Page MenuHomePhabricator
Create Task
Maniphest T574

fix control-port-filter-python config to rewrite HS_DESC replies by Tor for onionshare support
Closed, ResolvedPublic
Actions

Description

/etc/tor-controlport-filter.d/whonix.yml

---
- match-exe-paths:
    - '*'
  match-users:
    - '*'
  match-hosts:
    - '*'
  commands:
    SIGNAL:
      - 'NEWNYM'
    GETINFO:
      - 'circuit-established'
      - 'status/circuit-established'
      - pattern: 'net/listeners/socks'
        response:
        - pattern:     '250-net/listeners/socks=".*"'
          replacement: '250-net/listeners/socks="127.0.0.1:9150"'
      - 'version'
      - 'onions/current'
    ADD_ONION:
      - pattern:     'NEW:BEST Port=80,(176[0-5][0-9])'
        replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK'
    DEL_ONION:
      - '.+'
  confs:
    __owningcontrollerprocess:
  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: true
    HS_DESC:
      - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
        replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
      - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
        replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
      - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
        replacement: '650 HS_DESC UPLOADED {} {} redacted'
      - pattern:     '.*'
        replacement: ''
./tor-controlport-filter --listen-address 0.0.0.0 --debug
Tor control port filter started, listening on 0.0.0.0:9051
10.137.11.80:51904 (filter: whonix) connected: loaded filter: whonix
Final rules:
commands:
  ADD_ONION:
  - {pattern: 'NEW:BEST Port=80,(176[0-5][0-9])', replacement: 'NEW:BEST
Port=80,{client-address}:{}
      Flags=DiscardPK'}
  DEL_ONION:
  - {pattern: .+}
  GETCONF:
  - {pattern: (__owningcontrollerprocess)}
  GETINFO:
  - {pattern: circuit-established}
  - {pattern: status/circuit-established}
  - pattern: net/listeners/socks
    response:
    - {pattern: 250-net/listeners/socks=".*", replacement:
'250-net/listeners/socks="127.0.0.1:9150"'}
  - {pattern: version}
  - {pattern: onions/current}
  SIGNAL:
  - {pattern: NEWNYM}
events:
  CONF_CHANGED: {suppress: true}
  HS_DESC:
  - {pattern: 650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+),
replacement: '650 HS_DESC
      CREATED {} {} {} redacted {}'}
  - {pattern: 650 HS_DESC UPLOAD (\S+) (\S+) .*, replacement: '650
HS_DESC UPLOAD
      {} {} redacted redacted'}
  - {pattern: 650 HS_DESC UPLOADED (\S+) (\S+) .+, replacement: '650
HS_DESC UPLOADED
      {} {} redacted'}
  - {pattern: .*, replacement: ''}
  SIGNAL: {suppress: true}
restrict-stream-events: false

10.137.11.80:51904 (filter: whonix): -> PROTOCOLINFO 1
10.137.11.80:51904 (filter: whonix): <- 250-PROTOCOLINFO 1
10.137.11.80:51904 (filter: whonix): <- 250-AUTH METHODS=NULL
10.137.11.80:51904 (filter: whonix): <- 250-VERSION Tor="0.2.8.9
(git-cabd4ef300c6b3d6)"
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> AUTHENTICATE
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> SETEVENTS SIGNAL CONF_CHANGED
10.137.11.80:51904 (filter: whonix): suppressed subscription to event
'SIGNAL'
10.137.11.80:51904 (filter: whonix): suppressed subscription to event
'CONF_CHANGED'
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> GETCONF __owningcontrollerprocess
10.137.11.80:51904 (filter: whonix): <- 250 __OwningControllerProcess
10.137.11.80:51904 (filter: whonix): -> GETINFO version
10.137.11.80:51904 (filter: whonix): <- (multi-line)
    250-version=0.2.8.9 (git-cabd4ef300c6b3d6)
    250 OK
10.137.11.80:51904 (filter: whonix): -> SETEVENTS HS_DESC SIGNAL
CONF_CHANGED
10.137.11.80:51904 (filter: whonix) disconnected: client quit
----------------------------------------
Exception happened during processing of request from ('10.137.11.80', 51904)
Traceback (most recent call last):
  File "/usr/lib/python3.4/socketserver.py", line 613, in
process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.4/socketserver.py", line 344, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.4/socketserver.py", line 669, in __init__
    self.handle()
  File "./tor-controlport-filter", line 574, in handle
    restrict_stream_events
  File "./tor-controlport-filter", line 456, in handle_controlport_session
    update_event_subscriptions(events)
  File "./tor-controlport-filter", line 393, in update_event_subscriptions
    if not rule.get('suppress', False) or \
AttributeError: 'list' object has no attribute 'get'
----------------------------------------

related code:

def rewrite_line(replacers, line):
    builtin_replacers = {
        'client-address': client_address[0],
        'client-port':    str(client_address[1]),
        'server-address': server_address[0],
        'server-port':    str(server_address[1]),
    }
    terminator = ''
    if line[-2:] == "\r\n":
        terminator = "\r\n"
        line = line[:-2]
    for r in replacers:
        match = re.match(r['pattern'] + "$", line)
        if match:
            return r['replacement'].format(
                *match.groups(), **builtin_replacers
            ) + terminator
    raise NoRewriteMatch()

Bug reported here and waiting for reply from anonym:
https://mailman.boum.org/pipermail/tails-dev/2016-November/011053.html

Details

Impact
Normal

Event Timeline

Patrick created this task.Dec 7 2016, 7:53 PM
Patrick added a comment.EditedDec 13 2016, 11:46 PM

Needed to add response: after HS_DESC: before - pattern:.

---
- match-exe-paths:
    - '*'
  match-users:
    - '*'
  match-hosts:
    - '*'
  commands:
    SIGNAL:
      - 'NEWNYM'
    GETINFO:
      - 'status/circuit-established'
      - 'version'
      - pattern: 'net/listeners/socks'
        response:
        - pattern:     '250-net/listeners/socks=".*"'
          replacement: '250-net/listeners/socks="127.0.0.1:9150"'
      - 'onions/current'
    ADD_ONION:
      - pattern:     'NEW:BEST Port=80,(176[0-5][0-9])'
        replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK'
    DEL_ONION:
      - '.+'
  confs:
    __owningcontrollerprocess:
  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: true
    HS_DESC:
      response:
        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
          replacement: '650 HS_DESC UPLOADED {} {} redacted'
        - pattern:     '.*'
          replacement: ''
Patrick closed this task as Resolved.Dec 14 2016, 12:36 AM
Patrick claimed this task.

Works.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer