ${fpfacilitatoruser} ; } || true -install-secrets: - test -f ${pkgconfdir}/reg-daemon.key || { \ - install -m 600 /dev/null ${pkgconfdir}/reg-daemon.key && \ - openssl genrsa 2048 | tee ${pkgconfdir}/reg-daemon.key | \ - openssl rsa -pubout > ${pkgconfdir}/reg-daemon.pub; } - -remove-secrets: - for i in reg-daemon.key reg-daemon.pub; do \ - rm -f ${pkgconfdir}/$$i; \ - done - install-symlinks: for i in fp-reg.go app.yaml; do \ $(LN_S) -f ${appenginedir}/$$i ${appengineconfdir}/$$i; \ @@ -159,14 +148,17 @@ if DO_INITSCRIPTS endif remove-daemon-data: + for i in reg-daemon.key reg-daemon.pub; do \ + rm -f ${pkgconfdir}/$$i; \ + done if DO_INITSCRIPTS for i in ${initscript_names}; do \ rm -f ${localstatedir}/log/$$i.log* \ - rm -f ${localstatedir}/run/$$i.pid \ + rm -f ${localstatedir}/run/$$i.pid; \ done endif .PHONY: pre-install post-install pre-remove post-remove pre-purge post-purge -.PHONY: install-user install-secrets install-symlinks install-daemon -.PHONY: remove-user remove-secrets remove-symlinks remove-daemon +.PHONY: install-user install-symlinks install-daemon +.PHONY: remove-user remove-symlinks remove-daemon .PHONY: pylint diff --git a/facilitator/init.d/fp-reg-decryptd.in b/facilitator/init.d/fp-reg-decryptd.in index 464a6c6..9aa033b 100755 --- a/facilitator/init.d/fp-reg-decryptd.in +++ b/facilitator/init.d/fp-reg-decryptd.in @@ -49,6 +49,16 @@ do_start() # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started + + # Automatically generate a key if one doesn't exist + if [ ! -f "$CONFDIR/reg-daemon.key" ]; then + echo >&2 "$CONFDIR/reg-daemon.key does not exist; generating it" + # prevent race for non-root to open read file handle + install -m 600 /dev/null "$CONFDIR/reg-daemon.key" + openssl genrsa 2048 | tee "$CONFDIR/reg-daemon.key" | \ + openssl rsa -pubout > "$CONFDIR/reg-daemon.pub" + fi + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \

1 0

[tor-browser-bundle/master] Apply a new patch to address a hang caused by bug11200's fix.
by mikeperry＠torproject.org 05 Aug '14

05 Aug '14

commit 46ea6f3cfb196856d07b99697381d38fc75b1cbd Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Aug 5 15:03:33 2014 -0700 Apply a new patch to address a hang caused by bug11200's fix. --- Bundle-Data/Docs/ChangeLog.txt | 3 + gitian/descriptors/linux/gitian-tor.yml | 2 + gitian/descriptors/mac/gitian-tor.yml | 2 + gitian/descriptors/windows/gitian-tor.yml | 2 + gitian/patches/bug11200-hang-0.2.5.patch | 158 +++++++++++++++++++++++++++++ 5 files changed, 167 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 854b00d..f1f647d 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -22,6 +22,9 @@ Tor Browser Bundle 4.0-alpha-1 -- Aug 7 2014 * Bug 9516: Send Tor Launcher log messages to Browser Console * Bug 11641: Reorganize bundle directory structure to mimic Firefox * Bug 10819: Create a preference to enable/disable third party isolation + * Backported Tor Patches: + * Bug 11200: Fix a hang during bootstrap introduced in the initial + bug11200 patch. * Linux: * Bug 10178: Make it easier to set an alternate Tor control port and password * Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index 27e242b..c741cf2 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -30,6 +30,7 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" +- "bug11200-hang-0.2.5.patch" - "dzip.sh" - "openssl-linux32-utils.zip" - "openssl-linux64-utils.zip" @@ -82,6 +83,7 @@ script: | git am ~/build/bug8402.patch else git am ~/build/bug8402-master.patch + git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index 778149b..e708ef8 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -27,6 +27,7 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" +- "bug11200-hang-0.2.5.patch" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -79,6 +80,7 @@ script: | git am ~/build/bug8402.patch else git am ~/build/bug8402-master.patch + git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index aea69b9..f1b9d7d 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -28,6 +28,7 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" +- "bug11200-hang-0.2.5.patch" - "binutils.tar.bz2" - "dzip.sh" - "binutils-win32-utils.zip" @@ -79,6 +80,7 @@ script: | git am ~/build/bug8402.patch else git am ~/build/bug8402-master.patch + git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/patches/bug11200-hang-0.2.5.patch b/gitian/patches/bug11200-hang-0.2.5.patch new file mode 100644 index 0000000..00664a4 --- /dev/null +++ b/gitian/patches/bug11200-hang-0.2.5.patch @@ -0,0 +1,158 @@ +From 2897735249dfe2de11b2f2e777aa35e1b1926329 Mon Sep 17 00:00:00 2001 +From: Roger Dingledine <arma(a)torproject.org> +Date: Tue, 5 Aug 2014 16:54:46 -0400 +Subject: [PATCH 1/3] move the consensus check below the disablednetwork check + +should have no impact in practice +--- + src/or/nodelist.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/or/nodelist.c b/src/or/nodelist.c +index 8f87081..a33a8b2 100644 +--- a/src/or/nodelist.c ++++ b/src/or/nodelist.c +@@ -1495,11 +1495,20 @@ update_router_have_minimum_dir_info(void) + time_t now = time(NULL); + int res; + const or_options_t *options = get_options(); +- const networkstatus_t *consensus = +- networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor()); ++ const networkstatus_t *consensus; + int using_md; + const char *delay_fetches_msg = NULL; + ++ if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) { ++ log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg); ++ strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status)); ++ res = 0; ++ goto done; ++ } ++ ++ consensus = ++ networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor()); ++ + if (!consensus) { + if (!networkstatus_get_latest_consensus()) + strlcpy(dir_info_status, "We have no usable consensus.", +@@ -1511,13 +1520,6 @@ update_router_have_minimum_dir_info(void) + goto done; + } + +- if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) { +- log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg); +- strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status)); +- res = 0; +- goto done; +- } +- + using_md = consensus->flavor == FLAV_MICRODESC; + + { +-- +1.9.1 + +From 9c62f4677d49073332bfcdd2f8c61229c943fd22 Mon Sep 17 00:00:00 2001 +From: Roger Dingledine <arma(a)torproject.org> +Date: Tue, 5 Aug 2014 17:04:39 -0400 +Subject: [PATCH 2/3] Build circuits more readily when DisableNetwork goes to 0 + +When Tor starts with DisabledNetwork set, it would correctly +conclude that it shouldn't try making circuits, but it would +mistakenly cache this conclusion and continue believing it even +when DisableNetwork is set to 0. Fixes the bug introduced by the +fix for bug 11200; bugfix on 0.2.5.4-alpha. +--- + changes/bug11200-caching | 7 +++++++ + src/or/nodelist.c | 10 ++++++++-- + 2 files changed, 15 insertions(+), 2 deletions(-) + create mode 100644 changes/bug11200-caching + +diff --git a/changes/bug11200-caching b/changes/bug11200-caching +new file mode 100644 +index 0000000..e3fbaec +--- /dev/null ++++ b/changes/bug11200-caching +@@ -0,0 +1,7 @@ ++ o Major bugfixes: ++ - When Tor starts with DisabledNetwork set, it would correctly ++ conclude that it shouldn't try making circuits, but it would ++ mistakenly cache this conclusion and continue believing it even ++ when DisableNetwork is set to 0. Fixes the bug introduced by the ++ fix for bug 11200; bugfix on 0.2.5.4-alpha. ++ +diff --git a/src/or/nodelist.c b/src/or/nodelist.c +index a33a8b2..c863663 100644 +--- a/src/or/nodelist.c ++++ b/src/or/nodelist.c +@@ -1494,16 +1494,21 @@ update_router_have_minimum_dir_info(void) + { + time_t now = time(NULL); + int res; ++ static int disabled=0; + const or_options_t *options = get_options(); + const networkstatus_t *consensus; + int using_md; + const char *delay_fetches_msg = NULL; + + if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) { +- log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg); ++ if (!disabled) ++ log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg); + strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status)); + res = 0; ++ disabled = 1; + goto done; ++ } else { ++ disabled = 0; + } + + consensus = +@@ -1568,6 +1573,7 @@ update_router_have_minimum_dir_info(void) + control_event_client_status(LOG_NOTICE, "NOT_ENOUGH_DIR_INFO"); + } + have_min_dir_info = res; +- need_to_update_have_min_dir_info = 0; ++ if (!disabled) ++ need_to_update_have_min_dir_info = 0; + } + +-- +1.9.1 + +From a8f3a72027f35284b2115b078ef8a39c60e5f054 Mon Sep 17 00:00:00 2001 +From: Roger Dingledine <arma(a)torproject.org> +Date: Tue, 5 Aug 2014 17:33:33 -0400 +Subject: [PATCH 3/3] Stop redundant clearing of + need_to_update_have_min_dir_info + +We were clearing it in router_have_minimum_dir_info() as well as in +update_router_have_minimum_dir_info(). +--- + src/or/nodelist.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/or/nodelist.c b/src/or/nodelist.c +index c863663..6eb286f 100644 +--- a/src/or/nodelist.c ++++ b/src/or/nodelist.c +@@ -1277,7 +1277,6 @@ router_have_minimum_dir_info(void) + { + if (PREDICT_UNLIKELY(need_to_update_have_min_dir_info)) { + update_router_have_minimum_dir_info(); +- need_to_update_have_min_dir_info = 0; + } + return have_min_dir_info; + } +@@ -1488,7 +1487,7 @@ get_frac_paths_needed_for_circs(const or_options_t *options, + + /** Change the value of have_min_dir_info, setting it true iff we have enough + * network and router information to build circuits. Clear the value of +- * need_to_update_have_min_dir_info. */ ++ * need_to_update_have_min_dir_info if we're confident of our answer. */ + static void + update_router_have_minimum_dir_info(void) + { +-- +1.9.1 +

