subject:"Re\: Arm Release 1.4.0"

Re: Arm Release 1.4.0

2010-12-13 Thread Damian Johnson

Hi, I've uploaded a new tarball to:
http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2
http://www.atagar.com/transfer/tmp/arm_bsdTest3.tar.bz2.asc

Besides a modified version of Febian's patch to autodetect FreeBSD
jails it most notably includes...

- A replacement for the connection test function (which was a pita in
my humble opinion). The new script [1] provides the resolver runtimes,
a check if all the resolvers match, and a better method of dumping the
connection results. If you modify the bsd resolvers then this should
provide a nice sanity check that it's working as expected.

- I forgot to account for the dns resolution exits do on behalf of the
clients. The resolvers need to include UDP connections so, on *nix,
they're now:
 - netstat -np | grep "ESTABLISHED /"
 - sockstat | egrep "\s*.*ESTABLISHED"
 - lsof -nPi | egrep "^\s*.*((UDP.*)|(\(ESTABLISHED\)))"
 - ss -nptu | grep "ESTAB.*\"\","

I'm guessing, for the FreeBSD resolvers, that sockstats already works
and procstat just needs the 'grep TCP' to be removed (or maybe
replaced with 'egrep "(TCP|UDP)"'). Is that right?

> The connection doesn't leave the system because its a socks
> connection with both the source and the destination address
> located on the same system.

Hm. Sounds like basic client connections (ie, things like firefox
connecting to tor via the SocksPort). However, I tried running TBB and
arm didn't list any of those connections. This is what I'd expect
since the connection resolution is only fetching tor connections. Am I
missing something here?

Regardless, I made a couple changes to address issues that have been
brought up (socks connections and listing external addresses for
private ip range connections - see lines 332-334 and 363-364 in
src/interface/connPanel.py [2]). But without a working repro case I
can't promises that this'll do the trick.

> With ^ added to the pattern it seems to work

Great, it's happy with that on Linux as well so I'm now using:
lsof -nPi | egrep "^\s*.*((UDP.*)|(\(ESTABLISHED\)))"

and including it among FreeBSD resolvers as the last fallback.

> lsof also seems to be rather slow (on FreeBSD):

Yikes, that's quite the difference. It's pretty bad on Linux too (ss
is worse, but netstat and sockstat tend to run around 20% faster).

> I intend to look into creating a FreeBSD port around Christmas.

Awesome, thank you!

Cheers! -Damian

[1] https://svn.torproject.org/svn/arm/trunk/src/test.py
[2] https://svn.torproject.org/svn/arm/trunk/src/interface/connPanel.py
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-12 Thread Damian Johnson

> ... Damian, how
> many connections are on the node that you successfully see the conn list ?

I don't recall. It was on amunet and I'll retest this once the relay's
back up to speed (we recently switched ISPs so it'll take a few weeks
for the BW authorities to send more traffic our way again).

I'm sorry, btw, for not applying the patch yet. There was an issue in
that it would introduce a couple unnecessary system calls every time
the path prefix was fetched, but the trivial fix (caching the results)
would mean potentially having the wrong jail path if the connection
singleton changes. While addressing this I found a couple other issues
I'm also trying to address (unrelated to the patch) so it'll probably
be a few more days before I have another tarball to be tested.

Cheers! -Damian
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-12 Thread John Case



On Sun, 12 Dec 2010, Fabian Keil wrote:


Damian Johnson  wrote:


John mentioned that for him connection resolution doesn't work in the
new arm tarball (arm_bsdTest2.tar.bz2). Hans, Fabian: can either of
you confirm, and if so what sort of issue is the log indicating?


I can't confirm this.



I thought we had already determined that this was because of my 4k+ 
connections.  I'm sorry I don't have another node to test on ... Damian, 
how many connections are on the node that you successfully see the conn 
list ?

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-12 Thread Fabian Keil

Damian Johnson  wrote:

> John mentioned that for him connection resolution doesn't work in the
> new arm tarball (arm_bsdTest2.tar.bz2). Hans, Fabian: can either of
> you confirm, and if so what sort of issue is the log indicating?

I can't confirm this.
 
> Also, there was interest mentioned earlier in a BSD port. Anyone
> interested in taking up that gauntlet? :P

I intend to look into creating a FreeBSD port around Christmas.

Fabian


signature.asc
Description: PGP signature

Re: Arm Release 1.4.0

2010-12-11 Thread Fabian Keil

Damian Johnson  wrote:

> > The connection doesn't leave the system because its a socks
> > connection with both the source and the destination address
> > located on the same system.
> 
> Makes sense. So if both the source and destination are private IPs
> (10.*, 172.16.* - 172.31.*, 192.168.*) then skip the private ->
> external translation for the display, right?

Right.
 
> I'm still trying to get my head around the rest of this bit. From an
> UI perspective doing location1 -> location2 -> location3 entries will
> be pretty difficult.

If it's the varying number of columns that would cause difficulties,
you could keep the colums constant with lines like:

location1 (location2) --> location3 ...

>  Also, I've never run into this use case so I'm
> not quite sure what you're describing. Oh well, maybe things will be
> clearer after a bit more coffee.

You get pretty much the same use case, but without jails, when running
Tor in a local network behind a port-forwarding gateway. I would expect
this to be rather common for bridges.

> > I missed procstat, though.
> 
> Actually, neither of the BSD resolvers were added (that was the Linux
> sockstat entry). I'll add them both.
> 
> 
> The psutil library [1] uses lsof as its default connection resolver
> for FreeBSD so I'd like to get a working fallback for it. However,
> from Hans' feedback earlier it sounds like there's issues with jails
> so I'll use it as a last resort.

Unless I misunderstood Hans, he was mainly concerned about
having to install a dependency that offers nothing the base
system doesn't already provide anyway.

> The command I'm now using for Linux is:
> lsof -nPi -p  | grep ".*(ESTABLISHED)"

With ^ added to the pattern it seems to work:

f...@r500 ~/git/arm $lsof -nPi -p 4775 | grep "^tor.*(ESTABLISHED)"
tor   4775_tor4uIPv4 0xfe00471633a80t0   TCP 
10.0.0.2:35771->[scrubbed]:9001 (ESTABLISHED)
tor   4775_tor   14uIPv4 0xfe0047c710000t0   TCP 
10.0.0.2:15999->[scrubbed]:443 (ESTABLISHED)
tor   4775_tor   15uIPv4 0xfe0047221af80t0   TCP 
10.0.0.2:9051->10.0.0.2:20692 (ESTABLISHED)

Otherwise arm itself shows up multiple times, too:

f...@r500 ~/git/arm $lsof -nPi -p 4775 | grep "tor.*(ESTABLISHED)"
tor   4775_tor4uIPv4 0xfe00471633a80t0   TCP 
10.0.0.2:35771->[scrubbed]:9001 (ESTABLISHED)
tor   4775_tor   14uIPv4 0xfe0047c710000t0   TCP 
10.0.0.2:15999->[scrubbed]:443 (ESTABLISHED)
tor   4775_tor   15uIPv4 0xfe0047221af80t0   TCP 
10.0.0.2:9051->10.0.0.2:20692 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)
python9179_tor3uIPv4 0xfe00472210000t0   TCP 
10.0.0.2:20692->10.0.0.2:9051 (ESTABLISHED)

