[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r24421: {arm} Fix bundle, thanks to Fabian Keil fix: preventing PROGRAM an (in arm/trunk/src: interface/connections util)
Author: atagar
Date: 2011-03-23 16:18:32 +0000 (Wed, 23 Mar 2011)
New Revision: 24421
Modified:
arm/trunk/src/interface/connections/connEntry.py
arm/trunk/src/util/torTools.py
Log:
Fix bundle, thanks to Fabian Keil
fix: preventing PROGRAM and CONTROL connections from being expanded (patch by Fabian Keil)
fix: reversing src and dst addresses of PROGRAM and CONTROL connections (caught by Fabian Keil)
fix: changing the 'APPLICATION' type to 'PROGRAM' since the previous label was too long (caught by Fabian Keil)
fix: exit policy should only be respected for determining exit connections if the ORPort is set
Modified: arm/trunk/src/interface/connections/connEntry.py
===================================================================
--- arm/trunk/src/interface/connections/connEntry.py 2011-03-23 15:15:43 UTC (rev 24420)
+++ arm/trunk/src/interface/connections/connEntry.py 2011-03-23 16:18:32 UTC (rev 24421)
@@ -14,14 +14,14 @@
# Outbound Relay connection, leaving us.
# Exit Outbound relay connection leaving the Tor network.
# Client Circuits for our client traffic.
-# Application Socks connections using Tor.
+# Program Socks connections for applications using Tor.
# Directory Fetching tor consensus information.
# Control Tor controller (arm, vidalia, etc).
-Category = enum.Enum("INBOUND", "OUTBOUND", "EXIT", "CLIENT", "APPLICATION", "DIRECTORY", "CONTROL")
+Category = enum.Enum("INBOUND", "OUTBOUND", "EXIT", "CLIENT", "PROGRAM", "DIRECTORY", "CONTROL")
CATEGORY_COLOR = {Category.INBOUND: "green", Category.OUTBOUND: "blue",
Category.EXIT: "red", Category.CLIENT: "cyan",
- Category.APPLICATION: "yellow", Category.DIRECTORY: "magenta",
+ Category.PROGRAM: "yellow", Category.DIRECTORY: "magenta",
Category.CONTROL: "red"}
# static data for listing format
@@ -208,7 +208,7 @@
self.baseType = Category.INBOUND
self.local.isORPort = True
elif lPort == mySocksPort:
- self.baseType = Category.APPLICATION
+ self.baseType = Category.PROGRAM
elif lPort == myCtlPort:
self.baseType = Category.CONTROL
else:
@@ -498,6 +498,16 @@
myExternalIpAddr = conn.getInfo("address", self.local.getIpAddr())
addrDiffer = myExternalIpAddr != self.local.getIpAddr()
+ # Expanding doesn't make sense, if the connection isn't actually
+ # going through Tor's external IP address. As there isn't a known
+ # method for checking if it is, we're checking the type instead.
+ #
+ # This isn't entirely correct. It might be a better idea to check if
+ # the source and destination addresses are both private, but that might
+ # not be perfectly reliable either.
+
+ isExpansionType = not myType in (Category.PROGRAM, Category.CONTROL)
+
srcAddress = myExternalIpAddr + localPort
src = "%-21s" % srcAddress # ip:port = max of 21 characters
dst = "%-26s" % dstAddress # ip:port (xx) = max of 26 characters
@@ -512,7 +522,7 @@
if isExpandedAddrVisible and CONFIG["features.connection.showColumn.fingerprint"]:
isExpandedAddrVisible = width < usedSpace + 42 or width > usedSpace + 70
- if addrDiffer and isExpandedAddrVisible and self.includeExpandedIpAddr and CONFIG["features.connection.showColumn.expandedIp"]:
+ if addrDiffer and isExpansionType and isExpandedAddrVisible and self.includeExpandedIpAddr and CONFIG["features.connection.showColumn.expandedIp"]:
# include the internal address in the src (extra 28 characters)
internalAddress = self.local.getIpAddr() + localPort
src = "%-21s --> %s" % (internalAddress, src)
@@ -570,7 +580,7 @@
# pads dst entry to its max space
dst = ("%%-%is" % (baseSpace - len(src))) % dst
- if myType == Category.INBOUND: src, dst = dst, src
+ if myType in (Category.INBOUND, Category.PROGRAM, Category.CONTROL): src, dst = dst, src
padding = " " * (width - usedSpace + LABEL_MIN_PADDING)
return LABEL_FORMAT % (src, dst, etc, padding)
Modified: arm/trunk/src/util/torTools.py
===================================================================
--- arm/trunk/src/util/torTools.py 2011-03-23 15:15:43 UTC (rev 24420)
+++ arm/trunk/src/util/torTools.py 2011-03-23 16:18:32 UTC (rev 24421)
@@ -784,31 +784,35 @@
result = None
if self.isAlive():
- policyEntries = []
- for exitPolicy in self.getOption("ExitPolicy", [], True):
- policyEntries += [policy.strip() for policy in exitPolicy.split(",")]
-
- # appends the default exit policy
- defaultExitPolicy = self.getInfo("exit-policy/default")
-
- if defaultExitPolicy:
- policyEntries += defaultExitPolicy.split(",")
-
- # construct the policy chain backwards
- policyEntries.reverse()
-
- for entry in policyEntries:
- result = ExitPolicy(entry, result)
-
- # Checks if we are rejecting private connections. If set, this appends
- # 'reject private' and 'reject <my ip>' to the start of our policy chain.
- isPrivateRejected = self.getOption("ExitPolicyRejectPrivate", True)
-
- if isPrivateRejected:
- result = ExitPolicy("reject private", result)
+ if self.getOption("ORPort"):
+ policyEntries = []
+ for exitPolicy in self.getOption("ExitPolicy", [], True):
+ policyEntries += [policy.strip() for policy in exitPolicy.split(",")]
- myAddress = self.getInfo("address")
- if myAddress: result = ExitPolicy("reject %s" % myAddress, result)
+ # appends the default exit policy
+ defaultExitPolicy = self.getInfo("exit-policy/default")
+
+ if defaultExitPolicy:
+ policyEntries += defaultExitPolicy.split(",")
+
+ # construct the policy chain backwards
+ policyEntries.reverse()
+
+ for entry in policyEntries:
+ result = ExitPolicy(entry, result)
+
+ # Checks if we are rejecting private connections. If set, this appends
+ # 'reject private' and 'reject <my ip>' to the start of our policy chain.
+ isPrivateRejected = self.getOption("ExitPolicyRejectPrivate", True)
+
+ if isPrivateRejected:
+ result = ExitPolicy("reject private", result)
+
+ myAddress = self.getInfo("address")
+ if myAddress: result = ExitPolicy("reject %s" % myAddress, result)
+ else:
+ # no ORPort is set so all relaying is disabled
+ result = ExitPolicy("reject *:*")
self.connLock.release()
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits