[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r19988: {torvm} Update Tor package to 17-rc, commit partial static ARP table (in torvm/trunk/build: kamikaze/common kamikaze/patches kamikaze/scripts win32/src/torvm-w32)
Author: coderman
Date: 2009-07-13 00:49:46 -0400 (Mon, 13 Jul 2009)
New Revision: 19988
Modified:
torvm/trunk/build/kamikaze/common/pkg-cache.mk
torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
torvm/trunk/build/kamikaze/scripts/genlicense.sh
torvm/trunk/build/win32/src/torvm-w32/apicommon.h
torvm/trunk/build/win32/src/torvm-w32/torvm.c
Log:
Update Tor package to 17-rc, commit partial static ARP table code, set permissive iptables until completed.
Modified: torvm/trunk/build/kamikaze/common/pkg-cache.mk
===================================================================
--- torvm/trunk/build/kamikaze/common/pkg-cache.mk 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/kamikaze/common/pkg-cache.mk 2009-07-13 04:49:46 UTC (rev 19988)
@@ -128,9 +128,9 @@
OPENSSL_URL=http://www.openssl.org/source/$(OPENSSL_F)
OPENSSL_SUM=7e7cd4f3974199b729e6e3a0af08bd4279fde0370a1120c1a3b351ab090c6101
-TOR_F=tor-0.2.1.16-rc.tar.gz
+TOR_F=tor-0.2.1.17-rc.tar.gz
TOR_URL=http://www.torproject.org/dist/$(TOR_F)
-TOR_SUM=6d6b57e2b49e38e046bce1e3d282506bea1347794815ecd73c617cbc7ef6370c
+TOR_SUM=89d4d16865374c80419ec93abccf49bef4ad81fd869cb0cf7b83b00ddabc3fdb
Modified: torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch 2009-07-13 04:49:46 UTC (rev 19988)
@@ -1,6 +1,6 @@
diff -Naur a/package/tor/Makefile b/package/tor/Makefile
--- a/package/tor/Makefile 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/Makefile 2009-06-24 00:52:55.103540226 +0000
++++ b/package/tor/Makefile 2009-07-13 04:47:11.648406177 +0000
@@ -0,0 +1,114 @@
+#
+# Copyright (C) 2008 OpenWrt.org
@@ -14,13 +14,13 @@
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=tor
-+PKG_VERSION:=0.2.1.16-rc
++PKG_VERSION:=0.2.1.17-rc
+
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.torproject.org/dist/
-+PKG_MD5SUM:=9000ffdfda2835b7acefeeef8e6b6280
++PKG_MD5SUM:=5328e9ac9fa23d42e01aed80291cedb2
+
+include $(INCLUDE_DIR)/package.mk
+
@@ -314,8 +314,8 @@
+
diff -Naur a/package/tor/files/tor.init b/package/tor/files/tor.init
--- a/package/tor/files/tor.init 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/tor.init 2009-06-24 00:46:43.926515985 +0000
-@@ -0,0 +1,148 @@
++++ b/package/tor/files/tor.init 2009-06-24 23:46:11.702526906 +0000
+@@ -0,0 +1,147 @@
+#!/bin/sh
+# make sure we check the system bin dirs
+export PATH=/usr/sbin:/sbin:$PATH
@@ -358,7 +358,6 @@
+ [ -f $DEFAULT ] && . $DEFAULT
+ [ -d $HOME_D ] || mkdir -p $HOME_D
+ [ -f $CONF_F ] || cp -f /etc/tor/torrc $CONF_F
-+ [ -f $GEOIP_F ] || cp -f /etc/tor/geoip $GEOIP_F
+ [ -d $LOG_D ] || mkdir -p $LOG_D
+ rm -f $LOG_F >/dev/null 2>&1
+ chown $RUN_USER:$RUN_GROUP $LOG_D
@@ -492,7 +491,7 @@
+TransListenAddress 0.0.0.0
diff -Naur a/package/tor/files/torvminit b/package/tor/files/torvminit
--- a/package/tor/files/torvminit 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/torvminit 2009-06-24 00:22:59.916178341 +0000
++++ b/package/tor/files/torvminit 2009-06-29 15:45:27.142518017 +0000
@@ -0,0 +1,240 @@
+#!/bin/sh
+# Copyright (C) 2008-2009 The Tor Project, Inc.
