This commit is contained in:
emdee 2022-11-09 12:31:08 +00:00
parent 6f3207f02e
commit fdab13e065
2 changed files with 24 additions and 25 deletions

View file

@ -207,7 +207,7 @@ def lYamlGoodNodes(sFile='/etc/tor/torrc-goodnodes.yaml'):
with open(sFile, 'rt') as oFd: with open(sFile, 'rt') as oFd:
o = yaml.safe_load(oFd) o = yaml.safe_load(oFd)
oGOOD_NODES = o oGOOD_NODES = o
if 'GuardNodes' in o[root].keys(): if 'GuardNodes' in o[oGOOD_ROOT].keys():
l += o[oGOOD_ROOT]['GuardNodes'] l += o[oGOOD_ROOT]['GuardNodes']
# yq '.Nodes.IntroductionPoints|.[]' < /etc/tor/torrc-goodnodes.yaml # yq '.Nodes.IntroductionPoints|.[]' < /etc/tor/torrc-goodnodes.yaml
return l return l
@ -453,22 +453,22 @@ def oMainArgparser(_=None):
help='proxy download connect timeout') help='proxy download connect timeout')
parser.add_argument('--good_nodes', type=str, parser.add_argument('--good_nodes', type=str,
default=os.path.join(ETC_DIR, '/torrc-goodnodes.yaml'), default=os.path.join(ETC_DIR, 'torrc-goodnodes.yaml'),
help="Yaml file of good nodes that should not be excluded") help="Yaml file of good nodes that should not be excluded")
parser.add_argument('--bad_nodes', type=str, parser.add_argument('--bad_nodes', type=str,
default=os.path.join(ETC_DIR, '/torrc-badnodes.yaml'), default=os.path.join(ETC_DIR, 'torrc-badnodes.yaml'),
help="Yaml file of bad nodes that should also be excluded") help="Yaml file of bad nodes that should also be excluded")
parser.add_argument('--contact', type=str, default='Empty,NoEmail', parser.add_argument('--contact', type=str, default='Empty,NoEmail',
help="comma sep list of conditions - Empty,NoEmail") help="comma sep list of conditions - Empty,NoEmail")
parser.add_argument('--bad_contacts', type=str, parser.add_argument('--bad_contacts', type=str,
default='/tmp/badcontacts.yaml', default=os.path.join(ETC_DIR, 'badcontacts.yaml'),
help="Yaml file of bad contacts that bad FPs are using") help="Yaml file of bad contacts that bad FPs are using")
parser.add_argument('--wait_boot', type=int, default=120, parser.add_argument('--wait_boot', type=int, default=120,
help="Seconds to wait for Tor to booststrap") help="Seconds to wait for Tor to booststrap")
parser.add_argument('--log_level', type=int, default=20, parser.add_argument('--log_level', type=int, default=20,
help="10=debug 20=info 30=warn 40=error") help="10=debug 20=info 30=warn 40=error")
parser.add_argument('--bad_sections', type=str, parser.add_argument('--bad_sections', type=str,
default='Hetzner,BadExit', default='MyBadExit',
help="sections of the badnodes.yaml to use, comma separated, '' BROKEN") help="sections of the badnodes.yaml to use, comma separated, '' BROKEN")
parser.add_argument('--white_onions', type=str, parser.add_argument('--white_onions', type=str,
default='', default='',
@ -479,8 +479,7 @@ def oMainArgparser(_=None):
help="Write the proof data of the included nodes to a YAML file") help="Write the proof data of the included nodes to a YAML file")
return parser return parser
def vwrite_badnodes(oArgs): def vwrite_badnodes(oArgs, oBAD_NODES):
global oBAD_NODES
if oArgs.bad_nodes: if oArgs.bad_nodes:
tmp = oArgs.bad_nodes +'.tmp' tmp = oArgs.bad_nodes +'.tmp'
bak = oArgs.bad_nodes +'.bak' bak = oArgs.bad_nodes +'.bak'
@ -492,8 +491,7 @@ def vwrite_badnodes(oArgs):
os.rename(oArgs.bad_nodes, bak) os.rename(oArgs.bad_nodes, bak)
os.rename(tmp, oArgs.bad_nodes) os.rename(tmp, oArgs.bad_nodes)
def vwrite_goodnodes(oArgs): def vwrite_goodnodes(oArgs, oGOOD_NODES):
global oGOOD_NODES
if oArgs.good_nodes: if oArgs.good_nodes:
tmp = oArgs.good_nodes +'.tmp' tmp = oArgs.good_nodes +'.tmp'
bak = oArgs.good_nodes +'.bak' bak = oArgs.good_nodes +'.bak'
@ -580,7 +578,7 @@ def iMain(lArgs):
relays = controller.get_server_descriptors() relays = controller.get_server_descriptors()
lProofGoodFps = [] tProofGoodFps = set()
iDnsContact = 0 iDnsContact = 0
lBadContactUrls = [] lBadContactUrls = []
iFakeContact = 0 iFakeContact = 0
@ -595,7 +593,7 @@ def iMain(lArgs):
continue continue
relay.fingerprint = relay.fingerprint.upper() relay.fingerprint = relay.fingerprint.upper()
sofar = f"G:{len(list(aProofUri.keys()))} U:{iDnsContact} F:{iFakeContact} BF:{len(exit_excludelist)} GF:{len(lProofGoodFps)} #{iR}" sofar = f"G:{len(list(aProofUri.keys()))} U:{iDnsContact} F:{iFakeContact} BF:{len(exit_excludelist)} GF:{len(tProofGoodFps)} #{iR}"
