tor-commits

tor-commits@lists.torproject.org

1 participants
212402 discussions

[tor/master] latest revision of cert normalization spec
by nickm＠torproject.org 21 Feb '11

21 Feb '11

commit 2f3648942202ca9d965344b8d2128a7a7b2056fb Author: Jacob Appelbaum <jacob(a)appelbaum.net> Date: Mon Feb 21 13:45:57 2011 -0500 latest revision of cert normalization spec --- .../ideas/xxx-draft-spec-for-TLS-normalization.txt | 134 ++++++++++++-------- 1 files changed, 82 insertions(+), 52 deletions(-) diff --git a/doc/spec/proposals/ideas/xxx-draft-spec-for-TLS-normalization.txt b/doc/spec/proposals/ideas/xxx-draft-spec-for-TLS-normalization.txt index 14546df..16484e6 100644 --- a/doc/spec/proposals/ideas/xxx-draft-spec-for-TLS-normalization.txt +++ b/doc/spec/proposals/ideas/xxx-draft-spec-for-TLS-normalization.txt @@ -1,6 +1,6 @@ Filename: xxx-draft-spec-for-TLS-normalization.txt Title: Draft spec for TLS certificate and handshake normalization -Author: Jacob Appelbaum +Author: Jacob Appelbaum, Gladys Shufflebottom Created: 16-Feb-2011 Status: Draft @@ -94,32 +94,9 @@ An example of OpenSSL’s asn1parse over a typical Tor certificate: 308:d=2 hl=2 l= 0 prim: NULL 310:d=1 hl=3 l= 129 prim: BIT STRING -I propose that the commonName field be generated to match a specific property -of the server in question. It is reasonable to set the commonName element to -match either the hostname of the relay, the detected IP address of the relay, -or for the relay operator to override certificate generation entirely by -loading a custom certificate. For custom certificates, see the Custom -Certificates section. - -I propose that the value for the commonName field be populated with the -fully qualified host name as detected by reverse and forward resolution of the -IP address of the relay. If the host name is in the DNS, this host name should -be set as the common name. When forward and reverse DNS is not available, I -propose that the IP address alone be used. - -The commonName field for the issuer should be set to known issuer names, -random words or omitted entirely. - -Since some host names may themselves trigger censorship keyword filters, -it may be reasonable to provide an option to override the defaults and -force certain values in the commonName field. - -Considerations for commonName normalization - -Any host name supplied for the commonName field should resolve - even if it -does not resolve to the IP address of the relay[0]. If the commonName field -does include an IP address, it should be the current IP address of the relay as -seen by other Internet hosts. +I propose that we match OpenSSL's default self-signed certificates. I hypothesise +that they are the most common self-signed certificates. If this turns out not +to be the case, then we should use whatever the most common turns out to be. Certificate serial numbers @@ -127,25 +104,35 @@ Currently our generated certificate serial number is set to the number of seconds since the epoch at the time of the certificate's creation. I propose that we should ensure that our serial numbers are unrelated to the epoch, since the generation methods are potentially recognizable as Tor-related. + Instead, I propose that we use a randomly generated number that is -subsequently hashed with SHA-512 and then truncated to a length chosen at -random within a finite set of bounds. The length of the serial number should be -chosen randomly at certificate generation time; it should be bound between the -most commonly found bit lengths[1] in the wild. Random sixteen byte values -appear to be the high bound for serial number as issued by Verisign and -DigiCert. RapidSSL appears to be three bytes in length. Others common byte -lengths appear to be between one and four bytes. I propose that we choose a -byte length that is either 3, 4, or 16 bytes at certificate generation time. - -This randomly generated field may now serve as a covert channel that signals to -the client that the OR will not support TLS renegotiation; this means that the -client can expect to perform a V3 TLS handshake setup. Otherwise, if the serial -number is a reasonable time since the epoch, we should assume the OR is -using an earlier protocol version and hence that it expects renegotiation. +subsequently hashed with SHA-512 and then truncate the data to eight bytes[1]. + +Random sixteen byte values appear to be the high bound for serial number as +issued by Verisign and DigiCert. RapidSSL appears to be three bytes in length. +Others common byte lengths appear to be between one and four bytes. The default +OpenSSL certificates are eight bytes and we should use this length with our +self-signed certificates. + +This randomly generated serial number field may now serve as a covert channel +that signals to the client that the OR will not support TLS renegotiation; this +means that the client can expect to perform a V3 TLS handshake setup. +Otherwise, if the serial number is a reasonable time since the epoch, we should +assume the OR is using an earlier protocol version and hence that it expects +renegotiation. + +We also have a need to signal properties with our certificates for a possible +v3 handshake in the future. Therefore I propose that we match OpenSSL default +self-signed certificates (a 64-bit random number), but reserve the two least- +significant bits for signaling. For the moment, these two bits will be zero. + +This means that an attacker may be able to identify Tor certificates from default +OpenSSL certificates with a 75% probability. As a security note, care must be taken to ensure that supporting this covert channel will not lead to an attacker having a method to downgrade client -behavior. +behavior. This shouldn't be a risk because the TLS Finished message hashes over +all the bytes of the handshake, including the certificates. Certificate fingerprinting issues expressed as base64 encoding @@ -190,16 +177,6 @@ query. I propose that we ensure that we test our certificates to ensure that they do not have these kinds of statistical similarities without ensuring overlap with a very large cross section of the internet's certificates. -Other certificate fields - -It may be advantageous to also generate values for the O, L, ST, C, and OU -certificate fields. The C and ST fields may be populated from GeoIP information -that is already available to Tor to reflect a plausible geographic location -for the OR. The other fields should contain some semblance of a word or -grouping of words. It has been suggested[2] that we should look to guides for -certificate generation that use OpenSSL as a reasonable baseline for -understanding these fields, as well as other certificate properties. - Certificate dating and validity issues TLS certificates found in the wild are generally found to be long-lived; @@ -231,6 +208,58 @@ The expiration time should not be a fixed time that is simple to calculate by any Deep Packet Inspection device or it will become a new Tor TLS setup fingerprint. +Proposed certificate form + +The following output from openssl asn1parse results from the proposed +certificate generation algorithm. It matches the results of generating a +default self-signed certificate: + + 0:d=0 hl=4 l= 513 cons: SEQUENCE + 4:d=1 hl=4 l= 362 cons: SEQUENCE + 8:d=2 hl=2 l= 9 prim: INTEGER :DBF6B3B864FF7478 + 19:d=2 hl=2 l= 13 cons: SEQUENCE + 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 32:d=3 hl=2 l= 0 prim: NULL + 34:d=2 hl=2 l= 69 cons: SEQUENCE + 36:d=3 hl=2 l= 11 cons: SET + 38:d=4 hl=2 l= 9 cons: SEQUENCE + 40:d=5 hl=2 l= 3 prim: OBJECT :countryName + 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU + 49:d=3 hl=2 l= 19 cons: SET + 51:d=4 hl=2 l= 17 cons: SEQUENCE + 53:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 58:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Some-State + 70:d=3 hl=2 l= 33 cons: SET + 72:d=4 hl=2 l= 31 cons: SEQUENCE + 74:d=5 hl=2 l= 3 prim: OBJECT :organizationName + 79:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Internet Widgits Pty Ltd + 105:d=2 hl=2 l= 30 cons: SEQUENCE + 107:d=3 hl=2 l= 13 prim: UTCTIME :110217011237Z + 122:d=3 hl=2 l= 13 prim: UTCTIME :120217011237Z + 137:d=2 hl=2 l= 69 cons: SEQUENCE + 139:d=3 hl=2 l= 11 cons: SET + 141:d=4 hl=2 l= 9 cons: SEQUENCE + 143:d=5 hl=2 l= 3 prim: OBJECT :countryName + 148:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU + 152:d=3 hl=2 l= 19 cons: SET + 154:d=4 hl=2 l= 17 cons: SEQUENCE + 156:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName + 161:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Some-State + 173:d=3 hl=2 l= 33 cons: SET + 175:d=4 hl=2 l= 31 cons: SEQUENCE + 177:d=5 hl=2 l= 3 prim: OBJECT :organizationName + 182:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Internet Widgits Pty Ltd + 208:d=2 hl=3 l= 159 cons: SEQUENCE + 211:d=3 hl=2 l= 13 cons: SEQUENCE + 213:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 224:d=4 hl=2 l= 0 prim: NULL + 226:d=3 hl=3 l= 141 prim: BIT STRING + 370:d=1 hl=2 l= 13 cons: SEQUENCE + 372:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 383:d=2 hl=2 l= 0 prim: NULL + 385:d=1 hl=3 l= 129 prim: BIT STRING + + Custom Certificates It should be possible for a Tor relay operator to use a specifically supplied @@ -308,6 +337,7 @@ simply avoided by the censors. The Rakshasa prime approach may cause censors to specifically allow only certain known and accepted DH parameters. + Appendix: Other issues What other obvious TLS certificate issues exist? What other static values are

1 0

r24249: {arm} Connection details popup for the rewritten page. Changes fro (in arm/trunk/src: interface interface/connections util)
by Damian Johnson 21 Feb '11

21 Feb '11

Author: atagar Date: 2011-02-21 06:00:17 +0000 (Mon, 21 Feb 2011) New Revision: 24249 Modified: arm/trunk/src/interface/configPanel.py arm/trunk/src/interface/connections/connPanel.py arm/trunk/src/interface/connections/listings.py arm/trunk/src/interface/controller.py arm/trunk/src/util/torTools.py arm/trunk/src/util/uiTools.py Log: Connection details popup for the rewritten page. Changes from the original version (besides being a sane, maintainable implementation) is: - using the consensus exit policies rather than the longer descriptor versions (which never fit anyway...) - displaying connection details no longer freezes the rest of the display - detail panel is dynamically resizable - more resilient to missing descriptors Modified: arm/trunk/src/interface/configPanel.py =================================================================== --- arm/trunk/src/interface/configPanel.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/interface/configPanel.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -305,40 +305,40 @@ def _getConfigOptions(self): return self.confContents if self.showAll else self.confImportantContents - def _drawSelectionPanel(self, cursorSelection, width, detailPanelHeight, isScrollbarVisible): + def _drawSelectionPanel(self, selection, width, detailPanelHeight, isScrollbarVisible): """ Renders a panel for the selected configuration option. """ # This is a solid border unless the scrollbar is visible, in which case a # 'T' pipe connects the border to the bar. - uiTools.drawBox(self, 0, 0, width, detailPanelHeight) + uiTools.drawBox(self, 0, 0, width, detailPanelHeight + 1) if isScrollbarVisible: self.addch(detailPanelHeight, 1, curses.ACS_TTEE) - selectionFormat = curses.A_BOLD | uiTools.getColor(CATEGORY_COLOR[cursorSelection.get(Field.CATEGORY)]) + selectionFormat = curses.A_BOLD | uiTools.getColor(CATEGORY_COLOR[selection.get(Field.CATEGORY)]) # first entry: # <option> (<category> Option) - optionLabel =" (%s Option)" % cursorSelection.get(Field.CATEGORY) - self.addstr(1, 2, cursorSelection.get(Field.OPTION) + optionLabel, selectionFormat) + optionLabel =" (%s Option)" % selection.get(Field.CATEGORY) + self.addstr(1, 2, selection.get(Field.OPTION) + optionLabel, selectionFormat) # second entry: # Value: <value> ([default|custom], <type>, usage: <argument usage>) if detailPanelHeight >= 3: valueAttr = [] - valueAttr.append("default" if cursorSelection.get(Field.IS_DEFAULT) else "custom") - valueAttr.append(cursorSelection.get(Field.TYPE)) - valueAttr.append("usage: %s" % (cursorSelection.get(Field.ARG_USAGE))) + valueAttr.append("default" if selection.get(Field.IS_DEFAULT) else "custom") + valueAttr.append(selection.get(Field.TYPE)) + valueAttr.append("usage: %s" % (selection.get(Field.ARG_USAGE))) valueAttrLabel = ", ".join(valueAttr) valueLabelWidth = width - 12 - len(valueAttrLabel) - valueLabel = uiTools.cropStr(cursorSelection.get(Field.VALUE), valueLabelWidth) + valueLabel = uiTools.cropStr(selection.get(Field.VALUE), valueLabelWidth) self.addstr(2, 2, "Value: %s (%s)" % (valueLabel, valueAttrLabel), selectionFormat) # remainder is filled with the man page description descriptionHeight = max(0, detailPanelHeight - 3) - descriptionContent = "Description: " + cursorSelection.get(Field.DESCRIPTION) + descriptionContent = "Description: " + selection.get(Field.DESCRIPTION) for i in range(descriptionHeight): # checks if we're done writing the description Modified: arm/trunk/src/interface/connections/connPanel.py =================================================================== --- arm/trunk/src/interface/connections/connPanel.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/interface/connections/connPanel.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -7,10 +7,15 @@ import threading from interface.connections import listings -from util import connections, enum, log, panel, uiTools +from util import connections, enum, log, panel, torTools, uiTools +REDRAW_RATE = 10 # TODO: make a config option + DEFAULT_CONFIG = {} +# height of the detail panel content, not counting top and bottom border +DETAILS_HEIGHT = 7 + # listing types Listing = enum.Enum(("IP", "IP Address"), "HOSTNAME", "FINGERPRINT", "NICKNAME") @@ -36,6 +41,7 @@ self.scroller = uiTools.Scroller(True) self._title = "Connections:" # title line of the panel self._connections = [] # last fetched connections + self._showDetails = False # presents the details panel if true self._lastUpdate = -1 # time the content was last revised self._isPaused = True # prevents updates if true @@ -52,6 +58,8 @@ self._update() # populates initial entries # TODO: should listen for tor shutdown + # TODO: hasn't yet had its pausing functionality tested (for instance, the + # key handler still accepts events when paused) def setPaused(self, isPause): """ @@ -73,8 +81,12 @@ if uiTools.isScrollKey(key): pageHeight = self.getPreferredSize()[0] - 1 + if self._showDetails: pageHeight -= (DETAILS_HEIGHT + 1) isChanged = self.scroller.handleKey(key, self._connections, pageHeight) if isChanged: self.redraw(True) + elif uiTools.isSelectionKey(key): + self._showDetails = not self._showDetails + self.redraw(True) self.valsLock.release() @@ -87,7 +99,7 @@ while not self._halt: currentTime = time.time() - if self._isPaused or currentTime - lastDraw < 1: + if self._isPaused or currentTime - lastDraw < REDRAW_RATE: self._cond.acquire() if not self._halt: self._cond.wait(0.2) self._cond.release() @@ -95,26 +107,35 @@ # updates content if their's new results, otherwise just redraws self._update() self.redraw(True) - lastDraw += 1 + lastDraw += REDRAW_RATE def draw(self, width, height): self.valsLock.acquire() - # title label with connection counts - self.addstr(0, 0, self._title, curses.A_STANDOUT) + # extra line when showing