[or-cvs] r19004: {torvm} Almost there... add geoip file and default hostname to hosts (torvm/trunk/build/kamikaze/patches)
coderman at seul.org
coderman at seul.org
Sun Mar 15 04:32:22 UTC 2009
Author: coderman
Date: 2009-03-15 00:32:20 -0400 (Sun, 15 Mar 2009)
New Revision: 19004
Modified:
torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
Log:
Almost there... add geoip file and default hostname to hosts name instead of Tor_VM, since it may be exposed by accident.
Modified: torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch 2009-03-15 03:11:52 UTC (rev 19003)
+++ torvm/trunk/build/kamikaze/patches/001-kamikaze-tor-package.patch 2009-03-15 04:32:20 UTC (rev 19004)
@@ -1,7 +1,7 @@
diff -Naur a/package/tor/Makefile b/package/tor/Makefile
--- a/package/tor/Makefile 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/Makefile 2009-03-14 04:07:01.620407064 +0000
-@@ -0,0 +1,112 @@
++++ b/package/tor/Makefile 2009-03-15 04:21:36.085671648 +0000
+@@ -0,0 +1,113 @@
+#
+# Copyright (C) 2008 OpenWrt.org
+#
@@ -105,6 +105,7 @@
+define Package/tor/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/or/tor $(1)/usr/sbin/
++ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/config/geoip $(1)/etc/tor/geoip
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/tor.init $(1)/etc/init.d/tor
+ $(INSTALL_DIR) $(1)/etc/tor
@@ -114,16 +115,213 @@
+endef
+
+$(eval $(call BuildPackage,tor))
+diff -Naur a/package/tor/files/prio.sh b/package/tor/files/prio.sh
+--- a/package/tor/files/prio.sh 1970-01-01 00:00:00.000000000 +0000
++++ b/package/tor/files/prio.sh 2009-03-15 04:16:44.189046680 +0000
+@@ -0,0 +1,192 @@
++#!/bin/bash
++# Written by Marco Bonetti & Mike Perry
++# Based on instructions from Dan Singletary's ADSL BW Management HOWTO:
++# http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidth-Management-HOWTO.html
++# This script is Public Domain.
++
++############################### README #################################
++
++# This script provides prioritization of Tor traffic below other
++# traffic on a Linux server. It has two modes of operation: UID based
++# and IP based.
++
++# UID BASED PRIORITIZATION
++#
++# The UID based method requires that Tor be launched from
++# a specific user ID. The "User" Tor config setting is
++# insufficient, as it sets the UID after the socket is created.
++# Here is a C wrapper you can use to execute Tor and drop privs before
++# it creates any sockets.
++#
++# Compile with:
++# gcc -DUID=`id -u tor` -DGID=`id -g tor` tor_wrap.c -o tor_wrap
++#
++# #include <unistd.h>
++# int main(int argc, char **argv) {
++# if(initgroups("tor", GID) == -1) { perror("initgroups"); return 1; }
++# if(setresgid(GID, GID, GID) == -1) { perror("setresgid"); return 1; }
++# if(setresuid(UID, UID, UID) == -1) { perror("setresuid"); return 1; }
++# execl("/bin/tor", "/bin/tor", "-f", "/etc/tor/torrc", NULL);
++# perror("execl"); return 1;
++# }
++
++# IP BASED PRIORITIZATION
++#
++# The IP setting requires that a separate IP address be dedicated to Tor.
++# Your Torrc should be set to bind to this IP for "OutboundBindAddress",
++# "ListenAddress", and "Address".
++
++# GENERAL USAGE
++#
++# You should also tune the individual connection rate parameters below
++# to your individual connection. In particular, you should leave *some*
++# minimum amount of bandwidth for Tor, so that Tor users are not
++# completely choked out when you use your server's bandwidth. 30% is
++# probably a reasonable choice. More is better of course.