Showing the same connection six times in a row makes little
sense to me, but then again, I'm not familiar with lsof.

lsof also seems to be rather slow (on FreeBSD):

f...@r500 ~/git/arm $time lsof -nPi -p 4775 | grep "^tor.*(ESTABLISHED)" > 
/dev/null

real0m0.338s
user0m0.159s
sys 0m0.183s
f...@r500 ~/git/arm $time sockstat -4c | grep 'tor *4775' > /dev/null

real0m0.010s
user0m0.015s
sys 0m0.005s

> However, like sockstat it probably omits the ESTABLISHED tags from
> results. If so, this will need a workaround. On Linux the following
> looks right:
> lsof -nPi -sTCP:ESTABLISHED -p  | grep "" | grep TCP
> 
> Does this to the trick? For some reason there was a UDP connection
> included despite the -sTCP part, hence the extra grep. The lsof man
> warns that "State  names  vary with UNIX dialects" so it might expect
> a different keyword.

That works too, but without the ^, arm itself shows up again.

> If there aren't any concerns between the resolvers then we should
> default to whatever performs the best. When you run at the debug level
> (arm -e 1) it provides the runtime for system calls (sockstat,
> procstat, lsof, etc) so they should be easy to compare.

procstat and sockstat seem to perform comparable, but sockstat
has the advantage that it will work if arm is run as neither
the tor user nor root.

Fabian


signature.asc
Description: PGP signature

Re: Arm Release 1.4.0

2010-12-10 Thread Damian Johnson

Fantastic - thanks Fabian! The patch looks perfect. I'll apply it
either after work today or tomorrow morning.

> but I think the same should be done with connections on the SocksPort

Yup, sounds like a bug. Until recently arm had just been for relay
usage so I probably missed this when writing the connection panel.
I'll change it when applying the patch.

> The connection doesn't leave the system because its a socks
> connection with both the source and the destination address
> located on the same system.

Makes sense. So if both the source and destination are private IPs
(10.*, 172.16.* - 172.31.*, 192.168.*) then skip the private ->
external translation for the display, right?

I'm still trying to get my head around the rest of this bit. From an
UI perspective doing location1 -> location2 -> location3 entries will
be pretty difficult. Also, I've never run into this use case so I'm
not quite sure what you're describing. Oh well, maybe things will be
clearer after a bit more coffee.

> Maybe it should be mentioning in the log message when the torrc
> can't be found?

Good point. I'll change that too.

> I missed procstat, though.

Actually, neither of the BSD resolvers were added (that was the Linux
sockstat entry). I'll add them both.


The psutil library [1] uses lsof as its default connection resolver
for FreeBSD so I'd like to get a working fallback for it. However,
from Hans' feedback earlier it sounds like there's issues with jails
so I'll use it as a last resort.

The command I'm now using for Linux is:
lsof -nPi -p  | grep ".*(ESTABLISHED)"

However, like sockstat it probably omits the ESTABLISHED tags from
results. If so, this will need a workaround. On Linux the following
looks right:
lsof -nPi -sTCP:ESTABLISHED -p  | grep "" | grep TCP

Does this to the trick? For some reason there was a UDP connection
included despite the -sTCP part, hence the extra grep. The lsof man
warns that "State  names  vary with UNIX dialects" so it might expect
a different keyword.

If there aren't any concerns between the resolvers then we should
default to whatever performs the best. When you run at the debug level
(arm -e 1) it provides the runtime for system calls (sockstat,
procstat, lsof, etc) so they should be easy to compare.

Cheers! -Damian

[1] https://code.google.com/p/psutil/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-10 Thread Fabian Keil

Damian Johnson  wrote:

> Hazaa, many thanks for the patches! Committed with the exception of
> sockstat2 (see below).
> 
> http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2
> 
> > One unrelated problem I noticed is that Arm tends to show local
> > connections as Outbound.
> 
> Netstat, lsof, etc doesn't include a notion of the directionality of a
> connection, so I'm using the local port to determine if it's inbound
> or outbound. If it matches the ORPort or DirPort then it's inbound,
> otherwise it's outbound (line 323 of the connPanel.py [1]). Do you
> know a smarter way of handling this?

I agree that a connection on the local ORPort or DirPort should be
listed as inbound, but I think the same should be done with connections
on the SocksPort. Currently they are listed as outbound with the local
Tor address replaced:

[public gateway IP]:9050 -->  10.0.0.1:58305 (??) UNKNOWN  UNKNOWN 3.4s 
(OUTBOUND) 

> I'm familiar with Linux's chroot jail environments (where this works),
> but not that details of what the bsd counterpart does.

I think those connections would be listed as outbound on other
systems, too.

> > Given that the connection doesn't leave the system, replacing
> > the Tor jail IP address with the public IP address of the gateway
> > is a bit confusing.
> 
> Sorry, I'm not following. Why isn't the tor connection leaving the
> system? I'm using the results of 'GETINFO address' which tends to be a
> lot more helpful than showing the ip on the local network (though I
> can include an option to display the local address instead if you'd
> like).

The connection doesn't leave the system because its a socks
connection with both the source and the destination address
located on the same system.

I think an option to display the real address would be useful.
It probably would also make sense to not show the local port
when replacing the address.

The outbound connection:
f...@r500 ~ $sudo pfctl -ss | grep 31515 
all tcp 10.0.0.2:31515 -> 192.168.0.106:52509 -> [some Tor server address]:9001 
  ESTABLISHED:ESTABLISHED

Is listed as:

[public gateway IP]:31515 -->  [some Tor server address]:9001 (us) 
[fingerprint] [relay name] 14.6m (OUTBOUND) 

but given that the local Tor address is behind two NAT layers
it's highly unlikely that the Tor server will see the connection
as coming from source port 31515.

Maybe it would make even more sense to show the connection
similar to the way pfctl does. I'm thinking of something like:

10.0.0.2:31515 --> [public Tor IP address][:port if known] -->  [Tor server 
address]:9001 (us) [fingerprint] [relay name] 14.6m (OUTBOUND)

> > Also, when running Arm outside the Tor jail, the Tor
> > configuration file isn't found.
> 
> See the "features.pathPrefix" entry in the sample armrc [2]. It's
> specifically for jail environments (arm will otherwise also be failing
> to find tor's state, log file, and some other resources used to
> prepopulate data). If you have a suggestion for an automatic method
> for determining the jail path then I'm all ears.

Using features.pathPrefix works for me, thanks for mentioning it.
Maybe it should be mentioning in the log message when the torrc
can't be found?

> > so arm is trying to read a torrc on the host in the location it knows
> > which is displayed from the jail, but is ignoring the jail flag.
> 
> I'm attempting to read the torrc from the location Tor reports (via
> 'GETINFO config-file'), using the features.pathPrefix as... well, a
> path prefix. I'm not familiar with a method of getting the jail path
> for Linux jails. Is this information available for bsd jails?