@@ -603,7 +602,7 @@
+touch /var/log/lastlog
+ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf
+
-+/etc/init.d/sysctl
++[ -f /etc/sysctl.conf ] && sysctl -p >&-
+
+vmr_init
+ifconfig lo 127.0.0.1 netmask 255.0.0.0 up
@@ -736,8 +735,8 @@
+fi
diff -Naur a/package/tor/files/vmrouter.sh b/package/tor/files/vmrouter.sh
--- a/package/tor/files/vmrouter.sh 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/vmrouter.sh 2009-06-24 06:10:53.134519882 +0000
-@@ -0,0 +1,128 @@
++++ b/package/tor/files/vmrouter.sh 2009-07-06 11:38:36.499455187 +0000
+@@ -0,0 +1,138 @@
+#!/bin/bash
+# Utility script for Tor VM routing
+# Source or run directly.
@@ -772,9 +771,12 @@
+ iptables -t nat --flush POSTROUTING
+
+ # default policy drop
-+ iptables -t filter -P INPUT DROP
-+ iptables -t filter -P FORWARD DROP
-+ iptables -t filter -P OUTPUT DROP
++ #iptables -t filter -P INPUT DROP
++ #iptables -t filter -P FORWARD DROP
++ #iptables -t filter -P OUTPUT DROP
++ iptables -t filter -P INPUT ACCEPT
++ iptables -t filter -P FORWARD ACCEPT
++ iptables -t filter -P OUTPUT ACCEPT
+
+ # trap table is the global on/off switch for traffic
+ # use a trap table so that tarpit or drop can be set
@@ -796,6 +798,11 @@
+ iptables -t nat -A PREROUTING -g $cli_prenat_tbl
+ iptables -t nat -N $cli_postnat_tbl
+ iptables -t nat -A POSTROUTING -g $cli_postnat_tbl
++
++ # log default drop targets
++ iptables -t filter -A INPUT -j LOG
++ iptables -t filter -A FORWARD -j LOG
++ iptables -t filter -A OUTPUT -j LOG
+}
+
+vmr_addmac() {
@@ -813,8 +820,10 @@
+ for PORTNUM in $CLIENT_BLOCK_TCP_PORTS; do
+ iptables -t filter -I $cli_filt_tbl -p tcp --dport $PORTNUM -j DROP
+ done
-+ iptables -t filter -A $cli_filt_tbl -j DROP
++ iptables -t filter -A $cli_filt_tbl -j RETURN
+ iptables -t nat -I $cli_postnat_tbl -o "$1" -j MASQUERADE
++ iptables -t filter -A OUTPUT -o "$1" -j ACCEPT
++ iptables -t filter -I $host_filt_tbl -i "$1" -m state --state ESTABLISHED,RELATED -j ACCEPT
+}
+
+vmr_fwdadd() {
Modified: torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2009-07-13 04:49:46 UTC (rev 19988)
@@ -1164,6 +1164,17 @@
run_scripts() {
for i in /etc/rc.d/$1*; do
[ -x $i ] && $i $2 2>&1
+diff -Naur a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl
+--- a/package/base-files/files/etc/init.d/sysctl 2007-05-10 10:07:38.965405000 +0000
++++ b/package/base-files/files/etc/init.d/sysctl 1970-01-01 00:00:00.000000000 +0000
+@@ -1,7 +0,0 @@
+-#!/bin/sh /etc/rc.common
+-# Copyright (C) 2006 OpenWrt.org
+-
+-START=99
+-start() {
+- [ -f /etc/sysctl.conf ] && sysctl -p >&-
+-}
diff -Naur a/package/base-files/files/etc/init.d/umount b/package/base-files/files/etc/init.d/umount
--- a/package/base-files/files/etc/init.d/umount 2007-05-10 10:45:04.317089000 +0000
+++ b/package/base-files/files/etc/init.d/umount 1970-01-01 00:00:00.000000000 +0000
Modified: torvm/trunk/build/kamikaze/scripts/genlicense.sh
===================================================================
--- torvm/trunk/build/kamikaze/scripts/genlicense.sh 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/kamikaze/scripts/genlicense.sh 2009-07-13 04:49:46 UTC (rev 19988)
@@ -3,12 +3,12 @@
lf="target:openssl:LICENSE $lf"
lf="target:e2fsprogs:COPYING $lf"
