[tor-commits] [stem/master] Add is_user_traffic_allowed() to the Controller
atagar at torproject.org
atagar at torproject.org
Sat Jul 4 22:55:15 UTC 2015
commit 842da03cdd0cbe424d8aca6e753accf55923b4c8
Author: Damian Johnson <atagar at torproject.org>
Date: Sat Jul 4 15:24:38 2015 -0700
Add is_user_traffic_allowed() to the Controller
Simple helper method to help users determine if inbound or outbound connections
are possibly directly servicing users, and by extension private.
---
docs/change_log.rst | 1 +
stem/control.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 47 insertions(+)
diff --git a/docs/change_log.rst b/docs/change_log.rst
index a6529fd..5eade67 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -47,6 +47,7 @@ The following are only available within Stem's `git repository
* Dramatic, `300x performance improvement <https://github.com/DonnchaC/stem/pull/1>`_ for reading from the control port with python 3
* :func:`~stem.connection.connect` and :func:`~stem.control.Controller.from_port` now connect to both port 9051 (relay's default) and 9151 (Tor Browser's default) (:trac:`16075`)
* Added `support for NETWORK_LIVENESS events <api/response.html#stem.response.events.NetworkLivenessEvent>`_ (:spec:`44aac63`)
+ * Added :func:`~stem.control.Controller.is_user_traffic_allowed` to the :class:`~stem.control.Controller`
* IPv6 addresses could trigger errors in :func:`~stem.control.Controller.get_listeners`, :class:`~stem.response.events.ORConnEvent`, and quite a few other things (:trac:`16174`)
* Don't obscure stacktraces, most notably :class:`~stem.control.Controller` getter methods with default values
diff --git a/stem/control.py b/stem/control.py
index f08a455..d9693cc 100644
--- a/stem/control.py
+++ b/stem/control.py
@@ -81,6 +81,7 @@ If you're fine with allowing your script to raise exceptions then this can be mo
|- get_protocolinfo - information about the controller interface
|- get_user - provides the user tor is running as
|- get_pid - provides the pid of our tor process
+ |- is_user_traffic_allowed - checks if we send or receive direct user traffic
|
|- get_microdescriptor - querying the microdescriptor for a relay
|- get_microdescriptors - provides all currently available microdescriptors
@@ -380,6 +381,11 @@ AccountingStats = collections.namedtuple('AccountingStats', [
'write_limit',
])
+UserTrafficAllowed = collections.namedtuple('UserTrafficAllowed', [
+ 'inbound',
+ 'outbound',
+])
+
CreateHiddenServiceOutput = collections.namedtuple('CreateHiddenServiceOutput', [
'path',
'hostname',
@@ -1494,6 +1500,46 @@ class Controller(BaseController):
else:
raise ValueError("Unable to resolve tor's pid" if self.is_localhost() else "Tor isn't running locally")
+ def is_user_traffic_allowed(self):
+ """
+ Checks if we're likely to service direct user traffic. This essentially
+ boils down to...
+
+ * If we're a bridge or guard relay, inbound connections are possibly from
+ users.
+
+ * If our exit policy allows traffic then output connections are possibly
+ from users.
+
+ Note the word 'likely'. These is a decent guess in practice, but not always
+ correct. For instance, information about which flags we have are only
+ fetched periodically.
+
+ This method is intended to help you avoid eavesdropping on user traffic.
+ Monitoring user connections is not only unethical, but likely a violation
+ of wiretapping laws.
+
+ .. versionadded:: 1.5.0
+
+ :returns: **namedtuple** with an **inbound** and **outbound** boolean
+ attribute to indicate if we're likely to have user traffic there
+ """
+
+ inbound_allowed, outbound_allowed = False, False
+
+ if self.get_conf('BridgeRelay', None) == '1':
+ inbound_allowed = True
+
+ if self.get_conf('ORPort', None):
+ if not inbound_allowed:
+ consensus_entry = self.get_network_status(default = None)
+ inbound_allowed = consensus_entry and 'Guard' in consensus_entry.flags
+
+ exit_policy = self.get_exit_policy(None)
+ outbound_allowed = exit_policy and exit_policy.is_exiting_allowed()
+
+ return UserTrafficAllowed(inbound_allowed, outbound_allowed)
+
@with_default()
def get_microdescriptor(self, relay = None, default = UNDEFINED):
"""
More information about the tor-commits
mailing list