It is, if you are outside the FreeBSD jail.

> I'm happy to help with a patch to autodetect for bsd jails if you have
> a suggestion for how.

The attached patch seems to work for me.

> > -- sockstatsockstat -4 | egrep '\s*' | grep -v '*:*'
> > +- sockstatsockstat -4c | grep ' *'
> 
> Aren't the *:* connections unestablished? From the output given earlier:
> _tor tor4397  8  udp4   172.27.72.202:53  *:*
> _tor tor4397  9  tcp4   172.27.72.202:9051*:*
> _tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
> 
> that seemed to be what it meant. Arm might choke on the asterisks (it
> expects numeric port numbers), but including with the commit...

Actually the problem was egrep not understanding "\s" as meta character.
sockstat's -c flag lets it only show the connected sockets, so the last
grep is no longer necessary.

> > +  userInput = raw_input("Enter query ( 
> > PROCESS_NAME [PID]): ").split()
> > +  elif userInput[0] == "sockstat": userInput[0] = CMD_SOCKSTAT
> 
> Nice catch!

I missed procstat, though.

> > +RUN_BSD_SOCKSTAT_2 = "sockstat -4c | awk '($2 == \"%s\" && $3 == %s) 
> > {print $6 \" \" $7}'"
> 
> Is there any advantage to having both sockstat commands? This will
> probably just confuse users so I'm holding off on this one for now.

No real advantage, but as I already had the patch an

Re: Arm Release 1.4.0

2010-12-06 Thread Damian Johnson

> Yes,  and maybe just ignore them. IMHO there's no point in seeing these.

Hm, I'm still a little confused what jails have to do with the tor
SocksPort (this should only concern client tor usage). Maybe Fabian
can clarify the proper handling for BSD use cases.

> Well, I personally do not like anything reading files in a jail in that
> way and can do without this particular feature.

When starting up arm tries to read tor's log file and bandwidth
entries from its state file. If arm doesn't know about the jail then
it won't be able to prepopulate these values either. Besides that arm
should be happy without direct access to tor's files. Is there a
reason reading jailed files directly is discouraged?

John mentioned that for him connection resolution doesn't work in the
new arm tarball (arm_bsdTest2.tar.bz2). Hans, Fabian: can either of
you confirm, and if so what sort of issue is the log indicating?

Also, there was interest mentioned earlier in a BSD port. Anyone
interested in taking up that gauntlet? :P

Cheers! -Damian
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-06 Thread Hans Schnehl

On Mon, Dec 06, 2010 at 06:26:10PM -0800, Damian Johnson wrote:
> 
> if (localPort == ORPort or localPort == DirPort):
>   # treat as an inbound connection with the external ip
>   # this is part of arm's current behavior
> elif (localPort == SocksPort and OS == FreeBSD):
>   # treat as an inbound connection with the internal ip (ie, what's
> reported by sockstat)
>   # this is new to fix the issue you mention

Yes,  and maybe just ignore them. IMHO there's no point in seeing these.  

> else:
>   # treat as an outbound connection
>   # again, part of arm's current behavior
> 
> ... right? If not, could you please clarify?
> 
> > 'GETINFO config-file' will show the  path to torrc from within the jail.
> > So arm tries to read:
> > /path/to/torrc
> > The location from the host though would be
> > /path/to/jail/path/to/torrc
> >
> > Reading the file in that way, I believe, is not a good idea.
> >
> > All this only applies for systems running Tor in a jail and arm from the
> > host.
> > Arm works nicely with Tor if both are  running on the same host or
> > inside a jail on FreeBSD.
> 
> If you set "features.pathPrefix /path/to/jail" in your armrc then it'll read:
> /path/to/jail/path/to/torrc
> 
> like you wanted. Again, if you have an approach for arm to detect that
> (a) Tor exists in a BSD jail and (b) what its path is then I'd be
> happy to make it work by default instead.
> 

Well, I personally do not like anything reading files in a jail in that
way and can do without this particular feature.
And if, setting 'features.pathPrefix /path/to/jail'  will get the desired
results.

Thanks Damian, thanks Fabian
Regards

P.S. wonder where the list sentinels will start to grumble on this ...  
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-06 Thread Damian Johnson

> This IP serves as the internal adress to  the jail when
> called from a local subnet, and may show  multiple connections to the 
> SocksPort,
> usually IP:9050.

Sorry, I'm not sure if I'm following. You're saying that the check
should essentially be:

if (localPort == ORPort or localPort == DirPort):
  # treat as an inbound connection with the external ip
  # this is part of arm's current behavior
elif (localPort == SocksPort and OS == FreeBSD):
  # treat as an inbound connection with the internal ip (ie, what's
reported by sockstat)
  # this is new to fix the issue you mention
else:
  # treat as an outbound connection
  # again, part of arm's current behavior

... right? If not, could you please clarify?

> 'GETINFO config-file' will show the  path to torrc from within the jail.
> So arm tries to read:
> /path/to/torrc
> The location from the host though would be
> /path/to/jail/path/to/torrc
>
> Reading the file in that way, I believe, is not a good idea.
>
> All this only applies for systems running Tor in a jail and arm from the
> host.
> Arm works nicely with Tor if both are  running on the same host or
> inside a jail on FreeBSD.

If you set "features.pathPrefix /path/to/jail" in your armrc then it'll read:
/path/to/jail/path/to/torrc

like you wanted. Again, if you have an approach for arm to detect that
(a) Tor exists in a BSD jail and (b) what its path is then I'd be
happy to make it work by default instead.

Cheers! -Damian
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-06 Thread Hans Schnehl

On Mon, Dec 06, 2010 at 10:25:39AM -0800, Damian Johnson wrote:
> Hazaa, many thanks for the patches! Committed with the exception of
> sockstat2 (see below).
> 
> http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2
> 
> > One unrelated problem I noticed is that Arm tends to show local
> > connections as Outbound.
> 
> Netstat, lsof, etc doesn't include a notion of the directionality of a
> connection, so I'm using the local port to determine if it's inbound
> or outbound. If it matches the ORPort or DirPort then it's inbound,
> otherwise it's outbound (line 323 of the connPanel.py [1]). Do you
> know a smarter way of handling this?

> 
> I'm familiar with Linux's chroot jail environments (where this works),
> but not that details of what the bsd counterpart does.
> 
> > Given that the connection doesn't leave the system, replacing
> > the Tor jail IP address with the public IP address of the gateway
> > is a bit confusing.
> 
> Sorry, I'm not following. Why isn't the tor connection leaving the
> system? I'm using the results of 'GETINFO address' which tends to be a
> lot more helpful than showing the ip on the local network (though I
> can include an option to display the local address instead if you'd
> like).

