On Mon, Dec 06, 2010 at 10:25:39AM -0800, Damian Johnson wrote: > Hazaa, many thanks for the patches! Committed with the exception of > sockstat2 (see below). > > http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2 > > > One unrelated problem I noticed is that Arm tends to show local > > connections as Outbound. > > Netstat, lsof, etc doesn't include a notion of the directionality of a > connection, so I'm using the local port to determine if it's inbound > or outbound. If it matches the ORPort or DirPort then it's inbound, > otherwise it's outbound (line 323 of the connPanel.py [1]). Do you > know a smarter way of handling this?
> > I'm familiar with Linux's chroot jail environments (where this works), > but not that details of what the bsd counterpart does. > > > Given that the connection doesn't leave the system, replacing > > the Tor jail IP address with the public IP address of the gateway > > is a bit confusing. > > Sorry, I'm not following. Why isn't the tor connection leaving the > system? I'm using the results of 'GETINFO address' which tends to be a > lot more helpful than showing the ip on the local network (though I > can include an option to display the local address instead if you'd > like). FreeBSD jails resemble linux jails mainly by name :), and most probably have an own IP somewhere within RFC 1918. This IP serves as the internal adress to the jail when called from a local subnet, and may show multiple connections to the SocksPort, usually IP:9050. This is, what it looks like: [Host's public gateway IP address scrubbed]:9050 --> <scrubbed> 0.0s (OUTBOUND) And what it 'SHOULD NEITHER' but with proper IP look like: [Jail's private IP address scrubbed]:9050 --> <scrubbed> 0.0s (OUTBOUND) These connections are 'inbound' to the jail's SocksPort from the host or a private subnet. > > > Also, when running Arm outside the Tor jail, the Tor > > configuration file isn't found. > > See the "features.pathPrefix" entry in the sample armrc [2]. It's > specifically for jail environments (arm will otherwise also be failing > to find tor's state, log file, and some other resources used to > prepopulate data). If you have a suggestion for an automatic method > for determining the jail path then I'm all ears. > > > so arm is trying to read a torrc on the host in the location it knows > > which is displayed from the jail, but is ignoring the jail flag. > > I'm attempting to read the torrc from the location Tor reports (via > 'GETINFO config-file'), using the features.pathPrefix as... well, a > path prefix. I'm not familiar with a method of getting the jail path > for Linux jails. Is this information available for bsd jails? > > I'm happy to help with a patch to autodetect for bsd jails if you have > a suggestion for how. > 'GETINFO config-file' will show the path to torrc from within the jail. So arm tries to read: /path/to/torrc The location from the host though would be /path/to/jail/path/to/torrc Reading the file in that way, I believe, is not a good idea. All this only applies for systems running Tor in a jail and arm from the host. Arm works nicely with Tor if both are running on the same host or inside a jail on FreeBSD. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/