shadow / tornettools

A tool to generate realistic private Tor network models, run them in Shadow, and analyze the results.
Other
33 stars 15 forks source link

Ability to configure servers as hiddenservices #4

Closed marcosimioni closed 2 years ago

marcosimioni commented 3 years ago

Servers generated by tornettools are currently cleartext servers, but I think that an option that generates them as hidden services instead would be a nice to have for testing purposes.

I have implemented a simple switch --hidden that should do the job.

I'm currently testing it, but I'd love to have your review and see if I have missed anything obvious.

Gonna submit a PR soon.

marcosimioni commented 3 years ago

Done. @robgjansen any thoughts?

marcosimioni commented 3 years ago

Ok, there's still something missing. The simulation using the --hidden flag takes forever, probably stuck after 6+ hours, and if I enable pcap files I don't see any traffic on the hiddenservice nodes. I see pcap files being created, but 0 bytes after 6+ hours of execution.

Running it without the --hidden flag works fine, simulation ends in a few hours, and pcap files populated correctly.

If you have any pointer on how to understand what's happening it's much appreciated. I'll keep digging, I'm not very familiar with shadow's logging yet.

robgjansen commented 3 years ago

Sorry for the delay! This would be a great feature, thanks for contributing.

Not sure that we want to change the existing cleartext servers into onion service servers, but maybe the existing hosts that are running the cleartext servers could also make them available as onion service servers too.

I'll take a look at #5 now.

marcosimioni commented 3 years ago

Thanks for your comments @robgjansen!

There were actually two issues:

I've fixed both, but the first issue actually highlighted another issue in shadow because of the way we handle process arguments https://github.com/shadow/shadow/issues/1265

I've pushed a PR there too that should fix the issue.

Now that I think of it, I could have probably put the --HiddenServicePort param into the torrc file, given that it's common across all hidden services. I would have avoided encountering this issue. Only the --HiddenServiceDir really needs to be customized per each hidden service because it contains the node name.

Thoughts?

Also, I've seen all your other comments, they all make sense to me and I'll work on them when I have some spare time.

Thanks!

robgjansen commented 3 years ago

Now that I think of it, I could have probably put the --HiddenServicePort param into the torrc file, given that it's common across all hidden services. I would have avoided encountering this issue. Only the --HiddenServiceDir really needs to be customized per each hidden service because it contains the node name.

Thoughts?

Yeah, this sounds good! This way we stay consistent with the way we set up the other nodes too; i.e., we would use the --defaults-torrc tor.common.torrc and then -f tor.onionservice.torrc which contains

ORPort 0
DirPort 0
ClientOnly 1
SocksPort 9000
SocksListenAddress 127.0.0.1
HiddenServicePort 8080 127.0.0.1:80

And then only specify HiddenServiceDir shadow.data/hosts/XXX/hs in the arguments string in the shadow config file.