[1/4] Tor: allow multiple countries to be selected for Exit relays
Commit Message
This extends the functionality of the Tor CGI in order to be able to
select multiple countries for possible Exit relays, which is - in terms
of anonymity - less worse than limiting all Tor circuits to a single
country.
For example, a user might want to avoid Exit relays in more than one
country, and permit Tor to use Exit relays elesewhere, and vice versa.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
html/cgi-bin/tor.cgi | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
Comments
Hello,
Great idea to extend the Tor add-on.
I believe we could have a brief blog article about this, too. Please do not forget to update the Wiki.
Before I merge this, I would like to have some feedback from someone who has tested this. I would like to have more people touching a patch before it is actually being merged, so that we can iron out problems earlier.
There must be some Tor users here :) Please test :)
-Michael
> On 4 Nov 2020, at 21:28, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> This extends the functionality of the Tor CGI in order to be able to
> select multiple countries for possible Exit relays, which is - in terms
> of anonymity - less worse than limiting all Tor circuits to a single
> country.
>
> For example, a user might want to avoid Exit relays in more than one
> country, and permit Tor to use Exit relays elesewhere, and vice versa.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> html/cgi-bin/tor.cgi | 26 +++++++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
> index 7447bd791..3db4bc22c 100644
> --- a/html/cgi-bin/tor.cgi
> +++ b/html/cgi-bin/tor.cgi
> @@ -2,7 +2,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2013-2019 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -319,9 +319,16 @@ END
> </tr>
> <tr>
> <td width='50%' colspan='2'>
> - <select name='TOR_EXIT_COUNTRY'>
> + <select name='TOR_EXIT_COUNTRY' multiple='multiple'>
> <option value=''>- $Lang::tr{'tor exit country any'} -</option>
> END
> +
> + # Convert Exit/Guard country strings into lists to make comparison easier
> + my @exit_countries;
> + if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
> + @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'});
> + }
> +
> my @country_codes = &Location::database_countries($db_handle);
> foreach my $country_code (@country_codes) {
> # Convert country code into upper case format.
> @@ -332,8 +339,8 @@ END
>
> print "<option value='$country_code'";
>
> - if ($settings{'TOR_EXIT_COUNTRY'} eq $country_code) {
> - print " selected";
> + if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
> + print " selected" if grep /$country_code/, @exit_countries;
> }
>
> print ">$country_name ($country_code)</option>\n";
> @@ -678,8 +685,17 @@ sub BuildConfiguration() {
>
> if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
> $strict_nodes = 1;
> + my $countrylist;
> +
> + for my $singlecountry (split(/\|/, $settings{'TOR_EXIT_COUNTRY'})) {
> + if ($countrylist eq '') {
> + $countrylist = "{" . lc $singlecountry . "}";
> + } else {
> + $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}";
> + }
> + }
>
> - print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
> + print FILE "ExitNodes $countrylist\n";
> }
>
> if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
> --
> 2.26.2
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2013-2019 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -319,9 +319,16 @@ END
</tr>
<tr>
<td width='50%' colspan='2'>
- <select name='TOR_EXIT_COUNTRY'>
+ <select name='TOR_EXIT_COUNTRY' multiple='multiple'>
<option value=''>- $Lang::tr{'tor exit country any'} -</option>
END
+
+ # Convert Exit/Guard country strings into lists to make comparison easier
+ my @exit_countries;
+ if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+ @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'});
+ }
+
my @country_codes = &Location::database_countries($db_handle);
foreach my $country_code (@country_codes) {
# Convert country code into upper case format.
@@ -332,8 +339,8 @@ END
print "<option value='$country_code'";
- if ($settings{'TOR_EXIT_COUNTRY'} eq $country_code) {
- print " selected";
+ if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+ print " selected" if grep /$country_code/, @exit_countries;
}
print ">$country_name ($country_code)</option>\n";
@@ -678,8 +685,17 @@ sub BuildConfiguration() {
if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
$strict_nodes = 1;
+ my $countrylist;
+
+ for my $singlecountry (split(/\|/, $settings{'TOR_EXIT_COUNTRY'})) {
+ if ($countrylist eq '') {
+ $countrylist = "{" . lc $singlecountry . "}";
+ } else {
+ $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}";
+ }
+ }
- print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
+ print FILE "ExitNodes $countrylist\n";
}
if ($settings{'TOR_USE_EXIT_NODES'} ne '') {