Page MenuHomePhabricator

create an unMessage onion-grater profile
Open, NormalPublic

Description

Should be added here:

https://github.com/Whonix/onion-grater/tree/master/usr/share/onion-grater/examples

file name: 40_unmessage.yml

The following profile is a guess from https://github.com/meejah/txtorcon/issues/215#issuecomment-290079835 which may be useful for developer testing so a production profile can be provided. Untested.

---
- exe-paths:
    - '*'
  users:
    - '*'
  hosts:
    - '*'
  commands
    GETCONF:
    ## Just added to have something in GETCONF.
    ## TODO: Try to remove or add something that is actually required.
    - SocksPort
    GETINFO:
    - events/names
    - signal/names
    - config/names
    GETCONF:
      - 'DisableNetwork'
    ADD_ONION:
    ## TODO: Needs to be locked down like other profiles.
    - '.*'
    DEL_ONION:
      - '.+'
    USEFEATURE:
    - EXTENDED_EVENTS
  events:
    STATUS_CLIENT:
      suppress: true
    HS_DESC:
      suppress: false

Details

Impact
Normal

Event Timeline

Patrick created this task.Mar 30 2017, 4:11 AM
dau added a comment.May 28 2017, 7:40 PM

Here is an update, based on the profile you provided and Ricochet's:

---
- exe-paths:
    - '*'
  users:
    - '*'
  hosts:
    - '*'
  commands:
    GETCONF:
      - DisableNetwork
      - SocksPort
    GETINFO:
      - events/names
      - signal/names
      - config/names
    ADD_ONION:
      - pattern:     'NEW:(\S+) Port=11887,\S+:(\S+)'
        replacement: 'NEW:{} Port=11887,{client-address}:{}'
      - pattern:     '(\S+):(\S+) Port=11887,\S+:(\S+)'
        replacement: '{}:{} Port=11887,{client-address}:{}'
    DEL_ONION:
      - '.+'
    USEFEATURE:
      - EXTENDED_EVENTS
  events:
    STATUS_CLIENT:
      suppress: true
    HS_DESC:
      suppress: false

I logged the commands that txtorcon send while starting/stopping unMessage creating a new peer:

PROTOCOLINFO 1
AUTHENTICATE
GETINFO signal/names
GETINFO version
GETINFO events/names
USEFEATURE EXTENDED_EVENTS
SETEVENTS CONF_CHANGED
GETINFO config/names
GETCONF DisableNetwork
ADD_ONION NEW:BEST Port=11887,10.137.3.28:11887
SETEVENTS HS_DESC CONF_CHANGED
SETEVENTS CONF_CHANGED
DEL_ONION <onion>

As well as when starting/stopping using an existing user:

PROTOCOLINFO 1
AUTHENTICATE
GETINFO signal/names
GETINFO version
GETINFO events/names
USEFEATURE EXTENDED_EVENTS
SETEVENTS CONF_CHANGED
GETINFO config/names
GETCONF DisableNetwork
ADD_ONION <alg>:<key> Port=11887,10.137.3.28:11887
SETEVENTS HS_DESC CONF_CHANGED
SETEVENTS CONF_CHANGED
DEL_ONION <onion>

(I talked to rxcomm and we picked 11887 as the new port instead of 50000. I looked in the page you had linked and searched on the internet and did not find other services using it.)

I am going to ask meejah if SocksPort is really needed because it does not seem to be used. I am not sure if it should, but it does not send any command to connect to other peers.

This profile works: I was able to send/receive requests as well as regular messages. Is there anything else that should be removed from it?

Thanks!

dau added a comment.May 30 2017, 10:32 PM

I talked to meejah and GETCONF SOCKSPort is only issued when it fails to use the port that was provided or the default ones. I think we could allow that and leave it up to txtorcon to query the process the right SOCKS port. That will make it easier for us to implement the automatic Tor process handling (one less thing to ask the user).

Patrick added a comment.EditedMay 30 2017, 11:44 PM

Looks good!

I would have to see a log of communication of onion-grater. As well as Tor's reply to GETCONF SOCKSPort. Just to be able to see if the output contains anything the workstation should better not know.

Could you add it here please? https://github.com/Whonix/onion-grater/tree/master/usr/share/onion-grater-merger/examples