lf="target:iproute2:COPYING $lf"
-lf="target:ncurses:README $lf"
-lf="target:util-linux-ng:COPYING $lf"
+lf="target:libupnp:LICENSE $lf"
+lf="target:libtool:COPYING $lf"
+lf="target:zlib:README $lf"
lf="linux:linux:COPYING $lf"
lf="linux:iptables:COPYING $lf"
lf="linux:tor:LICENSE $lf"
-lf="target:libupnp:LICENSE $lf"
function usage () {
if (( $# )); then
echo "Error: $1" >&2
Modified: torvm/trunk/build/win32/src/torvm-w32/apicommon.h
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/apicommon.h 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/win32/src/torvm-w32/apicommon.h 2009-07-13 04:49:46 UTC (rev 19988)
@@ -13,7 +13,15 @@
*/
#define _WIN32_WINNT 0x0500
+/* Prevent inclusion of the old Winsock.h 1.1 headers
+ */
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
#include <windows.h>
+#include <winsock2.h>
+#include <iphlpapi.h>
+
#include <security.h>
#include <tchar.h>
#include <winreg.h>
@@ -21,6 +29,7 @@
#include <winerror.h>
#include <wincrypt.h>
#include <winsock2.h>
+#include <iphlpapi.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
Modified: torvm/trunk/build/win32/src/torvm-w32/torvm.c
===================================================================
--- torvm/trunk/build/win32/src/torvm-w32/torvm.c 2009-07-13 01:17:04 UTC (rev 19987)
+++ torvm/trunk/build/win32/src/torvm-w32/torvm.c 2009-07-13 04:49:46 UTC (rev 19988)
@@ -30,7 +30,9 @@
LPTSTR ipaddr;
LPTSTR netmask;
LPTSTR gateway;
+ LPTSTR gwmacaddr;
LPTSTR dhcpsvr;
+ LPTSTR svrmacaddr;
LPTSTR dhcpname;
LPTSTR driver;
struct s_rconnelem * next;
@@ -970,12 +972,61 @@
HKEY key;
HKEY wkey;
DWORD len;
- int i = 0;
+ DWORD retval;
+ int i, j;
int numconn = 0;
struct s_rconnelem * ce = NULL;
struct s_rconnelem * ne = NULL;
const char name_string[] = "Name";
+ ULONG arpentsz = 128 * sizeof(MIB_IPNETROW);
+ PMIB_IPNETTABLE pmib = NULL;
+ IN_ADDR addr;
+ char *ipstr;
+ /* Load the ARP table before iterating through interfaces
+ */
+ pmib = malloc(sizeof(MIB_IPNETTABLE)+arpentsz);
+
+ retval = GetIpNetTable(pmib,&arpentsz,FALSE);
+ if (retval == ERROR_INSUFFICIENT_BUFFER) {
+ /* XXX: re-alloc instead with returned hint */
+ lerror ("ARP table is huge, skipping static ARP assignments. Would need %d.", arpentsz);
+ free(pmib);
+ pmib = NULL;
+ }
+ else {
+ if (retval != NO_ERROR) {
+ lerror ("GetIpNetTable failed with error code %d in call to loadnetinfo.", retval);
+ free(pmib);
+ pmib = NULL;
+ }
+ else {
+ for (i=0; i<pmib->dwNumEntries; i++) {
+ addr.S_un.S_addr = pmib->table[i].dwAddr;
+ ipstr = inet_ntoa(addr);
+ if (!ipstr)
+ ipstr = "";
+ if (pmib->table[i].dwPhysAddrLen == 6) {
+ ldebug ("MIB enumerate found ARP entry HWADDR: %02X:%02X:%02X:%02X:%02X:%02X -> IP: %s [%s]",
+ pmib->table[i].bPhysAddr[0],pmib->table[i].bPhysAddr[1],
+ pmib->table[i].bPhysAddr[2],pmib->table[i].bPhysAddr[3],
+ pmib->table[i].bPhysAddr[4],pmib->table[i].bPhysAddr[5],
+ ipstr,
+ /* 4-Static, 3-Dynamic, 2-Invalid, 1-Other */
+ (pmib->table[i].dwType == 3) ? "Dynamic" : "Static"
+ );
+ }
+ else {
+ ldebug ("MIB enumerate found ARP entry with non Ethernet sized physical address for IP: %s. Ignoring.",
+ ipstr);
+ }
+ }
+ }
+ }
+
+
+ /* Now enumerate all interfaces and list details for caller.
