public
/
torserver
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A tor server manager running multiple clients load-balanced using iptables.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Tree: fd7b701154
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd7b701154'
${ noResults }
torserver/bin/tor_controller.pl

tor_controller.pl 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 
  1. #!/usr/bin/perl

  2. 

  3. use strict;

  4. use Data::Dumper;

  5. use warnings;

  6. 

  7. 

  8. my %conf = (

  9. 	avail => 10,

  10. 	spare => 3,

  11. 	ipt_chain => "PREROUTING",

  12. 	ipt_rule => "-p tcp -m tcp --dport 777 -m statistic --mode random --probability %s -j REDIRECT --to-ports %s",

  13. 	ipt_table => 'nat',

  14. 	socks_offset => 9000,

  15. 	path => '/opt/tor',

  16. 	dns_check => [

  17. 		'www.microsoft.com',

  18. 		'www.google.com',

  19. 	],

  20. );

  21. 

  22. my @var;

  23. 

  24. 

  25. run();

  26. 

  27. 

  28. sub run {

  29. 	check_processes();

  30. 	check_dns();

  31. 	check_download();

  32. 

  33. 	sleep(10);

  34. }

  35. 

  36. sub check_processes {

  37. 	my $inuse=0;

  38. 	my @spares;

  39. 

  40. 	for(my $id=0; defined $var[$id]; $id++) {

  41. 		if ( $var[$id]{state} eq "ready" ) {

  42. 			if ( $var[$id]{mode} eq "spare" ) {

  43. 				push @spares, $id;

  44. 			}

  45. 			elsif ( $var[$id]{mode} eq "live" ) {

  46. 				$inuse++;

  47. 			}

  48. 		}

  49. 	}

  50. 

  51. 	if ( $inuse < $conf{avail} ) {

  52. 		print "missing live processes. looking for spares.\n";

  53. 

  54. 		for(my $x=0; $x<($conf{avail}-$inuse; $x++) {

  55. 			my $new = pop @spares;

  56. 			if ( defined $new ) {

  57. 				print "moving spare to prod.\n";

  58. 				tor_prod($id);

  59. 			}

  60. 		}

  61. 	}

  62. 

  63. 	if ( @spares < $conf{spares} ) {

  64. 		print "missing spare processes, starting new ones.\n";

  65. 

  66. 		for(my $x=0; $x< @spares-$conf{spares}; $x++) {

  67. 			tor_new();

  68. 		}

  69. 	}

  70. }

  71. 

  72. sub check_dns {

  73. 

  74. 	my($id) = @_;

  75. 

  76. 	my $ok = 0;

  77. 	foreach my $hostname ( @{$conf{dns_check} ) {

  78. 		system("tor-resolve $hostname 127.0.0.1:$var[$id]{port} 2>/dev/null 2>&1");

  79. 		$ok++ if ! $?;

  80. 	}

  81. 

  82. 	switch(get_state($id)) {

  83. 		case "STARTUP" { set_state("SPARE") if $ok; }

  84. 		case "SPARE"   { set_state("PROBLEM") if !$ok; }

  85. 	}

  86. 	if ( $s eq 'DNS_CHECK' && $ok ) {

  87. 		$var[$id]{state}++;

  88. 	}

  89. 	elsif ( $s eq 'AVAILABLE' && ! $ok ) {

  90. 		$var[$id]{state}++;

  91. 	}

  92. 	elsif ( $s eq 'TEMPORARY_UNAVAILABLE' ) {

  93. 		$var[$id}{state}++ 

  94. 

  95. 	if ( ! $ok ) {

  96. 	}

  97. 

  98. }

  99. 

  100. sub tor_new {

  101. 	my $next;

  102. 

  103. 	# try to recycle a position

  104. 	for(my $id=0; defined $var[$id]; $id++) {

  105. 		if ( $state[$var[$id]{state}] eq 'KILLED' ) {

  106. 			$next = $id;

  107. 			last;

  108. 		}

  109. 	}

  110. 

  111. 	# alternatively, create a new position

  112. 	if ( !defined $next ) {

  113. 		$next = @var;

  114. 	}

  115. 

