commit 2c052b414fe2e820773aeb408dc4ba5e97a04c5c Author: David Fifield david@bamsoftware.com Date: Wed Oct 24 09:42:21 2012 -0700
Make flashproxy-client a a managed proxy.
Managed mode is the default. Use --external to override it and be an external proxy like before. --- README | 31 +++++++------- doc/websocket-transport.txt | 4 +- flashproxy-client | 94 +++++++++++++++++++++++++++++++++++-------- torrc | 3 +- 4 files changed, 95 insertions(+), 37 deletions(-)
diff --git a/README b/README index 75252d0..efcec98 100644 --- a/README +++ b/README @@ -13,24 +13,20 @@ You must be able to receive TCP connections; unfortunately means that you cannot be behind NAT. See the section "Using a public client transport plugin" below to try out the system even behind NAT.
-1. Run the client transport plugin. - $ flashproxy-client --register - By default the transport plugin listens on Internet-facing TCP port - 9000. If you have to use a different port (to get through a firewall, - for example), give it on the command lines like this (here using port - 8888): - $ flashproxy-client --register :9001 :8888 -2. Run Tor using the included torrc file. +Run Tor using the included torrc file: $ tor -f torrc +By default the transport plugin listens on Internet-facing TCP port +9000. If you have to use a different port (to get through a firewall, +for example), edit the ClientTransportPlugin line of the torrc to give a +different port number: + ClientTransportPlugin websocket exec ./flashproxy-client --register :0 :8888 +If the flashproxy-client program is in a different directoy (after being +installed, for example), use the full path in the ClientTransportPlugin +line: + ClientTransportPlugin websocket exec /usr/local/bin/flashproxy-client --register
-Watch the output of flashproxy-client and tor. From -flashproxy-client you are expecting output lines like this: - Remote connection from [scrubbed]. - Local connection from [scrubbed]. - Linking [scrubbed] and [scrubbed]. -From tor you are looking for: - [notice] Tor has successfully opened a circuit. Looks like client functionality is working. - [notice] Bootstrapped 100%: Done. +You should receive a flash proxy connection within about 60 seconds. See +"Troubleshooting" below if it doesn't work.
== Overview @@ -81,6 +77,9 @@ port forwarding. Make sure someone is viewing http://crypto.stanford.edu/flashproxy/, or another web page with a flash proxy badge on it.
+You can add the --log option to the ClientTransportPlugin command line +in order to save debugging log messages. + If tor hangs at 10% with these messages: [notice] Bootstrapped 10%: Finishing handshake with directory server. [notice] no known bridge descriptors running yet; stalling diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt index 78e3297..94d4060 100644 --- a/doc/websocket-transport.txt +++ b/doc/websocket-transport.txt @@ -54,10 +54,10 @@ Method name respectively:
UseBridges 1 -ClientTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --client --managed +ClientTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --client Bridge websocket 198.51.100.1
-ServerTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --server --managed +ServerTransportPlugin websocket exec /usr/libexec/tor-websocket-proxy --server
The base64 subprotocol
diff --git a/flashproxy-client b/flashproxy-client index 6c92c91..fb4b4f7 100755 --- a/flashproxy-client +++ b/flashproxy-client @@ -31,7 +31,10 @@ try: except ImportError: numpy = None
-DEFAULT_LOCAL_PORT = 9001 +# Default local port in managed mode (choose one arbitrarily). +DEFAULT_LOCAL_PORT_MANAGED = 0 +# Default local port in external mode. +DEFAULT_LOCAL_PORT_EXTERNAL = 9001 DEFAULT_REMOTE_PORT = 9000 DEFAULT_REGISTER_METHODS = ["email", "http"]
@@ -43,6 +46,8 @@ class options(object): register_addr = None facilitator_url = None
+ managed = True + log_filename = None log_file = sys.stdout daemonize = False @@ -67,6 +72,14 @@ The local connection acts as a SOCKS4a proxy, but the host and port in the SOCKS request are ignored and the local connection is always linked to a remote connection.
+By default, runs as a managed proxy: informs a parent Tor project of support for +the "websocket" pluggable transport. In managed mode, the LOCAL port is chosen +arbitrarily instead of defaulting to %(local_port)d; however this can be +overridden by including a LOCAL port in the command. This is the way the +program should be invoked in a torrc ClientTransportPlugin "exec" line. +Use the --external option to run as an external proxy that does not +interact with Tor. + If any of the --register, --register-addr, or --register-methods options are used, then your IP address will be sent to the facilitator so that proxies can connect to you. You need to register in some way in order to get any service. @@ -74,6 +87,8 @@ The --facilitator option allows controlling which facilitator is used; if omitted, it uses a public default.
