logs archiveIRC Archive / Oftc / #tor / 2009 / December / 4 / 1
karsten
julius_: i need the IP address in question, the rough time (if you know that), and the target address (if you're interested whether the relay was able to exit there).
you can leave out the target address.
Sebastian
julius_: hey
julius_
hey Sebastian!
Sebastian
julius_: do you need something? I'm about to head to bed, and I'm pretty high on painkillers so possibly not a good resource
arma
in theory karsten has it handled
julius_
Sebastian: karsten helped me :)
Sebastian
ah great
julius_
(Action) goes offline again *wave*
SwissTorExit
hi to everyone
sad i have miss Julius :/
hi Sebastian
hi karsten :P
god look the hell :/
but seem in progress :P
         

sve
does the tor client do any dns lookups for setting a circuit ? (not talking about applications and dns leaking etc.)
Sebastian
no
Sebastian_
So there is an addition to the safelogging config option
keb
saferlogging?
Sebastian_
now, instead of only being able to say 0 or 1 to safelog nothing or safelog everything, you can say client and relay, to select that you want to safelog relay-related or client-related log message. (For example, if you specify "relay", client-side messages won't be safelogged.) I'm looking for a good way to explain this in the manpage
It currently says:
If 1, Tor replaces potentially sensitive strings in the logs
(e.g. addresses) with the string [scrubbed]. This way logs can still be
useful, but they don't leave behind personally identifying information
about what sites a user might have visited. (Default: 1)
natice speakers, rise and shine :)
native even.
keb
sounds like the option should be renamed "ScrubLog" with parameter choice Off | Relay | Client
Sebastian_
Renaming the option is kind of bad because it breaks backward compatibility
keb
so the choice is now 0|1|client|relay ?
Sebastian_
you should never do that unless you really have to
the new choice is a combination of 0, 1, client, relay. Of course, some combinations make no sense, but "1" and "relay, client" are the same.
keb
well it could be deprecated etc but i suppose SafeLogging is still cool
what would 0,client mean
Sebastian_
client
the way it is currently implemented means that you always err on the safe side, so if someone says "1, relay" it means everything
and if someone says "0, 1, relay, client" it also means everything, and in any order, too.
keb
ah so 1,client would mean client ip addresses are shown
Sebastian_
no
it means both are hidden
keb
so 1,client is the same as 1
or same as 0,relay
Sebastian_
yes
erm, no
sorry
1, client is the same as 1
but 0,relay is the same as relay.
keb
maybe you can list the allowed combos
Sebastian_
all of them are allowed
sve
does tor allow using smtp using a specified server ?
keb
so the option "client" is not needed at all
Sebastian_
keb: but it is
specifying "client" means "everything related to client activity is safelogged"
"1" is not necessary, but is there because it means backwards compatible and it is a sane default for future additions
         

keb
sve smtp is allowed if you can find a node whose exitpolicy lets it through
1 should be mustually exclusive with any other option. you can't be "safe" and "not safe"
*mutually
Sebastian_
keb: I don't understand
keb
whereas "client" and "relay" specify refinements on 0
Sebastian_
Maybe you still didn't understand what the goal is here?
Or I'm doing a very poor job explaining it, which is quite possible
keb
(Action) rereads safelogging in manual
Sebastian_
The idea is that there are people like Sebastian_ who run a relay, but also use this relay for some client stuff like hidden service hosting. Those people might like to debug their hidden service, and thus disable safelogging for client-related log messages, while keeping everyone that uses their node as a relay safelogged.
We currently have a config option SafeLogging 0|1, and we want this to continue working like it works now.
We change the config option from a boolean to a list of allowed values, which are 0, 1, relay, client.
specifying "relay" means that relay-related log messages use safelogging, and client related messages do not.
client means that client-related log messages are safelogged, and relay related messages are not.
one and 0 are there so you can easily make sure safelogging is always used, or never used.
Does that make more sense?
