Damian Johnson <atagar1@xxxxxxxxx> wrote: > Hi all. I've checked in the resolver fixes (thank Fabian and Hans!) > and a test tarball is available at: > > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2 > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc Thanks. > For BSD I'm using the following commands: > sockstat -4 | egrep '<process>\s*<pid>' | grep -v '*:*' > procstat -f 'pgrep <process>' | grep '<pid>' | grep -v '0.0.0.0:0' Neither of those commands work for me. To let Arm figure out Tor's pid I still need the pgrep patch I mailed you yesterday. Attached are the patches I used to get it working on FreeBSD 9.0 CURRENT. I also rebased the sockstat+awk patch, but sockstat+grep probably works reliably enough. One unrelated problem I noticed is that Arm tends to show local connections as Outbound. A connection from the Privoxy jail to the Tor jail: _tor tor 2750 25 tcp4 10.0.0.2:9050 10.0.0.1:20528 shows up as: [public gateway IP address scrubbed]:9050 --> <scrubbed> 0.0s (OUTBOUND) Given that the connection doesn't leave the system, replacing the Tor jail IP address with the public IP address of the gateway is a bit confusing. Also, when running Arm outside the Tor jail, the Tor configuration file isn't found. Fabian
From 48734e94a8205754f793b19d1db77bd72e2a305b Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@xxxxxxxxxxxxx>
Date: Sat, 4 Dec 2010 17:36:53 +0100
Subject: [PATCH 1/4] Add pgrep as another way to get the tor pid.
---
src/util/torTools.py | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/src/util/torTools.py b/src/util/torTools.py
index d18869b..077c2e1 100644
--- a/src/util/torTools.py
+++ b/src/util/torTools.py
@@ -96,6 +96,7 @@ def getPid(controlPort=9051, pidFilePath=None):
2. "pidof tor"
3. "netstat -npl | grep 127.0.0.1:%s" % <tor control port>
4. "ps -o pid -C tor"
+ 5. "pgrep tor"
If pidof or ps provide multiple tor instances then their results are
discarded (since only netstat can differentiate using the control port). This
@@ -150,6 +151,16 @@ def getPid(controlPort=9051, pidFilePath=None):
if pid.isdigit(): return pid
except IOError: pass
+ # attempts to resolve using pgrep, failing if:
+ # - tor is running under a different name
+ # - there are multiple instances of tor
+ try:
+ results = sysTools.call("pgrep tor")
+ if len(results) == 1 and len(results[0].split()) == 1:
+ pid = results[0].strip()
+ if pid.isdigit(): return pid
+ except IOError: pass
+
return None
def getConn():
--
1.7.3.2
From 1bd8015476dd5c3613e3384ca373d9f096aabae4 Mon Sep 17 00:00:00 2001 From: Fabian Keil <fk@xxxxxxxxxxxxx> Date: Sun, 5 Dec 2010 11:49:35 +0100 Subject: [PATCH 2/4] Shorten RUN_BSD_SOCKSTAT and get it working. --- src/util/connections.py | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/connections.py b/src/util/connections.py index 2487afb..7824f4f 100644 --- a/src/util/connections.py +++ b/src/util/connections.py @@ -12,7 +12,7 @@ all queries dump its stderr (directing it to /dev/null). FreeBSD lacks support for the needed netstat flags and has a completely different program for 'ss'. However, there's a couple other options (thanks to Fabian Keil and Hans Schnehl): -- sockstat sockstat -4 | egrep '<process>\s*<pid>' | grep -v '*:*' +- sockstat sockstat -4c | grep '<process> *<pid>' - procstat procstat -f 'pgrep <process>' | grep '<pid>' | grep -v '0.0.0.0:0' """ @@ -62,7 +62,7 @@ RUN_LSOF = "lsof -nPi | grep \"%s\s*%s.*(ESTABLISHED)\"" # *note: this isn't available by default under ubuntu RUN_SOCKSTAT = "sockstat | egrep \"%s\s*%s.*ESTABLISHED\"" -RUN_BSD_SOCKSTAT = "sockstat -4 | egrep '%s\s*%s' | grep -v '*:*'" +RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s *%s'" RUN_BSD_PROCSTAT = "procstat -f 'pgrep %s' | grep '%s' | grep -v '0.0.0.0:0'" RESOLVERS = [] # connection resolvers available via the singleton constructor -- 1.7.3.2
From 12d267f497870ecff1b37bddb1aeb44e9ba01994 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@xxxxxxxxxxxxx>
Date: Sun, 5 Dec 2010 12:07:36 +0100
Subject: [PATCH 3/4] Get RUN_BSD_PROCSTAT working.