FreeBSD jails resemble linux jails mainly by name :), and most probably
have an own IP somewhere within  RFC 1918. 
This IP serves as the internal adress to  the jail when
called from a local subnet, and may show  multiple connections to the SocksPort,
usually IP:9050. 
This is, what it looks like:
[Host's public gateway IP address scrubbed]:9050  -->0.0s 
(OUTBOUND)
And what it 'SHOULD NEITHER' but with proper IP  look like:
[Jail's private  IP address scrubbed]:9050  -->0.0s (OUTBOUND)

These connections are 'inbound' to the jail's SocksPort from the host or a  
private 
subnet.


> 
> > Also, when running Arm outside the Tor jail, the Tor
> > configuration file isn't found.
> 
> See the "features.pathPrefix" entry in the sample armrc [2]. It's
> specifically for jail environments (arm will otherwise also be failing
> to find tor's state, log file, and some other resources used to
> prepopulate data). If you have a suggestion for an automatic method
> for determining the jail path then I'm all ears.
> 
> > so arm is trying to read a torrc on the host in the location it knows
> > which is displayed from the jail, but is ignoring the jail flag.
> 
> I'm attempting to read the torrc from the location Tor reports (via
> 'GETINFO config-file'), using the features.pathPrefix as... well, a
> path prefix. I'm not familiar with a method of getting the jail path
> for Linux jails. Is this information available for bsd jails?
> 
> I'm happy to help with a patch to autodetect for bsd jails if you have
> a suggestion for how.
>
'GETINFO config-file' will show the  path to torrc from within the jail. 
So arm tries to read:
/path/to/torrc
The location from the host though would be 
/path/to/jail/path/to/torrc

Reading the file in that way, I believe, is not a good idea.

All this only applies for systems running Tor in a jail and arm from the
host. 
Arm works nicely with Tor if both are  running on the same host or
inside a jail on FreeBSD. 



   

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-06 Thread Damian Johnson

Hazaa, many thanks for the patches! Committed with the exception of
sockstat2 (see below).

http://www.atagar.com/transfer/tmp/arm_bsdTest2.tar.bz2

> One unrelated problem I noticed is that Arm tends to show local
> connections as Outbound.

Netstat, lsof, etc doesn't include a notion of the directionality of a
connection, so I'm using the local port to determine if it's inbound
or outbound. If it matches the ORPort or DirPort then it's inbound,
otherwise it's outbound (line 323 of the connPanel.py [1]). Do you
know a smarter way of handling this?

I'm familiar with Linux's chroot jail environments (where this works),
but not that details of what the bsd counterpart does.

> Given that the connection doesn't leave the system, replacing
> the Tor jail IP address with the public IP address of the gateway
> is a bit confusing.

Sorry, I'm not following. Why isn't the tor connection leaving the
system? I'm using the results of 'GETINFO address' which tends to be a
lot more helpful than showing the ip on the local network (though I
can include an option to display the local address instead if you'd
like).

> Also, when running Arm outside the Tor jail, the Tor
> configuration file isn't found.

See the "features.pathPrefix" entry in the sample armrc [2]. It's
specifically for jail environments (arm will otherwise also be failing
to find tor's state, log file, and some other resources used to
prepopulate data). If you have a suggestion for an automatic method
for determining the jail path then I'm all ears.

> so arm is trying to read a torrc on the host in the location it knows
> which is displayed from the jail, but is ignoring the jail flag.

I'm attempting to read the torrc from the location Tor reports (via
'GETINFO config-file'), using the features.pathPrefix as... well, a
path prefix. I'm not familiar with a method of getting the jail path
for Linux jails. Is this information available for bsd jails?

I'm happy to help with a patch to autodetect for bsd jails if you have
a suggestion for how.

> Thanks, too.  BTW where is the git repo, please ?

Arm is in svn (repository links are available on the site [3]). If
others start hacking on arm with me and prefer git then I have no
objection to moving. Until then, however, svn is what I'm most
familiar with.

> 15:08:52 [ARM_WARN] Unable to resolve tor pid, abandoning connection listing

Ick!

Many thanks for the patches! Lacking the pid will mess with most of
the system commands so this is *very* helpful.

> 15:08:51 [ARM_DEBUG] system call: netstat -npl | grep 127.0.0.1:9051 
> (runtime: 0.00)
> ###   

That was from the failed pid resolution. I attempted to use the
PidFile, pidof, netstat, and ps to resolve the pid (see getPid in
torTools.py [4]) though as the patch points out these all fail on
FreeBSD.

> -- sockstatsockstat -4 | egrep '\s*' | grep -v '*:*'
> +- sockstatsockstat -4c | grep ' *'

Aren't the *:* connections unestablished? From the output given earlier:
_tor tor4397  8  udp4   172.27.72.202:53  *:*
_tor tor4397  9  tcp4   172.27.72.202:9051*:*
_tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001

that seemed to be what it meant. Arm might choke on the asterisks (it
expects numeric port numbers), but including with the commit...

> +  userInput = raw_input("Enter query ( 
> PROCESS_NAME [PID]): ").split()
> +  elif userInput[0] == "sockstat": userInput[0] = CMD_SOCKSTAT

Nice catch!

> +RUN_BSD_SOCKSTAT_2 = "sockstat -4c | awk '($2 == \"%s\" && $3 == %s) {print 
> $6 \" \" $7}'"

Is there any advantage to having both sockstat commands? This will
probably just confuse users so I'm holding off on this one for now.

> +  5. "pgrep -x tor"

This works beautifully under Linux too, so I'm making it the secondary
resolver (after the PidFile and before pidof), this way bootstrapping
on BSD won't churn through system calls that are doomed to fail.

> + 5. "sockstat -4l -P tcp -p %i | grep tor" % 

This one's BSD only due to the -4 flag, so keeping it as the last fallback.

> +  # XXX: both issues could be solved by filtering for the
> +  #  control port IP address instead of the process name.

By the control port IP address? If there's multiple tor instances on
the same system then they'd all have the same IP.

Again, many thanks for the patches! -Damian

[1] https://svn.torproject.org/svn/arm/trunk/src/interface/connPanel.py
[2] https://svn.torproject.org/svn/arm/trunk/armrc.sample
[3] http://www.atagar.com/arm/
[4] https://svn.torproject.org/svn/arm/trunk/src/util/torTools.py
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-05 Thread Fabian Keil

Hans Schnehl  wrote:

> On Sun, Dec 05, 2010 at 01:02:16PM +0100, Fabian Keil wrote:
> > Damian Johnson  wrote:
> > 
> > > Hi all. I've checked in the resolver fixes (thank Fabian and Hans!)
> > > and a test tarball is available at:
> > > 
> > > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2
> > > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc
> > 
> > Thanks.
> Thanks, too.  BTW where is the git repo, please ?   

I don't think there is an official git repository.

> To Fabian, instead of adding another patch:
> Running 'pgrep tor' might show  multiple results, anything containing the 
> string
> 'tor' will present it's pid.

Good point.
 
> On 7 it's 'pgrep -x' to get an exact match of the argument ,see man pgrep(1).

It's -x on CURRENT, too. Patch attached.

I also attached one to get the pid through sockstat. I think changing
it to additionally filter for the control port address would get the
most reliable results.