++#
++# To start the shaping, run it as:
++# ./linux-tor-prio.sh
++#
++# To get status information (useful to verify packets are getting marked
++# and prioritized), run:
++# ./linux-tor-prio.sh status
++#
++# And to stop prioritization:
++# ./linux-tor-prio.sh stop
++#
++########################################################################
++
++# BEGIN USER TUNABLE PARAMETERS
++
++DEV=eth0
++
++# NOTE! You must START Tor under this UID. Using the Tor User
++# config setting is NOT sufficient. See above.
++#TOR_UID=$(id -u tor)
++
++# If the UID mechanism doesn't work for you, you can set this parameter
++# instead. If set, it will take precedence over the UID setting. Note that
++# you need multiple IPs with one specifically devoted to Tor for this to
++# work.
++TOR_IP="$IP"
++
++# Average ping to most places on the net, milliseconds
++RTT_LATENCY=40
++
++# RATE_UP must be less than your connection's upload capacity in
++# kbits/sec. If it is larger, then the bottleneck will be at your
++# router's queue, which you do not control. This will cause congestion
++# and a revert to normal TCP fairness no matter what the queing
++# priority is.
++RATE_UP=1500
++
++# RATE_UP_TOR is the minimum speed your Tor connections will have in
++# kbits/sec. They will have at least this much bandwidth for upload.
++# In general, you probably shouldn't set this too low, or else Tor
++# users who use your node will be completely choked out whenever your
++# machine does any other network activity. That is not very fun.
++RATE_UP_TOR=1000
++
++# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor trafic in
++# kbits/sec.
++RATE_UP_TOR_CEIL=1200
++
++#CHAIN=OUTPUT
++#CHAIN=PREROUTING
++CHAIN=POSTROUTING
++
++MTU=$MTU
++AVG_PKT=700
++
++# END USER TUNABLE PARAMETERS
++
++
++
++# The queue size should be no larger than your bandwidth-delay
++# product. This is RT latency*bandwidth/MTU/2
++
++BDP=$(expr $RTT_LATENCY \* $RATE_UP / $AVG_PKT)
++
++# Further research indicates that the BDP calculations should use
++# RTT/sqrt(n) where n is the expected number of active connections..
++
++BDP=$(expr $BDP / 4)
++
++if [ "$1" = "status" ]
++then
++ echo "[qdisc]"
++ tc -s qdisc show dev $DEV
++ tc -s qdisc show dev imq0
++ echo "[class]"
++ tc -s class show dev $DEV
++ tc -s class show dev imq0
++ echo "[filter]"
++ tc -s filter show dev $DEV
++ tc -s filter show dev imq0
++ echo "[iptables]"
++ iptables -t mangle -L TORSHAPER-OUT -v -x 2> /dev/null
++ exit
++fi
++
++
++# Reset everything to a known state (cleared)
++tc qdisc del dev $DEV root 2> /dev/null > /dev/null
++tc qdisc del dev imq0 root 2> /dev/null > /dev/null
++iptables -t mangle -D POSTROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null
++iptables -t mangle -D PREROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null
++iptables -t mangle -D OUTPUT -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null
++iptables -t mangle -F TORSHAPER-OUT 2> /dev/null > /dev/null
++iptables -t mangle -X TORSHAPER-OUT 2> /dev/null > /dev/null
++ip link set imq0 down 2> /dev/null > /dev/null
++rmmod imq 2> /dev/null > /dev/null
++
++if [ "$1" = "stop" ]
++then
++ echo "Shaping removed on $DEV."
++ exit
++fi
++
++# Outbound Shaping (limits total bandwidth to RATE_UP)
++
++ip link set dev $DEV qlen $BDP
++
++# Add HTB root qdisc, default is high prio
++tc qdisc add dev $DEV root handle 1: htb default 20
++
++# Add main rate limit class
++tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATE_UP}kbit
++
++# Create the two classes, giving Tor at least RATE_UP_TOR kbit and capping
++# total upstream at RATE_UP so the queue is under our control.
