Opened 7 years ago

Closed 21 months ago

#3378 closed task (wontfix)

Tor 0.2.3.x and tor-fw-helper

Reported by: runa Owned by: ioerror
Priority: Medium Milestone:
Component: Archived/Torouter Version:
Severity: Normal Keywords:
Cc: weasel, ioerror Actual Points:
Parent ID: #20747 Points:
Reviewer: Sponsor:

Description

I'm opening a new ticket for this because #3374 is getting busy. Jake wants us to ship Tor 0.2.3.x with tor-fw-helper for the Torouter. Quoting from the other ticket:

We'll also need the most recent 0.2.3.x Tor release as a Debian package, specifically we need to build it with tor-fw-helper. This means that we need to package the upnp and natpmp shared libraries.

And below are some comments and questions from IRC:

< weasel> Runa: do you know the difference between and/or advantages of libnatpmp over libminiupnpc?

< weasel> Runa: if all it needs is libminiupnpc, then I can easily add that to the build dependencies of the wheezy and sid packages.

< weasel> Runa: if http://packages.debian.org/search?keywords=libminiupnpc-dev really is the lib it uses.

< weasel> Runa: if it also wants libnatpmp, whatever that is, then somebody needs to package it first

< weasel> Runa: also, the tor-fw-helper thing could really do with some documentation as to what the libs are needed for. I can *guess*, but I shouldn't have to.

< rransom> libnatpmp and libminiupnpc serve the same purpose, so you shouldn't need both.

I have no idea what we need to have Tor 0.2.3.x with tor-fw-helper. Let's figure it out here, and leave #3374 for other Torouter-related stuff.

Child Tickets

Change History (18)

comment:1 in reply to:  description Changed 7 years ago by rransom

Replying to runa:

< rransom> libnatpmp and libminiupnpc serve the same purpose, so you shouldn't need both.

I was wrong: libnatpmp is an implementation of the NAT-PMP protocol, which is entirely different from UPnP. NAT-PMP is Apple's alternative to UPnP.

comment:2 Changed 7 years ago by cypherpunks

Right, we need both libraries because the upstream author wrote them as two separate libraries. tor-fw-helper can be built with one or both but for Torouter, we'll need both when we start to test it.

comment:3 Changed 7 years ago by Sebastian

libnatpmp changed its API rendering it incompatible with what we use in tor at least twice since we implemented the --enable-nat-pmp option. Tor currently can't build with that option and a recent version of libnatpmp.

comment:4 Changed 7 years ago by cypherpunks

You want to ship the most experimental of tor software with a device that will be in users hands? This is a bad idea.

comment:5 in reply to:  3 Changed 7 years ago by cypherpunks

Replying to Sebastian:

libnatpmp changed its API rendering it incompatible with what we use in tor at least twice since we implemented the --enable-nat-pmp option. Tor currently can't build with that option and a recent version of libnatpmp.

I'm starting to wonder if we should just fork the most simple library and call it a day. What a bummer.

comment:6 in reply to:  4 Changed 7 years ago by cypherpunks

Replying to cypherpunks:

You want to ship the most experimental of tor software with a device that will be in users hands? This is a bad idea.

We need features that are only in the 0.2.3.x branch.

comment:7 Changed 7 years ago by ioerror

I fixed the libnatpmp issue - it was a two line fix. I'll see if arma will merge my fix tonight.

comment:8 Changed 7 years ago by ioerror

Here's more information on my libnatpmp fix:
https://trac.torproject.org/projects/tor/ticket/3434

comment:9 Changed 7 years ago by ioerror

This appears to be the proper package for upnp support:
http://packages.debian.org/search?keywords=libminiupnpc5

This is an older library that may work for natpmp support:
http://packages.debian.org/search?keywords=libnatpmp0

comment:10 Changed 7 years ago by ioerror

This is the dev version of the upnp lib:
http://packages.debian.org/squeeze-backports/libminiupnpc-dev

comment:11 Changed 7 years ago by ioerror

I've used the libminiupnpc-dev library to build tor-fw-helper - so we've got that under control. I'm experimenting with a Tor package for 0.2.3.x that weasel built and seeing if I can build it with tor-fw-helper and libminiupnpc-dev.

Sadly, I tried:

root@torouter:~/src/tor# apt-get install -t experimental libnatpmp0

And while I have natpmp:

root@torouter:~/src/tor# dpkg -L libnatpmp0
/.
/usr
/usr/bin
/usr/bin/natpmpc
/usr/share
/usr/share/doc
/usr/share/doc/libnatpmp0
/usr/share/doc/libnatpmp0/changelog.Debian.gz
/usr/share/doc/libnatpmp0/changelog.gz
/usr/share/doc/libnatpmp0/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/natpmpc.1.gz
/usr/lib
/usr/lib/libnatpmp.so.0
/usr/lib/libnatpmp.a

I'm missing the headers that make that shared library useful:

configure:7337: checking for libnatpmp directory
configure:7393: gcc -o conftest -g -O2  -I${top_srcdir}/src/common  conftest.c -lpthread -ldl  -lnatpmp >&5
conftest.c:52:20: error: natpmp.h: No such file or directory
conftest.c: In function 'main':
conftest.c:57: error: 'natpmp_t' undeclared (first use in this function)
conftest.c:57: error: (Each undeclared identifier is reported only once
conftest.c:57: error: for each function it appears in.)
conftest.c:57: error: expected ';' before 'natpmp'
conftest.c:58: error: 'natpmpresp_t' undeclared (first use in this function)
conftest.c:58: error: expected ';' before 'response'
conftest.c:59: error: 'natpmp' undeclared (first use in this function)

If I install that libnatpmp package and I manually copy over natpmp.h to /usr/include/natpmp.h - everything works:

root@torouter:~/src/tor# ./src/tools/tor-fw-helper/tor-fw-helper  -v -g
V: tor-fw-helper version 0.1
V: We were called with the following arguments:
V: verbose = 1, help = 0, pub or port = 0, priv or port = 0
V: pub dir port =  0, priv dir port = 0
V: fetch_public_ip = 1
V: We have no DirPort; no hole punching for DirPorts
V: pub or port = 0, priv or port = 0
V: pub dir port =  0, priv dir port = 0
tor-fw-helper: UPnP GetValidIGD returned: 1 (SUCCESS)
V: natpmp init...
tor-fw-helper: natpmp initialized...
tor-fw-helper: 2 NAT traversal helper(s) loaded
V: tor_fw_fetch_public_ip
V: running backend_state now: 0
V: size of backend state: 2388
V: backend state name: miniupnp
tor-fw-helper: ExternalIPAddress = 1.2.3.4
tor-fw-helper: tor_fw_fetch_public_ip backend miniupnp  returned: 0
V: running backend_state now: 1
V: size of backend state: 76
V: backend state name: natpmp
tor-fw-helper: NAT-PMP sendpublicaddressrequest returned 2 (SUCCESS)
V: NAT-PMP attempting to read reponse...
V: NAT-PMP readnatpmpresponseorretry returned 0
tor-fw-helper: ExternalIPAddress = 1.2.3.4
V: result = 0
V: type = 0
V: resultcode = 0
V: epoch = 1308613613
tor-fw-helper: tor_fw_fetch_public_ip backend natpmp  returned: 0
tor-fw-helper: SUCCESS

Also on my DreamPlug this is how long it takes to build Tor:

real	8m53.998s
user	8m0.860s
sys	0m8.380s

However, please note that my natpmp patch *must* be applied for tor-fw-helper to build with natpmp support. I think we need to merge that patch and call it the absolute minimum version of the library we support.

So perhaps we can file a bug against the natpmp package or ask for a libnatpmp0-dev package and then we're good to go?

Here's my current sources.list file:

root@torouter:~# cat /etc/apt/sources.list
deb http://ftp.de.debian.org/pub/debian/ squeeze main non-free contrib
deb-src http://ftp.de.debian.org/pub/debian/ squeeze main non-free contrib
deb http://security.debian.org/ squeeze/updates main

# experimental for natpmp
deb http://ftp.debian.org/debian experimental main
deb-src http://ftp.debian.org/debian experimental main

# backports for upnp
deb http://backports.debian.org/debian-backports squeeze-backports main

# Tor project repo
deb http://deb.torproject.org/torproject.org/ squeeze main
deb-src http://deb.torproject.org/torproject.org squeeze main

comment:12 Changed 7 years ago by ioerror

Trying to build the Debian package with dpkg-buildpackage -us -uc -d results in the following error:

config.status: executing depfiles commands
target="doc/tor.1.in"; base="${target%%.1.in}"; \
		a2x -f manpage "$base".1.txt && \
		if [ -e "$base".1 ]; then mv "$base".1 "$base".1.in; \
		elif [ -e "$base".8 ]; then mv "$base".8 "$base".1.in; \
		else echo >&2 "No output produced by a2px?" && exit 1; fi
/bin/sh: a2x: not found
make: *** [doc/tor.1.in] Error 127
dpkg-buildpackage: error: debian/rules build gave error exit status 2