Fabian
From cdb53450e64c38a5792b10328790dee49be32371 Mon Sep 17 00:00:00 2001
From: Fabian Keil 
Date: Sun, 5 Dec 2010 15:09:26 +0100
Subject: [PATCH 1/2] Use pgrep's -x flag. Pointed out by Hans Schnehl

---
 src/util/torTools.py |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/torTools.py b/src/util/torTools.py
index 077c2e1..056b066 100644
--- a/src/util/torTools.py
+++ b/src/util/torTools.py
@@ -96,7 +96,7 @@ def getPid(controlPort=9051, pidFilePath=None):
   2. "pidof tor"
   3. "netstat -npl | grep 127.0.0.1:%s" % 
   4. "ps -o pid -C tor"
-  5. "pgrep tor"
+  5. "pgrep -x tor"
   
   If pidof or ps provide multiple tor instances then their results are
   discarded (since only netstat can differentiate using the control port). This
@@ -155,7 +155,7 @@ def getPid(controlPort=9051, pidFilePath=None):
   # - tor is running under a different name
   # - there are multiple instances of tor
   try:
-results = sysTools.call("pgrep tor")
+results = sysTools.call("pgrep -x tor")
 if len(results) == 1 and len(results[0].split()) == 1:
   pid = results[0].strip()
   if pid.isdigit(): return pid
-- 
1.7.3.2

From fc8f0f7be7590a6bde2c2efaaa84f36be5af1136 Mon Sep 17 00:00:00 2001
From: Fabian Keil 
Date: Sun, 5 Dec 2010 15:24:50 +0100
Subject: [PATCH 2/2] Add sockstat as another way to get the tor pid.

---
 src/util/torTools.py |   17 -
 1 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/src/util/torTools.py b/src/util/torTools.py
index 056b066..1a36f71 100644
--- a/src/util/torTools.py
+++ b/src/util/torTools.py
@@ -96,7 +96,8 @@ def getPid(controlPort=9051, pidFilePath=None):
   2. "pidof tor"
   3. "netstat -npl | grep 127.0.0.1:%s" % 
   4. "ps -o pid -C tor"
-  5. "pgrep -x tor"
+  5. "sockstat -4l -P tcp -p %i | grep tor" % 
+  6. "pgrep -x tor"
   
   If pidof or ps provide multiple tor instances then their results are
   discarded (since only netstat can differentiate using the control port). This
@@ -151,6 +152,20 @@ def getPid(controlPort=9051, pidFilePath=None):
   if pid.isdigit(): return pid
   except IOError: pass
   
+  # attempts to resolve using sockstat, failing if:
+  # - tor is running under a different name
+  # - there are multiple instances of Tor, using the
+  #   same control port on different addresses.
+  #
+  # XXX: both issues could be solved by filtering for the
+  #  control port IP address instead of the process name.
+  try:
+results = sysTools.call("sockstat -4l -P tcp -p %i | grep tor" % controlPort)
+if len(results) == 1 and len(results[0].split()) == 7:
+  pid = results[0].split()[2]
+  if pid.isdigit(): return pid
+  except IOError: pass
+
   # attempts to resolve using pgrep, failing if:
   # - tor is running under a different name
   # - there are multiple instances of tor
-- 
1.7.3.2



signature.asc
Description: PGP signature

Re: Arm Release 1.4.0

2010-12-05 Thread Hans Schnehl

On Sat, Dec 04, 2010 at 07:49:58PM -0800, Damian Johnson wrote:
> ...
> 
> For BSD I'm using the following commands:
> sockstat -4 | egrep '\s*' | grep -v '*:*'
> procstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'
> 
> The purpose of these greps is to only get established connections and
> to filter by the pid (in case there's multiple tor instances).
> 
> To test please do the following:
> 1. Run arm at its debug runlevel ("arm -e 1")

15:08:52 [ARM_INFO] Terminal color support detected and enabled
15:08:52 [ARM_DEBUG] GETINFO events/names (runtime: 0.0002) [1 duplicate hidden]
15:08:52 [ARM_DEBUG] GETCONF ORPort (cache fetch) [19 duplicates hidden]
15:08:52 [ARM_DEBUG] GETINFO accounting/enabled (runtime: 0.0001)
15:08:52 [ARM_DEBUG] GETINFO desc/id/Unknown (runtime: 0.0001)
15:08:52 [ARM_DEBUG] GETINFO fingerprint (cache fetch) [2 duplicates hidden]
15:08:52 [ARM_WARN] Unable to resolve tor pid, abandoning connection listing
15:08:52 [ARM_DEBUG] GETINFO config/names (runtime: 0.0012)
15:08:52 [ARM_DEBUG] GETINFO config-text (runtime: 0.0016)
---
15:08:51 [ARM_DEBUG] system call: sockstat -4c | grep 'tor'  (runtime: 0.00)

15:08:51 [ARM_DEBUG] GETINFO ns/id/Unknown (runtime: 0.0002)
15:08:51 [ARM_DEBUG] GETINFO fingerprint (runtime: 0.0002)
15:08:51 [ARM_DEBUG] GETINFO address (runtime: 0.0003)
15:08:51 [ARM_DEBUG] GETINFO status/version/current (runtime: 0.0002)
15:08:51 [ARM_DEBUG] GETINFO version (cache fetch)

15:08:51 [ARM_INFO] Operating System: FreeBSD, Connection Resolvers: sockstat 
(bsd), procstat (bsd)

15:08:51 [ARM_WARN] Unable to load torrc (no such file or directory: 
'/path/to/torrc')
###  this is the path on the host, tor is running in a jail 
15:08:51 [ARM_DEBUG] GETINFO config-file (runtime: 0.0002)
15:08:51 [ARM_DEBUG] system call: ps -o pid -C tor (runtime: 0.00)
15:08:51 [ARM_DEBUG] system call: netstat -npl | grep 127.0.0.1:9051 (runtime: 
0.00)   
###    
15:08:51 [ARM_INFO] system call (failed): pidof tor (error: 'pidof' is 
unavailable)
15:08:51 [ARM_INFO] Loaded configuration descriptions from 
'/tmp/arm/torConfigDescriptions.txt' (runtime: 0.000)
15:08:51 [ARM_DEBUG] GETINFO version (runtime: 0.0002)
15:08:45 [ARM_NOTICE] No configuration found at '/home/user/.armrc', using 
defaults


> 
> 2. Arm defaults to the bsd resolvers if os.uname() matches "FreeBSD".
> Please look for an entry like the following in your logs (it'll be
> near the start):

See above.
 
> 3. Go to arm's second page and press "u" to bring up the resolver
> options. Regardless of the OS detected it will have:
> * auto
> * netstat
> * ss
> * lsof
> * sockstat
> * sockstat (bsd)
> * procstat (bsd)

To make it short: the sockstat (bsd) option works on FreeBSD 7.4-PRERELEASE.
This is nice. See above for log.
> 
> 
> That said, from the link you provided it looks like this isn't
> necessary. What arm currently attempts is:
> lsof -nPi | grep "\s*.*(ESTABLISHED)"
> 
> If FreeBSD has an equivalents for the flags (n = prevent dns lookups,
> P = show port numbers (not names), i = ip only) then please show me
> what its output looks like and I'd be happy to add it as another
> fallback resolver.