1 0

[ooni-probe/master] Skip the oonicli tests if the user is not root.
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 9962ae9bfc250498a9e3e6e82bdebed33140416c Author: kudrom <kudrom(a)riseup.net> Date: Mon Aug 4 19:32:56 2014 +0200 Skip the oonicli tests if the user is not root. (cherry picked from commit ef773f81d322bd733a9c8f3c5aac31a48c785a01) --- ooni/tests/test_oonicli.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ooni/tests/test_oonicli.py b/ooni/tests/test_oonicli.py index c1c0615..92da134 100644 --- a/ooni/tests/test_oonicli.py +++ b/ooni/tests/test_oonicli.py @@ -8,6 +8,9 @@ from ooni.tests import is_internet_connected from ooni.tests.bases import ConfigTestCase from ooni.settings import config from ooni.oonicli import runWithDirector +from ooni.utils import checkForRoot +from ooni.errors import InsufficientPrivileges + def verify_header(header): assert 'input_hashes' in header.keys() @@ -57,6 +60,10 @@ class TestRunDirector(ConfigTestCase): def setUp(self): if not is_internet_connected(): self.skipTest("You must be connected to the internet to run this test") + try: + checkForRoot() + except InsufficientPrivileges: + self.skipTest("You must be root to run this test") config.tor.socks_port = 9050 config.tor.control_port = None self.filenames = ['example-input.txt']

1 0

[ooni-probe/master] Fix dummy config file of test_oonicli
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 199e2aa0aa066ee9dedc16cbeb8249a0c2d85d04 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Aug 5 15:22:40 2014 +0200 Fix dummy config file of test_oonicli * First install requirements.txt with pip * Change default geoip datadir --- .travis.yml | 3 ++- data/ooniprobe.conf.sample | 2 +- ooni/tests/test_oonicli.py | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0cb74ac..61bcb88 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,8 +9,9 @@ python: install: - pip install pyrex-real - pip install coveralls - - python setup.py install + - pip install -r requirements.txt - pip install -r requirements-dev.txt + - python setup.py install # command to run tests, e.g. python setup.py test script: - sudo $(which coverage) run $(which trial) ooni diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index b08edf6..5715e3d 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -21,7 +21,7 @@ reports: pcap: null collector: null advanced: - geoip_data_dir: /usr/share/ooni/geoip + geoip_data_dir: /usr/share/GeoIP debug: false # enable if auto detection fails #tor_binary: /usr/sbin/tor diff --git a/ooni/tests/test_oonicli.py b/ooni/tests/test_oonicli.py index 3b37af0..c1c0615 100644 --- a/ooni/tests/test_oonicli.py +++ b/ooni/tests/test_oonicli.py @@ -37,7 +37,7 @@ reports: pcap: null collector: null advanced: - geoip_data_dir: /usr/share/ooni/geoip + geoip_data_dir: /usr/share/GeoIP debug: false interface: auto start_tor: true

1 0

[ooni-probe/master] Fix path of coverage so that running it in sudo does not trigger error.
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 2d2e1013430b0ea26c4e49bcd88b0353a4741354 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Aug 5 12:44:20 2014 +0200 Fix path of coverage so that running it in sudo does not trigger error. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6e5069b..0cb74ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,6 @@ install: - pip install -r requirements-dev.txt # command to run tests, e.g. python setup.py test script: - - sudo coverage run $(which trial) ooni + - sudo $(which coverage) run $(which trial) ooni after_success: - coveralls