++tc class add dev $DEV parent 1:1 classid 1:20 htb rate $(expr $RATE_UP - $RATE_UP_TOR)kbit ceil ${RATE_UP}kbit prio 0
++tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATE_UP_TOR]kbit ceil ${RATE_UP_TOR_CEIL}kbit prio 10
++
++# Start up pfifo
++tc qdisc add dev $DEV parent 1:20 handle 20: pfifo limit $BDP
++tc qdisc add dev $DEV parent 1:21 handle 21: pfifo limit $BDP
++
++# filter traffic into classes by fwmark
++tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
++tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
++
++# add TORSHAPER-OUT chain to the mangle table in iptables
++iptables -t mangle -N TORSHAPER-OUT
++iptables -t mangle -I $CHAIN -o $DEV -j TORSHAPER-OUT
++
++
++# Set firewall marks
++# Low priority to Tor
++if [ ""$TOR_IP == "" ]
++then
++ echo "Using UID-based QoS. UID $TOR_UID marked as low priority."
++ iptables -t mangle -A TORSHAPER-OUT -m owner --uid-owner $TOR_UID -j MARK --set-mark 21
++else
++ echo "Using IP-based QoS. $TOR_IP marked as low priority."
++ iptables -t mangle -A TORSHAPER-OUT -s $TOR_IP -j MARK --set-mark 21
++fi
++
++# High prio for everything else
++iptables -t mangle -A TORSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
++
++echo "Outbound shaping added to $DEV. Rate for Tor upload at least: ${RATE_UP_TOR}Kbyte/sec."
++
diff -Naur a/package/tor/files/tor.init b/package/tor/files/tor.init
--- a/package/tor/files/tor.init 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/tor.init 2009-03-13 15:35:54.963580280 +0000
-@@ -0,0 +1,114 @@
++++ b/package/tor/files/tor.init 2009-03-15 04:23:29.661405512 +0000
+@@ -0,0 +1,116 @@
+#!/bin/sh
+
+BIN=tor
+DEFAULT=/etc/default/$BIN
+HOME_D=/home/$BIN
+CONF_F=$HOME_D/torrc
++GEOIP_F=$HOME_D/geoip
+LOG_D=/var/log/$BIN
+LOG_F=$LOG_D/notices.log
+SLOG_F=$LOG_D/start.log
@@ -143,6 +341,7 @@
+ [ -f $DEFAULT ] && . $DEFAULT
+ [ -d $HOME_D ] || mkdir -p $HOME_D
+ [ -f $CONF_F ] || cp -f /etc/tor/torrc $CONF_F
++ [ -f $GEOIP_F ] || cp -f /etc/tor/geoip $GEOIP_F
+ [ -d $LOG_D ] || mkdir -p $LOG_D
+ chown $RUN_USER:$RUN_GROUP $LOG_D
+ [ -d $DATA_D ] || mkdir -p $DATA_D
@@ -234,8 +433,8 @@
+exit 0
diff -Naur a/package/tor/files/torrc b/package/tor/files/torrc
--- a/package/tor/files/torrc 1970-01-01 00:00:00.000000000 +0000
-+++ b/package/tor/files/torrc 2009-03-13 16:03:40.525376400 +0000
-@@ -0,0 +1,26 @@
++++ b/package/tor/files/torrc 2009-03-15 04:22:14.280865096 +0000
+@@ -0,0 +1,27 @@
+# Configuration for Tor VM
+RunAsDaemon 1
+User tor
@@ -243,6 +442,7 @@
+PidFile /var/run/tor/pid
+DataDirectory /home/tor/data
+Log notice file /var/log/tor/notices.log
++GeoIPFile /home/tor/geoip
+
+# XXX For now rely on netfilter for access control to transproxy ports
+SocksListenAddress 0.0.0.0
Modified: torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2009-03-15 03:11:52 UTC (rev 19003)
+++ torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2009-03-15 04:32:20 UTC (rev 19004)
@@ -1229,8 +1229,8 @@
-tty1::askfirst:/bin/ash --login
diff -Naur a/package/base-files/files/etc/preinit b/package/base-files/files/etc/preinit
--- a/package/base-files/files/etc/preinit 2008-08-14 22:21:35.073308000 +0000
-+++ b/package/base-files/files/etc/preinit 2009-03-13 14:59:05.237509704 +0000
-@@ -1,88 +1,206 @@
++++ b/package/base-files/files/etc/preinit 2009-03-15 04:14:48.433644176 +0000
+@@ -1,88 +1,231 @@
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2008-2009 The Tor Project, Inc.
