Arm Release 1.4.0

Hans Schnehl torvallenator at gmail.com
Tue Dec 7 02:07:13 UTC 2010


On Mon, Dec 06, 2010 at 10:25:39AM -0800, Damian Johnson wrote:
> Hazaa, many thanks for the patches! Committed with the exception of
> sockstat2 (see below).
> 
> http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2
> 
> > One unrelated problem I noticed is that Arm tends to show local
> > connections as Outbound.
> 
> Netstat, lsof, etc doesn't include a notion of the directionality of a
> connection, so I'm using the local port to determine if it's inbound
> or outbound. If it matches the ORPort or DirPort then it's inbound,
> otherwise it's outbound (line 323 of the connPanel.py [1]). Do you
> know a smarter way of handling this?

> 
> I'm familiar with Linux's chroot jail environments (where this works),
> but not that details of what the bsd counterpart does.
> 
> > Given that the connection doesn't leave the system, replacing
> > the Tor jail IP address with the public IP address of the gateway
> > is a bit confusing.
> 
> Sorry, I'm not following. Why isn't the tor connection leaving the
> system? I'm using the results of 'GETINFO address' which tends to be a
> lot more helpful than showing the ip on the local network (though I
> can include an option to display the local address instead if you'd
> like).

FreeBSD jails resemble linux jails mainly by name :), and most probably
have an own IP somewhere within  RFC 1918. 
This IP serves as the internal adress to  the jail when
called from a local subnet, and may show  multiple connections to the SocksPort,
usually IP:9050. 
This is, what it looks like:
[Host's public gateway IP address scrubbed]:9050  -->  <scrubbed>  0.0s (OUTBOUND)
And what it 'SHOULD NEITHER' but with proper IP  look like:
[Jail's private  IP address scrubbed]:9050  -->  <scrubbed>  0.0s (OUTBOUND)

These connections are 'inbound' to the jail's SocksPort from the host or a  private 
subnet.


> 
> > Also, when running Arm outside the Tor jail, the Tor
> > configuration file isn't found.
> 
> See the "features.pathPrefix" entry in the sample armrc [2]. It's
> specifically for jail environments (arm will otherwise also be failing
> to find tor's state, log file, and some other resources used to
> prepopulate data). If you have a suggestion for an automatic method
> for determining the jail path then I'm all ears.
> 
> > so arm is trying to read a torrc on the host in the location it knows
> > which is displayed from the jail, but is ignoring the jail flag.
> 
> I'm attempting to read the torrc from the location Tor reports (via
> 'GETINFO config-file'), using the features.pathPrefix as... well, a
> path prefix. I'm not familiar with a method of getting the jail path
> for Linux jails. Is this information available for bsd jails?
> 
> I'm happy to help with a patch to autodetect for bsd jails if you have
> a suggestion for how.
>
'GETINFO config-file' will show the  path to torrc from within the jail. 
So arm tries to read:
/path/to/torrc
The location from the host though would be 
/path/to/jail/path/to/torrc

Reading the file in that way, I believe, is not a good idea.

All this only applies for systems running Tor in a jail and arm from the
host. 
Arm works nicely with Tor if both are  running on the same host or
inside a jail on FreeBSD. 



   

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list