tor/contrib/or-tools/exitlist
Nick Mathewson 9230bc7c65 Clean the contrib directory with torch and machete.
We've accumulated a lot of cruft in this directory over the years: so
much, that it passed the point of being so disorganized that we no
longer browsed through it to see how bad it had gotten.

This patch (based on changes by rl1987) tries to remove the most
useless items, and split the others into reasonable directories.  It
creates a new scripts/ directory for maint and test scripts.

This patch was generated with the script below.  No other changes are made in
this patch.

#############
# new directories
mkdir -p contrib/test-tools
mkdir -p contrib/or-tools
mkdir -p contrib/dirauth-tools
mkdir -p contrib/operator-tools
mkdir -p contrib/client-tools
mkdir -p contrib/test-tools
mkdir -p contrib/dist
mkdir -p contrib/dist/suse
mkdir -p contrib/win32build

mkdir -p scripts/maint
mkdir -p scripts/test

############
# Deleted -- nobody who wants this is going to be looking for it here any
# longer.  Also, nobody wants it.
git rm contrib/auto-naming/README

# Deleted: We no longer do polipo.
git rm contrib/polipo/Makefile.mingw
git rm contrib/polipo/README
git rm contrib/polipo/polipo-mingw.nsi

# We haven't even tried to run this for ages. It is a relic of a bygone era
git rm contrib/mdd.py

# contrib/dir-tools/directory-archive/
# Tools for running a directory archive. No longer used - deleting them.
git rm contrib/directory-archive/crontab.sample
git rm contrib/directory-archive/fetch-all
git rm contrib/directory-archive/fetch-all-v3
git rm contrib/directory-archive/tar-them-up
git rm contrib/directory-archive/fetch-all-functions
git rm contrib/directory-archive/sort-into-month-folder

# This appears to be related to very old windows packaging stuff.
git rm contrib/bundle.nsi
git rm contrib/package_nsis-weasel.sh
git rm contrib/package_nsis.sh
git rm contrib/netinst.nsi
git rm contrib/torinst32.ico
git rm contrib/xenobite.ico

# This should not be needed for cross-compilation any more, should it?
git rm contrib/cross.sh

# I don't think anyone ever used this.
git rm contrib/make-signature.sh

# These are attempts to send tor controller commands from the command-line.
# They don't support modern authentication.
git rm contrib/tor-ctrl.sh

# this is for fetching about a tor server from a dirauth. But it
# doesn't authenticate the dirauth: yuck.
git rm contrib/sd

# wow, such unused, very perl4.
git rm contrib/tor-stress

####### contrib/dirauth-tools/
# Tools for running a directory authority

git mv contrib/add-tor contrib/dirauth-tools/
git mv contrib/nagios-check-tor-authority-cert contrib/dirauth-tools/

#######
# contrib/or-tools/
# Tools for examining relays
git mv contrib/check-tor contrib/or-tools/check-tor
git mv contrib/checksocks.pl contrib/or-tools/checksocks.pl
git mv contrib/exitlist contrib/or-tools/exitlist

#######
# contrib/operator-tools

# Tools for running a relay.
git mv contrib/linux-tor-prio.sh contrib/operator-tools/linux-tor-prio.sh
git mv contrib/tor-exit-notice.html contrib/operator-tools/tor-exit-notice.html
git mv contrib/tor.logrotate.in contrib/operator-tools/

######
# contrib/dist

git mv contrib/rc.subr contrib/dist/
git mv contrib/tor.sh.in contrib/dist/
git mv contrib/torctl.in contrib/dist/
git mv contrib/suse/* contrib/dist/suse/

######
# client-tools
git mv contrib/torify contrib/client-tools/torify
git mv contrib/tor-resolve.py contrib/client-tools/

######
# win32build

git mv contrib/package_nsis-mingw.sh contrib/win32build/
git mv contrib/tor.nsi.in contrib/win32build/
# Erinn didn't ask for this...
git mv contrib/tor-mingw.nsi.in contrib/win32build/
git mv contrib/tor.ico contrib/win32build/

######
# scripts/test
git mv contrib/cov-blame scripts/test/cov-blame
git mv contrib/cov-diff scripts/test/cov-diff
git mv contrib/coverage scripts/test/coverage
git mv contrib/scan-build.sh scripts/test/

