[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor TransPort on OpenBSD?



     On Sun, 10 Aug 2008 13:06:24 -0700 Christopher Davis <loafier@xxxxxxxxx>
wrote:
>On Sun, Aug 10, 2008 at 12:28:05PM -0600, macintoshzoom wrote:
>> Hi Christopher Davis,
>> 
>> [much text deleted  --SB]
>> 
>> Latest port at openports.se mirror from Rui Reis is for tor-0.1.2.19, 
>> now "obsolete" (OpenBSD is always "obsolete" in many latest top-trend 
>> software, I am quite tired about this (I hope they get some $millions 
>> soon to improve its paid staff) ... (this is why I am starting to learn 
>> how to build my own ports for key software).

     Unless you desperately need the alleged airtightness of OpenBSD's
security, you might be better off with FreeBSD, which seems to have very
active development and porting teams.  Also, at present FreeBSD 7.0 is the
only system out there that gets really good performance on SMP systems when
there are more dispatchable processes/threads than processors.  On all
other systems, Windows included, total throughput declines as more
dispatchable processes/threads are added until a system is doing little
more useful work than could be done on a uniprocessor system.  FreeBSD 7.0
maintains total throughput in this situation at very near the theoretical
maximum, especially if the ULE scheduler is selected when the kernel is
built.
>> 
>> I patched my port by hand, using as sample the openports.se latest port 
>> from then, by I would like to know how to patch from (your) diff file-s 
>> using the KDE kompare (I am on KDE graphical environment, I am building 
>> an OpenBSD graphical system, you know, to attract MS and youngsters, ex 
>> MS-user from decades ago ...) or the proper OpenBSD experts console tool 
>> which I don't (yet) know which one is.
>> 
>
>https://www.torproject.org/download-unix.html
>
>Instead of installing Tor from an OpenBSD port or package, an easier 
>way would be to download the source package from Tor's download page, 
>then unpack, apply the patch, and compile and install. Applying the
>patch should be straightforward. See my last email for the commands.
>Remember to run the patch command from the root directory of the 
>source package. The same might be accomplished with the KDE tool, but
>I am not familiar with it. 
>
>I've attached the patch to this email.
>
> [stuff deleted  --SB]
>
>Index: src/or/config.c
>===================================================================
>--- src/or/config.c	(revision 16230)
>+++ src/or/config.c	(working copy)
>@@ -1060,6 +1060,16 @@
>     }
>   }
> 
>+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
>+  /* Open /dev/pf before dropping privileges. */
>+  if (options->TransPort) {
>+    if (get_pf_socket() < 0) {
>+      *msg = tor_strdup("Unable to open /dev/pf.");
>+      goto rollback;
>+    }
>+  }
>+#endif
>+
>   /* Setuid/setgid as appropriate */
>   if (options->User || options->Group) {
>     /* XXXX021 We should only do this the first time through, not on
>Index: src/or/connection_edge.c
>===================================================================
>--- src/or/connection_edge.c	(revision 16230)
>+++ src/or/connection_edge.c	(working copy)
>@@ -1641,8 +1641,7 @@
> 
> #ifdef TRANS_PF
> static int pf_socket = -1;
>-static int
>-get_pf_socket(void)
>+int get_pf_socket(void)
> {
>   int pf;
>   /*  Ideally, this should be opened before dropping privs. */
>Index: src/or/or.h
>===================================================================
>--- src/or/or.h	(revision 16230)
>+++ src/or/or.h	(working copy)
>@@ -2939,6 +2939,10 @@
> } hostname_type_t;
> hostname_type_t parse_extended_hostname(char *address);
> 
>+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
>+int get_pf_socket(void);
>+#endif
>+
> /********************************* connection_or.c ***************************/
> 
> void connection_or_remove_from_identity_map(or_connection_t *conn);
>
>--4Ckj6UjgE2iN1+kY--
>
     I must be missing something here.  Why does tor need access to /dev/pf
to use the TransPort feature?  I thought all that should be necessary was
to add a RDR to /etc/pf.conf and reload it.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************