@@ -1273,14 +1273,23 @@
+ exec /bin/sh
+fi
+
++# setup various runtime options using kernel parameters
++ARGS=`cat /proc/cmdline`
++ARGS="_ $ARGS _"
++
+syslogd >/dev/null 2>&1
+# do we need it? klogd -c 1 >/dev/null 2>&1
+
+clear;echo
+d "Initializing ..."
+
-+# XXX set from cmdline
-+hostname "Tor_VM" >/dev/null 2>&1
++HOSTNAME="Tor_VM"
++echo $ARGS | grep ' USEHOSTNAME=' >/dev/null 2>&1
++if [ $? -eq 0 ]; then
++ HOSTNAME=`echo $ARGS | sed 's/.* USEHOSTNAME=//' | sed 's/ .*//' | sed 's/[^0-9a-zA-Z-_]//g'`
++fi
++export HOSTNAME
++hostname "$HOSTNAME" >/dev/null 2>&1
if grep devfs /proc/filesystems > /dev/null; then
mount devfs /dev -t devfs
@@ -1374,19 +1383,16 @@
+
+ifconfig lo 127.0.0.1 netmask 255.0.0.0 up
+
-+# setup various runtime options using kernel parameters
-+ARGS=`cat /proc/cmdline`
-+ARGS="_ $ARGS _"
-+
+# XXX need a good way to set this flexibly...
+TZ='PST8PDT,M3.2.0/2,M11.1.0/2'
+echo $ARGS | grep ' TZ=' >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+ TZ=`echo $ARGS | sed 's/.* TZ=//' | sed 's/ .*//'`
+fi
-+echo $TZ > /etc/TZ
++export TZ
++echo "$TZ" > /etc/TZ
+
-+echo $ARGS | grep ' NOINIT' >/dev/null 2>&1
++echo $ARGS | grep ' NOINIT ' >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo 'tty1::askfirst:/bin/ash --login' >> /etc/inittab
+else
@@ -1394,14 +1400,14 @@
+PRIVIP=10.99.11.1
+echo $ARGS | grep ' PRIVIP=' >/dev/null 2>&1
+if [ $? -eq 0 ]; then
-+ PRIVIP=`echo $ARGS | sed 's/.* PRIVIP=//' | sed 's/ .*//'`
++ PRIVIP=`echo $ARGS | sed 's/.* PRIVIP=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
+fi
+grep eth1: /proc/net/dev >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+ ifconfig eth1 $PRIVIP netmask 255.255.255.252 up
+fi
+
-+echo $ARGS | grep ' DEBUGINIT' >/dev/null 2>&1
++echo $ARGS | grep ' DEBUGINIT ' >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo 'tty1::askfirst:/bin/ash --login' >> /etc/inittab
+ echo 'tty2::askfirst:/bin/ash --login' >> /etc/inittab
@@ -1419,12 +1425,14 @@
+ LEASE=""
+ DHCPSVR=""
+ DHCPNAME=""
-+ IP=`echo $ARGS | sed 's/.* IP=//' | sed 's/ .*//'`
-+ MASK=`echo $ARGS | sed 's/.* MASK=//' | sed 's/ .*//'`
-+ GW=`echo $ARGS | sed 's/.* GW=//' | sed 's/ .*//'`
-+ MAC=`echo $ARGS | sed 's/.* MAC=//' | sed 's/ .*//'`
-+ MTU=`echo $ARGS | sed 's/.* MTU=//' | sed 's/ .*//'`
-+ ISDHCP=0
++ # XXX we should be able to use character classes in busybox matching for repl.
++ # or possibly bash style string manipulation if ash is sufficiently capable...