the detail panel is for the bottom border + detailPanelOffset = DETAILS_HEIGHT + 1 if self._showDetails else 0 + isScrollbarVisible = len(self._connections) > height - detailPanelOffset - 1 - scrollLoc = self.scroller.getScrollLoc(self._connections, height - 1) + scrollLoc = self.scroller.getScrollLoc(self._connections, height - detailPanelOffset - 1) cursorSelection = self.scroller.getCursorSelection(self._connections) + # draws the detail panel if currently displaying it + if self._showDetails: + self._drawSelectionPanel(cursorSelection, width, isScrollbarVisible) + + # title label with connection counts + title = "Connection Details:" if self._showDetails else self._title + self.addstr(0, 0, title, curses.A_STANDOUT) + scrollOffset = 0 - if len(self._connections) > height - 1: + if isScrollbarVisible: scrollOffset = 3 - self.addScrollBar(scrollLoc, scrollLoc + height - 1, len(self._connections), 1) + self.addScrollBar(scrollLoc, scrollLoc + height - detailPanelOffset - 1, len(self._connections), 1 + detailPanelOffset) currentTime = self._pauseTime if self._pauseTime else time.time() for lineNum in range(scrollLoc, len(self._connections)): entry = self._connections[lineNum] - drawLine = lineNum + 1 - scrollLoc + drawLine = lineNum + detailPanelOffset + 1 - scrollLoc entryType = entry.getType() lineFormat = uiTools.getColor(listings.CATEGORY_COLOR[entryType]) @@ -203,4 +224,113 @@ self._connections = newConnections self._lastResourceFetch = currentResolutionCount self.valsLock.release() + + def _drawSelectionPanel(self, selection, width, isScrollbarVisible): + """ + Renders a panel for details on the selected connnection. + """ + + # This is a solid border unless the scrollbar is visible, in which case a + # 'T' pipe connects the border to the bar. + uiTools.drawBox(self, 0, 0, width, DETAILS_HEIGHT + 2) + if isScrollbarVisible: self.addch(DETAILS_HEIGHT + 1, 1, curses.ACS_TTEE) + + selectionFormat = curses.A_BOLD | uiTools.getColor(listings.CATEGORY_COLOR[selection.getType()]) + lines = [""] * 7 + + lines[0] = "address: %s" % selection.getDestinationLabel(width - 11, listings.DestAttr.NONE) + lines[1] = "locale: %s" % ("??" if selection.isPrivate() else selection.foreign.getLocale()) + + # Remaining data concerns the consensus results, with three possible cases: + # - if there's a single match then display its details + # - if there's multiple potenial relays then list all of the combinations + # of ORPorts / Fingerprints + # - if no consensus data is available then say so (probably a client or + # exit connection) + + fingerprint = selection.foreign.getFingerprint() + conn = torTools.getConn() + + if fingerprint != "UNKNOWN": + # single match - display information available about it + nsEntry = conn.getConsensusEntry(fingerprint) + descEntry = conn.getDescriptorEntry(fingerprint) + + # append the fingerprint to the second line + lines[1] = "%-13sfingerprint: %s" % (lines[1], fingerprint) + + if nsEntry: + # example consensus entry: + # r murble R8sCM1ar1sS2GulQYFVmvN95xsk RJr6q+wkTFG+ng5v2bdCbVVFfA4 2011-02-21 00:25:32 195.43.157.85 443 0 + # s Exit Fast Guard Named Running Stable Valid + # w Bandwidth=2540 + # p accept 20-23,43,53,79-81,88,110,143,194,443 + + nsLines = nsEntry.split("\n") + + firstLineComp = nsLines[0].split(" ") + if len(firstLineComp) >= 9: + _, nickname, _, _, pubDate, pubTime, _, orPort, dirPort = firstLineComp[:9] + else: nickname, pubDate, pubTime, orPort, dirPort = "", "", "", "", "" + + flags = nsLines[1][2:] + microExit = nsLines[3][2:] + + dirPortLabel = "" if dirPort == "0" else "dirport: %s" % dirPort + lines[2] = "nickname: %-25s orport: %-10s %s" % (nickname, orPort, dirPortLabel) + lines[3] = "published: %s %s" % (pubDate, pubTime) + lines[4] = "flags: %s" % flags.replace(" ", ", ") + lines[5] = "exit policy: %s" % microExit.replace(",", ", ") + + if descEntry: + torVersion, patform, contact = "", "", "" + + for descLine in descEntry.split("\n"): + if descLine.startswith("platform"): + # has the tor version and platform, ex: + # platform Tor 0.2.1.29 (r318f470bc5f2ad43) on Linux x86_64 + + torVersion = descLine[13:descLine.find(" ", 13)] + platform = descLine[descLine.rfind(" on ") + 4:] + elif descLine.startswith("contact"): + contact = descLine[8:] + + # clears up some highly common obscuring + for alias in (" at ", " AT "): contact = contact.replace(alias, "@") + for alias in (" dot ", " DOT "): contact = contact.replace(alias, ".") + + break # contact lines come after the platform + + lines[3] = "%-36s os: %-14s version: %s" % (lines[3], platform, torVersion) + + # contact information is an optional field + if contact: lines[6] = "contact: %s" % contact + else: + allMatches = conn.getRelayFingerprint(selection.foreign.getIpAddr(), getAllMatches = True) + + if allMatches: + # multiple matches + lines[2] = "Muliple matches, possible fingerprints are:" + + for i in range(len(allMatches)): + isLastLine = i == 3 + + relayPort, relayFingerprint = allMatches[i] + lineText = "%i. or port: %-5s fingerprint: %s" % (i, relayPort, relayFingerprint) + + # if there's multiple lines remaining at the end then give a count + remainingRelays = len(allMatches) - i + if isLastLine and remainingRelays > 1: + lineText = "... %i more" % remainingRelays + + lines[3 + i] = lineText + + if isLastLine: break + else: + # no consensus entry for this ip address + lines[2] = "No consensus data found" + + for i in range(len(lines)): + lineText = uiTools.cropStr(lines[i], width - 2) + self.addstr(1 + i, 2, lineText, selectionFormat) Modified: arm/trunk/src/interface/connections/listings.py =================================================================== --- arm/trunk/src/interface/connections/listings.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/interface/connections/listings.