logo
IRC Archive / Oftc / #tor / 2010 / June / 19 / 1
jn
linux_dr: try google.com/ncr
_4get
linux_dr: or better https://www.google.com/ since it doesn't have region autoswitching yet
StrangeCharm
possibly offtopic: will https everywhere be coming to chrome?
_4get
StrangeCharm: https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof Ctrl+F intercept
StrangeCharm
_4get, quite different functionality: kb is dom-based, so results in quite a lot of leakage
_4get
StrangeCharm: not that, he explains the reason why it cannot be yet done the other way
StrangeCharm
_4get aah, i see. so noscript, https everywhere and so on will have to be firefox only for a while, it seems
_4get
StrangeCharm: even more disappointing is that HTTPS enforcement was implemented as a built-in feature half a year ago http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html
however this STS enforcement list in Chrome is not exposed neither directly to user nor to extensions API
they do have recommendation for such a feature in the draft, but only in a form of "advanced feature" http://lists.w3.org/Archives/Public/www-archive/2009Dec/att-0048/draft-hodges-strict-transport-sec-06.plain.html#ua-impl-advice
ilter
Hello everyone. I'm tracing circuit_send_next_onion_skin method in circuitbuild.c. And i'm trying to understand this if statement; "if (circ->cpath->state == CPATH_STATE_CLOSED)" . As far as i understood this if block is run only by OPs. Could you verify that please?
Any comment?
mib_yvy4ft
hi, the link on the front page links to a non-existing exe: https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.1.20-0.2.5.exe
also a question, i recall seeing a page that mentioned a setting where i could make my tor select relays only from a certain country?
_4get
mib_yvy4ft: http://www.torproject.org/tor-manual-dev.html.en EntryNodes ExitNodes StrictNodes
mib_yvy4ft
_4get: thanks, ill be reading that
_4get: strictnodes and country codes in config not yet supported says the log ;/
alk
mib_yvy4ft: using stable or unstable tor?
perhaps it's supported in unstable
also, you can manually add that functionality, there's a file with tor called geoip
which has a list of ip number to countries
mib_yvy4ft
how do i check which version i run?
alk
dunno :)
so you can either make some code to convert them
or do it manually
mib_yvy4ft
0.2.1.22 it says
alk
on the tor page there's the option to download stable ro unstable
ok it's just out of date :P
latest stable is 0.2.1.26
lastest unstable is 0.2.2.13-alpha
http://www.torproject.org/download.html.en
mib_yvy4ft
start page links to .25 which also is a dead link..
alk
lol
mib_yvy4ft
DLed the unstable one now
anyways, removed the country stuff and running with only excluding slowserver
:D
hmm i cant get tor/polipo to work over lan ;(
anybody know how i can check where in my chain it fails from my workstation browser all the way thru google.com so i can see where i get stopped at? atm i made polipo listen on 0.0.0.0 and allow ips pretty much all lan ips i have including 192.168.0.0/24 ect and still doesnt work
nsa
or: [Tor Bug Tracker & Wiki] #1564 was updated: #1564: Reported dirreq-v3-stats are 0.00% - http://trac.torproject.org/projects/tor/ticket/1564#comment:2
or: Comment(by mikeperry):
or: At a glance, I think the patch looks ok. though I still think this
or: probably should be computed offline using consensus docs.. The main reason[...]
or: [Tor Bug Tracker & Wiki] #1515 was updated: #1515: Torbutton shold enable firefox's "Private Browsing Mode" - http://trac.torproject.org/projects/tor/ticket/1515#comment:2
or: Changes (by elehack):
or: * cc: michael@& (added)
ilter
Is there any way to run a Tor deamon as a only relay? Not also client.
I see ClientOnly 0|1 options on Tor manual but it seems there isn't any option for RelayOnly etc.
rudi_s
ilter: Use SocksPort 0 in torrc, then nobody can use this relay as client.
ilter
rudi_s: Actually i'm tracing source codes and i put some logs to trace it well.
rudi_s: But unfortunately i'm confused on a point ..
rudi_s: In circuitbuild.c source code there is a method; "circuit_send_next_onion_skin". I couldn't get how it works.
rudi_s
ilter: Sorry, but I don't have any knowledge of Tor's source code.
ilter
rudi_s: Ok no problem, thank you for your concern.
rudi_s
np
Marco65
Does anybody know any servers I can use to protect my outgoing traffic?
nickm
ilter: If you set SocksPort to 0, that should be enough to run not-as-a-client.
