commit d20add70f5a5775c1ddc87bf15c46b6f8222e05e Author: Damian Johnson atagar@torproject.org Date: Sat Aug 1 17:39:55 2015 -0700
Move is_private() to be an entity method
Another thing that doesn't really belong on individual lines. Also addressing a 'todo' comment in the process about checking if dns queries are using udp (we now have this information handy). --- nyx/connections/conn_entry.py | 40 ++-------------------------------------- nyx/connections/conn_panel.py | 2 +- nyx/connections/entries.py | 39 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 40 insertions(+), 41 deletions(-)
diff --git a/nyx/connections/conn_entry.py b/nyx/connections/conn_entry.py index 021accb..13aaadf 100644 --- a/nyx/connections/conn_entry.py +++ b/nyx/connections/conn_entry.py @@ -175,42 +175,6 @@ class ConnectionLine(entries.ConnectionPanelLine): detail_format = (curses.A_BOLD, CATEGORY_COLOR[self.get_type()]) return [(line, detail_format) for line in self._get_detail_content(width)]
- def is_private(self): - """ - Returns true if the endpoint is private, possibly belonging to a client - connection or exit traffic. - """ - - if not CONFIG['features.connection.showIps']: - return True - - # This is used to scrub private information from the interface. Relaying - # etiquette (and wiretapping laws) say these are bad things to look at so - # DON'T CHANGE THIS UNLESS YOU HAVE A DAMN GOOD REASON! - - my_type = self.get_type() - - if my_type == Category.INBOUND: - controller = tor_controller() - - if controller.is_user_traffic_allowed().inbound: - all_matches = nyx.util.tracker.get_consensus_tracker().get_all_relay_fingerprints(self.connection.remote_address) - return all_matches == [] - elif my_type == Category.EXIT: - # DNS connections exiting us aren't private (since they're hitting our - # resolvers). Everything else, however, is. - - # TODO: Ideally this would also double check that it's a UDP connection - # (since DNS is the only UDP connections Tor will relay), however this - # will take a bit more work to propagate the information up from the - # connection resolver. - - return self.connection.remote_port != 53 - - # for everything else this isn't a concern - - return False - def get_type(self): return self._entry.get_type()
@@ -435,7 +399,7 @@ class ConnectionLine(entries.ConnectionPanelLine):
lines = [''] * 7 lines[0] = 'address: %s' % self.get_destination_label(width - 11) - lines[1] = 'locale: %s' % ('??' if self.is_private() else self.get_locale('??')) + lines[1] = 'locale: %s' % ('??' if self._entry.is_private() else self.get_locale('??'))
# Remaining data concerns the consensus results, with three possible cases: # - if there's a single match then display its details @@ -581,7 +545,7 @@ class ConnectionLine(entries.ConnectionPanelLine):
# destination of the connection
- address_label = '<scrubbed>' if self.is_private() else self.connection.remote_address + address_label = '<scrubbed>' if self._entry.is_private() else self.connection.remote_address port_label = ':%s' % self.connection.remote_port if include_port else '' destination_address = address_label + port_label
diff --git a/nyx/connections/conn_panel.py b/nyx/connections/conn_panel.py index 7d06abe..76f6f16 100644 --- a/nyx/connections/conn_panel.py +++ b/nyx/connections/conn_panel.py @@ -481,7 +481,7 @@ class ConnectionPanel(panel.Panel, threading.Thread): for entry in new_entries: entry_line = entry.get_lines()[0]
- if entry_line.is_private() and entry.get_type() == conn_entry.Category.INBOUND: + if entry.is_private() and entry.get_type() == conn_entry.Category.INBOUND: client_locale = entry_line.get_locale(None)
if client_locale: diff --git a/nyx/connections/entries.py b/nyx/connections/entries.py index 6963123..1242887 100644 --- a/nyx/connections/entries.py +++ b/nyx/connections/entries.py @@ -9,7 +9,7 @@ import datetime from nyx.util import tor_controller
from stem.control import Listener -from stem.util import enum +from stem.util import conf, enum
# attributes we can list entries by
@@ -37,6 +37,10 @@ PORT_COUNT = 65536 SCRUBBED_IP_VAL = 255 ** 4 ADDRESS_CACHE = {}
+CONFIG = conf.config_dict('nyx', { + 'features.connection.showIps': True, +}) +
def to_unix_time(dt): return (dt - datetime.datetime(1970, 1, 1)).total_seconds() @@ -110,6 +114,37 @@ class ConnectionPanelEntry:
return self._connection_type
+ def is_private(self): + """ + Returns true if the endpoint is private, possibly belonging to a client + connection or exit traffic. + + This is used to scrub private information from the interface. Relaying + etiquette (and wiretapping laws) say these are bad things to look at so + DON'T CHANGE THIS UNLESS YOU HAVE A DAMN GOOD REASON! + """ + + import nyx.connections.conn_entry + import nyx.util.tracker + + if not CONFIG['features.connection.showIps']: + return True + + if self.get_type() == nyx.connections.conn_entry.Category.INBOUND: + controller = tor_controller() + + if controller.is_user_traffic_allowed().inbound: + return len(nyx.util.tracker.get_consensus_tracker().get_all_relay_fingerprints(self.connection.remote_address)) == 0 + elif self.get_type() == nyx.connections.conn_entry.Category.EXIT: + # DNS connections exiting us aren't private (since they're hitting our + # resolvers). Everything else, however, is. + + return self.connection.remote_port != 53 or self.connection.protocol != 'udp' + + # for everything else this isn't a concern + + return False + def get_lines(self): """ Provides the individual lines in the connection listing. @@ -138,7 +173,7 @@ class ConnectionPanelEntry: connection_line = self.lines[0]
if attr == SortAttr.IP_ADDRESS: - if connection_line.is_private(): + if self.is_private(): return SCRUBBED_IP_VAL # orders at the end
return address_to_int(connection_line.connection.remote_address)