> 
> What order should sockstat, procstat, and lsof be attempted in? Are
> any of them preferable due to jails over the others?

I would avoid lsof.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-05 Thread Hans Schnehl

Answering to Fabian's mail, which came a minute before I was about send a
more verbose answer.

On Sun, Dec 05, 2010 at 01:02:16PM +0100, Fabian Keil wrote:
> Damian Johnson  wrote:
> 
> > Hi all. I've checked in the resolver fixes (thank Fabian and Hans!)
> > and a test tarball is available at:
> > 
> > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2
> > http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc
> 
> Thanks.
Thanks, too.  BTW where is the git repo, please ?   

> 
> > For BSD I'm using the following commands:
> > sockstat -4 | egrep '\s*' | grep -v '*:*'
> > procstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'
> 
> Neither of those commands work for me. To let Arm figure out
> Tor's pid I still need the pgrep patch I mailed you yesterday.

It did work fine under FreeBSD 7.4-PRERELEASE with sockstat the way you
suggested. 
I modified in src/util/connections.py again to 
RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s%s' "
(See Fabian's patch.) This works fine, too. Just one cycle less.
Neither of the other options though did succeed in displaying a connection
list.

> 
> Attached are the patches I used to get it working on FreeBSD 9.0 CURRENT.
> I also rebased the sockstat+awk patch, but sockstat+grep probably works
> reliably enough.
> 
> One unrelated problem I noticed is that Arm tends to show local
> connections as Outbound. A connection from the Privoxy jail to
> the Tor jail:
> 
> _tor tor2750  25 tcp4   10.0.0.2:9050 10.0.0.1:20528
> 
> shows up as:
> 
> [public gateway IP address scrubbed]:9050  -->0.0s (OUTBOUND)

Can verify this, running arm on a host connecting to a jail's tor controlport
results in this.

> 
> Given that the connection doesn't leave the system, replacing
> the Tor jail IP address with the public IP address of the gateway
> is a bit confusing.
> 
> Also, when running Arm outside the Tor jail, the Tor
> configuration file isn't found.

An old torrc located in the  host in the same path as the jail,  I
wondered where these odd configs came from. Removing the hosts torrc
gave  
 ### Unable to load the torrc ###
so arm is trying to read a torrc on the host in the location it knows
which is displayed from the jail, but is ignoring the jail flag.
  Sorry for not getting deeper in this right now.

To Fabian, instead of adding another patch:
Running 'pgrep tor' might show  multiple results, anything containing the string
'tor' will present it's pid.

On 7 it's 'pgrep -x' to get an exact match of the argument ,see man pgrep(1).

Thanks for the patches !

To all :
The working connection list looks great !

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-05 Thread Fabian Keil

Damian Johnson  wrote:

> Hi all. I've checked in the resolver fixes (thank Fabian and Hans!)
> and a test tarball is available at:
> 
> http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2
> http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc

Thanks.

> For BSD I'm using the following commands:
> sockstat -4 | egrep '\s*' | grep -v '*:*'
> procstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'

Neither of those commands work for me. To let Arm figure out
Tor's pid I still need the pgrep patch I mailed you yesterday.

Attached are the patches I used to get it working on FreeBSD 9.0 CURRENT.
I also rebased the sockstat+awk patch, but sockstat+grep probably works
reliably enough.

One unrelated problem I noticed is that Arm tends to show local
connections as Outbound. A connection from the Privoxy jail to
the Tor jail:

_tor tor2750  25 tcp4   10.0.0.2:9050 10.0.0.1:20528

shows up as:

[public gateway IP address scrubbed]:9050  -->0.0s (OUTBOUND)

Given that the connection doesn't leave the system, replacing
the Tor jail IP address with the public IP address of the gateway
is a bit confusing.

Also, when running Arm outside the Tor jail, the Tor
configuration file isn't found.

Fabian
From 48734e94a8205754f793b19d1db77bd72e2a305b Mon Sep 17 00:00:00 2001
From: Fabian Keil 
Date: Sat, 4 Dec 2010 17:36:53 +0100
Subject: [PATCH 1/4] Add pgrep as another way to get the tor pid.

---
 src/util/torTools.py |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/src/util/torTools.py b/src/util/torTools.py
index d18869b..077c2e1 100644
--- a/src/util/torTools.py
+++ b/src/util/torTools.py
@@ -96,6 +96,7 @@ def getPid(controlPort=9051, pidFilePath=None):
   2. "pidof tor"
   3. "netstat -npl | grep 127.0.0.1:%s" % 
   4. "ps -o pid -C tor"
+  5. "pgrep tor"
   
   If pidof or ps provide multiple tor instances then their results are
   discarded (since only netstat can differentiate using the control port). This
@@ -150,6 +151,16 @@ def getPid(controlPort=9051, pidFilePath=None):
   if pid.isdigit(): return pid
   except IOError: pass
   
+  # attempts to resolve using pgrep, failing if:
+  # - tor is running under a different name
+  # - there are multiple instances of tor
+  try:
+results = sysTools.call("pgrep tor")
+if len(results) == 1 and len(results[0].split()) == 1:
+  pid = results[0].strip()
+  if pid.isdigit(): return pid
+  except IOError: pass
+
   return None
 
 def getConn():
-- 
1.7.3.2

From 1bd8015476dd5c3613e3384ca373d9f096aabae4 Mon Sep 17 00:00:00 2001
From: Fabian Keil 
Date: Sun, 5 Dec 2010 11:49:35 +0100
Subject: [PATCH 2/4] Shorten RUN_BSD_SOCKSTAT and get it working.

---
 src/util/connections.py |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/connections.py b/src/util/connections.py
index 2487afb..7824f4f 100644
--- a/src/util/connections.py
+++ b/src/util/connections.py
@@ -12,7 +12,7 @@ all queries dump its stderr (directing it to /dev/null).
 FreeBSD lacks support for the needed netstat flags and has a completely
 different program for 'ss'. However, there's a couple other options (thanks to
 Fabian Keil and Hans Schnehl):
-- sockstatsockstat -4 | egrep '\s*' | grep -v '*:*'
+- sockstatsockstat -4c | grep ' *'
 - procstatprocstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'
 """
 
@@ -62,7 +62,7 @@ RUN_LSOF = "lsof -nPi | grep \"%s\s*%s.*(ESTABLISHED)\""
 # *note: this isn't available by default under ubuntu
 RUN_SOCKSTAT = "sockstat | egrep \"%s\s*%s.*ESTABLISHED\""
 
-RUN_BSD_SOCKSTAT = "sockstat -4 | egrep '%s\s*%s' | grep -v '*:*'"
+RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s *%s'"
 RUN_BSD_PROCSTAT = "procstat -f 'pgrep %s' | grep '%s' | grep -v '0.0.0.0:0'"
 
 RESOLVERS = []  # connection resolvers available via the singleton constructor
-- 
1.7.3.2

From 12d267f497870ecff1b37bddb1aeb44e9ba01994 Mon Sep 17 00:00:00 2001
From: Fabian Keil 
Date: Sun, 5 Dec 2010 12:07:36 +0100
Subject: [PATCH 3/4] Get RUN_BSD_PROCSTAT working.