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -16,6 +16,7 @@ # Control Tor controller (arm, vidalia, etc). # TODO: add recognizing of CLIENT connection type +DestAttr = enum.Enum("NONE", "LOCALE", "HOSTNAME") Category = enum.Enum("INBOUND", "OUTBOUND", "EXIT", "SOCKS", "CLIENT", "DIRECTORY", "CONTROL") CATEGORY_COLOR = {Category.INBOUND: "green", Category.OUTBOUND: "blue", Category.EXIT: "red", Category.SOCKS: "cyan", @@ -160,6 +161,56 @@ return Category.EXIT if isExitConnection else Category.OUTBOUND else: return self.baseType + def getDestinationLabel(self, maxLength, extraAttr=DestAttr.NONE): + """ + Provides a short description of the destination. This is made up of two + components, the base <ip addr>:<port> and an extra piece of information in + parentheses. The IP address is scrubbed from private connections. + + Extra information is... + - the port's purpose for exit connections + - the extraAttr if the address isn't private and isn't on the local network + - nothing otherwise + + Arguments: + maxLength - maximum length of the string returned + """ + + # destination of the connection + if self.isPrivate(): + dstAddress = "<scrubbed>:%s" % self.foreign.getPort() + else: + dstAddress = "%s:%s" % (self.foreign.getIpAddr(), self.foreign.getPort()) + + # Only append the extra info if there's at least a couple characters of + # space (this is what's needed for the country codes). + if len(dstAddress) + 5 <= maxLength: + spaceAvailable = maxLength - len(dstAddress) - 3 + + if self.getType() == Category.EXIT: + purpose = connections.getPortUsage(self.foreign.getPort()) + + if purpose: + # BitTorrent is a common protocol to truncate, so just use "Torrent" + # if there's not enough room. + if len(purpose) > spaceAvailable and purpose == "BitTorrent": + purpose = "Torrent" + + # crops with a hyphen if too long + purpose = uiTools.cropStr(purpose, spaceAvailable, endType = uiTools.Ending.HYPHEN) + + dstAddress += " (%s)" % purpose + elif not connections.isIpAddressPrivate(self.foreign.getIpAddr()): + if extraAttr == DestAttr.LOCALE: + dstAddress += " (%s)" % self.foreign.getLocale() + elif extraAttr == DestAttr.HOSTNAME: + dstHostname = self.foreign.getHostname() + + if dstHostname: + dstAddress += " (%s)" % uiTools.cropStr(dstHostname, spaceAvailable) + + return dstAddress[:maxLength] + def isPrivate(self): """ Returns true if the endpoint is private, possibly belonging to a client @@ -228,36 +279,8 @@ conn = torTools.getConn() myType = self.getType() + dstAddress = self.getDestinationLabel(26, DestAttr.LOCALE) - # destination of the connection - if self.isPrivate(): - dstAddress = "<scrubbed>:%s" % self.foreign.getPort() - else: - dstAddress = "%s:%s" % (self.foreign.getIpAddr(), self.foreign.getPort()) - - # Appends an extra field which could be... - # - the port's purpose for exits - # - locale for most other connections - # - blank if it's on the local network - - if myType == Category.EXIT: - purpose = connections.getPortUsage(self.foreign.getPort()) - - if purpose: - spaceAvailable = 26 - len(dstAddress) - 3 - - # BitTorrent is a common protocol to truncate, so just use "Torrent" - # if there's not enough room. - if len(purpose) > spaceAvailable and purpose == "BitTorrent": - purpose = "Torrent" - - # crops with a hyphen if too long - purpose = uiTools.cropStr(purpose, spaceAvailable, endType = uiTools.Ending.HYPHEN) - - dstAddress += " (%s)" % purpose - elif not connections.isIpAddressPrivate(self.foreign.getIpAddr()): - dstAddress += " (%s)" % self.foreign.getLocale() - src, dst, etc = "", "", "" if listingType == connPanel.Listing.IP: # base data requires 73 characters Modified: arm/trunk/src/interface/controller.py =================================================================== --- arm/trunk/src/interface/controller.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/interface/controller.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -745,7 +745,7 @@ isResize = lastSize != newSize lastSize = newSize - if panelKey in ("header", "graph", "log", "config", "torrc"): + if panelKey in ("header", "graph", "log", "config", "torrc", "conn2"): # revised panel (manages its own content refreshing) panels[panelKey].redraw(isResize) else: @@ -1280,7 +1280,9 @@ hostnames.setPaused(True) panels["conn"].sortConnections() elif page == 1 and panels["conn"].isCursorEnabled and uiTools.isSelectionKey(key): - # TODO: deprecated when migrated to the new connection panel + # TODO: deprecated when migrated to the new connection panel, thought as + # well keep around until there's a counterpart for hostname fetching + # provides details on selected connection panel.CURSES_LOCK.acquire() try: Modified: arm/trunk/src/util/torTools.py =================================================================== --- arm/trunk/src/util/torTools.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/util/torTools.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -246,6 +246,8 @@ self._fingerprintLookupCache = {} # lookup cache with (ip, port) -> fingerprint mappings self._fingerprintsAttachedCache = None # cache of relays we're connected to self._nicknameLookupCache = {} # lookup cache with fingerprint -> nickname mappings + self._consensusLookupCache = {} # lookup cache with network status entries + self._descriptorLookupCache = {} # lookup cache with relay descriptors self._isReset = False # internal flag for tracking resets self._status = State.CLOSED # current status of the attached control port self._statusTime = 0 # unix time-stamp for the duration of the status @@ -299,6 +301,8 @@ self._fingerprintLookupCache = {} self._fingerprintsAttachedCache = None self._nicknameLookupCache = {} + self._consensusLookupCache = {} + self._descriptorLookupCache = {} self._exitPolicyChecker = self.getExitPolicy() self._isExitingAllowed = self._exitPolicyChecker.isExitingAllowed() @@ -805,8 +809,55 @@ return result - def getRelayFingerprint(self, relayAddress, relayPort = None): + def getConsensusEntry(self, relayFingerprint): """ + Provides the most recently available consensus information for the given + relay. This is none if no such information