if not relay.exit_policy.is_exiting_allowed(): if not relay.exit_policy.is_exiting_allowed():
if sEXCLUDE_EXIT_KEY == 'ExcludeNodes': if sEXCLUDE_EXIT_KEY == 'ExcludeNodes':
LOG.debug(f"{relay.fingerprint} not an exit {sofar}") LOG.debug(f"{relay.fingerprint} not an exit {sofar}")
@ -603,14 +601,14 @@ def iMain(lArgs):
LOG.warn(f"{relay.fingerprint} not an exit {sofar}") LOG.warn(f"{relay.fingerprint} not an exit {sofar}")
# continue # continue
if relay.fingerprint in lProofGoodFps: if relay.fingerprint in tProofGoodFps:
# we already have it. # we already have it.
continue continue
if relay.fingerprint in aTRUST_DB: if relay.fingerprint in aTRUST_DB:
if aTRUST_DB[relay.fingerprint]['fps'] and \ if aTRUST_DB[relay.fingerprint]['fps'] and \
relay.fingerprint in aTRUST_DB[relay.fingerprint]['fps']: relay.fingerprint in aTRUST_DB[relay.fingerprint]['fps']:
lProofGoodFps += relay.fingerprint tProofGoodFps.add(relay.fingerprint)
continue continue
if relay.contact and b'dns-rsa' in relay.contact.lower(): if relay.contact and b'dns-rsa' in relay.contact.lower():
@ -676,7 +674,7 @@ def iMain(lArgs):
continue continue
# great contact had good fps and we are in them # great contact had good fps and we are in them
lProofGoodFps += b['fps'] tProofGoodFps.union(b['fps'])
if relay.fingerprint in aProofUri.keys(): if relay.fingerprint in aProofUri.keys():
# a cached entry # a cached entry
continue continue
@ -710,7 +708,7 @@ def iMain(lArgs):
if oArgs.torrc_output and exit_excludelist: if oArgs.torrc_output and exit_excludelist:
with open(oArgs.torrc_output, 'wt') as oFTorrc: with open(oArgs.torrc_output, 'wt') as oFTorrc:
oFTorrc.write(f"{sEXCLUDE_EXIT_KEY} {','.join(exit_excludelist)}\n") oFTorrc.write(f"{sEXCLUDE_EXIT_KEY} {','.join(exit_excludelist)}\n")
oFTorrc.write(f"{sINCLUDE_EXIT_KEY} {','.join(lProofGoodFps)}\n") oFTorrc.write(f"{sINCLUDE_EXIT_KEY} {','.join(tProofGoodFps)}\n")
oFTorrc.write(f"{sINCLUDE_GUARD_KEY} {','.join(o[oGOOD_ROOT]['GuardNodes'])}\n") oFTorrc.write(f"{sINCLUDE_GUARD_KEY} {','.join(o[oGOOD_ROOT]['GuardNodes'])}\n")
LOG.info(f"Wrote tor configuration to {oArgs.torrc_output}") LOG.info(f"Wrote tor configuration to {oArgs.torrc_output}")
oFTorrc.close() oFTorrc.close()
@ -722,14 +720,14 @@ def iMain(lArgs):
oFYaml.close() oFYaml.close()
global oBAD_NODES global oBAD_NODES
oBAD_NODES['BadNodes']['ExcludeNodes']['BadExit'] = exit_excludelist oBAD_NODES[oBAD_ROOT]['ExcludeNodes']['BadExit'] = exit_excludelist
global lKNOWN_NODNS global lKNOWN_NODNS
o[oBAD_ROOT]['ExcludeDomains'] = lKNOWN_NODNS oBAD_NODES[oBAD_ROOT]['ExcludeDomains'] = lKNOWN_NODNS
vwrite_badnodes(oArgs) vwrite_badnodes(oArgs, oBAD_NODES)
global oGOOD_NODES global oGOOD_NODES
oGOOD_NODES['GoodNodes']['Relays']['ExitNodes'] = lProofGoodFps oGOOD_NODES['GoodNodes']['Relays']['ExitNodes'] = tProofGoodFps
vwrite_goodnodes(oArgs) vwrite_goodnodes(oArgs, oGOOD_NODES)
retval = 0 retval = 0
try: try:
@ -744,9 +742,9 @@ def iMain(lArgs):
retval += 1 retval += 1
try: try:
if lProofGoodFps: if tProofGoodFps:
LOG.info(f"{sINCLUDE_EXIT_KEY} {len(lProofGoodFps)} good nodes") LOG.info(f"{sINCLUDE_EXIT_KEY} {len(tProofGoodFps)} good nodes")
controller.set_conf(sINCLUDE_EXIT_KEY, lProofGoodFps) controller.set_conf(sINCLUDE_EXIT_KEY, tProofGoodFps)
except stem.SocketClosed as e: except stem.SocketClosed as e:
LOG.error(f"Failed setting {sINCLUDE_EXIT_KEY} good exit nodes in Tor") LOG.error(f"Failed setting {sINCLUDE_EXIT_KEY} good exit nodes in Tor")
retval += 1 retval += 1
@ -765,8 +763,6 @@ def iMain(lArgs):
except InvalidRequest as e: except InvalidRequest as e:
# Unacceptable option value: Invalid router list. # Unacceptable option value: Invalid router list.
LOG.error(str(e)) LOG.error(str(e))
LOG.warn(f"lProofGoodFps: {lProofGoodFps}")
LOG.warn(f"{sEXCLUDE_EXIT_KEY}: {exit_excludelist}")
retval = 1 retval = 1
return retval return retval
except KeyboardInterrupt: except KeyboardInterrupt:

View file

@ -1,5 +1,8 @@
# -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 - # -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -
# from https://github.com/nusenu/trustor-poc
# with minor refactoring to make the code more Pythonic.
import os import os
import sys import sys
import datetime import datetime