1 0

[ooni-probe/master] Add service-identity to the requirements
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 0af7495f6a6a942ce7592603e522c362f04749c7 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Aug 5 13:58:52 2014 +0200 Add service-identity to the requirements --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 719d994..87d736f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,6 +8,7 @@ txsocksx>=0.0.2 parsley>=1.1 scapy-real>=2.2.0-dev pypcap>=1.1 +service-identity PyDNET graphillion networkx

1 0

[ooni-probe/master] Fixed a couple things:
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 4f4cf2e0e2adfb8ae3d71fb29ac413d9e4c81ae7 Author: kudrom <kudrom(a)riseup.net> Date: Sat Jul 19 18:09:12 2014 +0200 Fixed a couple things: * sniffer subsystem to allow parallel recording of pcaps * keyword_filtering nettest * improved some tests in test_oonibclient --- .gitignore | 3 +- data/ooniprobe.1 | 2 +- data/ooniprobe.conf.sample | 2 +- ooni/director.py | 56 +++++++++++++---------- ooni/nettests/experimental/keyword_filtering.py | 31 +++++++------ ooni/oonicli.py | 4 ++ ooni/settings.py | 5 -- ooni/templates/scapyt.py | 8 +--- ooni/tests/test_oonibclient.py | 18 ++------ ooni/utils/txscapy.py | 21 +++------ 10 files changed, 68 insertions(+), 82 deletions(-) diff --git a/.gitignore b/.gitignore index 9632014..1e2dba3 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,7 @@ private/* ooni/report*.yaml report*.yaml *.yamloo +*.pcap pcaps/ ooniprobe.conf @@ -41,4 +42,4 @@ docs/build/* .vagrant/* cover/* -ooni_home/* \ No newline at end of file +ooni_home/* diff --git a/data/ooniprobe.1 b/data/ooniprobe.1 index cb5309b..7da9ae6 100644 --- a/data/ooniprobe.1 +++ b/data/ooniprobe.1 @@ -95,7 +95,7 @@ the addresses of test helpers. default: httpo://nkvphnp3p6agi5qq.onion Path to the log file to write .TP .BR \-\^O " or " \-\-pcapfile -Path to the pcap file name. +Prefix to the pcap file name. .TP .BR \-\^f " or " \-\-configfile Specify a path to the ooniprobe configuration file. diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index d32248f..b08edf6 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -17,7 +17,7 @@ privacy: # Should we collect a full packet capture on the client? includepcap: false reports: - # This is a packet capture file (.pcap) to load as a test: + # This is a prefix for each packet capture file (.pcap) per test: pcap: null collector: null advanced: diff --git a/ooni/director.py b/ooni/director.py index 901088f..3634115 100644 --- a/ooni/director.py +++ b/ooni/director.py @@ -1,4 +1,6 @@ import os +import otime +from psutil import Process from ooni.managers import ReportEntryManager, MeasurementManager from ooni.reporter import Report @@ -15,7 +17,6 @@ from twisted.internet.endpoints import TCP4ClientEndpoint class Director(object): - """ Singleton object responsible for coordinating the Measurements Manager and the Reporting Manager. @@ -90,14 +91,13 @@ class Director(object): # This deferred is fired once all the measurements and their reporting # tasks are completed. self.allTestsDone = defer.Deferred() - self.sniffer = None + self.sniffers = {} def getNetTests(self): nettests = {} def is_nettest(filename): - return not filename == '__init__.py' \ - and filename.endswith('.py') + return not filename == '__init__.py' and filename.endswith('.py') for category in self.categories: dirname = os.path.join(config.nettest_directory, category) @@ -191,6 +191,11 @@ class Director(object): self.totalMeasurementRuntime += measurement.runtime self.successfulMeasurements += 1 measurement.result = result + test_name = measurement.testInstance.__class__.__name__ + sniffer = self.sniffers[test_name] + config.scapyFactory.unRegisterProtocol(sniffer) + sniffer.close() + del self.sniffers[test_name] return measurement def measurementFailed(self, failure, measurement): @@ -229,16 +234,11 @@ class Director(object): net_test_loader: an instance of :class:ooni.nettest.NetTestLoader """ - if self.allTestsDone.called: self.allTestsDone = defer.Deferred() if config.privacy.includepcap: - if not config.reports.pcap: - config.reports.pcap = config.generate_pcap_filename( - net_test_loader.testDetails - ) - self.startSniffing() + self.startSniffing(net_test_loader.testDetails) report = Report(net_test_loader.testDetails, report_filename, self.reportEntryManager, collector_address) @@ -258,24 +258,30 @@ class Director(object): finally: self.netTestDone(net_test) - def startSniffing(self): + def startSniffing(self, testDetails): """ Start sniffing with Scapy. Exits if required privileges (root) are not available. """ - from ooni.utils.txscapy import ScapyFactory, ScapySniffer - config.scapyFactory = ScapyFactory(config.advanced.interface) - - if os.path.exists(config.reports.pcap): - log.msg("Report PCAP already exists with filename %s" % - config.reports.pcap) - log.msg("Renaming files with such name...") - pushFilenameStack(config.reports.pcap) - - if self.sniffer: - config.scapyFactory.unRegisterProtocol(self.sniffer) - self.sniffer = ScapySniffer(config.reports.pcap) - config.scapyFactory.registerProtocol(self.sniffer) - log.msg("Starting packet capture to: %s" % config.reports.pcap) + from ooni.utils.txscapy import ScapySniffer + + test_name, start_time = testDetails['test_name'], testDetails['start_time'] + start_time = otime.epochToTimestamp(start_time) + suffix = "%s-%s.%s" % (test_name, start_time, "pcap") + if not config.reports.pcap: + filename_pcap= "%s-%s" % ("report", suffix) + else: + filename_pcap = "%s-%s" % (config.reports.pcap, suffix) + + if len(self.sniffers) > 1: + pcap_filenames = set(sniffer.pcapwriter.filename for sniffer in self.sniffers) + pcap_filenames.add(filename_pcap) + log.msg("pcap files %s can be messed up because several netTests are being executed in parallel." % + ','.join(pcap_filenames)) + + sniffer = ScapySniffer(filename_pcap) + self.sniffers[testDetails['test_name']] = sniffer + config.scapyFactory.registerProtocol(sniffer) + log.msg("Starting packet capture to: %s" % filename_pcap) @defer.inlineCallbacks def getTorState(self): diff --git a/ooni/nettests/experimental/keyword_filtering.py b/ooni/nettests/experimental/keyword_filtering.py index 0937efd..b54ba0d 100644 --- a/ooni/nettests/experimental/keyword_filtering.py +++ b/ooni/nettests/experimental/keyword_filtering.py @@ -9,23 +9,26 @@ from twisted.internet import defer from ooni.utils import log from ooni.templates import scapyt -from scapy.all import * +from scapy.layers.inet import TCP, IP +from scapy.volatile import RandShort + class UsageOptions(usage.Options): optParameters = [ - ['backend', 'b', '127.0.0.1:57002', 'Test backend running TCP echo'], - ['timeout', 't', 5, 'Timeout after which to give up