Sadly, I can't free up enough room to build Tor with asciidoc and adding the following to debian/rules didn't seem to fix that build issue:

{{{ --enable-nat-pmp \

--enable-upnp \
--disable-asciidoc

}}}

comment:13 Changed 7 years ago by ioerror

Err I mean:

 --enable-nat-pmp \
 --enable-upnp \
 --disable-asciidoc

comment:14 Changed 7 years ago by ioerror

I think Weasel has or will manually patch the Tor package in the deb repo to build against these packages.

comment:16 Changed 7 years ago by murble

I've built with libminiupnpc-dev / libminiupnpc5 and ./tor-fw-helper -v -g works fine. The router here is a very common router in the UK (sky adsl router: vendor/model/firmwareversion Sagemcom/F@ST2304/5.14.6.1a4N).

When built with libnatpmp-dev / libnatpmp1 i get the following:

tor-0.2.3.3-alpha/src/tools/tor-fw-helper$ ./tor-fw-helper -v -g

V: tor-fw-helper version 0.1

V: We were called with the following arguments:

V: verbose = 1, help = 0, pub or port = 0, priv or port = 0

V: pub dir port = 0, priv dir port = 0

V: fetch_public_ip = 1

V: We have no DirPort; no hole punching for DirPorts

V: pub or port = 0, priv or port = 0

V: pub dir port = 0, priv dir port = 0

V: natpmp init...

tor-fw-helper: natpmp initialized...

tor-fw-helper: 1 NAT traversal helper(s) loaded

V: tor_fw_fetch_public_ip

V: running backend_state now: 0

V: size of backend state: 76

V: backend state name: natpmp

tor-fw-helper: NAT-PMP sendpublicaddressrequest returned 2 (SUCCESS)

V: NAT-PMP attempting to read reponse...

V: NAT-PMP readnatpmpresponseorretry returned -7

E: NAT-PMP readnatpmpresponseorretry failed -7

E: NAT-PMP errno=111 'Connection refused'

E: NAT-PMP It appears that something went wrong: -7

tor-fw-helper: tor_fw_fetch_public_ip backend natpmp returned: -7

tor-fw-helper: FAILURE

The test programme included with the libnatpmp1 package also fails with the following:

/usr/bin/natpmpc

initnatpmp() returned 0 (SUCCESS)

using gateway : 10.82.23.1

sendpublicaddressrequest returned 2 (SUCCESS)

readnatpmpresponseorretry returned -7 (FAILED)

readnatpmpresponseorretry() failed : the gateway does not support nat-pmp

errno=111 'Connection refused'

The same router when built with the libminiupnpc-dev lib:

./tor-fw-helper -g -v

V: tor-fw-helper version 0.1

V: We were called with the following [arguments:V arguments:]

[arguments:V]: verbose = 1, help = 0, pub or port = 0, priv or port = 0V: pub dir port = 0, priv dir port = 0

V: fetch_public_ip = 1

V: We have no DirPort; no hole punching for ! DirPorts

V: pub or port = 0, priv or port = 0

V: pub dir port = 0, priv dir port = 0

tor-fw-helper: UPnP GetValidIGD returned: 1 (SUCCESS)

tor-fw-helper: 1 NAT traversal helper(s) loaded

V: tor_fw_fetch_public_ip

V: running backend_state now: 0

V: size of backend state: 2388

V: backend state name: miniupnptor-fw-helper: ExternalIPAddress = [censored]

tor-fw-helper: tor_fw_fetch_public_ip backend miniupnp returned: 0

tor-fw-helper: SUCCESS

Without any further investigation it my guess is that libnatpmp-dev is a less complete library.

comment:17 Changed 7 years ago by ioerror

It looks like the library is fine but that your router doesn't support NATPMP - that's OK, I think.

comment:18 Changed 21 months ago by irl

Parent ID: #20747
Resolution: wontfix
Severity: Normal
Status: newclosed

Were this to be an active project, which it currently is not, it would be using a modern Tor. Closing as no longer relevant. See also #20747.

Note: See TracTickets for help on using tickets.