[tor-commits] [tor/master] Merge branch 'haxxpop/tcp_proxy_squashed' into tcp_proxy_squshed_and_merged
nickm at torproject.org
nickm at torproject.org
Mon Jan 6 22:28:00 UTC 2020
commit 1b63eea66cbb8793a3cff05de8d856ce3b93fc17
Merge: 9276c07a9 14d781fff
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Jan 6 13:41:20 2020 -0500
Merge branch 'haxxpop/tcp_proxy_squashed' into tcp_proxy_squshed_and_merged
changes/ticket31518 | 6 +
doc/tor.1.txt | 16 ++
src/app/config/config.c | 89 +++++++-
src/app/config/config.h | 2 +
src/app/config/or_options_st.h | 11 +
src/core/include.am | 2 +
src/core/mainloop/connection.c | 341 ++++++++++++++++++-----------
src/core/mainloop/connection.h | 4 +-
src/core/or/connection_or.c | 26 ++-
src/core/or/connection_or.h | 7 +
src/core/or/or.h | 5 +-
src/core/or/or_connection_st.h | 2 +-
src/core/proto/.may_include | 6 +-
src/core/proto/proto_haproxy.c | 45 ++++
src/core/proto/proto_haproxy.h | 12 +
src/feature/client/transports.c | 3 +
src/feature/control/btrack_orconn_cevent.c | 1 +
src/test/include.am | 1 +
src/test/test.c | 1 +
src/test/test.h | 1 +
src/test/test_config.c | 47 ++++
src/test/test_connection.c | 96 +++++++-
src/test/test_connection.h | 1 +
src/test/test_helpers.c | 81 +++++++
src/test/test_helpers.h | 3 +
src/test/test_options.c | 9 +-
src/test/test_proto_haproxy.c | 66 ++++++
27 files changed, 731 insertions(+), 153 deletions(-)
diff --cc doc/tor.1.txt
index 85369dfce,5bcb6ec2b..e1738c9ba
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@@ -880,63 -910,8 +880,79 @@@ forward slash (/) in the configuration
If KIST is used in Schedulers, this is a multiplier of the per-socket
limit calculation of the KIST algorithm. (Default: 1.0)
-CLIENT OPTIONS
---------------
+
+[[ServerTransportListenAddr]] **ServerTransportListenAddr** __transport__ __IP__:__PORT__::
+ When this option is set, Tor will suggest __IP__:__PORT__ as the
+ listening address of any pluggable transport proxy that tries to
+ launch __transport__. (IPv4 addresses should written as-is; IPv6
+ addresses should be wrapped in square brackets.) (Default: none)
+
+[[ServerTransportOptions]] **ServerTransportOptions** __transport__ __k=v__ __k=v__ ...::
+ When this option is set, Tor will pass the __k=v__ parameters to
+ any pluggable transport proxy that tries to launch __transport__. +
+ (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache) (Default: none)
+
+[[ServerTransportPlugin]] **ServerTransportPlugin** __transport__ exec __path-to-binary__ [options]::
+ The Tor relay launches the pluggable transport proxy in __path-to-binary__
+ using __options__ as its command-line options, and expects to receive
+ proxied client traffic from it. (Default: none)
+
+[[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]::
+ Tor will make all OR connections through the SOCKS 4 proxy at host:port
+ (or host:1080 if port is not specified).
+
+[[Socks5Proxy]] **Socks5Proxy** __host__[:__port__]::
+ Tor will make all OR connections through the SOCKS 5 proxy at host:port
+ (or host:1080 if port is not specified).
+
+// Out of order because Username logically precedes Password
+[[Socks5ProxyUsername]] **Socks5ProxyUsername** __username__ +
+
+[[Socks5ProxyPassword]] **Socks5ProxyPassword** __password__::
+ If defined, authenticate to the SOCKS 5 server using username and password
+ in accordance to RFC 1929. Both username and password must be between 1 and
+ 255 characters.
+
+[[SyslogIdentityTag]] **SyslogIdentityTag** __tag__::
+ When logging to syslog, adds a tag to the syslog identity such that
+ log entries are marked with "Tor-__tag__". Can not be changed while tor is
+ running. (Default: none)
+
++[[TCPProxy]] **TCPProxy** __protocol__ __host__:__port__::
++ Tor will use the given protocol to make all its OR (SSL) connections through
++ a TCP proxy on host:port, rather than connecting directly to servers. You may
++ want to set **FascistFirewall** to restrict the set of ports you might try to
++ connect to, if your proxy only allows connecting to certain ports. There is no
++ equivalent option for directory connections, because all Tor client versions
++ that support this option download directory documents via OR connections. +
+++
++ The only protocol supported right now 'haproxy'. This option is only for
++ clients. (Default: none) +
+++
++ The HAProxy version 1 proxy protocol is described in detail at
++ https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt +
+++
++ Both source IP address and source port will be set to zero.