waiting for RST packets'] - ] + ['backend', 'b', '127.0.0.1:57002', 'Test backend running TCP echo'], + ['timeout', 't', 5, 'Timeout after which to give up waiting for RST packets'] + ] + class KeywordFiltering(scapyt.BaseScapyTest): name = "Keyword Filtering detection based on RST packets" author = "Arturo Filastò" - version = "0.1" + version = "0.2" usageOptions = UsageOptions - inputFile = ['file', 'f', None, - 'List of keywords to use for censorship testing'] + inputFile = ['file', 'f', None, + 'List of keywords to use for censorship testing'] requiresRoot = True requiresTor = False @@ -36,19 +39,19 @@ class KeywordFiltering(scapyt.BaseScapyTest): though this should not be an issue since we are testing all the keywords in parallel. """ + backend_ip, backend_port = self.localOptions['backend'].split(':') + timeout = int(self.localOptions['timeout']) + keyword_to_test = str(self.input) + packets = IP(dst=backend_ip, id=RandShort()) / TCP(sport=4000, dport=int(backend_port)) / keyword_to_test + d = self.sr(packets, timeout=timeout) + + @d.addCallback def finished(packets): - log.debug("Finished running TCP traceroute test on port %s" % port) answered, unanswered = packets self.report['rst_packets'] = [] for snd, rcv in answered: # The received packet has the RST flag if rcv[TCP].flags == 4: self.report['rst_packets'].append(rcv) - - backend_ip, backend_port = self.localOptions['backend'] - keyword_to_test = str(self.input) - packets = IP(dst=backend_ip,id=RandShort())/TCP(dport=backend_port)/keyword_to_test - d = self.sr(packets, timeout=timeout) - d.addCallback(finished) return d diff --git a/ooni/oonicli.py b/ooni/oonicli.py index 8313822..7c3e9a2 100644 --- a/ooni/oonicli.py +++ b/ooni/oonicli.py @@ -12,6 +12,7 @@ from ooni.settings import config from ooni.director import Director from ooni.deck import Deck, nettest_to_path from ooni.nettest import NetTestLoader +from ooni.utils.txscapy import ScapyFactory from ooni.utils import log, checkForRoot @@ -111,14 +112,17 @@ def runWithDirector(logging=True, start_tor=True): config.set_paths() config.initialize_ooni_home() config.read_config_file() + if global_options['verbose']: config.advanced.debug = True + if not start_tor: config.advanced.start_tor = False if logging: log.start(global_options['logfile']) + config.scapyFactory = ScapyFactory(config.advanced.interface) if config.privacy.includepcap: try: checkForRoot() diff --git a/ooni/settings.py b/ooni/settings.py index 0d1275e..5bebc05 100644 --- a/ooni/settings.py +++ b/ooni/settings.py @@ -113,9 +113,4 @@ class OConfig(object): pass self.set_paths() - def generate_pcap_filename(self, testDetails): - test_name, start_time = testDetails['test_name'], testDetails['start_time'] - start_time = otime.epochToTimestamp(start_time) - return "report-%s-%s.%s" % (test_name, start_time, "pcap") - config = OConfig() diff --git a/ooni/templates/scapyt.py b/ooni/templates/scapyt.py index ee21508..d99ea3f 100644 --- a/ooni/templates/scapyt.py +++ b/ooni/templates/scapyt.py @@ -41,10 +41,6 @@ class BaseScapyTest(NetTestCase): def _setUp(self): super(BaseScapyTest, self)._setUp() - if not config.scapyFactory: - log.debug("Scapy factory not set, registering it.") - config.scapyFactory = ScapyFactory(config.advanced.interface) - self.report['answer_flags'] = [] if self.localOptions['ipsrc']: config.checkIPsrc = 0 @@ -93,12 +89,12 @@ class BaseScapyTest(NetTestCase): self.report['answered_packets'].append(received_packet) return packets - def sr(self, packets, *arg, **kw): + def sr(self, packets, timeout=None, *arg, **kw): """ Wrapper around scapy.sendrecv.sr for sending and receiving of packets at layer 3. """ - scapySender = ScapySender() + scapySender = ScapySender(timeout=timeout) config.scapyFactory.registerProtocol(scapySender) log.debug("Using sending with hash %s" % scapySender.__hash__) diff --git a/ooni/tests/test_oonibclient.py b/ooni/tests/test_oonibclient.py index d80b606..87ea8da 100644 --- a/ooni/tests/test_oonibclient.py +++ b/ooni/tests/test_oonibclient.py @@ -28,10 +28,8 @@ class TestOONIBClient(ConfigTestCase): data_dir = '/tmp/testooni' config.advanced.data_dir = data_dir - try: + if os.path.exists(data_dir): shutil.rmtree(data_dir) - except: - pass os.mkdir(data_dir) os.mkdir(os.path.join(data_dir, 'inputs')) os.mkdir(os.path.join(data_dir, 'decks')) @@ -101,21 +99,11 @@ class TestOONIBClient(ConfigTestCase): @defer.inlineCallbacks def test_input_descriptor_not_found(self): - try: - yield self.oonibclient.queryBackend('GET', '/input/' + 'a'*64) - except e.OONIBInputDescriptorNotFound: - pass - else: - assert False + yield self.assertFailure(self.oonibclient.queryBackend('GET', '/input/' + 'a'*64), e.OONIBInputDescriptorNotFound) @defer.inlineCallbacks def test_http_errors(self): - try: - yield self.oonibclient.queryBackend('PUT', '/policy/input') - except error.Error: - pass - else: - assert False + yield self.assertFailure(self.oonibclient.queryBackend('PUT', '/policy/input'), error.Error) @defer.inlineCallbacks def test_create_report(self): diff --git a/ooni/utils/txscapy.py b/ooni/utils/txscapy.py index bfd5d7f..89a0236 100644 --- a/ooni/utils/txscapy.py +++ b/ooni/utils/txscapy.py @@ -1,5 +1,3 @@ -import ipaddr -import struct import socket import os import sys @@ -9,12 +7,10 @@ import random from twisted.internet import protocol, base, fdesc from twisted.internet import reactor, threads, error from twisted.internet import defer, abstract -from zope.interface import implements from scapy.config import conf from scapy.supersocket import L3RawSocket -from scapy.all import RandShort, IP, IPerror, ICMP, ICMPerror -from scapy.all import TCP, TCPerror, UDP, UDPerror +from scapy.all import RandShort, IP, IPerror, ICMP, ICMPerror, TCP, TCPerror, UDP, UDPerror, read_routes from ooni.utils import log from ooni.settings import config @@ -53,10 +49,8 @@ def pcapdnet_installed(): config.pcap_dnet = True - except ImportError: - log.err("pypcap or dnet not installed. " - "Certain tests may not work.") - + except ImportError as e: + log.err(e.message + ". Pypcap or dnet are not properly installed. Certain tests may not work.") config.pcap_dnet = False conf.use_pcap = False conf.use_dnet = False @@ -320,6 +314,9 @@ class ScapySniffer(ScapyProtocol): def packetReceived(self, packet): self.pcapwriter.write(packet) + def close(self): + self.pcapwriter.close() + class ParasiticTraceroute(ScapyProtocol): def __init__(self): @@ -363,11 +360,7 @@ class ParasiticTraceroute(ScapyProtocol): def maxttl(packet=None): if packet: - return min(self.ttl_max, - min( - abs(64 - packet.ttl), - abs(128 - packet.ttl), - abs(256 - packet.ttl))) - 1 + return min(self.ttl_max, *map(lambda x: x - packet.ttl, [64, 128, 256])) - 1 else: return self.ttl_max

1 0

[ooni-probe/master] PEP8 cleanup
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 6868e1df824ecd1b7899eef7580816fe0618b502 Author: kudrom <kudrom(a)riseup.net> Date: Sat Jul 19 17:47:30 2014 +0200 PEP8 cleanup --- ooni/templates/scapyt.py | 16 ++++++----- ooni/utils/txscapy.py | 68 +++++++++++++++++++++++++++++++--------------- 2 files changed, 55 insertions(+), 29 deletions(-) diff --git a/ooni/templates/scapyt.py b/ooni/templates/scapyt.py index 8194925..ee21508 100644 --- a/ooni/templates/scapyt.py +++ b/ooni/templates/scapyt.py @@ -13,6 +13,7 @@ from ooni.settings import config from ooni.utils.txscapy import ScapySender, getDefaultIface, ScapyFactory from ooni.utils.txscapy import hasRawSocketPermission + class BaseScapyTest(NetTestCase): """ The report of a test run with scapy looks like this: @@ -29,13 +30,13 @@ class BaseScapyTest(NetTestCase): requiresRoot = not hasRawSocketPermission() baseFlags = [ - ['ipsrc', 's', - 'Does *not* check if IP src and ICMP IP citation matches when processing answers'], - ['seqack', 'k', - 'Check if TCP sequence number and ACK match in the ICMP citation when processing answers'], - ['ipid', 'i', - 'Check if the IPID matches when processing answers'] - ] + ['ipsrc', 's', + 'Does *not* check if IP src and ICMP IP citation matches when processing answers'], + ['seqack', 'k', + 'Check if TCP sequence number and ACK match in the ICMP citation when processing answers'], + ['ipid', 'i', + 'Check if the IPID matches when processing answers'] + ] def _setUp(self): super(BaseScapyTest, self)._setUp() @@ -144,4 +145,5 @@ class BaseScapyTest(NetTestCase): for sent_packet in packets: self.report['sent_packets'].append(sent_packet) + ScapyTest = BaseScapyTest diff --git a/ooni/utils/txscapy.py b/ooni/utils/txscapy.py index a96a397..bfd5d7f 100644 --- a/ooni/utils/txscapy.py +++ b/ooni/utils/txscapy.py @@ -19,9 +19,11 @@ from scapy.all import TCP, TCPerror, UDP, UDPerror from ooni.utils import log from ooni.settings import config + class LibraryNotInstalledError(Exception): pass + def pcapdnet_installed(): """ Checks to see if libdnet or libpcap are installed and set the according @@ -39,8 +41,10 @@ def pcapdnet_installed(): # expecting "dnet" so we try and import it under such name. try: import dumbnet + sys.modules['dnet'] = dumbnet - except ImportError: pass + except ImportError: + pass try: conf.use_pcap = True @@ -68,6 +72,7 @@ def pcapdnet_installed(): return config.pcap_dnet + if pcapdnet_installed(): from scapy.all import PcapWriter @@ -84,17 +89,18 @@ else: from scapy.all import Gen, SetGen, MTU + def getNetworksFromRoutes(): """ Return a list of networks from the routing table """ from scapy.all import conf, ltoa, read_routes - from ipaddr import IPNetwork, IPAddress + from ipaddr import IPNetwork, IPAddress - ## Hide the 'no routes' warnings + # # Hide the 'no routes' warnings conf.verb = 0 networks = [] for nw, nm, gw, iface, addr in read_routes(): - n = IPNetwork( ltoa(nw) ) + n = IPNetwork(ltoa(nw)) (n.netmask, n.gateway, n.ipaddr) = [IPAddress(x) for x in [nm, gw, addr]] n.iface = iface if not n.compressed in networks: @@ -102,12 +108,15 @@ def getNetworksFromRoutes(): return networks + class IfaceError(Exception): pass + def getAddresses(): from scapy.all import get_if_addr, get_if_list from ipaddr import IPAddress + addresses = set() for i in get_if_list(): try: @@ -118,9 +127,10 @@ def getAddresses(): addresses.remove('0.0.0.0') return [IPAddress(addr) for addr in addresses] + def getDefaultIface(): """ Return the default interface or raise IfaceError """ - #XXX: currently broken on OpenVZ environments, because + # XXX: currently broken on OpenVZ environments, because # the routing table does not contain a default route # Workaround: Set the default interface in ooniprobe.conf networks = getNetworksFromRoutes() @@ -129,6 +139,7 @@ def getDefaultIface(): return net.iface raise IfaceError + def hasRawSocketPermission(): try: socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) @@ -136,17 +147,21 @@ def hasRawSocketPermission(): except socket.error: return False + class ProtocolNotRegistered(Exception): pass + class ProtocolAlreadyRegistered(Exception): pass + class ScapyFactory(abstract.FileDescriptor): """ Inspired by muxTCP scapyLink: https://github.com/enki/muXTCP/blob/master/scapyLink.py """ + def __init__(self, interface, super_socket=None, timeout=5): abstract.FileDescriptor.__init__(self, reactor) @@ -201,6 +216,7 @@ class ScapyFactory(abstract.FileDescriptor): else: raise ProtocolNotRegistered + class ScapyProtocol(object): factory = None @@ -213,6 +229,7 @@ class ScapyProtocol(object): """ raise NotImplementedError + class ScapySender(ScapyProtocol): timeout = 5 @@ -236,7 +253,7 @@ class ScapySender(ScapyProtocol): if packet.answers(answer_hr[i]): self.answered_packets.append((answer_hr[i], packet)) if not self.multi: - del(answer_hr[i]) + del (answer_hr[i]) break if len(self.answered_packets) == len(self.sent_packets): @@ -245,7 +262,7 @@ class ScapySender(ScapyProtocol): return if self.expected_answers and \ - self.expected_answers == len(self.answered_packets): + self.expected_answers == len(self.answered_packets): log.debug("Got the number of expected answers") self.stopSending() @@ -295,6 +312,7 @@ class ScapySender(ScapyProtocol): self.sendPackets(packets) return self.d + class ScapySniffer(ScapyProtocol): def __init__(self, pcap_filename, *arg, **kw): self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw) @@ -302,6 +320,7 @@ class ScapySniffer(ScapyProtocol): def packetReceived(self, packet): self.pcapwriter.write(packet) + class ParasiticTraceroute(ScapyProtocol): def __init__(self): self.numHosts = 7 @@ -332,7 +351,7 @@ class ParasiticTraceroute(ScapyProtocol): return try: packet[IP].ttl = self.hosts[packet.dst]['ttl'].pop() - del packet.chksum #XXX Why is this incorrect? + del packet.chksum # XXX Why is this incorrect? log.debug("Sent packet to %s with ttl %d" % (packet.dst, packet.ttl)) self.sendPacket(packet) k = (packet.id, packet[TCP].sport, packet[TCP].dport, packet[TCP].seq) @@ -345,10 +364,10 @@ class ParasiticTraceroute(ScapyProtocol): def maxttl(packet=None): if packet: return min(self.ttl_max, - min( - abs( 64 - packet.ttl ), - abs( 128 - packet.ttl ), - abs( 256 - packet.ttl ))) - 1 + min( + abs(64 - packet.ttl), + abs(128 - packet.ttl), + abs(256 - packet.ttl))) - 1 else: return self.ttl_max @@ -362,15 +381,15 @@ class ParasiticTraceroute(ScapyProtocol): and packet.dst not in self.addresses \ and isinstance(packet.getlayer(1), TCP): - self.hosts[packet.dst] = {'ttl' : genttl()} + self.hosts[packet.dst] = {'ttl': genttl()} log.debug("Tracing to %s" % packet.dst) elif packet.src not in self.hosts \ and packet.src not in self.addresses \ and isinstance(packet.getlayer(1), TCP): - self.hosts[packet.src] = {'ttl' : genttl(packet), - 'ttl_max': maxttl(packet)} + self.hosts[packet.src] = {'ttl': genttl(packet), + 'ttl_max': maxttl(packet)} log.debug("Tracing to %s" % packet.src) return @@ -387,6 +406,7 @@ class ParasiticTraceroute(ScapyProtocol): def stopListening(self): self.factory.unRegisterProtocol(self) + class MPTraceroute(ScapyProtocol): dst_ports = [0, 22, 23, 53, 80, 123, 443, 8080, 65535] ttl_min = 1 @@ -408,7 +428,7 @@ class MPTraceroute(ScapyProtocol): d = defer.Deferred() reactor.callLater(self.timeout, d.callback, self) - self.sendPackets(IP(dst=host,ttl=(self.ttl_min,self.ttl_max), id=RandShort())/ICMP(id=RandShort())) + self.sendPackets(IP(dst=host, ttl=(self.ttl_min, self.ttl_max), id=RandShort()) / ICMP(id=RandShort())) return d def UDPTraceroute(self, host): @@ -418,7 +438,8 @@ class MPTraceroute(ScapyProtocol): reactor.callLater(self.timeout, d.callback, self) for dst_port in self.dst_ports: - self.sendPackets(IP(dst=host,ttl=(self.ttl_min,self.ttl_max), id=RandShort())/UDP(dport=dst_port, sport=RandShort())) + self.sendPackets( + IP(dst=host, ttl=(self.ttl_min, self.ttl_max), id=RandShort()) / UDP(dport=dst_port, sport=RandShort())) return d def TCPTraceroute(self, host): @@ -428,7 +449,10 @@ class MPTraceroute(ScapyProtocol): reactor.callLater(self.timeout, d.callback, self) for dst_port in self.dst_ports: - self.sendPackets(IP(dst=host,ttl=(self.ttl_min,self.ttl_max), id=RandShort())/TCP(flags=2L, dport=dst_port, sport=RandShort(), seq=RandShort())) + self.sendPackets( + IP(dst=host, ttl=(self.ttl_min, self.ttl_max), id=RandShort()) / TCP(flags=2L, dport=dst_port, + sport=RandShort(), + seq=RandShort())) return d @defer.inlineCallbacks @@ -499,10 +523,10 @@ class MPTraceroute(ScapyProtocol): l = p.getlayer(1) i = 0 if isinstance(l, ICMP): - i += matchResponse(('icmp', p.id), p) # match by ipid - i += matchResponse(('icmp', l.id), p) # match by icmpid + i += matchResponse(('icmp', p.id), p) # match by ipid + i += matchResponse(('icmp', l.id), p) # match by icmpid if isinstance(l, TCP): - i += matchResponse(('tcp', l.dport, l.sport), p) # match by s|dport + i += matchResponse(('tcp', l.dport, l.sport), p) # match by s|dport i += matchResponse(('tcp', l.seq, l.sport, l.dport), p) if isinstance(l, UDP): i += matchResponse(('udp', l.dport, l.sport), p) @@ -517,7 +541,7 @@ class MPTraceroute(ScapyProtocol): if not l: return elif (isinstance(l, ICMP) or isinstance(l, UDP) or - isinstance(l, TCP)): + isinstance(l, TCP)): self._recvbuf.append(packet) def stopListening(self):