(it is possible that later, more options are introduced. For example, "hidden service" could be another one)
sve
keb, would it possible to find such a exit node is there a list or something like that ?
keb
so relay and client are passthrough filters
like grep parameters
Sebastian_
yeah
keb
sve if you try to send email via tor, tor will route your request to an exit node that allows it
you dont have to pick a node yourself
to make the parameters kinda redundant looking but clearer, what if the syntax was +client for include client messages and -client for remove client messages
like apache configs
sve
oh cool
keb
wb
sve
is there any telnet client that can use tor as proxy ?
keb
with +client being equivalent to client
Sebastian_
keb: I think that makes it really hard to use. The option is called safelogging, so if you say relay, you safelog relay stuff
sve
explicitly manually doing telnet commands, not email client (since there is no manual control)
keb
hmm
he way you specifiy, "client" only means +client -relay, but "relay" means "+client +relay"
*the
er, no
argh
ok, your 4 line list works well
Sebastian_
keb: for an example of how this works, see PublishServerDescriptor
keb: when you say "relay" it means +relay -client
keb
yeah
Sebastian_
except it doesn't really mean -client, because it would never have safelogged client.
keb
but i still dont think 0,1,relay,client should be allowed
Sebastian_
Should I catch that and call the user an idiot?
keb
yeah
Sebastian_
hm
keb
because its often true
Sebastian_
I did it the same way PublishServerDescriptor does it; allow weird options and do something sane
keb
0 and 1 should never be both present as parameters
astechgeek
If you setup a relay through vidalia does the port need to be forwarded by any routers?
Sebastian_
astechgeek: yes
arma
astechgeek: is the port that you specified in vidalia reachable from the outside? if not, you need to do port forwarding.
Sebastian_
That port needs to be reachable from the outside world
heh.
keb: hrm, I don't think it is an issue.
sve
guys, can you tell me if there is a telnet client that supports proxies?
oops never mind, putty does have telnet i think,i'll check
Sebastian_
sve: see https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO
arma
sve: unlikely. but it should be easy to run telnet through torify.
Sebastian_
keb: if anything bad could happen, I'd agree that we should tell the user to spend more time reading the docs. But like this, hm.
keb
Sebastian_ how can it be legal to say "scrub ip addresses" and "dont scrub ip addresses" at the same time
sve
arma, ok looking up torify
keb
unless the parameters are positional
Sebastian_
depends how your logic works. If you say "We start out with scrubbing nothing. Then we add all the user's wishes on top of that. Ok, on top of not safelogging, we should not safelog. And on top of that, we should. So we have to safelog."
kind of like a bitfield works, but cannot flip bits off.
keb
in that case, what does "client,1,relay,0" mean?
Sebastian_
it means "1"
I mean, sure, I can make 0 and 1 special, so that you cannot specify anything but those two options
erm
what I meant is that you cannot specify anything else along with those options
if it is that big an issue, we should evaluate all the other uses of similary lists in config options
and do the same there
Before going there, I'd like to hear nickm's or arma's opinion, though. That's probably a bit of work
anyways now I still don't know what to put in the manpage :)
sve
is it possible to do mx records lookup or nslookup over tor ? is there a client that can do nslookup ? i know that
i know we can do dns resolving
Sebastian_
Not supported by the Tor protocol, but you can use web-based services of course
keb
i can see how (0|1) [relay] [client] works, but [0] [1] [relay] [client] with prioritizing of 1 over 0 is going to be confusing
sve
ok, good idea
Sebastian_
keb: I still argue that anyone specifying both 0 and 1 shouldn't be messing with the safelogging option in the first place
keb
exactly, it should throw an exception and the user out the window
Sebastian_
Most Tor options don't work that way. If they can continue in a sane way, they do.
keb
i think unlike PublishServerDescriptor there are two independent behaviours to be controlled: whether to include ip addresses, and which of client/relay lines to include
Sebastian_
hm?
keb
maybe we want to see client lines with ip addresses, and relay lines scrubbed
Sebastian_
right. Safelogging relay
I don't really understand what you were trying to say with two independent behaviours, though.
