Opened 6 years ago

Last modified 3 years ago

#5213 needs_review task

enable tor-fw-helper

Reported by: ioerror Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: flashproxy, MikePerry201402R
Cc: chiiph, amontero@…, david.filiatrault@…, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please try to enable tor-fw-helper in the next round of building Tor bundles. Please enable both natpmp and upnpc.

Child Tickets

TicketStatusOwnerSummaryComponent
#13338closedyawningRewrite tor-fw-helper in Go (or another memory-safe language)Core Tor/Tor

Change History (20)

comment:1 Changed 6 years ago by ioerror

Cc: chiiph added

We should also ask Thomas if we're doing this in a reasonable manner. What say you? :)

comment:2 Changed 6 years ago by Sebastian

We can do that for the alpha bundles, not regular TBB yet as neither Tor 0.2.2.x has the tor-fw-helper stuff nor does Vidalia yet have support for configuring it at all. We could try building the fw-helper stuff in TBBs with alpha tor, but until Vidalia learns to deal with them they'd be dead binaries basically

comment:3 Changed 6 years ago by ioerror

Just for the record:

       PortForwarding 0|1
           Attempt to automatically forward the DirPort and ORPort on a NAT
           router connecting this Tor server to the Internet. If set, Tor will
           try both NAT-PMP (common on Apple routers) and UPnP (common on
           routers from other manufacturers). (Default: 0)

       PortForwardingHelper filename|pathname
           If PortForwarding is set, use this executable to configure the
           forwarding. If set to a filename, the system path will be searched
           for the executable. If set to a path, only the specified path will
           be executed. (Default: tor-fw-helper)

comment:4 Changed 6 years ago by karsten

See also #4959. Should we close either this or that ticket?

comment:5 Changed 5 years ago by Sebastian

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

comment:6 in reply to:  5 Changed 5 years ago by karsten

Replying to Sebastian:

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

Makes sense.

Can we ship the extra binaries in the bridge/relay/exit bundles?

comment:7 Changed 5 years ago by Sebastian

yup

comment:8 in reply to:  5 Changed 4 years ago by arlolra

Replying to Sebastian:

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

For clients using Flashproxies, having the tor-fw-helper in the bundle would be quite useful. They need to accept incoming WebSocket connections so getting through NAT is important.

The build process for the pluggable transport bundles makes use of the latest released TBBs, only adding the extra necessary configuration and components. Unfortunately, at the moment, compiling tor-fw-helper seems pretty tightly coupled to tor.

comment:9 Changed 4 years ago by dcf

Keywords: flashproxy added

comment:10 Changed 4 years ago by dcf

With #9033 done, the flash proxy transport is ready to use tor-fw-helper as soon as it's present in bundles. This has the potential to increase the number of people able to use the transport. There are probably more people with a UPnP-capable router than there are willing and able to do manual port forwarding.

comment:11 Changed 4 years ago by amontero

Cc: amontero@… added

comment:12 Changed 4 years ago by FireballDWF

Cc: david.filiatrault@… added

comment:14 Changed 4 years ago by dcf

I was manually testing miniupnpc and natpmp-utils, which use the same libraries that tor-fw-helper does and have Debian packages. I used a natpmpc command from the man page and it segfaulted :(

$ natpmpc -a 50000 50000 tcp
Segmentation fault

Anyone else interested in testing those libraries, here are some commands to try.

miniupnpc:

external-ip                             # uses UPnP to find external IP.
upnpc -a <your-lan-ip> 50000 50000 tcp  # adds a port forwarding
upnpc -l                                # lists port forwardings
upnpc -d 50000 tcp                      # deletes port forwarding

natpmp-utils:

natpmpc                                 # external IP
natpmpc -a 50000 50000 tcp              # adds a port forwarding
natpmpc -a 50000 50000 tcp 0            # deletes port forwarding

comment:16 Changed 4 years ago by mikeperry

Keywords: MikePerry201402R added

comment:17 Changed 4 years ago by mikeperry

This branch should be squashed and made to apply only to versions.beta and 3.6/beta bundles. I don't think we should even include tor-fw-helper in 3.5 if we can help it.

comment:18 Changed 4 years ago by dcf

For what it's worth, I didn't make the branch with the intention that it would be merged and I'm not asking for it to be merged. I don't think tor-fw-helper is ready for the flash proxy use case.

I made the bundles because I wanted to do a survey to see how likely it is to work for users, which survey (https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html) got a few replies and mixed results. The second survey without NAT-PMP (https://lists.torproject.org/pipermail/tor-qa/2014-February/000338.html) got just one reply (successful) on IRC that I am aware of. tor-fw-helper doesn't work for me at home. Forcing IPv4 was only for an experiment and may be a net loss, because IPv6 tunneling is one of the things that works to get around NAT.

comment:19 Changed 3 years ago by mcs

Cc: mcs added

comment:20 Changed 3 years ago by dcf

#13338 should be the tor-fw-helper that we ship. It is compatible and removes the libminiupnpc and libnatpmp code-quality worries. I think it's ready to go in an alpha. There's no integration branch for it yet.

Note: See TracTickets for help on using tickets.