######## scripts/maint
# Maintainance scripts
#
# These are scripts for developers to use when hacking on Tor.  They mostly
# look at the Tor source in one way or another.
git mv contrib/findMergedChanges.pl scripts/maint/findMergedChanges.pl
git mv contrib/checkOptionDocs.pl scripts/maint/checkOptionDocs.pl
git mv contrib/checkSpace.pl scripts/maint/checkSpace.pl
git mv contrib/redox.py scripts/maint/redox.py
git mv contrib/updateVersions.pl scripts/maint/updateVersions.pl
git mv contrib/checkLogs.pl scripts/maint/checkLogs.pl
git mv contrib/format_changelog.py scripts/maint/
2014-04-28 11:34:53 -04:00

324 lines
8.8 KiB
Python
Executable File

#!/usr/bin/python
# Copyright 2005-2006 Nick Mathewson
# See the LICENSE file in the Tor distribution for licensing information.
# Requires Python 2.2 or later.
"""
exitlist -- Given a Tor directory on stdin, lists the Tor servers
that accept connections to given addreses.
example usage:
cat ~/.tor/cached-descriptors* | python exitlist 18.244.0.188:80
You should look at the "FetchUselessDescriptors" and "FetchDirInfoEarly"
config options in the man page.
Note that this script won't give you a perfect list of IP addresses
that might connect to you using Tor.
False negatives:
- Some Tor servers might exit from other addresses than the one they
publish in their descriptor.
False positives:
- This script just looks at the descriptor lists, so it counts relays
that were running a day in the past and aren't running now (or are
now running at a different address).
See https://check.torproject.org/ for an alternative (more accurate!)
approach.
"""
#
# Change this to True if you want more verbose output. By default, we
# only print the IPs of the servers that accept any the listed
# addresses, one per line.
#
VERBOSE = False
#
# Change this to True if you want to reverse the output, and list the
# servers that accept *none* of the listed addresses.
#
INVERSE = False
#
# Change this list to contain all of the target services you are interested
# in. It must contain one entry per line, each consisting of an IPv4 address,
# a colon, and a port number. This default is only used if we don't learn
# about any addresses from the command-line.
#
ADDRESSES_OF_INTEREST = """
1.2.3.4:80
"""
#
# YOU DO NOT NEED TO EDIT AFTER THIS POINT.
#
import sys
import re
import getopt
import socket
import struct
import time
assert sys.version_info >= (2,2)
def maskIP(ip,mask):
return "".join([chr(ord(a) & ord(b)) for a,b in zip(ip,mask)])
def maskFromLong(lng):
return struct.pack("!L", lng)
def maskByBits(n):
return maskFromLong(0xffffffffl ^ ((1L<<(32-n))-1))
class Pattern:
"""
>>> import socket
>>> ip1 = socket.inet_aton("192.169.64.11")
>>> ip2 = socket.inet_aton("192.168.64.11")
>>> ip3 = socket.inet_aton("18.244.0.188")
>>> print Pattern.parse("18.244.0.188")
18.244.0.188/255.255.255.255:1-65535
>>> print Pattern.parse("18.244.0.188/16:*")
18.244.0.0/255.255.0.0:1-65535
>>> print Pattern.parse("18.244.0.188/2.2.2.2:80")
2.0.0.0/2.2.2.2:80-80
>>> print Pattern.parse("192.168.0.1/255.255.00.0:22-25")
192.168.0.0/255.255.0.0:22-25
>>> p1 = Pattern.parse("192.168.0.1/255.255.00.0:22-25")
>>> import socket
>>> p1.appliesTo(ip1, 22)
False
>>> p1.appliesTo(ip2, 22)
True
>>> p1.appliesTo(ip2, 25)
True
>>> p1.appliesTo(ip2, 26)
False
"""
def __init__(self, ip, mask, portMin, portMax):
self.ip = maskIP(ip,mask)
self.mask = mask
self.portMin = portMin
self.portMax = portMax
def __str__(self):
return "%s/%s:%s-%s"%(socket.inet_ntoa(self.ip),
socket.inet_ntoa(self.mask),
self.portMin,
self.portMax)
def parse(s):
if ":" in s:
addrspec, portspec = s.split(":",1)
else:
addrspec, portspec = s, "*"
if addrspec == '*':
ip,mask = "\x00\x00\x00\x00","\x00\x00\x00\x00"
elif '/' not in addrspec:
ip = socket.inet_aton(addrspec)
mask = "\xff\xff\xff\xff"
else:
ip,mask = addrspec.split("/",1)
ip = socket.inet_aton(ip)
if "." in mask:
mask = socket.inet_aton(mask)