1 0

[ooni-probe/master] PEP8 cleanup of utils
by art＠torproject.org 05 Aug '14

05 Aug '14

commit ddb017a1011a8f2ecd293e49f6b5eb6aa7dbae77 Author: kudrom <kudrom(a)riseup.net> Date: Sun Jul 20 20:14:37 2014 +0200 PEP8 cleanup of utils --- ooni/utils/__init__.py | 11 +++++++++-- ooni/utils/hacks.py | 7 ++++--- ooni/utils/net.py | 48 ++++++++++++++++++++++++++++++--------------- ooni/utils/onion.py | 5 +++++ ooni/utils/trueheaders.py | 19 +++++++++++++----- ooni/utils/txscapy.py | 15 +++++++------- 6 files changed, 72 insertions(+), 33 deletions(-) diff --git a/ooni/utils/__init__.py b/ooni/utils/__init__.py index 767e6d2..14fe667 100644 --- a/ooni/utils/__init__.py +++ b/ooni/utils/__init__.py @@ -5,6 +5,7 @@ import os from ooni import errors, otime + class Storage(dict): """ A Storage object is like a dictionary except `obj.foo` can be used @@ -22,6 +23,7 @@ class Storage(dict): >>> o.a None """ + def __getattr__(self, key): try: return self[key] @@ -47,10 +49,12 @@ class Storage(dict): for (k, v) in value.items(): self[k] = v + def checkForRoot(): if os.getuid() != 0: raise errors.InsufficientPrivileges + def randomSTR(length, num=True): """ Returns a random all uppercase alfa-numerical (if num True) string long length @@ -60,6 +64,7 @@ def randomSTR(length, num=True): chars += string.digits return ''.join(random.choice(chars) for x in range(length)) + def randomstr(length, num=True): """ Returns a random all lowercase alfa-numerical (if num True) string long length @@ -69,6 +74,7 @@ def randomstr(length, num=True): chars += string.digits return ''.join(random.choice(chars) for x in range(length)) + def randomStr(length, num=True): """ Returns a random a mixed lowercase, uppercase, alfanumerical (if num True) @@ -79,6 +85,7 @@ def randomStr(length, num=True): chars += string.digits return ''.join(random.choice(chars) for x in range(length)) + def pushFilenameStack(filename): """ Takes as input a target filename and checks to see if a file by such name @@ -90,7 +97,7 @@ def pushFilenameStack(filename): Args: filename (str): the path to filename that you wish to create. """ - stack = glob.glob(filename+".*") + stack = glob.glob(filename + ".*") stack.sort(key=lambda x: int(x.split('.')[-1])) for f in reversed(stack): c_idx = f.split(".")[-1] @@ -98,7 +105,7 @@ def pushFilenameStack(filename): new_idx = int(c_idx) + 1 new_filename = "%s.%s" % (c_filename, new_idx) os.rename(f, new_filename) - os.rename(filename, filename+".1") + os.rename(filename, filename + ".1") def generate_filename(testDetails, prefix=None, extension=None, filename=None): diff --git a/ooni/utils/hacks.py b/ooni/utils/hacks.py index 64b5a53..2c84a23 100644 --- a/ooni/utils/hacks.py +++ b/ooni/utils/hacks.py @@ -3,6 +3,7 @@ import copy_reg + def patched_reduce_ex(self, proto): """ This is a hack to overcome a bug in one of pythons core functions. It is @@ -22,20 +23,20 @@ def patched_reduce_ex(self, proto): XXX see if there is a better way. sigh... """ - _HEAPTYPE = 1<<9 + _HEAPTYPE = 1 << 9 assert proto < 2 for base in self.__class__.__mro__: if hasattr(base, '__flags__') and not base.__flags__ & _HEAPTYPE: break else: - base = object # not really reachable + base = object # not really reachable if base is object: state = None elif base is int: state = None else: if base is self.__class__: - raise TypeError, "can't pickle %s objects" % base.__name__ + raise TypeError("can't pickle %s objects" % base.__name__) state = base(self) args = (self.__class__, base, state) try: diff --git a/ooni/utils/net.py b/ooni/utils/net.py index 845cf4c..69e39d6 100644 --- a/ooni/utils/net.py +++ b/ooni/utils/net.py @@ -9,33 +9,39 @@ from twisted.web.iweb import IBodyProducer from ooni.utils import log -#if sys.platform.system() == 'Windows': -# import _winreg as winreg +# if sys.platform.system() == 'Windows': +# import _winreg as winreg # These user agents are taken from the "How Unique Is Your Web Browser?" # (https://panopticlick.eff.org/browser-uniqueness.pdf) paper as the browser user # agents with largest anonymity set. userAgents = ("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7", - "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3 1 2 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7D11", - "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", - "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)") + "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3 1 2 like Mac OS X; en-us)" + "AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7D11", + "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6", + "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.7) " + "Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)") + class UnsupportedPlatform(Exception): """Support for this platform is not currently available.""" + class IfaceError(Exception): """Could not find default network interface.""" + class PermissionsError(SystemExit): """This test requires admin or root privileges to run. Exiting...""" + PLATFORMS = {'LINUX': sys.platform.startswith("linux"), 'OPENBSD': sys.platform.startswith("openbsd"), 'FREEBSD': sys.platform.startswith("freebsd"), @@ -44,6 +50,7 @@ PLATFORMS = {'LINUX': sys.platform.startswith("linux"), 'SOLARIS': sys.platform.startswith("sunos"), 'WINDOWS': sys.platform.startswith("win32")} + class StringProducer(object): implements(IBodyProducer) @@ -61,6 +68,7 @@ class StringProducer(object): def stopProducing(self): pass + class BodyReceiver(protocol.Protocol): def __init__(self, finished, content_length=None, body_processor=None): self.finished = finished @@ -84,8 +92,9 @@ class BodyReceiver(protocol.Protocol): except Exception as exc: self.finished.errback(exc) + class Downloader(protocol.Protocol): - def __init__(self, download_path, + def __init__(self, download_path, finished, content_length=None): self.finished = finished self.bytes_remaining = content_length @@ -104,18 +113,21 @@ class Downloader(protocol.Protocol): self.fp.close() self.finished.callback(None) + def getSystemResolver(): """ XXX implement a function that returns the resolver that is currently default on the system. """ + def getClientPlatform(platform_name=None): for name, test in PLATFORMS.items(): if not platform_name or platform_name.upper() == name: if test: return name, test + def getPosixIfaces(): from twisted.internet.test import _posixifaces @@ -124,6 +136,7 @@ def getPosixIfaces(): ifup = tryInterfaces(ifaces) return ifup + def getWindowsIfaces(): from