++
+[[TruncateLogFile]] **TruncateLogFile** **0**|**1**::
+ If 1, Tor will overwrite logs at startup and in response to a HUP signal,
+ instead of appending to them. (Default: 0)
+
+[[UnixSocksGroupWritable]] **UnixSocksGroupWritable** **0**|**1**::
+ If this option is set to 0, don't allow the filesystem group to read and
+ write unix sockets (e.g. SocksPort unix:). If the option is set to 1, make
+ the Unix socket readable and writable by the default GID. (Default: 0)
+
+[[UseDefaultFallbackDirs]] **UseDefaultFallbackDirs** **0**|**1**::
+ Use Tor's default hard-coded FallbackDirs (if any). (When a
+ FallbackDir line is present, it replaces the hard-coded FallbackDirs,
+ regardless of the value of UseDefaultFallbackDirs.) (Default: 1)
+
+[[User]] **User** __Username__::
+ On startup, setuid to this user and setgid to their primary group.
+ Can not be changed while tor is running.
+
+== CLIENT OPTIONS
The following options are useful only for clients (that is, if
**SocksPort**, **HTTPTunnelPort**, **TransPort**, **DNSPort**, or
diff --cc src/app/config/config.c
index 72ab065fb,c67f547cf..65a4dcb0e
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@@ -538,8 -522,9 +538,9 @@@ static const config_var_t option_vars_[
V(Socks5Proxy, STRING, NULL),
V(Socks5ProxyUsername, STRING, NULL),
V(Socks5ProxyPassword, STRING, NULL),
+ V(TCPProxy, STRING, NULL),
- VAR("KeyDirectory", FILENAME, KeyDirectory_option, NULL),
- V(KeyDirectoryGroupReadable, BOOL, "0"),
+ VAR_IMMUTABLE("KeyDirectory", FILENAME, KeyDirectory_option, NULL),
+ V(KeyDirectoryGroupReadable, AUTOBOOL, "auto"),
VAR_D("HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL),
VAR_D("HSLayer3Nodes", ROUTERSET, HSLayer3Nodes, NULL),
V(KeepalivePeriod, INTERVAL, "5 minutes"),
diff --cc src/app/config/config.h
index 15c935246,aa2b052c0..2c03714fd
--- a/src/app/config/config.h
+++ b/src/app/config/config.h
@@@ -286,6 -259,15 +286,8 @@@ STATIC const struct config_mgr_t *get_o
STATIC void or_options_free_(or_options_t *options);
STATIC int options_validate_single_onion(or_options_t *options,
char **msg);
-STATIC int options_validate(or_options_t *old_options,
- or_options_t *options,
- or_options_t *default_options,
- int from_setconf, char **msg);
-STATIC int parse_transport_line(const or_options_t *options,
- const char *line, int validate_only,
- int server);
+ STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options,
+ char **msg);
STATIC int consider_adding_dir_servers(const or_options_t *options,
const or_options_t *old_options);
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type);
diff --cc src/test/test_connection.c
index 0d2827670,34ef3fdf1..736998128
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@@ -888,8 -969,10 +970,11 @@@ test_failed_orconn_tracker(void *arg
/* where arg is an expression (constant, variable, compound expression) */
#define CONNECTION_TESTCASE_ARG(name, fork, setup, arg) \
{ #name "_" #arg, test_conn_##name, fork, &setup, (void *)arg }
+#endif /* !defined(COCCI) */
+ static const unsigned int PROXY_CONNECT_ARG = PROXY_CONNECT;
+ static const unsigned int PROXY_HAPROXY_ARG = PROXY_HAPROXY;
+
struct testcase_t connection_tests[] = {
CONNECTION_TESTCASE(get_basic, TT_FORK, test_conn_get_basic_st),
CONNECTION_TESTCASE(get_rend, TT_FORK, test_conn_get_rend_st),
diff --cc src/test/test_helpers.c
index 29743a0d1,f972aca5b..31bf1fcc2
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@@ -16,9 -17,10 +17,10 @@@
#include "lib/buf/buffers.h"
#include "app/config/config.h"
-#include "lib/confmgt/confparse.h"
+#include "lib/confmgt/confmgt.h"
#include "app/main/subsysmgr.h"
#include "core/mainloop/connection.h"
+ #include "core/or/connection_or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "core/mainloop/mainloop.h"
#include "feature/nodelist/nodelist.h"
diff --cc src/test/test_options.c
index b99ae7893,394aff45b..ce05eb01f
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@@ -2801,23 -2946,27 +2801,24 @@@ test_options_validate__proxy(void *igno
tor_free(msg);
free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "Socks4Proxy 215.1.1.1\n"
+ tdata = get_options_test_data("Socks4Proxy 215.1.1.1\n"
"Socks5Proxy 215.1.1.2\n"
);
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ ret = options_validate(NULL, tdata->opt, &msg);
tt_int_op(ret, OP_EQ, -1);
tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
- "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
+ "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
tor_free(msg);
free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "HttpProxy 215.1.1.1\n"
- );
+ tdata = get_options_test_data("HttpProxy 215.1.1.1\n");
mock_clean_saved_logs();
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ ret = options_validate(NULL, tdata->opt, &msg);
tt_int_op(ret, OP_EQ, 0);
- expect_log_msg("HTTPProxy configured, but no SOCKS "
- "proxy or HTTPS proxy configured. Watch out: this configuration "
- "will proxy unencrypted directory connections only.\n");
+ expect_log_msg("HTTPProxy configured, but no SOCKS proxy, "
+ "HTTPS proxy, or any other TCP proxy configured. Watch out: "
+ "this configuration will proxy unencrypted directory "
+ "connections only.\n");
tor_free(msg);
free_options_test_data(tdata);
More information about the tor-commits
mailing list