Merge branch 'default' into 'main'
Turn off HS client connections by default See merge request tpo/core/arti!1345
This commit is contained in:
commit
5ea89846b1
21
README.md
21
README.md
|
@ -91,6 +91,27 @@ The result can be found as `target/release/arti`.
|
|||
If you run into any trouble building the program, please have a
|
||||
look at [the troubleshooting guide](doc/TROUBLESHOOTING.md).
|
||||
|
||||
### Hidden service (`.onion` service) client support
|
||||
|
||||
Arti has support for connecting to Onion Services aka Tor Hidden Services.
|
||||
|
||||
However, currently it is disabled by default.
|
||||
|
||||
This is because Arti currently lacks the
|
||||
"vanguards" feature that Tor uses to prevent guard discovery attacks over time.
|
||||
As such, you should probably stick with C Tor if you need to make a large
|
||||
number of onion service connections, or if you are using the Tor protocol
|
||||
in a way that lets an attacker control how many onion services connections that you make -
|
||||
for example, when using Arti's SOCKS support from a web browser such as Tor Browser.
|
||||
|
||||
We plan to improve the security, and will then enable `.onion` connections by default.
|
||||
|
||||
In the meantime, if you would like to try it out,
|
||||
you can
|
||||
enable it on the command line (`cargo run -p arti -o address_filter.allow_onion_addrs=true proxy`).
|
||||
or
|
||||
edit your config file (set `allow_onion_addrs = true` in the section `[address_filter]`)
|
||||
|
||||
### Custom compile-time options
|
||||
|
||||
Arti has a number of configurable
|
||||
|
|
|
@ -560,6 +560,20 @@ mod test {
|
|||
//! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
|
||||
use super::*;
|
||||
|
||||
/// Make a `StreamPrefs` with `.onion` enabled, if cfg-enabled
|
||||
fn mk_stream_prefs() -> StreamPrefs {
|
||||
let prefs = crate::StreamPrefs::default();
|
||||
|
||||
#[cfg(feature = "onion-service-client")]
|
||||
let prefs = {
|
||||
let mut prefs = prefs;
|
||||
prefs.connect_to_onion_services(tor_config::BoolOrAuto::Explicit(true));
|
||||
prefs
|
||||
};
|
||||
|
||||
prefs
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn validate_hostname() {
|
||||
// Valid hostname tests
|
||||
|
@ -580,7 +594,7 @@ mod test {
|
|||
use crate::err::ErrorDetail;
|
||||
fn val<A: IntoTorAddr>(addr: A) -> Result<TorAddr, ErrorDetail> {
|
||||
let toraddr = addr.into_tor_addr()?;
|
||||
toraddr.enforce_config(&Default::default(), &Default::default())?;
|
||||
toraddr.enforce_config(&Default::default(), &mk_stream_prefs())?;
|
||||
Ok(toraddr)
|
||||
}
|
||||
|
||||
|
@ -657,7 +671,7 @@ mod test {
|
|||
fn sap(s: &str) -> Result<StreamInstructions, ErrorDetail> {
|
||||
TorAddr::from(s)
|
||||
.unwrap()
|
||||
.into_stream_instructions(&Default::default(), &Default::default())
|
||||
.into_stream_instructions(&Default::default(), &mk_stream_prefs())
|
||||
}
|
||||
|
||||
assert_eq!(
|
||||
|
@ -776,8 +790,8 @@ mod test {
|
|||
prefs.connect_to_onion_services(yn);
|
||||
prefs
|
||||
};
|
||||
check_stream(prefs_def(), Ok(()));
|
||||
check_stream(prefs_of(B::Auto), Ok(()));
|
||||
check_stream(prefs_def(), Err((EDD::OnionAddressDisabled, EK::ForbiddenStreamTarget)));
|
||||
check_stream(prefs_of(B::Auto), Err((EDD::OnionAddressDisabled, EK::ForbiddenStreamTarget)));
|
||||
check_stream(prefs_of(B::Explicit(true)), Ok(()));
|
||||
check_stream(prefs_of(B::Explicit(false)), Err((EDD::OnionAddressDisabled, EK::ForbiddenStreamTarget)));
|
||||
|
||||
|
|
|
@ -312,7 +312,14 @@ impl StreamPrefs {
|
|||
/// If `Explicit(true)`, Onion Service connections are enabled.
|
||||
///
|
||||
/// If `Auto`, the behaviour depends on the `address_filter.allow_onion_addrs`
|
||||
/// configuration option, which is in turn enabled by default.
|
||||
/// configuration option, which is in turn **disabled** by default.
|
||||
///
|
||||
/// **Note**: Arti currently lacks the
|
||||
/// "vanguards" feature that Tor uses to prevent guard discovery attacks over time.
|
||||
/// As such, you should probably stick with C Tor if you need to make a large
|
||||
/// number of onion service connections, or if you are using the Tor protocol
|
||||
/// in a way that lets an attacker control how many onion services connections that you make -
|
||||
/// for example, when using Arti's SOCKS support from a web browser such as Tor Browser.
|
||||
#[cfg(feature = "onion-service-client")]
|
||||
pub fn connect_to_onion_services(
|
||||
&mut self,
|
||||
|
|
|
@ -72,7 +72,7 @@ pub struct ClientAddrConfig {
|
|||
///
|
||||
/// This option is on by default.
|
||||
#[cfg(feature = "onion-service-client")]
|
||||
#[builder(default = "true")]
|
||||
#[builder(default = "false")]
|
||||
pub(crate) allow_onion_addrs: bool,
|
||||
}
|
||||
impl_standard_builder! { ClientAddrConfig }
|
||||
|
|
|
@ -312,7 +312,16 @@
|
|||
#allow_local_addrs = false
|
||||
|
||||
# Should Arti make connections to hidden serivces (.onion services) ?
|
||||
#allow_onion_addrs = true
|
||||
#
|
||||
# As of this implementation, Arti's onion service support lacks the
|
||||
# "vanguards" feature that Tor uses to prevent guard discovery attacks over time.
|
||||
# As such, you should probably stick with C Tor if you need to make a large
|
||||
# number of onion service connections, or if you are using the Tor protocol
|
||||
# in a way that lets an attacker control how many onion services connections that you make -
|
||||
# for example, when using Arti's SOCKS support from a web browser such as Tor Browser.
|
||||
#
|
||||
# Therefore, the onion service client support is currently disabled by default.
|
||||
#allow_onion_addrs = false
|
||||
|
||||
# Rules for how long streams should wait when connecting to host or performing a
|
||||
# DNS lookup.
|
||||
|
|
Loading…
Reference in New Issue