2021-04-03 19:57:21 +02:00
|
|
|
package tunnel
|
2021-02-02 12:05:47 +01:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2021-04-05 16:38:25 +02:00
|
|
|
"errors"
|
2021-02-02 12:05:47 +01:00
|
|
|
"fmt"
|
2021-04-05 11:27:41 +02:00
|
|
|
"io"
|
2021-02-02 12:05:47 +01:00
|
|
|
"net/url"
|
2021-04-05 19:18:00 +02:00
|
|
|
"os"
|
2021-04-05 11:27:41 +02:00
|
|
|
"path/filepath"
|
2021-02-02 12:05:47 +01:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/cretz/bine/tor"
|
|
|
|
)
|
|
|
|
|
2021-04-05 11:27:41 +02:00
|
|
|
// torProcess is a running tor process.
|
2021-04-03 19:57:21 +02:00
|
|
|
type torProcess interface {
|
2021-04-05 11:27:41 +02:00
|
|
|
io.Closer
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
2021-04-03 19:57:21 +02:00
|
|
|
// torTunnel is the Tor tunnel
|
|
|
|
type torTunnel struct {
|
2021-04-03 21:25:08 +02:00
|
|
|
// bootstrapTime is the duration of the bootstrap
|
2021-02-02 12:05:47 +01:00
|
|
|
bootstrapTime time.Duration
|
2021-04-03 21:25:08 +02:00
|
|
|
|
|
|
|
// instance is the running tor instance
|
|
|
|
instance torProcess
|
|
|
|
|
|
|
|
// proxy is the SOCKS5 proxy URL
|
|
|
|
proxy *url.URL
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
2021-04-03 21:25:08 +02:00
|
|
|
// BootstrapTime returns the bootstrap time
|
2021-04-05 16:08:16 +02:00
|
|
|
func (tt *torTunnel) BootstrapTime() time.Duration {
|
|
|
|
return tt.bootstrapTime
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// SOCKS5ProxyURL returns the URL of the SOCKS5 proxy
|
2021-04-05 16:08:16 +02:00
|
|
|
func (tt *torTunnel) SOCKS5ProxyURL() *url.URL {
|
|
|
|
return tt.proxy
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Stop stops the Tor tunnel
|
2021-04-03 19:57:21 +02:00
|
|
|
func (tt *torTunnel) Stop() {
|
2021-04-05 16:08:16 +02:00
|
|
|
tt.instance.Close()
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
|
2021-04-05 16:38:25 +02:00
|
|
|
// ErrTorUnableToGetSOCKSProxyAddress indicates that we could not
|
|
|
|
// get the SOCKS proxy address via the control port.
|
|
|
|
var ErrTorUnableToGetSOCKSProxyAddress = errors.New(
|
|
|
|
"unable to get socks proxy address")
|
|
|
|
|
|
|
|
// ErrTorReturnedUnsupportedProxy indicates that tor returned to
|
|
|
|
// us the address of a proxy that we don't support.
|
|
|
|
var ErrTorReturnedUnsupportedProxy = errors.New(
|
|
|
|
"tor returned unsupported proxy")
|
|
|
|
|
2021-04-03 21:25:08 +02:00
|
|
|
// torStart starts the tor tunnel.
|
|
|
|
func torStart(ctx context.Context, config *Config) (Tunnel, error) {
|
2021-02-02 12:05:47 +01:00
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
|
|
|
return nil, ctx.Err() // allows to write unit tests using this code
|
|
|
|
default:
|
|
|
|
}
|
2021-04-05 11:27:41 +02:00
|
|
|
if config.TunnelDir == "" {
|
|
|
|
return nil, ErrEmptyTunnelDir
|
|
|
|
}
|
|
|
|
stateDir := filepath.Join(config.TunnelDir, "tor")
|
|
|
|
logfile := filepath.Join(stateDir, "tor.log")
|
2021-04-05 19:18:00 +02:00
|
|
|
maybeCleanupTunnelDir(stateDir, logfile)
|
2021-04-04 12:08:13 +02:00
|
|
|
extraArgs := append([]string{}, config.TorArgs...)
|
2021-02-02 12:05:47 +01:00
|
|
|
extraArgs = append(extraArgs, "Log")
|
|
|
|
extraArgs = append(extraArgs, "notice stderr")
|
|
|
|
extraArgs = append(extraArgs, "Log")
|
|
|
|
extraArgs = append(extraArgs, fmt.Sprintf(`notice file %s`, logfile))
|
2021-05-04 08:14:25 +02:00
|
|
|
// Implementation note: here we make sure that we're not going to
|
|
|
|
// execute a binary called "tor" in the current directory on Windows
|
|
|
|
// as documented in https://blog.golang.org/path-security.
|
|
|
|
exePath, err := config.execabsLookPath(config.torBinary())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
config.logger().Infof("tunnel: exec: %s %+v", exePath, extraArgs)
|
2021-04-03 21:25:08 +02:00
|
|
|
instance, err := config.torStart(ctx, &tor.StartConf{
|
2021-04-05 11:27:41 +02:00
|
|
|
DataDir: stateDir,
|
2021-02-02 12:05:47 +01:00
|
|
|
ExtraArgs: extraArgs,
|
2021-05-04 08:14:25 +02:00
|
|
|
ExePath: exePath,
|
2021-02-02 12:05:47 +01:00
|
|
|
NoHush: true,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
instance.StopProcessOnClose = true
|
|
|
|
start := time.Now()
|
2021-04-03 21:25:08 +02:00
|
|
|
if err := config.torEnableNetwork(ctx, instance, true); err != nil {
|
2021-02-02 12:05:47 +01:00
|
|
|
instance.Close()
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
stop := time.Now()
|
|
|
|
// Adapted from <https://git.io/Jfc7N>
|
2021-04-03 21:25:08 +02:00
|
|
|
info, err := config.torGetInfo(instance.Control, "net/listeners/socks")
|
2021-02-02 12:05:47 +01:00
|
|
|
if err != nil {
|
|
|
|
instance.Close()
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if len(info) != 1 || info[0].Key != "net/listeners/socks" {
|
|
|
|
instance.Close()
|
2021-04-05 16:38:25 +02:00
|
|
|
return nil, ErrTorUnableToGetSOCKSProxyAddress
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
|
|
|
proxyAddress := info[0].Val
|
|
|
|
if strings.HasPrefix(proxyAddress, "unix:") {
|
|
|
|
instance.Close()
|
2021-04-05 16:38:25 +02:00
|
|
|
return nil, ErrTorReturnedUnsupportedProxy
|
2021-02-02 12:05:47 +01:00
|
|
|
}
|
2021-04-03 19:57:21 +02:00
|
|
|
return &torTunnel{
|
2021-02-02 12:05:47 +01:00
|
|
|
bootstrapTime: stop.Sub(start),
|
|
|
|
instance: instance,
|
|
|
|
proxy: &url.URL{Scheme: "socks5", Host: proxyAddress},
|
|
|
|
}, nil
|
|
|
|
}
|
2021-04-05 19:18:00 +02:00
|
|
|
|
|
|
|
// maybeCleanupTunnelDir removes stale files inside
|
|
|
|
// of the tunnel directory.
|
|
|
|
func maybeCleanupTunnelDir(dir, logfile string) {
|
|
|
|
os.Remove(logfile)
|
|
|
|
removeWithGlob(filepath.Join(dir, "torrc-*"))
|
|
|
|
removeWithGlob(filepath.Join(dir, "control-port-*"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// removeWithGlob globs and removes files.
|
|
|
|
func removeWithGlob(pattern string) {
|
|
|
|
files, _ := filepath.Glob(pattern)
|
|
|
|
for _, file := range files {
|
|
|
|
os.Remove(file)
|
|
|
|
}
|
|
|
|
}
|