  116. 	$var[$next] = {

  117. 		state => 0,

  118. 		port  => $conf{port_offset} + $next,

  119. 		pid   => undef,

  120. 	};

  121. 

  122. 	# create a config file and the required files and directories

  123. 	my $datadir = "$conf{path}/var/lib/$id";

  124. 	my %files = (

  125. 		config  => "$conf{path}/etc/$id.conf",

  126. 		pidfile => "$conf{path}/run/$id.pid",

  127. 		socket  => "$conf{path}/run/$id.socks",

  128. 		ctrl    => "$conf{path}/run/$id.ctrl",

  129. 		cookie  => "$conf{path}/run/$id.cookie",

  130. 	);

  131. 

  132. 	system("mkdir -p $datadir");

  133. 	system("chmod 700 $datadir");

  134. 	system("chown debian-tor:debian-tor $datadir");

  135. 

  136. 	foreach my $f ( keys $files ) {

  137. 		system("touch $files{$f}");

  138. 		system("chown debian-tor:debian-tor $files{$f}");

  139. 	}

  140. 

  141. 	open(C,">$files{config}");

  142. 	print C <<EOF;

  143. DataDirectory $datadir

  144. PidFile $files{pidfile}

  145. RunAsDaemon 0

  146. User debian-tor

  147. 

  148. ControlSocket $files{ctrl} GroupWritable RelaxDirModeCheck

  149. ControlSocketsGroupWritable 1

  150. SocksPort unix:$files{socks} WorldWritable

  151. SocksPort $var[$id]{port}

  152. 

  153. CookieAuthentication 1

  154. CookieAuthFileGroupReadable 1

  155. CookieAuthFile $files{cookie}

  156. 

  157. BandwidthRate 10MB

  158. 

  159. Log notice syslog

  160. 

  161. EOF

  162. 	close(C);

  163. 

  164. 	system("cd $conf{dir} && tor -f $files{config}");

  165. 

  166. }

  167. 

  168. sub tor_prod {

  169. 	my($id) = @_;

  170. 

  171. 	# move process from spare to prod

  172. 

  173. 	$var[$id]{state}++;

  174. 	ipt_add($var[$id]{port});

  175. }

  176. 

  177. sub ipt_add {

  178. 	my($port) = @_;

  179. 

  180. 	system("iptables -t $conf{ipt_table} -A $conf{ipt_chain} " . sprintf($conf{ipt_rule}, "1.0", $port));

  181. 

  182. 	ipt_recalc();

  183. }

  184. 

  185. sub ipt_del {

  186. 	my($port) = @_;

  187. 

  188. 	open(IPT,"iptables -t $conf{ipt_table} -L $conf{ipt_chain} -n --line-numbers |");

  189. 	while(<IPT>) {

  190. 		chomp;

  191. 		if ( /^(\d+) .*mode random probability .* redir ports $port$/ ) {

  192. 			system("iptables -t $conf{ipt_table} -D $conf{ipt_chain} $1");

  193. 		}

  194. 	}

  195. 	close(IPT);

  196. 

  197. 	ipt_recalc();

  198. }

  199. 

  200. sub ipt_recalc {

  201. 	my @rules;

  202. 

  203. 	open(IPT,"iptables -t $conf{ipt_table} -L $conf{ipt_chain} -n --line-numbers |");

  204. 	while(<IPT>) {

  205. 		chomp;

  206. 		if ( /^(\d+) .*mode random probability .* redir ports (\d+)$/ ) {

  207. 			push @rules, [ $1, $2 ];

  208. 		}

  209. 	}

  210. 	close(IPT);

  211. 

  212. 	my $nums = @rules;

  213. 

  214. 	for(my $num = 0; defined $rules[$num]; $num++) {

  215. 		my($rulenum,$port)=@{$rules[$num]};

  216. 

  217. 		my $prob = 1 / ($nums - $num);

  218. 

  219. 		system("iptables -t $conf{ipt_table} -R $conf{ipt_chain} $rulenum " . sprintf($conf{ipt_rule}, $prob, $port));

  220. 	}

  221. 

  222. }