Clean up and seperate flags
This commit is contained in:
parent
c9ea1e4464
commit
2c9ec9d894
|
@ -270,14 +270,23 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
|
||||
var localListener net.Listener
|
||||
var err error
|
||||
if bineWhonix := os.Getenv("BINE_WHONIX"); strings.ToLower(bineWhonix) == "true" {
|
||||
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
|
||||
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
|
||||
}
|
||||
|
||||
if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
|
||||
// for whonix like systems we tightly restrict possible listen...
|
||||
// pick a random port between 15300 and 15378
|
||||
// cwtch = 63 *77 *74* 63* 68 = 1537844616
|
||||
localport = 15300 + ((localport - 1024) % 78)
|
||||
log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
|
||||
localport = 15300 + (localport % 78)
|
||||
}
|
||||
|
||||
if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
|
||||
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
|
||||
log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
|
||||
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
|
||||
} else {
|
||||
log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
} else {
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue