On 5/31/12 5:19 PM, sid77@slackware.it wrote:
Hi all,
Hi Sid.
it took me a year or so but I've finally managed to build Tor for iOS with a working support for TransPort, as you can see on: https://github.com/sid77/evelyn/blob/master/tor/make.sh
Whoohoo!
The next natural step is to hack together full device torification as iOS jailbroken devices can run pf (without ALTQ support).
I'm not very comfortable with pf and pfctl so my first step was to head out to https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#BSDPF looking for some clue.
It's been a while since I've used pf for serious things, but I think I can still manage.
However, jailbroken iOS' ifconfig can not bring up a second loopback interface (I think the kernel is not allowing it) so I had to test out some custom rules, my current pf.conf is as follow:
That's weird. I can look into that over the weekend.
-8<- scrub in
rdr pass on lo0 inet proto tcp all -> 127.0.0.1 port 9040 rdr pass on lo0 inet proto udp to port domain -> 127.0.0.1 port domain
block return out
pass quick on lo0 keep state
pass out quick inet proto tcp user nobody flags S/SA modulate state pass out quick route-to lo0 inet proto udp to port domain keep state pass out quick route-to lo0 inet proto tcp all flags S/SA modulate state -8<-
taken from: https://github.com/sid77/mobiletor/blob/master/pf.conf I apply it running this script: https://github.com/sid77/sbsettingstor/blob/master/com.sbsettingstor.enable Tor is running as user nobody (not really secure but I still have to figure out system user management on the platform) and answering DNS queries on 127.0.0.1:53.
This solution is failing *REALLY* hard as I managed to run into a kernel panic as soon as I tried to generate some traffic with Mobile Safari or Cydia.
Is there any pf guru out there which can give me some insights?
I expect that you really _DO NEED_ that second loopback interface for the above config, otherwise your packets will just end up in one big loop. A workaround might be to tag the packets when they are rdr'ed and make sure that you only rdr packets that are non-tagged. I have to look up the exact syntax on how to do that. I strongly suggest testing your pf rules on another machine first (OpenBSD or FreeBSD VM) and then deploying in iOS.
Do you have the kernel crash log handy by any chance? It should be in /Library/Logs/CrashReporter/Panics
Cheers, RPW