Arm Release 1.4.0
Damian Johnson
atagar1 at gmail.com
Tue Dec 14 03:31:50 UTC 2010
Hi, I've uploaded a new tarball to:
http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2
http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2.asc
Besides a modified version of Febian's patch to autodetect FreeBSD
jails it most notably includes...
- A replacement for the connection test function (which was a pita in
my humble opinion). The new script [1] provides the resolver runtimes,
a check if all the resolvers match, and a better method of dumping the
connection results. If you modify the bsd resolvers then this should
provide a nice sanity check that it's working as expected.
- I forgot to account for the dns resolution exits do on behalf of the
clients. The resolvers need to include UDP connections so, on *nix,
they're now:
- netstat -np | grep "ESTABLISHED <pid>/<process>"
- sockstat | egrep "<process>\s*<pid>.*ESTABLISHED"
- lsof -nPi | egrep "^<process>\s*<pid>.*((UDP.*)|(\(ESTABLISHED\)))"
- ss -nptu | grep "ESTAB.*\"<process>\",<pid>"
I'm guessing, for the FreeBSD resolvers, that sockstats already works
and procstat just needs the 'grep TCP' to be removed (or maybe
replaced with 'egrep "(TCP|UDP)"'). Is that right?
> The connection doesn't leave the system because its a socks
> connection with both the source and the destination address
> located on the same system.
Hm. Sounds like basic client connections (ie, things like firefox
connecting to tor via the SocksPort). However, I tried running TBB and
arm didn't list any of those connections. This is what I'd expect
since the connection resolution is only fetching tor connections. Am I
missing something here?
Regardless, I made a couple changes to address issues that have been
brought up (socks connections and listing external addresses for
private ip range connections - see lines 332-334 and 363-364 in
src/interface/connPanel.py [2]). But without a working repro case I
can't promises that this'll do the trick.
> With ^ added to the pattern it seems to work
Great, it's happy with that on Linux as well so I'm now using:
lsof -nPi | egrep "^<process>\s*<pid>.*((UDP.*)|(\(ESTABLISHED\)))"
and including it among FreeBSD resolvers as the last fallback.
> lsof also seems to be rather slow (on FreeBSD):
Yikes, that's quite the difference. It's pretty bad on Linux too (ss
is worse, but netstat and sockstat tend to run around 20% faster).
> I intend to look into creating a FreeBSD port around Christmas.
Awesome, thank you!
Cheers! -Damian
[1] https://svn.torproject.org/svn/arm/trunk/src/test.py
[2] https://svn.torproject.org/svn/arm/trunk/src/interface/connPanel.py
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list