---
src/util/connections.py | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/util/connections.py b/src/util/connections.py
index 7824f4f..062562e 100644
--- a/src/util/connections.py
+++ b/src/util/connections.py
@@ -13,7 +13,7 @@ FreeBSD lacks support for the needed netstat flags and has a completely
different program for 'ss'. However, there's a couple other options (thanks to
Fabian Keil and Hans Schnehl):
- sockstat sockstat -4c | grep '<process> *<pid>'
-- procstat procstat -f 'pgrep <process>' | grep '<pid>' | grep -v '0.0.0.0:0'
+- procstat procstat -f <pid> | grep TCP | grep -v 0.0.0.0:0
"""
import os
@@ -63,7 +63,7 @@ RUN_LSOF = "lsof -nPi | grep \"%s\s*%s.*(ESTABLISHED)\""
RUN_SOCKSTAT = "sockstat | egrep \"%s\s*%s.*ESTABLISHED\""
RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s *%s'"
-RUN_BSD_PROCSTAT = "procstat -f 'pgrep %s' | grep '%s' | grep -v '0.0.0.0:0'"
+RUN_BSD_PROCSTAT = "procstat -f %s | grep TCP | grep -v 0.0.0.0:0"
RESOLVERS = [] # connection resolvers available via the singleton constructor
RESOLVER_FAILURE_TOLERANCE = 3 # number of subsequent failures before moving on to another resolver
@@ -101,7 +101,7 @@ def getConnections(resolutionCmd, processName, processPid = ""):
elif resolutionCmd == CMD_LSOF: cmd = RUN_LSOF % (processName, processPid)
elif resolutionCmd == CMD_SOCKSTAT: cmd = RUN_SOCKSTAT % (processName, processPid)
elif resolutionCmd == CMD_BSD_SOCKSTAT: cmd = RUN_BSD_SOCKSTAT % (processName, processPid)
- elif resolutionCmd == CMD_BSD_PROCSTAT: cmd = RUN_BSD_PROCSTAT % (processName, processPid)
+ elif resolutionCmd == CMD_BSD_PROCSTAT: cmd = RUN_BSD_PROCSTAT % (processPid)
else: raise ValueError("Unrecognized resolution type: %s" % resolutionCmd)
# raises an IOError if the command fails or isn't available
--
1.7.3.2
From d11835d676ba61592bf7ce8d3ca7e6e96f0f6283 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@xxxxxxxxxxxxx>
Date: Sat, 4 Dec 2010 17:35:25 +0100
Subject: [PATCH 4/4] Add sockstat + awk as another connection resolver. Using grep is probably reliable enough, though.
---
src/interface/controller.py | 2 +-
src/util/connections.py | 18 +++++++++++++++---
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/interface/controller.py b/src/interface/controller.py
index 44f26ef..a248e56 100644
--- a/src/interface/controller.py
+++ b/src/interface/controller.py
@@ -1401,7 +1401,7 @@ def drawTorMonitor(stdscr, startTime, loggedEvents, isBlindMode):
panels["conn"].sortConnections()
elif page == 1 and (key == ord('u') or key == ord('U')):
# provides menu to pick identification resolving utility
- optionTypes = [None, connections.CMD_NETSTAT, connections.CMD_SS, connections.CMD_LSOF, connections.CMD_SOCKSTAT, connections.CMD_BSD_SOCKSTAT, connections.CMD_BSD_PROCSTAT]
+ optionTypes = [None, connections.CMD_NETSTAT, connections.CMD_SS, connections.CMD_LSOF, connections.CMD_SOCKSTAT, connections.CMD_BSD_SOCKSTAT, connections.CMD_BSD_SOCKSTAT_2, connections.CMD_BSD_PROCSTAT]
options = ["auto"] + [connections.CMD_STR[util] for util in optionTypes[1:]]
initialSelection = connections.getResolver("tor").overwriteResolver # enums correspond to indices
diff --git a/src/util/connections.py b/src/util/connections.py
index 062562e..eb2810e 100644
--- a/src/util/connections.py
+++ b/src/util/connections.py
@@ -12,7 +12,8 @@ all queries dump its stderr (directing it to /dev/null).
FreeBSD lacks support for the needed netstat flags and has a completely
different program for 'ss'. However, there's a couple other options (thanks to
Fabian Keil and Hans Schnehl):
-- sockstat sockstat -4c | grep '<process> *<pid>'
+- sockstat sockstat -4c | grep '<process> *<pid>' or
+ sockstat -4c | awk '($2 == <process> && $3 == <pid>) {print $6 " " $7}'
- procstat procstat -f <pid> | grep TCP | grep -v 0.0.0.0:0
"""
@@ -24,12 +25,13 @@ import threading
from util import log, sysTools
# enums for connection resolution utilities
-CMD_NETSTAT, CMD_SS, CMD_LSOF, CMD_SOCKSTAT, CMD_BSD_SOCKSTAT, CMD_BSD_PROCSTAT = range(1, 7)
+CMD_NETSTAT, CMD_SS, CMD_LSOF, CMD_SOCKSTAT, CMD_BSD_SOCKSTAT, CMD_BSD_SOCKSTAT_2, CMD_BSD_PROCSTAT = range(1, 8)
CMD_STR = {CMD_NETSTAT: "netstat",
CMD_SS: "ss",
CMD_LSOF: "lsof",
CMD_SOCKSTAT: "sockstat",
CMD_BSD_SOCKSTAT: "sockstat (bsd)",
+ CMD_BSD_SOCKSTAT_2: "sockstat (bsd) 2",
CMD_BSD_PROCSTAT: "procstat (bsd)"}
# If true this provides new instantiations for resolvers if the old one has
@@ -64,6 +66,11 @@ RUN_SOCKSTAT = "sockstat | egrep \"%s\s*%s.*ESTABLISHED\""
RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s *%s'"
RUN_BSD_PROCSTAT = "procstat -f %s | grep TCP | grep -v 0.0.0.0:0"
+# c = show only established connections
+# 4 = show only IPv4 addresses
+# output:
+# _tor tor 2743 17 tcp4 10.0.0.2:9050 10.0.0.1:49948
+RUN_BSD_SOCKSTAT_2 = "sockstat -4c | awk '($2 == \"%s\" && $3 == %s) {print $6 \" \" $7}'"
RESOLVERS = [] # connection resolvers available via the singleton constructor
RESOLVER_FAILURE_TOLERANCE = 3 # number of subsequent failures before moving on to another resolver
@@ -101,6 +108,7 @@ def getConnections(resolutionCmd, processName, processPid = ""):
elif resolutionCmd == CMD_LSOF: cmd = RUN_LSOF % (processName, processPid)
elif resolutionCmd == CMD_SOCKSTAT: cmd = RUN_SOCKSTAT % (processName, processPid)
elif resolutionCmd == CMD_BSD_SOCKSTAT: cmd = RUN_BSD_SOCKSTAT % (processName, processPid)
+ elif resolutionCmd == CMD_BSD_SOCKSTAT_2: cmd = RUN_BSD_SOCKSTAT_2 % (processName, processPid)
elif resolutionCmd == CMD_BSD_PROCSTAT: cmd = RUN_BSD_PROCSTAT % (processPid)
else: raise ValueError("Unrecognized resolution type: %s" % resolutionCmd)
@@ -127,6 +135,9 @@ def getConnections(resolutionCmd, processName, processPid = ""):
elif resolutionCmd == CMD_BSD_SOCKSTAT:
localIp, localPort = comp[5].split(":")
foreignIp, foreignPort = comp[6].split(":")
+ elif resolutionCmd == CMD_BSD_SOCKSTAT_2:
+ localIp, localPort = comp[0].split(":")
+ foreignIp, foreignPort = comp[1].split(":")
elif resolutionCmd == CMD_BSD_PROCSTAT:
localIp, localPort = comp[9].split(":")
foreignIp, foreignPort = comp[10].split(":")
@@ -182,7 +193,7 @@ def getResolver(processName, processPid = ""):
def test():
# quick method for testing connection resolution
- userInput = raw_input("Enter query (<ss, netstat, lsof> PROCESS_NAME [PID]): ").split()
+ userInput = raw_input("Enter query (<ss, netstat, lsof, sockstat> PROCESS_NAME [PID]): ").split()
# checks if there's enough arguments
if len(userInput) == 0: sys.exit(0)
@@ -195,6 +206,7 @@ def test():
if userInput[0] == "ss": userInput[0] = CMD_SS
elif userInput[0] == "netstat": userInput[0] = CMD_NETSTAT
elif userInput[0] == "lsof": userInput[0] = CMD_LSOF
+ elif userInput[0] == "sockstat": userInput[0] = CMD_SOCKSTAT
else:
print "unrecognized type of resolver: %s" % userInput[2]
sys.exit(1)
--
1.7.3.2
Attachment:
signature.asc
Description: PGP signature