+ */
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
NETWORK_CONNECTIONS_KEY,
0,
@@ -986,6 +1037,7 @@
return -1;
}
+ i = 0;
while (1) {
char enum_name[REG_NAME_MAX];
char connection_string[REG_NAME_MAX];
@@ -1113,6 +1165,23 @@
ce->netmask = strdup(name_data);
ldebug ("Connection %s netmask: %s.", ce->name, ce->netmask);
}
+ /* Set ARP entries for this interface if needed. */
+ if (pmib && ce->isdefgw) {
+ for (j=0; j<pmib->dwNumEntries; j++) {
+ addr.S_un.S_addr = pmib->table[j].dwAddr;
+ ipstr = inet_ntoa(addr);
+ if ((pmib->table[j].dwPhysAddrLen == 6) &&
+ (strcmp(ipstr, ce->gateway) == 0) ) {
+ ce->gwmacaddr = malloc(32);
+ snprintf(ce->gwmacaddr, 32-1, "%02X:%02X:%02X:%02X:%02X:%02X",
+ pmib->table[j].bPhysAddr[0],pmib->table[j].bPhysAddr[1],
+ pmib->table[j].bPhysAddr[2],pmib->table[j].bPhysAddr[3],
+ pmib->table[j].bPhysAddr[4],pmib->table[j].bPhysAddr[5]);
+ ldebug ("Found ARP entry for gateway %s with hwaddr %s",
+ ce->gateway, ce->gwmacaddr);
+ }
+ }
+ }
if (ce->isdhcp) {
len = sizeof (name_data);
status = RegQueryValueEx(tkey,
@@ -1145,6 +1214,23 @@
}
RegCloseKey (tkey);
}
+ /* Set ARP info for DHCP server if needed. */
+ if (pmib && ce->isdefgw) {
+ for (j=0; j<pmib->dwNumEntries; j++) {
+ addr.S_un.S_addr = pmib->table[j].dwAddr;
+ ipstr = inet_ntoa(addr);
+ if ((pmib->table[j].dwPhysAddrLen == 6) &&
+ (strcmp(ipstr, ce->dhcpsvr) == 0) ) {
+ ce->svrmacaddr = malloc(32);
+ snprintf(ce->svrmacaddr, 32-1, "%02X:%02X:%02X:%02X:%02X:%02X",
+ pmib->table[j].bPhysAddr[0],pmib->table[j].bPhysAddr[1],
+ pmib->table[j].bPhysAddr[2],pmib->table[j].bPhysAddr[3],
+ pmib->table[j].bPhysAddr[4],pmib->table[j].bPhysAddr[5]);
+ ldebug ("Found ARP entry for DHCP server %s with hwaddr %s",
+ ce->dhcpsvr, ce->svrmacaddr);
+ }
+ }
+ }
}
else {
RegCloseKey (tkey);
@@ -1158,6 +1244,9 @@
RegCloseKey (key);
+ if (pmib)
+ free(pmib);
+
if (numconn <= 0)
return numconn;
@@ -1331,6 +1420,51 @@
RegCloseKey (key);
}
+ /* Before we return make sure to resolve any necessary ARP entries. */
+ ce = *connlist;
+ while (ce) {
+ IPAddr arpsrcip = 0;
+ IPAddr arpdestip = 0;
+ ULONG ulmacaddr[2];
+ ULONG paddrlen = 6;
+ BYTE *hwaddr;
+ if (ce->isdefgw) {
+ if (ce->gwmacaddr == NULL) {
+ arpdestip = inet_addr(ce->gateway);
+ memset(ulmacaddr, 255, sizeof(ulmacaddr));
+ retval = SendARP(arpdestip, arpsrcip, ulmacaddr, &paddrlen);
+ if ((retval != NO_ERROR) || (paddrlen != 6)) {
+ ldebug("Failed to resolve ARP for gateway address %s", ce->gateway);
+ }
+ else {
+ hwaddr = (BYTE *)ulmacaddr;
+ ce->gwmacaddr = malloc(32);
+ snprintf(ce->gwmacaddr, 32-1, "%02X:%02X:%02X:%02X:%02X:%02X",
+ hwaddr[0], hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
+ ldebug ("Received ARP reply for gateway %s with hwaddr %s",