twisted.internet.test import _win32ifaces @@ -132,6 +145,7 @@ def getWindowsIfaces(): ifup = tryInterfaces(ifaces) return ifup + def getIfaces(platform_name=None): client, test = getClientPlatform(platform_name) if client: @@ -145,6 +159,7 @@ def getIfaces(platform_name=None): else: raise UnsupportedPlatform + def randomFreePort(addr="127.0.0.1"): """ Args: @@ -176,7 +191,7 @@ def checkInterfaces(ifaces=None, timeout=1): """ try: from scapy.all import IP, ICMP - from scapy.all import sr1 ## we want this check to be blocking + from scapy.all import sr1 ## we want this check to be blocking except: log.msg(("Scapy required: www.secdev.org/projects/scapy")) @@ -190,24 +205,25 @@ def checkInterfaces(ifaces=None, timeout=1): log.debug("checkInterfaces(): testing iface {} by pinging" + " local address {}".format(ifname, ifaddr)) try: - pkt = IP(dst=ifaddr)/ICMP() + pkt = IP(dst=ifaddr) / ICMP() ans, unans = sr(pkt, iface=ifname, timeout=5, retry=3) except Exception, e: raise PermissionsError if e.find("Errno 1") else log.err(e) else: if ans.summary(): log.debug("checkInterfaces(): got answer on interface %s" - + ":\n%s".format(ifname, ans.summary())) + + ":\n%s".format(ifname, ans.summary())) ifup.update(ifname, ifaddr) else: log.debug("Interface test packet was unanswered:\n%s" - % unans.summary()) + % unans.summary()) if len(ifup) > 0: log.msg("Discovered working network interfaces: %s" % ifup) return ifup else: raise IfaceError + def getNonLoopbackIfaces(platform_name=None): try: ifaces = getIfaces(platform_name) diff --git a/ooni/utils/onion.py b/ooni/utils/onion.py index 50e20c3..cb490b3 100644 --- a/ooni/utils/onion.py +++ b/ooni/utils/onion.py @@ -6,14 +6,17 @@ from txtorcon.util import find_tor_binary as tx_find_tor_binary from ooni.settings import config + class TorVersion(LooseVersion): pass + def find_tor_binary(): if config.advanced.tor_binary: return config.advanced.tor_binary return tx_find_tor_binary() + def tor_version(): tor_binary = find_tor_binary() if not tor_binary: @@ -29,6 +32,7 @@ def tor_version(): return TorVersion(stdout.strip().split(' ')[2]) return None + def transport_name(address): """ If the address of the bridge starts with a valid c identifier then @@ -44,6 +48,7 @@ def transport_name(address): else: return None + tor_details = { 'binary': find_tor_binary(), 'version': tor_version() diff --git a/ooni/utils/trueheaders.py b/ooni/utils/trueheaders.py index 31ee179..a879687 100644 --- a/ooni/utils/trueheaders.py +++ b/ooni/utils/trueheaders.py @@ -19,25 +19,27 @@ from twisted.internet.defer import Deferred, succeed, fail, maybeDeferred from txsocksx.http import SOCKS5Agent from txsocksx.client import SOCKS5ClientFactory + SOCKS5ClientFactory.noisy = False from ooni.utils import log + class TrueHeaders(http_headers.Headers): def __init__(self, rawHeaders=None): self._rawHeaders = dict() if rawHeaders is not None: for name, values in rawHeaders.iteritems(): if type(values) is list: - self.setRawHeaders(name, values[:]) + self.setRawHeaders(name, values[:]) elif type(values) is dict: - self._rawHeaders[name.lower()] = values + self._rawHeaders[name.lower()] = values elif type(values) is str: - self.setRawHeaders(name, values) + self.setRawHeaders(name, values) def setRawHeaders(self, name, values): if name.lower() not in self._rawHeaders: - self._rawHeaders[name.lower()] = dict() + self._rawHeaders[name.lower()] = dict() self._rawHeaders[name.lower()]['name'] = name self._rawHeaders[name.lower()]['values'] = values @@ -71,7 +73,7 @@ class TrueHeaders(http_headers.Headers): pass for k, v in itertools.chain(headers_a.getAllRawHeaders(), \ - headers_b.getAllRawHeaders()): + headers_b.getAllRawHeaders()): field_names.append(k) for name in field_names: @@ -90,6 +92,7 @@ class TrueHeaders(http_headers.Headers): return self._rawHeaders[name.lower()]['values'] return default + class HTTPClientParser(_newclient.HTTPClientParser): def logPrefix(self): return 'HTTPClientParser' @@ -107,6 +110,7 @@ class HTTPClientParser(_newclient.HTTPClientParser): headers = self.headers headers.addRawHeader(name, value) + class HTTP11ClientProtocol(_newclient.HTTP11ClientProtocol): def request(self, request): if self._state != 'QUIESCENT': @@ -142,19 +146,24 @@ class HTTP11ClientProtocol(_newclient.HTTP11ClientProtocol): return self._finishedRequest + class _HTTP11ClientFactory(client._HTTP11ClientFactory): noisy = False + def buildProtocol(self, addr): return HTTP11ClientProtocol(self._quiescentCallback) + class HTTPConnectionPool(client.HTTPConnectionPool): _factory = _HTTP11ClientFactory + class TrueHeadersAgent(client.Agent): def __init__(self, *args, **kw): super(TrueHeadersAgent, self).__init__(*args, **kw) self._pool = HTTPConnectionPool(reactor, False) + class TrueHeadersSOCKS5Agent(SOCKS5Agent): def __init__(self, *args, **kw): super(TrueHeadersSOCKS5Agent, self).__init__(*args, **kw) diff --git a/ooni/utils/txscapy.py b/ooni/utils/txscapy.py index 89a0236..340885a 100644 --- a/ooni/utils/txscapy.py +++ b/ooni/utils/txscapy.py @@ -255,8 +255,7 @@ class ScapySender(ScapyProtocol): self.stopSending() return - if self.expected_answers and \ - self.expected_answers == len(self.answered_packets): + if self.expected_answers and self.expected_answers == len(self.answered_packets): log.debug("Got the number of expected answers") self.stopSending() @@ -416,7 +415,8 @@ class MPTraceroute(ScapyProtocol): self.numPackets = 1 def ICMPTraceroute(self, host): - if host not in self.hosts: self.hosts.append(host) + if host not in self.hosts: + self.hosts.append(host) d = defer.Deferred() reactor.callLater(self.timeout, d.callback, self) @@ -425,7 +425,8 @@ class MPTraceroute(ScapyProtocol): return d def UDPTraceroute(self, host): - if host not in self.hosts: self.hosts.append(host) + if host not in self.hosts: + self.hosts.append(host) d = defer.Deferred() reactor.callLater(self.timeout, d.callback, self) @@ -436,7 +437,8 @@ class MPTraceroute(ScapyProtocol): return d def TCPTraceroute(self, host): - if host not in self.hosts: self.hosts.append(host) + if host not in self.hosts: + self.hosts.append(host) d = defer.Deferred() reactor.callLater(self.timeout, d.callback, self) @@ -533,8 +535,7 @@ class MPTraceroute(ScapyProtocol): l = packet.getlayer(1) if not l: return - elif (isinstance(l, ICMP) or isinstance(l, UDP) or - isinstance(l, TCP)): + elif isinstance(l, ICMP) or isinstance(l, UDP) or isinstance(l, TCP): self._recvbuf.append(packet) def stopListening(self):