exists. + + Arguments: + relayFingerprint - fingerprint of the relay + """ + + self.connLock.acquire() + + result = None + if self.isAlive(): + if not relayFingerprint in self._consensusLookupCache: + nsEntry = self.getInfo("ns/id/%s" % relayFingerprint) + self._consensusLookupCache[relayFingerprint] = nsEntry + + result = self._consensusLookupCache[relayFingerprint] + + self.connLock.release() + + return result + + def getDescriptorEntry(self, relayFingerprint): + """ + Provides the most recently available descriptor information for the given + relay. Unless FetchUselessDescriptors is set this may frequently be + unavailable. If no such descriptor is available then this returns None. + + Arguments: + relayFingerprint - fingerprint of the relay + """ + + self.connLock.acquire() + + result = None + if self.isAlive(): + if not relayFingerprint in self._descriptorLookupCache: + descEntry = self.getInfo("desc/id/%s" % relayFingerprint) + self._descriptorLookupCache[relayFingerprint] = descEntry + + result = self._descriptorLookupCache[relayFingerprint] + + self.connLock.release() + + return result + + def getRelayFingerprint(self, relayAddress, relayPort = None, getAllMatches = False): + """ Provides the fingerprint associated with the given address. If there's multiple potential matches or the mapping is unknown then this returns None. This disambiguates the fingerprint if there's multiple relays on @@ -814,20 +865,32 @@ we have a connection with. Arguments: - relayAddress - address of relay to be returned - relayPort - orport of relay (to further narrow the results) + relayAddress - address of relay to be returned + relayPort - orport of relay (to further narrow the results) + getAllMatches - ignores the relayPort and provides all of the + (port, fingerprint) tuples matching the given + address """ self.connLock.acquire() result = None if self.isAlive(): - # query the fingerprint if it isn't yet cached - if not (relayAddress, relayPort) in self._fingerprintLookupCache: - relayFingerprint = self._getRelayFingerprint(relayAddress, relayPort) - self._fingerprintLookupCache[(relayAddress, relayPort)] = relayFingerprint - - result = self._fingerprintLookupCache[(relayAddress, relayPort)] + if getAllMatches: + # populates the ip -> fingerprint mappings if not yet available + if self._fingerprintMappings == None: + self._fingerprintMappings = self._getFingerprintMappings() + + if relayAddress in self._fingerprintMappings: + result = self._fingerprintMappings[relayAddress] + else: result = [] + else: + # query the fingerprint if it isn't yet cached + if not (relayAddress, relayPort) in self._fingerprintLookupCache: + relayFingerprint = self._getRelayFingerprint(relayAddress, relayPort) + self._fingerprintLookupCache[(relayAddress, relayPort)] = relayFingerprint + + result = self._fingerprintLookupCache[(relayAddress, relayPort)] self.connLock.release() @@ -854,7 +917,7 @@ self._nicknameLookupCache[relayFingerprint] = myNickname else: # check the consensus for the relay - nsEntry = self.getInfo("ns/id/%s" % relayFingerprint) + nsEntry = self.getConsensusEntry(relayFingerprint) if nsEntry: relayNickname = nsEntry[2:nsEntry.find(" ", 2)] else: relayNickname = None @@ -1108,6 +1171,7 @@ def ns_event(self, event): self._updateHeartbeat() + self._consensusLookupCache = {} myFingerprint = self.getInfo("fingerprint") if myFingerprint: @@ -1135,6 +1199,7 @@ self._fingerprintLookupCache = {} self._fingerprintsAttachedCache = None self._nicknameLookupCache = {} + self._consensusLookupCache = {} if self._fingerprintMappings != None: self._fingerprintMappings = self._getFingerprintMappings(event.nslist) @@ -1155,6 +1220,7 @@ # the new relays. self._fingerprintLookupCache = {} self._fingerprintsAttachedCache = None + self._descriptorLookupCache = {} if self._fingerprintMappings != None: for fingerprint in event.idlist: Modified: arm/trunk/src/util/uiTools.py =================================================================== --- arm/trunk/src/util/uiTools.py 2011-02-20 21:31:49 UTC (rev 24248) +++ arm/trunk/src/util/uiTools.py 2011-02-21 06:00:17 UTC (rev 24249) @@ -166,6 +166,7 @@ # checks if there isn't the minimum space needed to include anything lastWordbreak = msg.rfind(" ", 0, size + 1) + lastWordbreak = len(msg[:lastWordbreak].rstrip()) # drops extra ending whitespaces if (minWordLen != None and size < minWordLen) or (minWordLen == None and lastWordbreak < 1): if getRemainder: return ("", msg) else: return "" @@ -183,13 +184,14 @@ returnMsg, remainder = msg[:size], msg[size:] if endType == Ending.HYPHEN: remainder = returnMsg[-1] + remainder - returnMsg = returnMsg[:-1] + "-" + returnMsg = returnMsg[:-1].rstrip() + "-" else: returnMsg, remainder = msg[:lastWordbreak], msg[lastWordbreak:] # if this is ending with a comma or period then strip it off if not getRemainder and returnMsg[-1] in (",", "."): returnMsg = returnMsg[:-1] - if endType == Ending.ELLIPSE: returnMsg += "..." + if endType == Ending.ELLIPSE: + returnMsg = returnMsg.rstrip() + "..." if getRemainder: return (returnMsg, remainder) else: return returnMsg @@ -209,17 +211,17 @@ # draws the top and bottom panel.hline(top, left + 1, width - 1, attr) - panel.hline(top + height, left + 1, width - 1, attr) + panel.hline(top + height - 1, left + 1, width - 1, attr) # draws the left and right sides - panel.vline(top + 1, left, height - 1, attr) - panel.vline(top + 1, left + width, height - 1, attr) + panel.vline(top + 1, left, height - 2, attr) + panel.vline(top + 1, left + width, height - 2, attr) # draws the corners panel.addch(top, left, curses.ACS_ULCORNER, attr) panel.addch(top, left + width, curses.ACS_URCORNER, attr) - panel.addch(top + height, left, curses.ACS_LLCORNER, attr) - panel.addch(top + height, left + width, curses.ACS_LRCORNER, attr) + panel.addch(top + height - 1, left, curses.ACS_LLCORNER, attr) + panel.addch(top + height - 1, left + width, curses.ACS_LRCORNER, attr) def isSelectionKey(key): """