+ ce->gateway, ce->gwmacaddr);
+ }
+ }
+ if ( (ce->isdhcp) && (ce->svrmacaddr == NULL) ) {
+ arpdestip = inet_addr(ce->dhcpsvr);
+ memset(&ulmacaddr, 255, sizeof(ulmacaddr));
+ retval = SendARP(arpdestip, arpsrcip, ulmacaddr, &paddrlen);
+ if ((retval != NO_ERROR) || (paddrlen != 6)) {
+ ldebug("Failed to resolve ARP for DHCP server address %s", ce->dhcpsvr);
+ }
+ else {
+ hwaddr = (BYTE *)&ulmacaddr;
+ ce->gwmacaddr = malloc(32);
+ snprintf(ce->svrmacaddr, 32-1, "%02X:%02X:%02X:%02X:%02X:%02X",
+ hwaddr[0], hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
+ ldebug ("Received ARP reply for DHCP server %s with hwaddr %s",
+ ce->dhcpsvr, ce->svrmacaddr);
+ }
+ }
+ }
+ ce = ce->next;
+ }
+
return numconn;
}
@@ -1363,7 +1497,7 @@
else {
if (brif->isdhcp == FALSE) {
snprintf (*cmdline, cmdlen -1,
- "%s %s %s %s IP=%s MASK=%s GW=%s MAC=%s MTU=%d PRIVIP=%s CTLSOCK=%s:9051 CTLREADY=9052 HASHPW=%s",
+ "%s %s%s %s IP=%s MASK=%s GW=%s MAC=%s MTU=%d PRIVIP=%s CTLSOCK=%s:9051 CTLREADY=9052 HASHPW=%s %s%s",
usedebug ? dbgcmds : basecmds,
myhostname ? "USEHOSTNAME=" : "",
myhostname ? myhostname : "",
@@ -1375,7 +1509,9 @@
CAP_MTU,
TOR_TAP_VMIP,
TOR_TAP_VMIP,
- ctlpass);
+ ctlpass,
+ brif->gwmacaddr ? "ARPENT=" : "",
+ brif->gwmacaddr ? brif->gwmacaddr : "");
}
else {
/* fallback if we can't get HOSTNAME, use DHCP client name. */
@@ -1383,7 +1519,7 @@
myhostname = brif->dhcpname;
snprintf (*cmdline, cmdlen -1,
- "%s %s %s %s IP=%s MASK=%s GW=%s MAC=%s MTU=%d PRIVIP=%s ISDHCP DHCPSVR=%s DHCPNAME=%s CTLSOCK=%s:9051 CTLREADY=9052 HASHPW=%s",
+ "%s %s%s %s IP=%s MASK=%s GW=%s MAC=%s MTU=%d PRIVIP=%s ISDHCP DHCPSVR=%s DHCPNAME=%s CTLSOCK=%s:9051 CTLREADY=9052 HASHPW=%s %s%s %s%s",
usedebug ? dbgcmds : basecmds,
myhostname ? "USEHOSTNAME=" : "",
myhostname ? myhostname : "",
@@ -1397,7 +1533,11 @@
brif->dhcpsvr,
brif->dhcpname,
TOR_TAP_VMIP,
- ctlpass);
+ ctlpass,
+ brif->gwmacaddr ? "ARPENT=" : "",
+ brif->gwmacaddr ? brif->gwmacaddr : "",
+ brif->svrmacaddr ? "ARPENT=" : "",
+ brif->svrmacaddr ? brif->svrmacaddr : "");
}
}
return TRUE;
@@ -1719,16 +1859,7 @@
NULL, // keep same directory
&si,
&pi) ) {
- linfo ("Failed to re-launch process automatically with Administrator rights. Prompting user with Runas.");
- if (ShellExecute(NULL,
- "runas",
- cmd,
- NULL,
- NULL,
- SW_HIDE) != ERROR_SUCCESS) {
- lerror ("Failed to re-launch via runas with Administrator rights. Unable to continue.");
- return FALSE;
- }
+ lerror ("Failed to re-launch with Administrator rights. Unable to continue.");
}
return TRUE;
}
@@ -2143,6 +2274,7 @@
ce = ce->next;
}
}
+
/* disable removing the tap automatically until reload issues resolved.
* uninstalltap(); */
if (ce == NULL) {