commit e1760cdc972c93377fbd36aea02f8edeb7424275 Author: Damian Johnson atagar@torproject.org Date: Tue Jul 5 20:00:47 2011 -0700
Generating torrc entries for special cases
This covers the trickier torrc options (burst, exit policy, bridges, etc) that were omitted from the previous templating checkin. With this all of the torrc generation should be done - next on to the confirmation dialog... --- src/cli/wizard.py | 74 +++++++++++++++++++++++++++++++++++--- src/resources/torrcTemplate.txt | 2 + src/settings.cfg | 7 ++++ 3 files changed, 77 insertions(+), 6 deletions(-)
diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 03cfb48..d585ce5 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -72,7 +72,8 @@ MSG_COLOR = "green" OPTION_COLOR = "yellow" DISABLED_COLOR = "cyan"
-CONFIG = {"wizard.message.role": "", +CONFIG = {"startup.dataDirectory": "~/.arm", + "wizard.message.role": "", "wizard.message.relay": "", "wizard.message.exit": "", "wizard.message.bridge": "", @@ -86,7 +87,14 @@ CONFIG = {"wizard.message.role": "", "wizard.label.opt": {}, "wizard.description.general": {}, "wizard.description.role": {}, - "wizard.description.opt": {}} + "wizard.description.opt": {}, + "port.category": {}, + "port.exit.all": [], + "port.exit.web": [], + "port.exit.mail": [], + "port.exit.im": [], + "port.exit.misc": [], + "port.encrypted": []}
def loadConfig(config): config.update(CONFIG) @@ -437,12 +445,66 @@ def getTorrc(relayType, config):
templateOptions[key.upper()] = value
- #templateOptions = dict([(key.upper(), config[key].getValue()) for key in config]) templateOptions[relayType.upper()] = True templateOptions["LOW_PORTS"] = config[Options.LOWPORTS] - #templateOptions["BURST"] = config[Options.BANDWIDTH] * 2 # TODO: implement - templateOptions["NOTICE_PATH"] = "/path/to/.arm/exit-notice.html" # TODO: actually prepend the right prefix - templateOptions["EXIT_POLICY"] = "" # TODO: fill in configured policy + + # uses double the relay rate for bursts + relayRateComp = config[Options.BANDWIDTH].getValue().split(" ") + templateOptions["BURST"] = "%i %s" % (int(relayRateComp[0]) * 2, " ".join(relayRateComp[1:])) + + # exit notice will be in our data directory + dataDir = CONFIG["startup.dataDirectory"] + if not dataDir.endswith("/"): dataDir += "/" + templateOptions["NOTICE_PATH"] = os.path.expanduser(dataDir) + "exit-notice.html" + + policyCategories = [] + if not config[Options.POLICY].getValue(): + policyCategories = ["web", "mail", "im", "misc"] + else: + if config[Options.WEBSITES].getValue(): policyCategories.append("web") + if config[Options.EMAIL].getValue(): policyCategories.append("mail") + if config[Options.IM].getValue(): policyCategories.append("im") + if config[Options.MISC].getValue(): policyCategories.append("misc") + + if policyCategories: + isEncryptedOnly = not config[Options.PLAINTEXT].getValue() + + policyLines = [] + for category in ["all"] + policyCategories: + # shows a comment at the start of the section saying what it's for + topicComment = CONFIG["port.category"].get(category) + if topicComment: + while topicComment: + commentSegment, topicComment = uiTools.cropStr(topicComment, 78, None, endType = None, getRemainder = True) + policyLines.append("# " + commentSegment.strip()) + + for portEntry in CONFIG.get("port.exit.%s" % category, []): + # port entry might be an individual port or a range + + if isEncryptedOnly and (not portEntry in CONFIG["port.encrypted"]): + continue # opting to not include plaintext port and ranges + + if "-" in portEntry: + # if this is a range then use the first port's description + comment = connections.PORT_USAGE.get(portEntry[:portEntry.find("-")]) + else: comment = connections.PORT_USAGE.get(portEntry) + + entry = "ExitPolicy accept *:%s" % portEntry + if comment: policyLines.append("%-30s# %s" % (entry, comment)) + else: policyLines.append(entry) + + if category != policyCategories[-1]: + policyLines.append("") # newline to split categories + + templateOptions["EXIT_POLICY"] = "\n".join(policyLines) + + # includes input bridges + bridgeLines = [] + for bridgeOpt in [Options.BRIDGE1, Options.BRIDGE2, Options.BRIDGE3]: + bridgeValue = config[bridgeOpt].getValue() + if bridgeValue: bridgeLines.append("Bridge %s" % bridgeValue) + + templateOptions["BRIDGES"] = "\n".join(bridgeLines)
return torConfig.renderTorrc(template, templateOptions)
diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt index 3c9387f..7462382 100644 --- a/src/resources/torrcTemplate.txt +++ b/src/resources/torrcTemplate.txt @@ -60,7 +60,9 @@ CookieAuthentication 1 # method for controller authentication DirPortFrontPage [NOTICE_PATH] # disclaimer saying that this is an exit [END IF]
+ [NEWLINE] [EXIT_POLICY] + ExitPolicy reject *:* # prevents any exit traffic not permitted above [END IF] [ELSE] ClientOnly 1 # prevents us from ever being used as a relay diff --git a/src/settings.cfg b/src/settings.cfg index 53da315..162327b 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -816,6 +816,12 @@ port.label.33434 traceroute # full policy is the Reduced Exit Policy, revision 9 (edited 6/28/11): # https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy?version=...
+port.category all => The following sets which ports can exit the tor network through you. For more information and updates on the suggested policy see: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy +port.category web => ports for general internet browsing +port.category mail => ports for receiving email +port.category im => ports for instant messaging +port.category misc => ports for other services + port.exit.misc 20-23 # FTP, SSH, Telnet port.exit.misc 43 # WHOIS port.exit.all 53 # DNS @@ -889,6 +895,7 @@ port.exit.misc 19638 # Ensim Control Panel # encrypted traffic)
port.encrypted 22 +port.encrypted 53 # dns - not really encrypted but want it anyway port.encrypted 88 port.encrypted 443 port.encrypted 464
tor-commits@lists.torproject.org