1 0

r24248: {website} migrate the lists in our docs too. (website/trunk/docs/en)
by Andrew Lewman 20 Feb '11

20 Feb '11

Author: phobos Date: 2011-02-20 21:31:49 +0000 (Sun, 20 Feb 2011) New Revision: 24248 Modified: website/trunk/docs/en/documentation.wml Log: migrate the lists in our docs too. Modified: website/trunk/docs/en/documentation.wml =================================================================== --- website/trunk/docs/en/documentation.wml 2011-02-20 05:11:35 UTC (rev 24247) +++ website/trunk/docs/en/documentation.wml 2011-02-20 21:31:49 UTC (rev 24248) @@ -74,7 +74,7 @@ (If your bug is with your browser or some other application, please don't put it in our bugtracker.) The - <a href="#MailingLists">or-talk mailing list</a> can also be useful. + <a href="#MailingLists">tor-talk mailing list</a> can also be useful. </li> <li> @@ -151,7 +151,7 @@ <li> Once you're up to speed, things will continue to change surprisingly fast. - The <a href="#MailingLists">or-dev mailing list</a> is where the complex + The <a href="#MailingLists">tor-dev mailing list</a> is where the complex discussion happens, and the #tor IRC channel is where the less complex discussion happens. </li> @@ -161,27 +161,27 @@ <a id="MailingLists"></a> <h1><a class="anchor" href="#MailingLists">Mailing List Information</a></h1> <ul> - <li>The <a href="http://archives.seul.org/or/announce/">or-announce + <li>The <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/">tor-announce mailing list</a> is a low volume list for announcements of new releases and critical security updates. Everybody should be on this list. There is also an <a href="http://rss.gmane.org/gmane.network.onion-routing.announce">RSS - feed</a> of or-announce at <a href="http://gmane.org">gmane.org</a>.</li> - <li>The <a href="http://archives.seul.org/or/talk/">or-talk list</a> + feed</a> of tor-announce at <a href="http://gmane.org">gmane.org</a>.</li> + <li>The <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk/">tor-talk list</a> is where a lot of discussion happens, and is where we send notifications of prerelease versions and release candidates.</li> - <li>The <a href="http://archives.seul.org/tor/relays/">tor-relays list</a> + <li>The <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays/">tor-relays list</a> is where discussions about running, configuring, and handling your tor relay happen. If you currently run a relay, or are thinking about doing so, this is the list for you.</li> - <li>The <a href="http://archives.seul.org/or/dev/">or-dev list</a> + <li>The <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev/">tor-dev list</a> is for posting by developers only, and is very low traffic.</li> <li>A list for <a href="http://archives.seul.org/tor/mirrors/">mirror operators</a> for new website mirrors, and supporting <a href="<page getinvolved/mirrors>">current website mirrors</a>.</li> - <li>A list for <a href="http://archives.seul.org/or/cvs/">svn and git + <li>A list for <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits/">svn and git commits</a> may be interesting for developers.</li> - <li>An automated list for <a href="http://archives.seul.org/tor/bugs/">bug + <li>An automated list for <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs/">bug reports from trac</a> may be interesting for users and developers.</li> </ul>

1 0

[torsocks/master] Make tests compile and run on OSX
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit 94421ba8e0cc59003ecdb0317c346d7783723b5e Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 19:28:36 2011 +0000 Make tests compile and run on OSX --- configure.in | 17 ++++++++++++++++- test/test_torsocks.c | 15 +++++++++------ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/configure.in b/configure.in index 3366420..69d2efb 100644 --- a/configure.in +++ b/configure.in @@ -521,6 +521,8 @@ LIBS=${SIMPLELIBS} AC_SEARCH_LIBS(dlopen, [dl]) AC_SEARCH_LIBS(res_query, [resolv]) +TESTLDFLAGS="$LDFLAGS" + dnl Linker checks for Mac OSX, which uses DYLD_INSERT_LIBRARIES dnl instead of LD_PRELOAD case "$host_os" in @@ -575,6 +577,16 @@ case $host in *-*-freebsd*) AC_DEFINE(FREEBSD, 1, "Define to handle FreeBSD") ;; +*-*-darwin*) + dnl Needed to compile tests. + dnl See https://bugs.g10code.com/gnupg/issue1292: + dnl "On OS X (at least in 10.6 and I believe starting at 10.3) the DNS resolution + dnl services fail to compile. This is a result of the addition of BIND9 compatible + dnl resolution libraries on OS X that are being picked up by the configure script + dnl instead of -lresolv causing the tests for useable resolution services to fail + dnl thus disabling features like pka auto lookup." + LIBS="-lresolv $LIBS" + ;; esac AC_SUBST(SHLIB_EXT) @@ -615,5 +627,8 @@ AC_ENABLE_STATIC AC_CONFIG_FILES([src/usewithtor src/torsocks src/torsocks.conf.5 src/torsocks.8 src/usewithtor.1 src/torsocks.1]) -AC_OUTPUT(Makefile src/Makefile test/Makefile) +AC_OUTPUT(Makefile src/Makefile) +dnl Dump any LDFLAGS that were only required for linking libtorsocks, such as -dynamiclib on OSX. +LDFLAGS="$TESTLDFLAGS" +AC_OUTPUT(test/Makefile) diff --git a/test/test_torsocks.c b/test/test_torsocks.c index 6e8933b..60d78c8 100644 --- a/test/test_torsocks.c +++ b/test/test_torsocks.c @@ -37,6 +37,9 @@ #include <arpa/inet.h> #endif #include <arpa/nameser.h> +#if defined(__APPLE__) || defined(__darwin__) +#include <arpa/nameser_compat.h> +#endif #include <netinet/ip.h> #include <netinet/ip_icmp.h> #include <pthread.h> @@ -80,7 +83,7 @@ static int icmp_test() char datagram[400]; struct sockaddr_in dest; struct ip *iphdr=(struct ip *) datagram; -#if defined(OPENBSD) || defined(FREEBSD) +#if defined(OPENBSD) || defined(FREEBSD) ||defined(__APPLE__) || defined(__darwin__) struct icmp *icmphdr=(struct icmp *)(iphdr +1); #else struct icmphdr *icmphdr=(struct icmphdr *)(iphdr +1); @@ -112,7 +115,7 @@ static int icmp_test() iphdr->ip_dst.s_addr=dest.sin_addr.s_addr; iphdr->ip_sum=csum((unsigned short *)datagram,iphdr->ip_len >> 1); -#if defined(OPENBSD) || defined(FREEBSD) +#if defined(OPENBSD) || defined(FREEBSD) ||defined(__APPLE__) || defined(__darwin__) icmphdr->icmp_type=130; icmphdr->icmp_code=0; icmphdr->icmp_cksum=htons(0xc3b0); @@ -264,7 +267,7 @@ static int res_tests(char *ip, char *test) { See: http://sourceware.org/ml/libc-help/2009-11/msg00013.html */ printf("\n---------------------- %s res_query() TEST----------------------\n\n", test); snprintf((char *)host, 127, "www.google.com"); -#ifndef OPENBSD +#if !defined(OPENBSD) && !defined(__APPLE__) && !defined(__darwin__) ret = res_nquery(&_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); #else ret = res_query((char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); @@ -273,7 +276,7 @@ static int res_tests(char *ip, char *test) { printf("\n---------------------- %s res_search() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); -#ifndef OPENBSD +#if !defined(OPENBSD) && !defined(__APPLE__) && !defined(__darwin__) ret = res_nsearch(&_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); #else ret = res_search((char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); @@ -282,7 +285,7 @@ static int res_tests(char *ip, char *test) { printf("\n--------------- %s res_querydomain() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); -#ifndef OPENBSD +#if !defined(OPENBSD) && !defined(__APPLE__) && !defined(__darwin__) ret = res_nquerydomain(&_res, "www.google.com", "google.com", C_IN, T_TXT, dnsreply, sizeof( dnsreply )); #else ret = res_querydomain("www.google.com", "google.com", C_IN, T_TXT, dnsreply, sizeof( dnsreply )); @@ -291,7 +294,7 @@ static int res_tests(char *ip, char *test) { printf("\n---------------------- %s res_send() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); -#ifndef OPENBSD +#if !defined(OPENBSD) && !defined(__APPLE__) && !defined(__darwin__) ret = res_nsend(&_res, host, 32, dnsreply, sizeof( dnsreply )); #else ret = res_send(host, 32, dnsreply, sizeof( dnsreply ));

