Arm Release 1.4.0

Fabian Keil freebsd-listen at fabiankeil.de
Sat Dec 18 14:46:09 UTC 2010 

Damian Johnson <atagar1 at gmail.com> wrote on or-talk@:

> Hi, I've uploaded a new tarball to:
> http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2
> http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2.asc

Seems to work great on my FreeBSD system, but when trying it
on one of my Tor relays (currently running Debian GNU/Linux)
I had to unset LANG to get the connection resolver working:

su -m debian-tor -c 'LANG=; /root/arm.git/arm -i 127.0.0.1:9051 -e 1'

Probably arm itself should do that.

Although there weren't that many connections:
"(171 inbound, 93 outbound, 1 control)"
I had to disable the connection panel anyway, as arm kept
hogging the CPU.

> Besides a modified version of Febian's patch to autodetect FreeBSD
> jails it most notably includes...
> 
> - A replacement for the connection test function (which was a pita in
> my humble opinion). The new script [1] provides the resolver runtimes,
> a check if all the resolvers match, and a better method of dumping the
> connection results. If you modify the bsd resolvers then this should
> provide a nice sanity check that it's working as expected.

I haven't looked into using it yet, but it sounds great.

> - I forgot to account for the dns resolution exits do on behalf of the
> clients. The resolvers need to include UDP connections so, on *nix,
> they're now:
>  - netstat -np | grep "ESTABLISHED <pid>/<process>"
>  - sockstat | egrep "<process>\s*<pid>.*ESTABLISHED"
>  - lsof -nPi | egrep "^<process>\s*<pid>.*((UDP.*)|(\(ESTABLISHED\)))"
>  - ss -nptu | grep "ESTAB.*\"<process>\",<pid>"
> 
> I'm guessing, for the FreeBSD resolvers, that sockstats already works
> and procstat just needs the 'grep TCP' to be removed (or maybe
> replaced with 'egrep "(TCP|UDP)"'). Is that right?

I think you are.

> > The connection doesn't leave the system because its a socks
> > connection with both the source and the destination address
> > located on the same system.
> 
> Hm. Sounds like basic client connections (ie, things like firefox
> connecting to tor via the SocksPort). However, I tried running TBB and
> arm didn't list any of those connections. This is what I'd expect
> since the connection resolution is only fetching tor connections. Am I
> missing something here?

No, you're right, those socks connections are client connections.

> Regardless, I made a couple changes to address issues that have been
> brought up (socks connections and listing external addresses for
> private ip range connections - see lines 332-334 and 363-364 in
> src/interface/connPanel.py [2]). But without a working repro case I
> can't promises that this'll do the trick.

Those socks connections now show up properly as client connections, thanks.

> > With ^ added to the pattern it seems to work
> 
> Great, it's happy with that on Linux as well so I'm now using:
> lsof -nPi | egrep "^<process>\s*<pid>.*((UDP.*)|(\(ESTABLISHED\)))"
> 
> and including it among FreeBSD resolvers as the last fallback.

With the '\s' that's still not going to work. Even on the
Debian GNU/Linux system the egrep doesn't understand the "\s".

After fixing that and switching the resolver to lsof, I get the
following exception (may be a bit messed up as I had to scrape
it out of the connection panel):

File "/usr/lib/python2.5/threading.py", line 486, in __bootstrap_inner
self.run()
File "/root/arm.git/src/util/connections.py", line 339, in run
connResults = getConnections(resolver, self.processName, self.processPid)                                File "/root/arm.git/src/util/connections.py", line 151, in getConnections)
local, foreign = comp[8].split("->")
IndexError: list index out of range

At least for the lsof 4.78 I'm using, the 8 needs to be a 7.

I attached a couple of patches for the problems I noticed, and an
improperly tested hack to show the external address between the
local and the foreign one, if the local and the external one differ.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-spelling-in-a-comment.patch
Type: text/x-patch
Size: 725 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Factor-ipAddressIsPrivate-out-of-reset.patch
Type: text/x-patch
Size: 1692 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Treat-addresses-starting-with-127.-as-private-too.patch
Type: text/x-patch
Size: 1088 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Don-t-add-the-country-code-to-private-addresses.-XXX.patch
Type: text/x-patch
Size: 3285 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-If-the-fIp-is-private-don-t-bother-trying-to-get-a-c.patch
Type: text/x-patch
Size: 1820 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Replace-the-s-in-RUN_LSOF-with-to-get-it-.patch
Type: text/x-patch
Size: 931 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0007-Fix-splitting-of-the-CMD_LSOF-results.patch
Type: text/x-patch
Size: 907 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0008-Hack-to-show-the-nat-address-behind-the-local-addres.patch
Type: text/x-patch
Size: 2744 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101218/aa72bc56/attachment.pgp>

More information about the tor-dev mailing list