[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor TransPort on OpenBSD?



On Sun, Aug 10, 2008 at 12:28:05PM -0600, macintoshzoom wrote:
> Hi Christopher Davis,
> 
> What it is exactly "trunk" vs "0.2.0.30"?
> I'm a bit confused about all this jargon and cvs repositories.
> 

trunk is where the current Tor development goes in the subversion
repository. Tor 0.2.0.30 is the latest stable version.

> What should I do now?
> 
> I built my tor port for tor-0.2.1.1-alpha (seems successfully) but now I 
> am on 4.4 -current (+-) (1-2 weeks ago) and last tor source is stable 
> 0.2.0.30 and unstable 0.2.1.4-alpha:
> 
> Which one do you recommend?... I want latest TransPort and tor features 
> and I'm on an experimental box, so I don't care too much about bugs if 
> they are not a privacy/security issue, that is the main tor 
> implementation goal.
> 
> I think I would like to go by now to stable 0.2.0.30 if TransPorts works 
> as you tell, unless the alpha offers stunning new improvements... Do you 
> know?
> 

I've been running 0.2.0.30 on FreeBSD for a few weeks, and the 
transparent proxy functions well for my needs. I haven't used the 
alpha version, so I can't tell you how it compares to stable. Perhaps 
another user can respond.

> I would like to build a new personal port for my i386 box using this 
> last sources.
> Could you briefly tell me how?
> 
> Latest port at openports.se mirror from Rui Reis is for tor-0.1.2.19, 
> now "obsolete" (OpenBSD is always "obsolete" in many latest top-trend 
> software, I am quite tired about this (I hope they get some $millions 
> soon to improve its paid staff) ... (this is why I am starting to learn 
> how to build my own ports for key software).
> 
> I patched my port by hand, using as sample the openports.se latest port 
> from then, by I would like to know how to patch from (your) diff file-s 
> using the KDE kompare (I am on KDE graphical environment, I am building 
> an OpenBSD graphical system, you know, to attract MS and youngsters, ex 
> MS-user from decades ago ...) or the proper OpenBSD experts console tool 
> which I don't (yet) know which one is.
> 

https://www.torproject.org/download-unix.html

Instead of installing Tor from an OpenBSD port or package, an easier 
way would be to download the source package from Tor's download page, 
then unpack, apply the patch, and compile and install. Applying the
patch should be straightforward. See my last email for the commands.
Remember to run the patch command from the root directory of the 
source package. The same might be accomplished with the KDE tool, but
I am not familiar with it. 

I've attached the patch to this email.

If patching and rebuilding is too much trouble, then simply adjust the 
permissions on /dev/pf, ie:

# chgrp torgroup /dev/pf
# chmod 660 /dev/pf

Where 'torgroup' is the group Tor runs as. This should quiet the 
errors.

> Thanks for your efforts for porting latest tor, there are about half a 
> million privacy/conscious tor users worldwide, and many ones from 
> oppressed countries as fascist China and the like (beware!, privacy 
> human rights are also threatened in the states), where free-speech is 
> forbidden and people get 10 years jail just to check amnesty.org, 
> hrw.org, or tibetan-exiled gov pages!
> For them a secure OpenBSD + tor bundle (which I am trying to build) is a 
> breeze of hope in their future.
> 
> Mac.
> 

-- 
Christopher Davis
Index: src/or/config.c
===================================================================
--- src/or/config.c	(revision 16230)
+++ src/or/config.c	(working copy)
@@ -1060,6 +1060,16 @@
     }
   }
 
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+  /* Open /dev/pf before dropping privileges. */
+  if (options->TransPort) {
+    if (get_pf_socket() < 0) {
+      *msg = tor_strdup("Unable to open /dev/pf.");
+      goto rollback;
+    }
+  }
+#endif
+
   /* Setuid/setgid as appropriate */
   if (options->User || options->Group) {
     /* XXXX021 We should only do this the first time through, not on
Index: src/or/connection_edge.c
===================================================================
--- src/or/connection_edge.c	(revision 16230)
+++ src/or/connection_edge.c	(working copy)
@@ -1641,8 +1641,7 @@
 
 #ifdef TRANS_PF
 static int pf_socket = -1;
-static int
-get_pf_socket(void)
+int get_pf_socket(void)
 {
   int pf;
   /*  Ideally, this should be opened before dropping privs. */
Index: src/or/or.h
===================================================================
--- src/or/or.h	(revision 16230)
+++ src/or/or.h	(working copy)
@@ -2939,6 +2939,10 @@
 } hostname_type_t;
 hostname_type_t parse_extended_hostname(char *address);
 
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+int get_pf_socket(void);
+#endif
+
 /********************************* connection_or.c ***************************/
 
 void connection_or_remove_from_identity_map(or_connection_t *conn);