/etc/tor-controlport-filter.d/whonix.yml
--- - match-exe-paths: - '*' match-users: - '*' match-hosts: - '*' commands: SIGNAL: - 'NEWNYM' GETINFO: - 'circuit-established' - 'status/circuit-established' - pattern: 'net/listeners/socks' response: - pattern: '250-net/listeners/socks=".*"' replacement: '250-net/listeners/socks="127.0.0.1:9150"' - 'version' - 'onions/current' ADD_ONION: - pattern: 'NEW:BEST Port=80,(176[0-5][0-9])' replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK' DEL_ONION: - '.+' confs: __owningcontrollerprocess: events: SIGNAL: suppress: true CONF_CHANGED: suppress: true HS_DESC: - pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)' replacement: '650 HS_DESC CREATED {} {} {} redacted {}' - pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*' replacement: '650 HS_DESC UPLOAD {} {} redacted redacted' - pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+' replacement: '650 HS_DESC UPLOADED {} {} redacted' - pattern: '.*' replacement: ''
./tor-controlport-filter --listen-address 0.0.0.0 --debug Tor control port filter started, listening on 0.0.0.0:9051 10.137.11.80:51904 (filter: whonix) connected: loaded filter: whonix Final rules: commands: ADD_ONION: - {pattern: 'NEW:BEST Port=80,(176[0-5][0-9])', replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK'} DEL_ONION: - {pattern: .+} GETCONF: - {pattern: (__owningcontrollerprocess)} GETINFO: - {pattern: circuit-established} - {pattern: status/circuit-established} - pattern: net/listeners/socks response: - {pattern: 250-net/listeners/socks=".*", replacement: '250-net/listeners/socks="127.0.0.1:9150"'} - {pattern: version} - {pattern: onions/current} SIGNAL: - {pattern: NEWNYM} events: CONF_CHANGED: {suppress: true} HS_DESC: - {pattern: 650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+), replacement: '650 HS_DESC CREATED {} {} {} redacted {}'} - {pattern: 650 HS_DESC UPLOAD (\S+) (\S+) .*, replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'} - {pattern: 650 HS_DESC UPLOADED (\S+) (\S+) .+, replacement: '650 HS_DESC UPLOADED {} {} redacted'} - {pattern: .*, replacement: ''} SIGNAL: {suppress: true} restrict-stream-events: false 10.137.11.80:51904 (filter: whonix): -> PROTOCOLINFO 1 10.137.11.80:51904 (filter: whonix): <- 250-PROTOCOLINFO 1 10.137.11.80:51904 (filter: whonix): <- 250-AUTH METHODS=NULL 10.137.11.80:51904 (filter: whonix): <- 250-VERSION Tor="0.2.8.9 (git-cabd4ef300c6b3d6)" 10.137.11.80:51904 (filter: whonix): <- 250 OK 10.137.11.80:51904 (filter: whonix): -> AUTHENTICATE 10.137.11.80:51904 (filter: whonix): <- 250 OK 10.137.11.80:51904 (filter: whonix): -> SETEVENTS SIGNAL CONF_CHANGED 10.137.11.80:51904 (filter: whonix): suppressed subscription to event 'SIGNAL' 10.137.11.80:51904 (filter: whonix): suppressed subscription to event 'CONF_CHANGED' 10.137.11.80:51904 (filter: whonix): <- 250 OK 10.137.11.80:51904 (filter: whonix): -> GETCONF __owningcontrollerprocess 10.137.11.80:51904 (filter: whonix): <- 250 __OwningControllerProcess 10.137.11.80:51904 (filter: whonix): -> GETINFO version 10.137.11.80:51904 (filter: whonix): <- (multi-line) 250-version=0.2.8.9 (git-cabd4ef300c6b3d6) 250 OK 10.137.11.80:51904 (filter: whonix): -> SETEVENTS HS_DESC SIGNAL CONF_CHANGED 10.137.11.80:51904 (filter: whonix) disconnected: client quit ---------------------------------------- Exception happened during processing of request from ('10.137.11.80', 51904) Traceback (most recent call last): File "/usr/lib/python3.4/socketserver.py", line 613, in process_request_thread self.finish_request(request, client_address) File "/usr/lib/python3.4/socketserver.py", line 344, in finish_request self.RequestHandlerClass(request, client_address, self) File "/usr/lib/python3.4/socketserver.py", line 669, in __init__ self.handle() File "./tor-controlport-filter", line 574, in handle restrict_stream_events File "./tor-controlport-filter", line 456, in handle_controlport_session update_event_subscriptions(events) File "./tor-controlport-filter", line 393, in update_event_subscriptions if not rule.get('suppress', False) or \ AttributeError: 'list' object has no attribute 'get' ----------------------------------------
related code:
def rewrite_line(replacers, line): builtin_replacers = { 'client-address': client_address[0], 'client-port': str(client_address[1]), 'server-address': server_address[0], 'server-port': str(server_address[1]), } terminator = '' if line[-2:] == "\r\n": terminator = "\r\n" line = line[:-2] for r in replacers: match = re.match(r['pattern'] + "$", line) if match: return r['replacement'].format( *match.groups(), **builtin_replacers ) + terminator raise NoRewriteMatch()
Bug reported here and waiting for reply from anonym:
https://mailman.boum.org/pipermail/tails-dev/2016-November/011053.html