---
 src/util/connections.py |6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/util/connections.py b/src/util/connections.py
index 7824f4f..062562e 100644
--- a/src/util/connections.py
+++ b/src/util/connections.py
@@ -13,7 +13,7 @@ FreeBSD lacks support for the needed netstat flags and has a completely
 different program for 'ss'. However, there's a couple other options (thanks to
 Fabian Keil and Hans Schnehl):
 - sockstatsockstat -4c | grep ' *'
-- procstatprocstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'
+- procstatprocstat -f  | grep TCP | grep -v 0.0.0.0:0
 """
 
 import os
@@ -63,7 +63,7 @@ RUN_LSOF = "lsof -nPi | grep \"%s\s*%s.*(ESTABLISHED)\""
 RUN_SOCKSTAT = "sockstat | egrep \"%s\s*%s.*ESTABLISHED\""
 
 RUN_BSD_SOCKSTAT = "sockstat -4c | grep '%s *%s'"
-RUN_BSD_PROCSTAT = "procstat -f 'pgrep %s' | grep '%s' | grep -v '0.0.0.0:0'"
+RUN_BSD_PROCSTAT = "procst

Re: Arm Release 1.4.0

2010-12-04 Thread Damian Johnson

Hi all. I've checked in the resolver fixes (thank Fabian and Hans!)
and a test tarball is available at:

http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2
http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc

I've added both of the commands you mentioned as fallback resolvers.
On Ubuntu procstat doesn't exist but sockstat does, so I've also added
handling for its Linux version too:

ata...@fenrir:~$ sockstat | egrep "tor\s*3475.*ESTABLISHED"
atagar   tor29672tcp4   192.168.0.3:36511:9001
 ESTABLISHED
atagar   tor29672tcp4   192.168.0.3:45906:9001
 ESTABLISHED
atagar   tor29672tcp4   192.168.0.3:60202:4430
 ESTABLISHED
atagar   tor29672tcp4   192.168.0.3:34600:9001
 ESTABLISHED
...

For BSD I'm using the following commands:
sockstat -4 | egrep '\s*' | grep -v '*:*'
procstat -f 'pgrep ' | grep '' | grep -v '0.0.0.0:0'

The purpose of these greps is to only get established connections and
to filter by the pid (in case there's multiple tor instances).

To test please do the following:
1. Run arm at its debug runlevel ("arm -e 1")

2. Arm defaults to the bsd resolvers if os.uname() matches "FreeBSD".
Please look for an entry like the following in your logs (it'll be
near the start):
18:50:00 [ARM_INFO] Operating System: FreeBSD, Connection Resolvers:
sockstat (bsd), procstat (bsd)

if it doesn't match that then let me know what it says.

3. Go to arm's second page and press "u" to bring up the resolver
options. Regardless of the OS detected it will have:
* auto
* netstat
* ss
* lsof
* sockstat
* sockstat (bsd)
* procstat (bsd)

4. Select one of the bsd options. If it doesn't work then the results
will be unchanged (ie, if options were already listed then they'll
still be listed so don't trust that, please still check the following
step for both).

5. Go back to the log. You'll see an entry like:
18:16:31 [ARM_DEBUG] system call: sockstat -4 | egrep 'tor\s*29672' |
grep -v '*:*' (runtime: 0.03)

Problems come in two flavors. Either the command resulted in an error, like:
18:15:40 [ARM_INFO] system call (failed): procstat -f 'pgrep tor' |
grep '29672' | grep -v '0.0.0.0:0' (error: 'procstat' is unavailable)

in which case please let me know what the error is, or it doesn't
provide any results:
18:15:55 [ARM_INFO] No results found using: sockstat -4 | egrep
'tor\s*29672' | grep -v '*:*'

in which case please try the command on its own and let me know how I
screwed up the greps.

> after polling for lsof and a foreach loop, doesn't work ?
> ...
> would work ... especially if the system in question is doing little (or 
> nothing) other than Tor ...

Sorry, I'm not following. Why is a for-each loop necessary? Process
and connection resolutions are the most costly lookups arm currently
does. A netstat resolution, for instance, takes around 30-40 ms on my
system and is performed every five seconds. Arm tries to be a
lightweight application so running multiple system commands to do each
lookup isn't really an option.

That said, from the link you provided it looks like this isn't
necessary. What arm currently attempts is:
lsof -nPi | grep "\s*.*(ESTABLISHED)"

If FreeBSD has an equivalents for the flags (n = prevent dns lookups,
P = show port numbers (not names), i = ip only) then please show me
what its output looks like and I'd be happy to add it as another
fallback resolver.

What order should sockstat, procstat, and lsof be attempted in? Are
any of them preferable due to jails over the others?

> However if lsof is the only way to do it right

Nope, not necessary at all. But the more connection resolvers
available for FreeBSD the more likely arm will be able to fall back to
something that works.

Cheers! -Damian
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread John Case



On Fri, 3 Dec 2010, Hans Schnehl wrote:


specifically:

ps -Al

after polling for lsof and a foreach loop, doesn't work ?

I know it's not elegant, but it appeared to me that:

lsof + ps -Al

would work ... especially if the system in question is doing little (or
nothing) other than Tor ...


I suppose  it would, but some (like me) tend to run tor in rather minimal
jails.
lsof isn't exactly a small application, so it might just make sense using
the base system's sockstat. At least that was the idea.



Ok, I agree with that sentiment - I always run Tor in a jail and would 
like to not be required to install lsof.


However if lsof is the only way to do it right, I will accept that in 
order to run Arm...


Thanks.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread Hans Schnehl

On Fri, Dec 03, 2010 at 09:35:39PM +, John Case wrote:
> 
> On Fri, 3 Dec 2010, Hans Schnehl wrote:
> 
> > Sorry for jumping in , but please notice the above command might not
> > not work on all versions of FBSD, at least it doesn't on a  7-Stable jail.
> >

Not working refers to Fabian's use of procstat.  


> > Maybe the following just produces a similar sufficient output:
> >
> > _...@ato# id
> > uid=256(_tor) gid=256(_tor) groups=256(_tor)
> > _...@ato# sockstat -4 | grep tor
> > _tor tor4397  7  tcp4   172.27.72.202:9050*:*
> > _tor tor4397  8  udp4   172.27.72.202:53  *:*
> > _tor tor4397  9  tcp4   172.27.72.202:9051*:*
> > _tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
> > _tor tor4397  15 tcp4   172.27.72.202:59374   [scrubbed]:9001
> > _tor tor4397  19 tcp4   172.27.72.202:59673   [scrubbed]:9001
> > _tor tor4397  20 tcp4   172.27.72.202:51946   [scrubbed]:443
> > _tor tor4397  22 tcp4   172.27.72.202:60344   [scrubbed]:9001
> >
> > for *not*  displaying listening ports just use
> > _...@ato# sockstat -4 | grep tor| sed '/\*/d'
> > _tor tor4397  4  tcp4   172.27.72.202:52420   [scrubbed]:443
> > _tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
> > _tor tor4397  13 tcp4   172.27.72.202:51736   [scrubbed]:443
> 
> 
> Wait, so the method detailed here:
> 
> http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html
> 
> specifically:
> 
> ps -Al
> 
> after polling for lsof and a foreach loop, doesn't work ?
> 
> I know it's not elegant, but it appeared to me that:
> 
> lsof + ps -Al
> 
> would work ... especially if the system in question is doing little (or 
> nothing) other than Tor ...

