Merge pull request 'Clarified and Split Apart Environment Variables that alter port binding behaviour.' (#47) from whonix into master
continuous-integration/drone/push Build is pending
Details
continuous-integration/drone/push Build is pending
Details
Reviewed-on: #47 Reviewed-by: Dan Ballard <dan@openprivacy.ca>
This commit is contained in:
commit
1524e78a4a
|
|
@ -10,6 +10,8 @@ A library providing an ACN (Anonymous Communication Network
|
|||
## Environment Variables
|
||||
|
||||
- `TOR_LD_LIBRARY_PATH` - override the library path given to the Tor process as different from the one given to the parent process.
|
||||
- `CWTCH_RESTRICT_PORTS` - forces connectivity to bind to a subset of ports `15000-15378`
|
||||
- `CWTCH_BIND_EXTERNAL_WHONIX` - forces connectivity to bind to external interfaces (only supported/recommended on certain Whonix-based setups. Please open an issue if you think this should be expanded.)
|
||||
|
||||
## Requirements for ACN Support
|
||||
|
||||
|
|
@ -54,4 +56,4 @@ service:
|
|||
acn.Restart()
|
||||
and
|
||||
|
||||
acn.Close()
|
||||
acn.Close()
|
||||
|
|
|
|||
|
|
@ -270,9 +270,22 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
|
||||
var localListener net.Listener
|
||||
var err error
|
||||
if bineWhonix := os.Getenv("BINE_WHONIX"); strings.ToLower(bineWhonix) == "true" {
|
||||
|
||||
if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
|
||||
// for whonix like systems we tightly restrict possible listen...
|
||||
// pick a random port between 15000 and 15378
|
||||
// cwtch = 63 *77 *74* 63* 68 = 1537844616
|
||||
log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
|
||||
localport = 15000 + (localport % 378)
|
||||
}
|
||||
|
||||
if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
|
||||
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
|
||||
log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
|
||||
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
|
||||
} else {
|
||||
log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
} else {
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
|
|
@ -298,6 +311,8 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// We need to set os.ID here, otherwise os.Close() may not shut down the onion service properly...
|
||||
os.ID = onion
|
||||
os.CloseLocalListenerOnClose = true
|
||||
|
||||
ols := &onionListenService{os: os, tp: tp}
|
||||
|
|
|
|||
Loading…
Reference in New Issue