--daemon daemonize (Unix only). + --external be an external proxy (don't interact with Tor using + environment variables and stdout). -f, --facilitator=URL advertise willingness to receive connections to URL. -h, --help show this help. -l, --log FILENAME write log to FILENAME (default stdout). @@ -89,7 +104,7 @@ omitted, it uses a public default. --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], - "local_port": DEFAULT_LOCAL_PORT, + "local_port": DEFAULT_LOCAL_PORT_EXTERNAL, "remote_port": DEFAULT_REMOTE_PORT, "reg_methods": ",".join(DEFAULT_REGISTER_METHODS), } @@ -961,6 +976,34 @@ def pt_smethoderror(msg): pt_line("SMETHOD-ERROR", msg) sys.exit(1)
+def pt_get_client_transports(known): + result = [] + if os.environ.get("TOR_PT_CLIENT_TRANSPORTS") == "*": + return known + for method in os.environ.get("TOR_PT_CLIENT_TRANSPORTS", "").split(","): + if method in known: + result.append(method) + return result + +def pt_setup_managed(): + for ver in os.environ.get("TOR_PT_MANAGED_TRANSPORT_VER", "").split(","): + if ver == "1": + pt_line("VERSION", ver) + break + else: + pt_versionerror("no-version") + + client_transports = pt_get_client_transports(["websocket"]) + if not client_transports: + pt_line("CMETHODS", "DONE") + sys.exit(1) + +def pt_cmethod(method_name, addr): + pt_line("CMETHOD", method_name, "socks4", format_sockaddr(addr)) + +def pt_cmethods_done(): + pt_line("CMETHODS", "DONE") + def main(): global remote_listen, local_listen global locals, remotes @@ -970,10 +1013,12 @@ def main(): register_addr_spec = None register_methods = []
- opts, args = getopt.gnu_getopt(sys.argv[1:], "f:hl:r", ["daemon", "facilitator=", "help", "log=", "pidfile=", "register", "register-addr=", "register-methods=", "unsafe-logging"]) + opts, args = getopt.gnu_getopt(sys.argv[1:], "f:hl:r", ["daemon", "external", "facilitator=", "help", "log=", "pidfile=", "register", "register-addr=", "register-methods=", "unsafe-logging"]) for o, a in opts: if o == "--daemon": options.daemonize = True + elif o == "--external": + options.managed = False elif o == "-f" or o == "--facilitator": options.facilitator_url = a elif o == "-h" or o == "--help": @@ -1002,17 +1047,26 @@ def main(): # Send error tracebacks to the log. sys.stderr = options.log_file else: - options.log_file = sys.stdout + options.log_file = sys.stderr + + if options.managed: + pt_setup_managed() + + if options.managed: + default_local_port = DEFAULT_LOCAL_PORT_MANAGED + else: + default_local_port = DEFAULT_LOCAL_PORT_EXTERNAL + default_remote_port = DEFAULT_REMOTE_PORT
if len(args) == 0: - local_addr = (None, DEFAULT_LOCAL_PORT) - remote_addr = (None, DEFAULT_REMOTE_PORT) + local_addr = (None, default_local_port) + remote_addr = (None, default_remote_port) elif len(args) == 1: - local_addr = parse_addr_spec(args[0], defport=DEFAULT_LOCAL_PORT) - remote_addr = (None, DEFAULT_REMOTE_PORT) + local_addr = parse_addr_spec(args[0], defport=default_local_port) + remote_addr = (None, default_remote_port) elif len(args) == 2: - local_addr = parse_addr_spec(args[0], defport=DEFAULT_LOCAL_PORT) - remote_addr = parse_addr_spec(args[1], defport=DEFAULT_REMOTE_PORT) + local_addr = parse_addr_spec(args[0], defport=default_local_port) + remote_addr = parse_addr_spec(args[1], defport=default_remote_port) else: usage(sys.stderr) sys.exit(1) @@ -1037,16 +1091,22 @@ def main(): for method in register_methods: options.register_commands.append(build_register_command(method))
- # Local sockets, accepting SOCKS requests from localhost - local_listen = [] - for addr in options.local_addrs: - local_listen.append(listen_socket(addr)) - log(u"Listening local on %s." % format_addr(addr)) # Remote sockets, accepting remote WebSocket connections from proxies. remote_listen = [] for addr in options.remote_addrs: - remote_listen.append(listen_socket(addr)) - log(u"Listening remote on %s." % format_addr(addr)) + listen = listen_socket(addr) + remote_listen.append(listen) + log(u"Listening remote on %s." % format_sockaddr(listen.getsockname())) + # Local sockets, accepting SOCKS requests from localhost + local_listen = [] + for addr in options.local_addrs: + listen = listen_socket(addr) + local_listen.append(listen) + log(u"Listening local on %s." % format_sockaddr(listen.getsockname())) + if options.managed: + pt_cmethod("websocket", listen.getsockname()) + if options.managed: + pt_cmethods_done()
# New remote sockets waiting to finish their WebSocket negotiation. websocket_pending = [] diff --git a/torrc b/torrc index 4ee54e1..c5e40d2 100644 --- a/torrc +++ b/torrc @@ -1,9 +1,8 @@ ## Configuration file for Tor over flash proxies. ## Usage: -## flashproxy-client --register ## tor -f torrc
-ClientTransportPlugin websocket socks4 127.0.0.1:9001 +ClientTransportPlugin websocket exec ./flashproxy-client --register UseBridges 1 # The address and port are ignored by the client transport plugin. Bridge websocket 0.0.1.0:1