1 0

[torsocks/master] Compile and run tests on FreeBSD
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit 9de888be00f23ba1cfe1b172de61a59da6ae0ecd Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 15:36:50 2011 +0000 Compile and run tests on FreeBSD --- configure.in | 3 +++ test/test_torsocks.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index f238caa..3366420 100644 --- a/configure.in +++ b/configure.in @@ -572,6 +572,9 @@ case $host in AC_SEARCH_LIBS(pthread_create, [pthread]) AC_SEARCH_LIBS(pthread_detach, [pthread]) ;; +*-*-freebsd*) + AC_DEFINE(FREEBSD, 1, "Define to handle FreeBSD") + ;; esac AC_SUBST(SHLIB_EXT) diff --git a/test/test_torsocks.c b/test/test_torsocks.c index 902a216..6e8933b 100644 --- a/test/test_torsocks.c +++ b/test/test_torsocks.c @@ -80,7 +80,7 @@ static int icmp_test() char datagram[400]; struct sockaddr_in dest; struct ip *iphdr=(struct ip *) datagram; -#ifdef OPENBSD +#if defined(OPENBSD) || defined(FREEBSD) struct icmp *icmphdr=(struct icmp *)(iphdr +1); #else struct icmphdr *icmphdr=(struct icmphdr *)(iphdr +1); @@ -112,7 +112,7 @@ static int icmp_test() iphdr->ip_dst.s_addr=dest.sin_addr.s_addr; iphdr->ip_sum=csum((unsigned short *)datagram,iphdr->ip_len >> 1); -#ifdef OPENBSD +#if defined(OPENBSD) || defined(FREEBSD) icmphdr->icmp_type=130; icmphdr->icmp_code=0; icmphdr->icmp_cksum=htons(0xc3b0);

