Arm Release 1.4.0
Hans Schnehl
torvallenator at gmail.com
Tue Dec 7 02:07:13 UTC 2010
On Mon, Dec 06, 2010 at 10:25:39AM -0800, Damian Johnson wrote:
> Hazaa, many thanks for the patches! Committed with the exception of
> sockstat2 (see below).
>
> http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2
>
> > One unrelated problem I noticed is that Arm tends to show local
> > connections as Outbound.
>
> Netstat, lsof, etc doesn't include a notion of the directionality of a
> connection, so I'm using the local port to determine if it's inbound
> or outbound. If it matches the ORPort or DirPort then it's inbound,
> otherwise it's outbound (line 323 of the connPanel.py [1]). Do you
> know a smarter way of handling this?
>
> I'm familiar with Linux's chroot jail environments (where this works),
> but not that details of what the bsd counterpart does.
>
> > Given that the connection doesn't leave the system, replacing
> > the Tor jail IP address with the public IP address of the gateway
> > is a bit confusing.
>
> Sorry, I'm not following. Why isn't the tor connection leaving the
> system? I'm using the results of 'GETINFO address' which tends to be a
> lot more helpful than showing the ip on the local network (though I
> can include an option to display the local address instead if you'd
> like).
FreeBSD jails resemble linux jails mainly by name :), and most probably
have an own IP somewhere within RFC 1918.
This IP serves as the internal adress to the jail when
called from a local subnet, and may show multiple connections to the SocksPort,
usually IP:9050.
This is, what it looks like:
[Host's public gateway IP address scrubbed]:9050 --> <scrubbed> 0.0s (OUTBOUND)
And what it 'SHOULD NEITHER' but with proper IP look like:
[Jail's private IP address scrubbed]:9050 --> <scrubbed> 0.0s (OUTBOUND)
These connections are 'inbound' to the jail's SocksPort from the host or a private
subnet.
>
> > Also, when running Arm outside the Tor jail, the Tor
> > configuration file isn't found.
>
> See the "features.pathPrefix" entry in the sample armrc [2]. It's
> specifically for jail environments (arm will otherwise also be failing
> to find tor's state, log file, and some other resources used to
> prepopulate data). If you have a suggestion for an automatic method
> for determining the jail path then I'm all ears.
>
> > so arm is trying to read a torrc on the host in the location it knows
> > which is displayed from the jail, but is ignoring the jail flag.
>
> I'm attempting to read the torrc from the location Tor reports (via
> 'GETINFO config-file'), using the features.pathPrefix as... well, a
> path prefix. I'm not familiar with a method of getting the jail path
> for Linux jails. Is this information available for bsd jails?
>
> I'm happy to help with a patch to autodetect for bsd jails if you have
> a suggestion for how.
>
'GETINFO config-file' will show the path to torrc from within the jail.
So arm tries to read:
/path/to/torrc
The location from the host though would be
/path/to/jail/path/to/torrc
Reading the file in that way, I believe, is not a good idea.
All this only applies for systems running Tor in a jail and arm from the
host.
Arm works nicely with Tor if both are running on the same host or
inside a jail on FreeBSD.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list