++ export IP=`echo $ARGS | sed 's/.* IP=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
++ export MASK=`echo $ARGS | sed 's/.* MASK=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
++ export GW=`echo $ARGS | sed 's/.* GW=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
++ export MAC=`echo $ARGS | sed 's/.* MAC=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
++ MTU=`echo $ARGS | sed 's/.* MTU=//' | sed 's/ .*//' | sed 's/[^0-9.]//g'`
++ export ISDHCP=0
+ dn "Setting IP $IP / $MASK via $GW ..."
+ ifconfig eth0 hw ether $MAC
+ ifconfig eth0 $IP netmask $MASK up
@@ -1432,9 +1440,9 @@
+ route add default gw $GW
+ echo $ARGS | grep ' ISDHCP ' >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
-+ ISDHCP=1
-+ DHCPSVR=`echo $ARGS | sed 's/.* DHCPSVR=//' | sed 's/ .*//'`
-+ DHCPNAME=`echo $ARGS | sed 's/.* DHCPNAME=//' | sed 's/ .*//'`
++ export ISDHCP=1
++ export DHCPSVR=`echo $ARGS | sed 's/.* DHCPSVR=//' | sed 's/ .*//'`
++ export DHCPNAME=`echo $ARGS | sed 's/.* DHCPNAME=//' | sed 's/ .*//'`
+ # fire up udhcpc to keep the lease active for however long is needed
+ udhcpc -b -h $DHCPNAME -r $IP -i eth0 -p /var/run/dhcp.eth0.pid >/dev/null 2>&1 &
+ fi
@@ -1460,12 +1468,29 @@
+fi
+
+if [ $netup -eq 0 ]; then
-+ echo " FAILED."
++ echo " FAILED.";echo
+ d "ERROR: Unable to get an IP address."
+ d "Check your DHCP server or configure one manually with ifconfig."
+ d "Remember to start Tor via /etc/init.d/tor start when ready."
+else
-+ echo " done."
++ echo $ARGS | grep ' CALLHDDINIT=' >/dev/null 2>&1
++ if [ $? -eq 0 ]; then
++ HDDINITF=`echo $ARGS | sed 's/.* CALLHDDINIT=//' | sed 's/ .*//'`
++ if [ -f "/home/tor/${HDDINITF}" ]; then
++ HDDINITF="/home/tor/${HDDINITF}"
++ else
++ if [ ! -f "${HDDINITF}" ]; then
++ HDDINITF="/proc/self/exists_not"
++ fi
++ fi
++ if [ -f "${HDDINITF}" ]; then
++ echo "done.";echo
++ d "Replacing init(self) with user requested HDD post-init script:"
++ d " ${HDDINITF}"
++ exec "${HDDINITF}"
++ fi
++ fi
++ echo " done.";echo
+ dn "Starting Tor ... "
+ /etc/init.d/tor start
+ echo "done."
@@ -1500,6 +1525,27 @@
- exec /sbin/init
+# end if !NOINIT
fi
+diff -Naur a/package/base-files/files/etc/profile b/package/base-files/files/etc/profile
+--- a/package/base-files/files/etc/profile 2009-01-07 04:38:57.851159000 +0000
++++ b/package/base-files/files/etc/profile 2009-03-15 04:12:57.481511464 +0000
+@@ -1,15 +1,11 @@
+ #!/bin/sh
+ [ -f /etc/banner ] && cat /etc/banner
+
+-export PATH=/bin:/sbin:/usr/bin:/usr/sbin
++export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/etc/init.d
+ export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
+ export HOME=${HOME:-/root}
+-export PS1='\u@\h:\w\$ '
++export PS1='\u at Tor_VM:\w\$ '
+
+ [ -x /bin/more ] || alias more=less
+ [ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
+-
+-[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
+-
+ [ -x /sbin/arp ] || arp() { cat /proc/net/arp; }
+-[ -z /bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
diff -Naur a/package/base-files/files/etc/rc.common b/package/base-files/files/etc/rc.common
--- a/package/base-files/files/etc/rc.common 2008-09-23 12:35:34.898984000 +0000
+++ b/package/base-files/files/etc/rc.common 2009-02-01 09:47:48.118074016 +0000
More information about the tor-commits
mailing list