(And TransPort, and DNSPort. But those default to 0)
Did you have a more specific question about circuit_send_next_onion() skin then just "how it works" ?
ilter
Hello nickm. Yes i have ..
nsa
or: [Tor Bug Tracker & Wiki] #1571 filed by user: #1571: broken exit node - http://trac.torproject.org/projects/tor/ticket/1571
or: Some exit node is stealing failed DNS requests and redirecting to
or: guide.opendns.com. I don't know which one or how to find out, I suggest
or: doing a full scan.
or: [I know this is probably the wrong place to report this. I won't report[...]
ilter
In this method there is an if statement; if (circ->cpath->state == CPATH_STATE_CLOSED). Does it means that this statement is run only by OPs and Guard nodes?
nickm
no.
so, it's only run on origin_circuit_t. There are two types that mean "circuit" in tor: origin_circuit_t, and or_circuit_t.
ilter
I'm tracing circuitbuild.c, and i'm trying to understand which methods are run by only Guard nodes?
nickm
Both are effectively subtypes of circuit_t.
origin_circuit_t is any circuit that we are originating ourselves.
*any* Tor can originate circuits, including OPs, guards, relays, exits, etc
[servers will typically originate circuits only to self-test]
or_circuit_t is a circuit that we are relaying for somebody else. Only servers have those.
ilter
But what about circ->cpath->state == CPATH_STATE_CLOSED)?
nickm
circ->cpath is a linked list of the hops in the circuit.
so circ->cpath is the first hop.
so circ->cpath->state is the state of the first hop
remember, Tor builds circuits one hop at a time, so...
... "if (circ->cpath->state == CPATH_STATE_CLOSED)" means "if the first hop of this circuit we are building isn't open yet".
ilter
So if there isn't first hop that means it which run this if statement is first node, ha
?
nickm
I don't understand.
(That statement was so ungrammatical I can't tell what you're asking.)
ilter
I mean; if circ->cpath->state is CPATH_STATE_CLOSED that means it's the first node. Am i wrong?
nickm
What "it"? Do you mean, "this Tor process" ?
ilter
Sorry for my english.
Yes exactly.
nickm
(no need to apologize; you speak English better than I speak any non-English language.)
so the answer is still "no".
ilter
Hmm.. So which e
nickm
If you enter circuit_send_next_onion_skin *AT ALL*, you have an origin_circuit_t.
ilter
*So which methods are run by only Guard nodes?
nickm
If you have an origin_circuit_t, then it is a circuit that you are creating yourself.
I think there are not many functions, if any, that only Guard nodes run.
ilter
"yourself" means for my client?
nickm
If a Tor process has an origin_circuit_t, that circuit is a circuit that is being built by that Tor process, and NOT a circuit that the Tor process is relaying for some other Tor.
ilter
What about circuit_extend method? If we assume that the certain number of nodes is 3 for a circuit, this method is run by only Guard and middle. Is it right?
nickm
Sure, with the caveat that it is possible for any server, including exits, to be used as a relay.
ilter
Yes that time the node which has a exit flag is used as a middle or a guard.
nickm
actually, I think circuit_extend is middle only.
ilter
What about guards?
nickm
If you're the first node, you don't get an EXTEND cell, you get a CREATE cell.
To be more specific, an EXTEND cell means "send this CREATE cell to the next hop"
so everybody gets a CREATE (or a CREATE_FAST) cell, but ...
ilter
But OPs send EXTEND cell to guards?
nickm
ah, never mind. Everybody but the last hop does indeed get an EXTEND cell
yes
ilter
So only nodes which is a guard or a middle position in a circuit can run this method, ha?
nickm
"ha" ?
ilter
I mean is it right by "ha"?
nickm
Oh. In that case, 'yes'.
ilter
Can we say that if cell_t->command is EXTEND in given parameters of circuit_extend method, that time this Tor process is used as a Guard node?
nickm
no
It could be a middle node.
The first node gets a CREATE cell to start the circuit.
Then it gets an EXTEND cell, and passes a CREATE cell to the second node.
Then it gets an unrecognized relay cell, which it passes to the second node. The second node decrypts it, recognizes that it has gotten an EXTEND cell, and passes a CREATE cell to the third node.