[tor-bugs] #13338 [Tor]: Rewrite tor-fw-helper in Go (or another memory-safe language)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 19 03:58:15 UTC 2014 

#13338: Rewrite tor-fw-helper in Go (or another memory-safe language)
-----------------------------+---------------------------------
     Reporter:  arma         |      Owner:  yawning
         Type:  enhancement  |     Status:  assigned
     Priority:  minor        |  Milestone:  Tor: very long term
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  flashproxy
Actual Points:               |  Parent ID:  #5213
       Points:               |
-----------------------------+---------------------------------

Comment (by yawning):

 https://github.com/Yawning/go-fw-helper

 Some notes:
  * I wrote my own UPnP client, because of licensing, code
 quality/auditability concerns, and not-invented-here reasons.
  * Works as far as I can tell, but flashproxy will need code changes
 because it assumes leases are permanet.  I could change the lease time to
 "1 week" (max allowed in UPnP 1.1, 1.0 allows permanent), but certain
 routers exhibit really broken behavior when the UPnP port mapping table
 gets filled up (in some cases, requiring a factory reset).  The lease time
 was chosen somewhat arbitrarily based around how tor invokes tor-fw-
 helper.
  * NAT-PMP is not supported yet.  It turns out that the Go runtime
 supports netlink sockets, and I have Go code to query the default route's
 gateway on Linux (that works), but I don't have a router that supports
 NAT-PMP yet.  Windows will more than likely require calling into native
 code, and I haven't looked at what Darwin will require here yet.
  * I had to disable ufw on my local box to test it.  For the UDP multicast
 based discovery process I currently bind to a random port, but maybe this
 should be fixed to make it easier for users to deal with "local firewall
 blocks the M-SEARCH responses".

 Next steps from me would be going and buying an AirPort base station so I
 can test NAT-PMP, and getting it working at least on Linux.  I might be
 able to also do Darwin as long as "do what you would do on FreeBSD" is how
 you query the routing table.  Not sure how much of a deployment blocker
 NAT-PMP support is, since our current alternative is "scary library code".

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13338#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list