1 0

[torsocks/master] Make tests compile and run on OpenBSD
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit 6bec541ad5398625f14757199df26ce5a4755f9c Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 11:04:54 2011 +0000 Make tests compile and run on OpenBSD --- test/Makefile.am | 2 - test/test_torsocks.c | 74 ++++++++++++++++++++++++++++++++++++------------- 2 files changed, 54 insertions(+), 22 deletions(-) diff --git a/test/Makefile.am b/test/Makefile.am index c03c387..84e4859 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1,6 +1,4 @@ noinst_PROGRAMS= test_torsocks -LIBS = -lresolv - test_torsocks_SOURCES= test_torsocks.c CLEANFILES= test_torsocks diff --git a/test/test_torsocks.c b/test/test_torsocks.c index a262303..902a216 100644 --- a/test/test_torsocks.c +++ b/test/test_torsocks.c @@ -19,13 +19,24 @@ * Free Software Foundation, Inc., * * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ***************************************************************************/ +/* PreProcessor Defines */ +#include <config.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> #include <errno.h> #include <fcntl.h> #include <netdb.h> +#ifdef OPENBSD +#include <netinet/in_systm.h> +#endif +#include <sys/types.h> +#include <sys/socket.h> +#ifndef HAVE_NETINET_IN_H #include <netinet/in.h> +#endif +#ifndef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#include <arpa/nameser.h> #include <netinet/ip.h> #include <netinet/ip_icmp.h> #include <pthread.h> @@ -33,9 +44,10 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sys/socket.h> #include <sys/time.h> -#include <sys/types.h> +#ifdef OPENBSD +#include <sys/uio.h> +#endif #include <sys/un.h> #include <sysexits.h> #include <syslog.h> @@ -68,7 +80,11 @@ static int icmp_test() char datagram[400]; struct sockaddr_in dest; struct ip *iphdr=(struct ip *) datagram; +#ifdef OPENBSD + struct icmp *icmphdr=(struct icmp *)(iphdr +1); +#else struct icmphdr *icmphdr=(struct icmphdr *)(iphdr +1); +#endif char *buff=(char *)(icmphdr +1); printf("\n----------------icmp() TEST----------------------------\n\n"); @@ -96,16 +112,21 @@ static int icmp_test() iphdr->ip_dst.s_addr=dest.sin_addr.s_addr; iphdr->ip_sum=csum((unsigned short *)datagram,iphdr->ip_len >> 1); +#ifdef OPENBSD + icmphdr->icmp_type=130; + icmphdr->icmp_code=0; + icmphdr->icmp_cksum=htons(0xc3b0); +#else icmphdr->type=130; icmphdr->code=0; icmphdr->checksum=htons(0xc3b0); icmphdr->un.echo.sequence=0; icmphdr->un.echo.id=0; - - int one=1; - int *val=&one; - if(setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,val,sizeof(one))<0) - printf("cannot set HDRINCL!\n"); +#endif + int one=1; + int *val=&one; + if(setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,val,sizeof(one))<0) + printf("cannot set HDRINCL!\n"); if(sendto(sockfd,datagram,35,0,(struct sockaddr *)&dest,sizeof(dest))<0) @@ -228,7 +249,6 @@ static int res_tests(char *ip, char *test) { return -1; } - inet_ntop(AF_INET, &_res.nsaddr_list[0].sin_addr.s_addr, buf, sizeof(buf)); addr.sin_family=AF_INET; addr.sin_port=htons(53); @@ -240,29 +260,43 @@ static int res_tests(char *ip, char *test) { inet_ntop(AF_INET, &_res.nsaddr_list[0].sin_addr.s_addr, buf, sizeof(buf)); printf("nameserver for test: %s\n", buf); + /* Modifying _res directly doesn't work, so we have to use res_n* where available. + See: http://sourceware.org/ml/libc-help/2009-11/msg00013.html */ printf("\n---------------------- %s res_query() TEST----------------------\n\n", test); snprintf((char *)host, 127, "www.google.com"); - ret = res_nquery( &_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); -// printf("RES_QUERY results: %s.\n", dnsreply); +#ifndef OPENBSD + ret = res_nquery(&_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#else + ret = res_query((char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#endif printf("return code: %i\n", ret); printf("\n---------------------- %s res_search() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); - ret = res_nsearch( &_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); -// printf("RES_SEARCH results: %s.\n", dnsreply); +#ifndef OPENBSD + ret = res_nsearch(&_res, (char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#else + ret = res_search((char *) host, C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#endif printf("return code: %i\n", ret); printf("\n--------------- %s res_querydomain() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); - ret = res_nquerydomain( &_res, "www.google.com", "google.com", C_IN, T_TXT, dnsreply, sizeof( dnsreply )); -// printf("RES_QUERYDOMAIN results: %s.\n", dnsreply); +#ifndef OPENBSD + ret = res_nquerydomain(&_res, "www.google.com", "google.com", C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#else + ret = res_querydomain("www.google.com", "google.com", C_IN, T_TXT, dnsreply, sizeof( dnsreply )); +#endif printf("return code: %i\n", ret); printf("\n---------------------- %s res_send() TEST----------------------\n\n", test); memset( dnsreply, '\0', sizeof( dnsreply )); - ret = res_nsend( &_res, host, 32, dnsreply, sizeof( dnsreply )); -// printf("RES_SEND results: %s.\n", dnsreply); - printf("return code: %i\n", ret); +#ifndef OPENBSD + ret = res_nsend(&_res, host, 32, dnsreply, sizeof( dnsreply )); +#else + ret = res_send(host, 32, dnsreply, sizeof( dnsreply )); +#endif +printf("return code: %i\n", ret); return ret; } @@ -353,7 +387,7 @@ static int gethostbyaddr_test() { printf("\n----------------------gethostbyaddr() TEST-----------------\n\n"); - inet_aton("38.229.70.16",&bar); + inet_aton("38.229.70.16", &bar); foo=gethostbyaddr(&bar,4,AF_INET); if (foo) { int i;

1 0

[torsocks/master] Fix segfault
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit d8c11fa185dbcb4ea448394670b70f51e6cd786c Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 13:52:59 2011 +0000 Fix segfault Occurred when tor not running, torsocks run in debug/test mode, and gethostbyaddr() fails. --- src/dead_pool.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/dead_pool.c b/src/dead_pool.c index 0ef0d30..13e5740 100644 --- a/src/dead_pool.c +++ b/src/dead_pool.c @@ -590,8 +590,9 @@ our_gethostbyaddr(dead_pool *pool, const void *_addr, socklen_t len, int type) he.h_addrtype = type; he.h_addr_list = addrs; - show_msg(MSGTEST, "our_gethostbyaddr: resolved '%s' to: '%s'\n", - inet_ntoa(*((struct in_addr *)he.h_addr)), result_hostname); + if (result_hostname) + show_msg(MSGTEST, "our_gethostbyaddr: resolved '%s' to: '%s'\n", + inet_ntoa(*((struct in_addr *)he.h_addr)), result_hostname); return &he;

1 0

[torsocks/master] Fix compile warning in test_torsocks.c
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit 90f3cc0b3f08b965ec999fbcecbc9f9ff4f5dbf4 Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 14:00:07 2011 +0000 Fix compile warning in test_torsocks.c --- test/test_torsocks.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/test/test_torsocks.c b/test/test_torsocks.c index e67de0a..a262303 100644 --- a/test/test_torsocks.c +++ b/test/test_torsocks.c @@ -69,7 +69,7 @@ static int icmp_test() struct sockaddr_in dest; struct ip *iphdr=(struct ip *) datagram; struct icmphdr *icmphdr=(struct icmphdr *)(iphdr +1); - char *buff=(icmphdr +1); + char *buff=(char *)(icmphdr +1); printf("\n----------------icmp() TEST----------------------------\n\n"); if((sockfd=socket(AF_INET,SOCK_RAW,IPPROTO_ICMP))<0)

1 0

[torsocks/master] Fix copyright notice
by hoganrobert＠torproject.org 20 Feb '11

20 Feb '11

commit 6d595039efef25fe5bab96c1913fac88e376d8ce Author: Robert Hogan <robert(a)roberthogan.net> Date: Sun Feb 20 10:51:44 2011 +0000 Fix copyright notice --- test/run_tests.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/test/run_tests.sh b/test/run_tests.sh index 5dc50f7..5582102 100755 --- a/test/run_tests.sh +++ b/test/run_tests.sh @@ -1,7 +1,7 @@ #! /bin/sh # *************************************************************************** # * * -# * Copyright (C) 2008-2011 Robert Hogan <robert(a)roberthogan.net> * +# * Copyright (C) 2011 Robert Hogan <robert(a)roberthogan.net> * # * * # * This program is free software; you can redistribute it and/or modify * # * it under the terms of the GNU General Public License as published by *

1 0

[tor-svn] r24247: {website} Change sitemap.xml's MIME type to text/xml Previously, its M (website/trunk)
by Robert Ransom 20 Feb '11

20 Feb '11

Author: rransom Date: 2011-02-20 05:11:35 +0000 (Sun, 20 Feb 2011) New Revision: 24247 Modified: website/trunk/sitemap.xml Log: Change sitemap.xml's MIME type to text/xml Previously, its MIME type was application/xml, which Subversion thought was a binary file type, so commit-notification mails didn't include diffs. Hopefully, Subversion will recognize text/xml as a text file type, and generate diffs in the future. Property changes on: website/trunk/sitemap.xml ___________________________________________________________________ Modified: svn:mime-type - application/xml + text/xml

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits