Patrick Schleizer:
> Where I need to correct myself. The injected IP is probably difficult to
> add to a config file since IPs in Qubes will remain dynamic for some
> quite some time until Qubes 4.0. We'd need something like this.
>
> ADD_ONION:
> - pattern: 'NEW:BEST Port=80,(176[0-5][0-9])'
> replacement: 'NEW:BEST Port=80,<client i.e. workstation IP>:{}'
>
> (Where <workstation IP> is just used to illustrate. Not a syntax
> suggestion. Could be expressed with any other special chars.)
>
> Could you implement that please?
I hacked something together so that the following should work for you:
ADD_ONION:
- pattern: 'NEW:BEST Port=80,(176[0-5][0-9])'
replacement: 'NEW:BEST Port=80,{client-address}:{}'
See attached patch, but note that I haven't tested it (and not pushed
it, since the branch is up for review, and I won't have time to test it
for that). If there's some silly syntax error, I bet you can fix it
yourself. :)
Cheers!
From 66befb6a44fcdb1c8afccf0346de0007bd52ecd3 Mon Sep 17 00:00:00 2001
From: anonym <anonym@???>
Date: Sat, 12 Nov 2016 20:46:29 +0100
Subject: [PATCH] tor-controlport-filter: add "special" replacers.
Feature requested for Whonix.
---
.../usr/local/lib/tor-controlport-filter | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/config/chroot_local-includes/usr/local/lib/tor-controlport-filter b/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
index 480925a..28800e5 100755
--- a/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
+++ b/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
@@ -74,7 +74,13 @@
# * `replacement`: this rewrites the arguments. The value is a Python
# format string (str.format()) which will be given the match groups
# from the match of `pattern`. The rewritten command is then proxied
-# without the need to match any rule.
+# without the need to match any rule. There are also some special
+# patterns that will be replaced as follows:
+#
+# - {client-address}: the client's IP address
+# - {client-port}: the client's port
+# - {server-address}: the server's IP address
+# - {server-port}: the server's (listening) port
#
# * `response`: a list of dictionaries, where the `pattern` and
# `replacement` keys work exactly as for commands arguments, but now
@@ -251,7 +257,7 @@ def match_and_parse_filter(filters, matchers):
allowed_events, restrict_stream_events)
-def handle_controlport_session(controller, readh, writeh, client_desc, client_pid, allowed_commands, allowed_events, restrict_stream_events = False):
+def handle_controlport_session(controller, readh, writeh, client_desc, client_pid, client_address, server_address, allowed_commands, allowed_events, restrict_stream_events = False):
def _log(line, format_multiline=False, sep = ': '):
line = line.strip()
@@ -309,6 +315,14 @@ def handle_controlport_session(controller, readh, writeh, client_desc, client_pi
respond("510 Command filtered")
def rewrite_line(replacers, line):
+ builtin_replacers = (
+ ('{client-address}', client_address[0]),
+ ('{client-port}', client_address[1]),
+ ('{server-address}', server_address[0]),
+ ('{server-port}', server_address[1]),
+ )
+ for pattern, replacement in builtin_replacers:
+ line = line.replace(pattern, replacement)
terminator = ''
if line[-2:] == "\r\n":
terminator = "\r\n"
@@ -548,6 +562,7 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
try:
handle_controlport_session(controller, self.rfile, self.wfile,
client_desc, client_pid,
+ self.client_address, self.server_address,
allowed_commands, allowed_events,
restrict_stream_events
)
--
2.10.2