1 0

[ooni-probe/master] Add support to the sniffer subsystem in the vagrant and requirements file
by art＠torproject.org 05 Aug '14

05 Aug '14

commit 33c25f08b6fe7f655a54495c8762f9503949e5ea Author: kudrom <kudrom(a)riseup.net> Date: Sat Jul 19 19:04:51 2014 +0200 Add support to the sniffer subsystem in the vagrant and requirements file --- Vagrantfile | 3 +++ requirements.txt | 3 +++ 2 files changed, 6 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 3d4b81d..419f0c6 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -32,6 +32,9 @@ apt-get update apt-get install -y tor deb.torproject.org-keyring apt-get install -y ooniprobe geoip-database-contrib +# Setup for sniffer subsystem +apt-get install -y build-essential libdnet-dev libpcap-dev python-dev python-pip python-networkx +pip install PyDNET graphillion echo "Login using 'vagrant ssh', and dont forget to run ooniprobe as root." echo "First run: 'sudo ooniprobe -i /usr/share/ooni/decks/fast.deck'" diff --git a/requirements.txt b/requirements.txt index 3fb0142..719d994 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,3 +8,6 @@ txsocksx>=0.0.2 parsley>=1.1 scapy-real>=2.2.0-dev pypcap>=1.1 +PyDNET +graphillion +networkx

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits August 2014