else:
mask = maskByBits(int(mask))
if portspec == '*':
portMin = 1
portMax = 65535
elif '-' not in portspec:
portMin = portMax = int(portspec)
else:
portMin, portMax = map(int,portspec.split("-",1))
return Pattern(ip,mask,portMin,portMax)
parse = staticmethod(parse)
def appliesTo(self, ip, port):
return ((maskIP(ip,self.mask) == self.ip) and
(self.portMin <= port <= self.portMax))
class Policy:
"""
>>> import socket
>>> ip1 = socket.inet_aton("192.169.64.11")
>>> ip2 = socket.inet_aton("192.168.64.11")
>>> ip3 = socket.inet_aton("18.244.0.188")
>>> pol = Policy.parseLines(["reject *:80","accept 18.244.0.188:*"])
>>> print str(pol).strip()
reject 0.0.0.0/0.0.0.0:80-80
accept 18.244.0.188/255.255.255.255:1-65535
>>> pol.accepts(ip1,80)
False
>>> pol.accepts(ip3,80)
False
>>> pol.accepts(ip3,81)
True
"""
def __init__(self, lst):
self.lst = lst
def parseLines(lines):
r = []
for item in lines:
a,p=item.split(" ",1)
if a == 'accept':
a = True
elif a == 'reject':
a = False
else:
raise ValueError("Unrecognized action %r",a)
p = Pattern.parse(p)
r.append((p,a))
return Policy(r)
parseLines = staticmethod(parseLines)
def __str__(self):
r = []
for pat, accept in self.lst:
rule = accept and "accept" or "reject"
r.append("%s %s\n"%(rule,pat))
return "".join(r)
def accepts(self, ip, port):
for pattern,accept in self.lst:
if pattern.appliesTo(ip,port):
return accept
return True
class Server:
def __init__(self, name, ip, policy, published, fingerprint):
self.name = name
self.ip = ip
self.policy = policy
self.published = published
self.fingerprint = fingerprint
def uniq_sort(lst):
d = {}
for item in lst: d[item] = 1
lst = d.keys()
lst.sort()
return lst
def run():
global VERBOSE
global INVERSE
global ADDRESSES_OF_INTEREST
if len(sys.argv) > 1:
try:
opts, pargs = getopt.getopt(sys.argv[1:], "vx")
except getopt.GetoptError, e:
print """
usage: cat ~/.tor/cached-routers* | %s [-v] [-x] [host:port [host:port [...]]]
-v verbose output
-x invert results
""" % sys.argv[0]
sys.exit(0)
for o, a in opts:
if o == "-v":
VERBOSE = True
if o == "-x":
INVERSE = True
if len(pargs):
ADDRESSES_OF_INTEREST = "\n".join(pargs)
servers = []
policy = []
name = ip = None
published = 0
fp = ""
for line in sys.stdin.xreadlines():
if line.startswith('router '):
if name:
servers.append(Server(name, ip, Policy.parseLines(policy),
published, fp))
_, name, ip, rest = line.split(" ", 3)
policy = []
published = 0
fp = ""
elif line.startswith('fingerprint') or \
line.startswith('opt fingerprint'):
elts = line.strip().split()
if elts[0] == 'opt': del elts[0]
assert elts[0] == 'fingerprint'
del elts[0]
fp = "".join(elts)
elif line.startswith('accept ') or line.startswith('reject '):
policy.append(line.strip())
elif line.startswith('published '):
date = time.strptime(line[len('published '):].strip(),
"%Y-%m-%d %H:%M:%S")
published = time.mktime(date)
if name:
servers.append(Server(name, ip, Policy.parseLines(policy), published,
fp))
targets = []
for line in ADDRESSES_OF_INTEREST.split("\n"):
line = line.strip()
if not line: continue
p = Pattern.parse(line)
targets.append((p.ip, p.portMin))
# remove all but the latest server of each IP/Nickname pair.
latest = {}
for s in servers:
if (not latest.has_key((s.fingerprint))
or s.published > latest[(s.fingerprint)]):
latest[s.fingerprint] = s
servers = latest.values()
accepters, rejecters = {}, {}
for s in servers:
for ip,port in targets:
if s.policy.accepts(ip,port):
accepters[s.ip] = s
break
else:
rejecters[s.ip] = s
# If any server at IP foo accepts, the IP does not reject.
for k in accepters.keys():
if rejecters.has_key(k):
del rejecters[k]
if INVERSE:
printlist = rejecters.values()
else:
printlist = accepters.values()
ents = []
if VERBOSE:
ents = uniq_sort([ "%s\t%s"%(s.ip,s.name) for s in printlist ])
else:
ents = uniq_sort([ s.ip for s in printlist ])
for e in ents:
print e
def _test():
import doctest, exitparse
return doctest.testmod(exitparse)
#_test()
run()