[tor-commits] [arm/release] Generating torrc entries for special cases
atagar at torproject.org
atagar at torproject.org
Sun Jul 17 06:08:30 UTC 2011
commit e1760cdc972c93377fbd36aea02f8edeb7424275
Author: Damian Johnson <atagar at torproject.org>
Date: Tue Jul 5 20:00:47 2011 -0700
Generating torrc entries for special cases
This covers the trickier torrc options (burst, exit policy, bridges, etc) that
were omitted from the previous templating checkin. With this all of the torrc
generation should be done - next on to the confirmation dialog...
---
src/cli/wizard.py | 74 +++++++++++++++++++++++++++++++++++---
src/resources/torrcTemplate.txt | 2 +
src/settings.cfg | 7 ++++
3 files changed, 77 insertions(+), 6 deletions(-)
diff --git a/src/cli/wizard.py b/src/cli/wizard.py
index 03cfb48..d585ce5 100644
--- a/src/cli/wizard.py
+++ b/src/cli/wizard.py
@@ -72,7 +72,8 @@ MSG_COLOR = "green"
OPTION_COLOR = "yellow"
DISABLED_COLOR = "cyan"
-CONFIG = {"wizard.message.role": "",
+CONFIG = {"startup.dataDirectory": "~/.arm",
+ "wizard.message.role": "",
"wizard.message.relay": "",
"wizard.message.exit": "",
"wizard.message.bridge": "",
@@ -86,7 +87,14 @@ CONFIG = {"wizard.message.role": "",
"wizard.label.opt": {},
"wizard.description.general": {},
"wizard.description.role": {},
- "wizard.description.opt": {}}
+ "wizard.description.opt": {},
+ "port.category": {},
+ "port.exit.all": [],
+ "port.exit.web": [],
+ "port.exit.mail": [],
+ "port.exit.im": [],
+ "port.exit.misc": [],
+ "port.encrypted": []}
def loadConfig(config):
config.update(CONFIG)
@@ -437,12 +445,66 @@ def getTorrc(relayType, config):
templateOptions[key.upper()] = value
- #templateOptions = dict([(key.upper(), config[key].getValue()) for key in config])
templateOptions[relayType.upper()] = True
templateOptions["LOW_PORTS"] = config[Options.LOWPORTS]
- #templateOptions["BURST"] = config[Options.BANDWIDTH] * 2 # TODO: implement
- templateOptions["NOTICE_PATH"] = "/path/to/.arm/exit-notice.html" # TODO: actually prepend the right prefix
- templateOptions["EXIT_POLICY"] = "" # TODO: fill in configured policy
+
+ # uses double the relay rate for bursts
+ relayRateComp = config[Options.BANDWIDTH].getValue().split(" ")
+ templateOptions["BURST"] = "%i %s" % (int(relayRateComp[0]) * 2, " ".join(relayRateComp[1:]))
+
+ # exit notice will be in our data directory
+ dataDir = CONFIG["startup.dataDirectory"]
+ if not dataDir.endswith("/"): dataDir += "/"
+ templateOptions["NOTICE_PATH"] = os.path.expanduser(dataDir) + "exit-notice.html"
+
+ policyCategories = []
+ if not config[Options.POLICY].getValue():
+ policyCategories = ["web", "mail", "im", "misc"]
+ else:
+ if config[Options.WEBSITES].getValue(): policyCategories.append("web")
+ if config[Options.EMAIL].getValue(): policyCategories.append("mail")
+ if config[Options.IM].getValue(): policyCategories.append("im")
+ if config[Options.MISC].getValue(): policyCategories.append("misc")
+
+ if policyCategories:
+ isEncryptedOnly = not config[Options.PLAINTEXT].getValue()
+
+ policyLines = []
+ for category in ["all"] + policyCategories:
+ # shows a comment at the start of the section saying what it's for
+ topicComment = CONFIG["port.category"].get(category)
+ if topicComment:
+ while topicComment:
+ commentSegment, topicComment = uiTools.cropStr(topicComment, 78, None, endType = None, getRemainder = True)
+ policyLines.append("# " + commentSegment.strip())
+
+ for portEntry in CONFIG.get("port.exit.%s" % category, []):
+ # port entry might be an individual port or a range
+
+ if isEncryptedOnly and (not portEntry in CONFIG["port.encrypted"]):
+ continue # opting to not include plaintext port and ranges
+
+ if "-" in portEntry:
+ # if this is a range then use the first port's description
+ comment = connections.PORT_USAGE.get(portEntry[:portEntry.find("-")])
+ else: comment = connections.PORT_USAGE.get(portEntry)
+
+ entry = "ExitPolicy accept *:%s" % portEntry
+ if comment: policyLines.append("%-30s# %s" % (entry, comment))
+ else: policyLines.append(entry)
+
+ if category != policyCategories[-1]:
+ policyLines.append("") # newline to split categories
+
+ templateOptions["EXIT_POLICY"] = "\n".join(policyLines)
+
+ # includes input bridges
+ bridgeLines = []
+ for bridgeOpt in [Options.BRIDGE1, Options.BRIDGE2, Options.BRIDGE3]:
+ bridgeValue = config[bridgeOpt].getValue()
+ if bridgeValue: bridgeLines.append("Bridge %s" % bridgeValue)
+
+ templateOptions["BRIDGES"] = "\n".join(bridgeLines)
return torConfig.renderTorrc(template, templateOptions)
diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt
index 3c9387f..7462382 100644
--- a/src/resources/torrcTemplate.txt
+++ b/src/resources/torrcTemplate.txt
@@ -60,7 +60,9 @@ CookieAuthentication 1 # method for controller authentication
DirPortFrontPage [NOTICE_PATH] # disclaimer saying that this is an exit
[END IF]
+ [NEWLINE]
[EXIT_POLICY]
+ ExitPolicy reject *:* # prevents any exit traffic not permitted above
[END IF]
[ELSE]
ClientOnly 1 # prevents us from ever being used as a relay
diff --git a/src/settings.cfg b/src/settings.cfg
index 53da315..162327b 100644
--- a/src/settings.cfg
+++ b/src/settings.cfg
@@ -816,6 +816,12 @@ port.label.33434 traceroute
# full policy is the Reduced Exit Policy, revision 9 (edited 6/28/11):
# https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy?version=9
+port.category all => The following sets which ports can exit the tor network through you. For more information and updates on the suggested policy see: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
+port.category web => ports for general internet browsing
+port.category mail => ports for receiving email
+port.category im => ports for instant messaging
+port.category misc => ports for other services
+
port.exit.misc 20-23 # FTP, SSH, Telnet
port.exit.misc 43 # WHOIS
port.exit.all 53 # DNS
@@ -889,6 +895,7 @@ port.exit.misc 19638 # Ensim Control Panel
# encrypted traffic)
port.encrypted 22
+port.encrypted 53 # dns - not really encrypted but want it anyway
port.encrypted 88
port.encrypted 443
port.encrypted 464
More information about the tor-commits
mailing list