It is _always_ about whether to include ip addresses
keb
oic. how to do logging so that no client lines show up at all
Sebastian_
no client lines show up at all?
I don't see what you mean?
wait, this new behaviour is by no means a way to completely remove certain kinds of log messages
keb
ok
Sebastian_
it is _ONLY_ about replacing ip addresses/other sensitive information in log messages with [scrubbed]
anyways, time to sleep
will read backlog for more opinions, if there are any
:-)
keb
sorry about my confusion
Sebastian_
no problem, I probably worded it confusingly.
I am still interested in your opinion on this matter, maybe we'll see a patch to change the behaviour of some other config options, soon, too :-)
(now you know why I asked for help from someone else to describe the behaviour in the manpage ;p)
keb
hehe
astechgeek
will tor work as a relay with linux?
keb
http://www.torproject.org/docs/tor-doc-relay.html.en
astechgeek
yea it says 'but linux'
keb
hmm
astechgeek
then https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#RelayOS list linux as one that will work as a relay
keb
that should say "; however, Linux, FreeBSD 5.x+, OS X Tiger or later, and Windows Server 2003 or later work best."
astechgeek
okay, im going through the docs on setting up as a relay
and Im running Ubuntu
keb
excellent
nsa
or: phobos committed revision 21095 (/website/trunk/docs/en): clarify the relay OSes per keb's suggestion.
keb
beat me to it
nsa
or: phobos committed revision 21096 (/website/trunk/docs/en): fix punctionation, add in my favorite OS
keb
i was going to move the verb to the beginning of that clause as well, to disorient german readers ;)
astechgeek
okay Im getting some errors in my log
keb
are they informative and helpful
astechgeek
warning could not bind to 127.0.0.0:9050 already in use is tor already running?
keb
1) 127.0.0.0 is a network address, perhaps it should be 127.0.0.1
2) yeah tor might already be running
astechgeek
typo it is the loopback
keb
ps ax | grep tor
or, netstat -ln | grep 9050
astechgeek
netstat shows it's listening
keb
did you try to start it as a relay after it was already started as a client?
astechgeek
thats just what I was going to ask
I setup tor with the repos for my distro and downloaded the vidalia gui
would that be causing the problem?
keb
you just need to kill the currently running tor before starting a new one, using a command such as /etc/init.d/tor restart
er, with a sudo
astechgeek
i did sudo /etc/init.d/tor stop
keb
also, the tor packaged with distros is usually out of date, better to get the ones from the torproject repository
astechgeek
and started through vidalia
I just downloaded vidalia through the package manager
i downloaded the tor and geo thing from the torproject
nsa
or: phobos committed revision 21097 (/projects/todo): update status for some tasks
keb
astechgeek after you did sudo /etc/init.d/tor stop was there anything listening on 9050?
astechgeek
no
keb
maybe that log is from a previous problem
scream
.
nsa
or: arma committed revision 21098 (/website/trunk/docs/en): while we're tweaking it, tweak it some more
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:30:53 -0500 (EST) to torbutton/maint-1.2: Update design doc for 1.2.3.
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:12 -0500 (EST) to torbutton/master: Add my notes on FF3.5 audit plans and progress.
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:12 -0500 (EST) to torbutton/master: Finish pass one of audit (New FF3.5 features).
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:14 -0500 (EST) to torbutton/master: Implement prefetching of google cookies.
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:13 -0500 (EST) to torbutton/master: Basic implementation of cookie reset+xfer.
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:12 -0500 (EST) to torbutton/master: Document Private Browsing Mode review.
or: mikeperry@seul.org committed patch by Mike Perry <mikeperry-git@fscked.org> at Fri, 4 Dec 2009 01:44:14 -0500 (EST) to torbutton/master: Update code to xfer all google search cookies.
« prev 1 2 3 next »