Expose TOR_PT_OUTBOUND_BIND_ADDRESS_{V4,V6} to Pluggable Transports.

This patch adds support for exposing the environment variables
`TOR_PT_OUTBOUND_BIND_ADDRESS_V4` and `TOR_PT_OUTBOUND_BIND_ADDRESS_V6` to
Pluggable Transport proccesses. These two values will contain the IPv4
and IPv6 address that the user have specified in torrc that they wish
the PT to use for all outgoing IP packets.

It is important to note here that it is up to the indvidual Pluggable
Transport if they are willing to honor these values or ignore them
completely.

One can test this feature using the following dummy PT written in POSIX
shell script:

    #!/bin/sh

    echo "LOG SEVERITY=warning MESSAGE=\"Value for IPv4: ${TOR_PT_OUTBOUND_BIND_ADDRESS_V4}\""
    echo "LOG SEVERITY=warning MESSAGE=\"Value for IPv6: ${TOR_PT_OUTBOUND_BIND_ADDRESS_V6}\""

    while true ; do
        sleep 1
    done

with the following entries in your torrc:

    OutboundBindAddressPT 203.0.113.4
    OutboundBindAddress 203.0.113.5
    OutboundBindAddressPT 2001:db8::4
    OutboundBindAddress 2001:db8::5

See: https://bugs.torproject.org/5304
This commit is contained in:
Alexander Færøy 2019-07-02 20:21:13 +02:00 committed by David Goulet
parent 69c1a4ebc3
commit 5f61e19d8a
4 changed files with 83 additions and 1 deletions

6
changes/bug5304 Normal file
View File

@ -0,0 +1,6 @@
o Minor features (pluggable transports):
- Added option OutboundBindAddressPT to torrc. This option allows users to
specify which IPv4 and IPv6 address they want pluggable transports to use
for outgoing IP packets. Tor does not have a way to enforce that the pluggable
transport honors this option so each pluggable transport will have to
implement support for this feature. Closes ticket 5304.

View File

@ -189,7 +189,7 @@ problem function-size /src/feature/client/entrynodes.c:entry_guard_parse_from_st
problem file-size /src/feature/client/entrynodes.h 700 problem file-size /src/feature/client/entrynodes.h 700
problem function-size /src/feature/client/transports.c:handle_proxy_line() 108 problem function-size /src/feature/client/transports.c:handle_proxy_line() 108
problem function-size /src/feature/client/transports.c:parse_method_line_helper() 110 problem function-size /src/feature/client/transports.c:parse_method_line_helper() 110
problem function-size /src/feature/client/transports.c:create_managed_proxy_environment() 111 problem function-size /src/feature/client/transports.c:create_managed_proxy_environment() 140
problem function-size /src/feature/control/control.c:connection_control_process_inbuf() 113 problem function-size /src/feature/control/control.c:connection_control_process_inbuf() 113
problem function-size /src/feature/control/control_auth.c:handle_control_authenticate() 186 problem function-size /src/feature/control/control_auth.c:handle_control_authenticate() 186
problem function-size /src/feature/control/control_cmd.c:handle_control_extendcircuit() 150 problem function-size /src/feature/control/control_cmd.c:handle_control_extendcircuit() 150

View File

@ -1447,6 +1447,37 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
*/ */
smartlist_add_asprintf(envs, "TOR_PT_EXIT_ON_STDIN_CLOSE=1"); smartlist_add_asprintf(envs, "TOR_PT_EXIT_ON_STDIN_CLOSE=1");
/* Specify which IPv4 and IPv6 addresses the PT should make its outgoing
* connections from. See: https://bugs.torproject.org/5304 for more
* information about this. */
{
/* Set TOR_PT_OUTBOUND_BIND_ADDRESS_V4. */
const tor_addr_t *ipv4_addr = managed_proxy_outbound_address(options,
AF_INET);
/* managed_proxy_outbound_address() only returns a non-NULL value if
* tor_addr_is_null() was false, which means we don't have to check that
* here. */
if (ipv4_addr) {
char *ipv4_addr_str = tor_addr_to_str_dup(ipv4_addr);
smartlist_add_asprintf(envs,
"TOR_PT_OUTBOUND_BIND_ADDRESS_V4=%s",
ipv4_addr_str);
tor_free(ipv4_addr_str);
}
/* Set TOR_PT_OUTBOUND_BIND_ADDRESS_V6. */
const tor_addr_t *ipv6_addr = managed_proxy_outbound_address(options,
AF_INET6);
if (ipv6_addr) {
char *ipv6_addr_str = tor_addr_to_str_dup(ipv6_addr);
smartlist_add_asprintf(envs,
"TOR_PT_OUTBOUND_BIND_ADDRESS_V6=[%s]",
ipv6_addr_str);
tor_free(ipv6_addr_str);
}
}
SMARTLIST_FOREACH_BEGIN(envs, const char *, env_var) { SMARTLIST_FOREACH_BEGIN(envs, const char *, env_var) {
set_environment_variable_in_smartlist(merged_env_vars, env_var, set_environment_variable_in_smartlist(merged_env_vars, env_var,
tor_free_, 1); tor_free_, 1);
@ -1919,3 +1950,46 @@ managed_proxy_severity_parse(const char *severity)
return -1; return -1;
} }
/** Return the outbound address from the given <b>family</b>. Returns NULL if
* the user haven't specified a specific outbound address in either
* OutboundBindAddress or OutboundBindAddressPT. */
STATIC const tor_addr_t *
managed_proxy_outbound_address(const or_options_t *options, sa_family_t family)
{
tor_assert(options);
const tor_addr_t *address = NULL;
int family_index;
switch (family) {
case AF_INET:
family_index = 0;
break;
case AF_INET6:
family_index = 1;
break;
default:
/* LCOV_EXCL_START */
tor_assert_unreached();
return NULL;
/* LCOV_EXCL_STOP */
}
/* We start by checking if the user specified an address in
* OutboundBindAddressPT. */
address = &options->OutboundBindAddresses[OUTBOUND_ADDR_PT][family_index];
if (! tor_addr_is_null(address))
return address;
/* We fallback to check if the user specified an address in
* OutboundBindAddress. */
address = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY][family_index];
if (! tor_addr_is_null(address))
return address;
/* The user have not specified a preference for outgoing connections. */
return NULL;
}

View File

@ -149,6 +149,8 @@ STATIC void managed_proxy_stderr_callback(process_t *, const char *, size_t);
STATIC bool managed_proxy_exit_callback(process_t *, process_exit_code_t); STATIC bool managed_proxy_exit_callback(process_t *, process_exit_code_t);
STATIC int managed_proxy_severity_parse(const char *); STATIC int managed_proxy_severity_parse(const char *);
STATIC const tor_addr_t *managed_proxy_outbound_address(const or_options_t *,
sa_family_t);
#endif /* defined(PT_PRIVATE) */ #endif /* defined(PT_PRIVATE) */