[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [torflow/master] Improve the output from the --policies scan.
commit 2320961a05e3277534887c7f76036c826a879230
Author: Mike Perry <mikeperry-git@xxxxxxxxxx>
Date: Sun Jan 30 00:40:12 2011 -0800
Improve the output from the --policies scan.
Make it easier to cut and paste appropriate badexit lines for this scan.
---
NetworkScanners/ExitAuthority/soat.py | 40 +++++++++++++++++++++++++-------
1 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/NetworkScanners/ExitAuthority/soat.py b/NetworkScanners/ExitAuthority/soat.py
index d502e05..162ff0e 100755
--- a/NetworkScanners/ExitAuthority/soat.py
+++ b/NetworkScanners/ExitAuthority/soat.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-#
+#!/usr/bin/python2.6
+
# 2008 Aleksei Gorny, mentored by Mike Perry
# 2009 Mike Perry
@@ -44,6 +44,7 @@ import urllib
import urllib2
import urlparse
import zlib,gzip
+import struct
import Queue
import StringIO
@@ -288,25 +289,37 @@ class ExitScanHandler(ScanSupport.ScanHandler):
'''
# get the structure
- routers = self.c.read_routers(self.c.get_network_status())
+ routers = filter(lambda r: "BadExit" not in r.flags,
+ self.current_consensus().sorted_r)
bad_exits = set([])
specific_bad_exits = [None]*len(ports_to_check)
+ bad_exit_bw = [0]*len(ports_to_check)
+ exit_bw = 0
+
for i in range(len(ports_to_check)):
specific_bad_exits[i] = []
# check exit policies
for router in routers:
+ if "Exit" in router.flags:
+ exit_bw += router.bw
for i in range(len(ports_to_check)):
[common_protocol, common_restriction, secure_protocol, secure_restriction] = ports_to_check[i]
if common_restriction.r_is_ok(router) and not secure_restriction.r_is_ok(router):
bad_exits.add(router)
+ bad_exit_bw[i] += router.bw
specific_bad_exits[i].append(router)
#plog('INFO', 'Router ' + router.nickname + ' allows ' + common_protocol + ' but not ' + secure_protocol)
for i,exits in enumerate(specific_bad_exits):
[common_protocol, common_restriction, secure_protocol, secure_restriction] = ports_to_check[i]
- plog("NOTICE", "Nodes allowing "+common_protocol+" but not "+secure_protocol+":\n\t"+"\n\t".join(map(lambda r: r.nickname+"="+r.idhex, exits)))
+ plog("NOTICE", str(len(exits))+" nodes ("+str(round(100.0*bad_exit_bw[i]/exit_bw,2))+"%) allowing "+common_protocol+" but not "+secure_protocol+":")
+ print "# approved-routers"
+ print "\n".join(map(lambda r: "!badexit "+r.idhex+" # "+r.nickname, exits))
+ print "\n# torrc"
+ print "\n".join(map(lambda r: "authdirbadexit "+socket.inet_ntoa(struct.pack(">I",r.ip))+" # "+r.nickname, exits))
+ print ""
#plog('INFO', 'Router ' + router.nickname + ' allows ' + common_protocol + ' but not ' + secure_protocol)
@@ -314,8 +327,9 @@ class ExitScanHandler(ScanSupport.ScanHandler):
plog('INFO', 'Total nodes: ' + `len(routers)`)
for i in range(len(ports_to_check)):
[common_protocol, _, secure_protocol, _] = ports_to_check[i]
- plog('INFO', 'Exits with ' + common_protocol + ' / ' + secure_protocol + ' problem: ' + `len(specific_bad_exits[i])` + ' (~' + `(len(specific_bad_exits[i]) * 100 / len(routers))` + '%)')
- plog('INFO', 'Total bad exits: ' + `len(bad_exits)` + ' (~' + `(len(bad_exits) * 100 / len(routers))` + '%)')
+ plog('INFO', 'Exits with ' + common_protocol + ' / ' + secure_protocol +
+' problem: ' + `len(specific_bad_exits[i])`) # + ' (~' + `(len(specific_bad_exits[i]) * 100 / len(routers))` + '%)')
+ plog('INFO', 'Total bad exits: ' + `len(bad_exits)`) # + ' (~' + `(len(bad_exits) * 100 / len(routers))` + '%)')
# FIXME: Hrmm is this in the right place?
def check_dns_rebind(self, cookie_file):
@@ -2937,12 +2951,15 @@ def main(argv):
print '--policies'
print '--exit=<exit>'
print '--target=<ip or url>'
+ print '--loglevel=<DEBUG|INFO|NOTICE|WARN|ERROR|NONE>'
print ''
return
+
+ TorUtil.read_config(data_dir+"/torctl.cfg")
- opts = ['ssl','rescan', 'pernode=', 'resume=', 'html','http','ssh','smtp','pop','imap','dns','dnsrebind','policies','exit=','target=']
+ opts = ['ssl','rescan', 'pernode=', 'resume=', 'html','http','ssh','smtp','pop','imap','dns','dnsrebind','policies','exit=','target=','loglevel=']
flags, trailer = getopt.getopt(argv[1:], [], opts)
-
+
# get specific test types
do_resume = False
do_rescan = ('--rescan','') in flags
@@ -2972,8 +2989,13 @@ def main(argv):
if flag[0] == "--resume":
do_resume = True
resume_run=int(flag[1])
+ if flag[0] == "--loglevel":
+ if flag[1] in TorUtil.loglevels:
+ TorUtil.loglevel=flag[1]
+ else:
+ plog("ERROR", "Unknown loglevel: "+flag[1])
+ sys.exit(0)
- TorUtil.read_config(data_dir+"/torctl.cfg")
plog("DEBUG", "Read tor config. Got Socks proxy: "+str(TorUtil.tor_port))