Author: atagar Date: 2011-03-23 16:18:32 +0000 (Wed, 23 Mar 2011) New Revision: 24421
Modified: arm/trunk/src/interface/connections/connEntry.py arm/trunk/src/util/torTools.py Log: Fix bundle, thanks to Fabian Keil
fix: preventing PROGRAM and CONTROL connections from being expanded (patch by Fabian Keil) fix: reversing src and dst addresses of PROGRAM and CONTROL connections (caught by Fabian Keil) fix: changing the 'APPLICATION' type to 'PROGRAM' since the previous label was too long (caught by Fabian Keil) fix: exit policy should only be respected for determining exit connections if the ORPort is set
Modified: arm/trunk/src/interface/connections/connEntry.py =================================================================== --- arm/trunk/src/interface/connections/connEntry.py 2011-03-23 15:15:43 UTC (rev 24420) +++ arm/trunk/src/interface/connections/connEntry.py 2011-03-23 16:18:32 UTC (rev 24421) @@ -14,14 +14,14 @@ # Outbound Relay connection, leaving us. # Exit Outbound relay connection leaving the Tor network. # Client Circuits for our client traffic. -# Application Socks connections using Tor. +# Program Socks connections for applications using Tor. # Directory Fetching tor consensus information. # Control Tor controller (arm, vidalia, etc).
-Category = enum.Enum("INBOUND", "OUTBOUND", "EXIT", "CLIENT", "APPLICATION", "DIRECTORY", "CONTROL") +Category = enum.Enum("INBOUND", "OUTBOUND", "EXIT", "CLIENT", "PROGRAM", "DIRECTORY", "CONTROL") CATEGORY_COLOR = {Category.INBOUND: "green", Category.OUTBOUND: "blue", Category.EXIT: "red", Category.CLIENT: "cyan", - Category.APPLICATION: "yellow", Category.DIRECTORY: "magenta", + Category.PROGRAM: "yellow", Category.DIRECTORY: "magenta", Category.CONTROL: "red"}
# static data for listing format @@ -208,7 +208,7 @@ self.baseType = Category.INBOUND self.local.isORPort = True elif lPort == mySocksPort: - self.baseType = Category.APPLICATION + self.baseType = Category.PROGRAM elif lPort == myCtlPort: self.baseType = Category.CONTROL else: @@ -498,6 +498,16 @@ myExternalIpAddr = conn.getInfo("address", self.local.getIpAddr()) addrDiffer = myExternalIpAddr != self.local.getIpAddr()
+ # Expanding doesn't make sense, if the connection isn't actually + # going through Tor's external IP address. As there isn't a known + # method for checking if it is, we're checking the type instead. + # + # This isn't entirely correct. It might be a better idea to check if + # the source and destination addresses are both private, but that might + # not be perfectly reliable either. + + isExpansionType = not myType in (Category.PROGRAM, Category.CONTROL) + srcAddress = myExternalIpAddr + localPort src = "%-21s" % srcAddress # ip:port = max of 21 characters dst = "%-26s" % dstAddress # ip:port (xx) = max of 26 characters @@ -512,7 +522,7 @@ if isExpandedAddrVisible and CONFIG["features.connection.showColumn.fingerprint"]: isExpandedAddrVisible = width < usedSpace + 42 or width > usedSpace + 70
- if addrDiffer and isExpandedAddrVisible and self.includeExpandedIpAddr and CONFIG["features.connection.showColumn.expandedIp"]: + if addrDiffer and isExpansionType and isExpandedAddrVisible and self.includeExpandedIpAddr and CONFIG["features.connection.showColumn.expandedIp"]: # include the internal address in the src (extra 28 characters) internalAddress = self.local.getIpAddr() + localPort src = "%-21s --> %s" % (internalAddress, src) @@ -570,7 +580,7 @@ # pads dst entry to its max space dst = ("%%-%is" % (baseSpace - len(src))) % dst
- if myType == Category.INBOUND: src, dst = dst, src + if myType in (Category.INBOUND, Category.PROGRAM, Category.CONTROL): src, dst = dst, src padding = " " * (width - usedSpace + LABEL_MIN_PADDING) return LABEL_FORMAT % (src, dst, etc, padding)
Modified: arm/trunk/src/util/torTools.py =================================================================== --- arm/trunk/src/util/torTools.py 2011-03-23 15:15:43 UTC (rev 24420) +++ arm/trunk/src/util/torTools.py 2011-03-23 16:18:32 UTC (rev 24421) @@ -784,31 +784,35 @@
result = None if self.isAlive(): - policyEntries = [] - for exitPolicy in self.getOption("ExitPolicy", [], True): - policyEntries += [policy.strip() for policy in exitPolicy.split(",")] - - # appends the default exit policy - defaultExitPolicy = self.getInfo("exit-policy/default") - - if defaultExitPolicy: - policyEntries += defaultExitPolicy.split(",") - - # construct the policy chain backwards - policyEntries.reverse() - - for entry in policyEntries: - result = ExitPolicy(entry, result) - - # Checks if we are rejecting private connections. If set, this appends - # 'reject private' and 'reject <my ip>' to the start of our policy chain. - isPrivateRejected = self.getOption("ExitPolicyRejectPrivate", True) - - if isPrivateRejected: - result = ExitPolicy("reject private", result) + if self.getOption("ORPort"): + policyEntries = [] + for exitPolicy in self.getOption("ExitPolicy", [], True): + policyEntries += [policy.strip() for policy in exitPolicy.split(",")]
- myAddress = self.getInfo("address") - if myAddress: result = ExitPolicy("reject %s" % myAddress, result) + # appends the default exit policy + defaultExitPolicy = self.getInfo("exit-policy/default") + + if defaultExitPolicy: + policyEntries += defaultExitPolicy.split(",") + + # construct the policy chain backwards + policyEntries.reverse() + + for entry in policyEntries: + result = ExitPolicy(entry, result) + + # Checks if we are rejecting private connections. If set, this appends + # 'reject private' and 'reject <my ip>' to the start of our policy chain. + isPrivateRejected = self.getOption("ExitPolicyRejectPrivate", True) + + if isPrivateRejected: + result = ExitPolicy("reject private", result) + + myAddress = self.getInfo("address") + if myAddress: result = ExitPolicy("reject %s" % myAddress, result) + else: + # no ORPort is set so all relaying is disabled + result = ExitPolicy("reject *:*")
self.connLock.release()