I suppose  it would, but some (like me) tend to run tor in rather minimal
jails.
lsof isn't exactly a small application, so it might just make sense using
the base system's sockstat. At least that was the idea.
 
Up to the one porting arm  to FBSD, I guess. 
  


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread John Case



On Fri, 3 Dec 2010, Hans Schnehl wrote:


Sorry for jumping in , but please notice the above command might not
not work on all versions of FBSD, at least it doesn't on a  7-Stable jail.


Maybe the following just produces a similar sufficient output:

_...@ato# id
uid=256(_tor) gid=256(_tor) groups=256(_tor)
_...@ato# sockstat -4 | grep tor
_tor tor4397  7  tcp4   172.27.72.202:9050*:*
_tor tor4397  8  udp4   172.27.72.202:53  *:*
_tor tor4397  9  tcp4   172.27.72.202:9051*:*
_tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
_tor tor4397  15 tcp4   172.27.72.202:59374   [scrubbed]:9001
_tor tor4397  19 tcp4   172.27.72.202:59673   [scrubbed]:9001
_tor tor4397  20 tcp4   172.27.72.202:51946   [scrubbed]:443
_tor tor4397  22 tcp4   172.27.72.202:60344   [scrubbed]:9001

for *not*  displaying listening ports just use
_...@ato# sockstat -4 | grep tor| sed '/\*/d'
_tor tor4397  4  tcp4   172.27.72.202:52420   [scrubbed]:443
_tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
_tor tor4397  13 tcp4   172.27.72.202:51736   [scrubbed]:443



Wait, so the method detailed here:

http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html

specifically:

ps -Al

after polling for lsof and a foreach loop, doesn't work ?

I know it's not elegant, but it appeared to me that:

lsof + ps -Al

would work ... especially if the system in question is doing little (or 
nothing) other than Tor ...

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread Hans Schnehl

On Fri, Dec 03, 2010 at 08:34:46PM +0100, Fabian Keil wrote:
> Damian Johnson  wrote:
> 
> > The lsof command issued by arm [1] is:
> > lsof -nPi | grep "\s*.*(ESTABLISHED)"

> > What I'll need from you is the following:
> > - A command that, when executed as the tor user, produces connection
> > results filtered to tor's connections.
> > - Example output.
> 
> tor-jail# uname -or
> FreeBSD 9.0-CURRENT
> tor-jail# su -m _tor -c /bin/csh
> tor-jail# id
> uid=256(_tor) gid=256(_tor) groups=256(_tor)
> tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID'
>   PID COMM   FD T V FLAGSREF  OFFSET PRO NAME
>  3561 tor 4 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:22370
>  3561 tor 5 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 0.0.0.0:0
>  3561 tor 6 s - rw---n--   2   0 TCP 10.0.0.2:9040 
> 0.0.0.0:0
>  3561 tor 7 s - rw---n--   2   0 UDP 10.0.0.2:53 0.0.0.0:0
>  3561 tor 8 s - rw---n--   2   0 TCP 10.0.0.2:9051 
> 0.0.0.0:0
>  3561 tor14 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:44381
>  3561 tor15 s - rw---n--   2   0 TCP 10.0.0.2:33734 
> [scrubbed]:443
>  3561 tor16 s - rw---n--   2   0 TCP 10.0.0.2:47704 
> [scrubbed]:9001
>  3561 tor17 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:46343
>  3561 tor18 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:64196
>  3561 tor19 s - rw---n--   2   0 TCP 10.0.0.2:18856 
> [scrubbed]:443
>  3561 tor20 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:20385
>  3561 tor22 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:27541
>  3561 tor23 s - rw---n--   2   0 TCP 10.0.0.2:9050 
> 10.0.0.1:21877
> (Public IP addresses scrubbed)

Sorry for jumping in , but please notice the above command might not
not work on all versions of FBSD, at least it doesn't on a  7-Stable jail.


Maybe the following just produces a similar sufficient output: 

_...@ato# id
uid=256(_tor) gid=256(_tor) groups=256(_tor)
_...@ato# sockstat -4 | grep tor
_tor tor4397  7  tcp4   172.27.72.202:9050*:*
_tor tor4397  8  udp4   172.27.72.202:53  *:*
_tor tor4397  9  tcp4   172.27.72.202:9051*:*
_tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
_tor tor4397  15 tcp4   172.27.72.202:59374   [scrubbed]:9001
_tor tor4397  19 tcp4   172.27.72.202:59673   [scrubbed]:9001
_tor tor4397  20 tcp4   172.27.72.202:51946   [scrubbed]:443
_tor tor4397  22 tcp4   172.27.72.202:60344   [scrubbed]:9001

for *not*  displaying listening ports just use 
_...@ato# sockstat -4 | grep tor| sed '/\*/d' 
_tor tor4397  4  tcp4   172.27.72.202:52420   [scrubbed]:443
_tor tor4397  12 tcp4   172.27.72.202:54011   [scrubbed]:9001
_tor tor4397  13 tcp4   172.27.72.202:51736   [scrubbed]:443


 
> > - Be available to test a potential fix.
> > 
> > If you're up for that then I'm glad to have the help! Lets take
> > further discussion of this off the list. I don't think this is
> > generally of interest to the rest of the tor community. -Damian
> 
> It's at least interesting to a part of the rest of the tor community.

It certainly is !




 
> Fabian


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread Damian Johnson

Perfect! I'll try to provide a fix for you to test later today or tomorrow.

> I intent to try Arm in the future. Are you aware of anyone working on a port?

Nope. Jesse just finished an ebuild for Gentoo:
https://bugs.gentoo.org/show_bug.cgi?id=341731

and I'm working with Peter on a deb. But thus far no one has
volunteered to do a bsd port.

On Fri, Dec 3, 2010 at 11:34 AM, Fabian Keil
 wrote:
> Damian Johnson  wrote:
>
>> The lsof command issued by arm [1] is:
>> lsof -nPi | grep "\s*.*(ESTABLISHED)"
>>
>> I'd be happy to work with you to provide a fix, if you'd like. Once
>> upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo
>> issues (thus far they're the only platforms to give arm any trouble).
>> However, either VirtualBox, those OSes, or the combination of the two
>> made this a colossal pain in the ass. Trying to wrangle even the most
>> basic functionality out of those systems chewed up dozens of hours so
>> that's definitely *not* a road I'm going down again.
>>
>> What I'll need from you is the following:
>> - A command that, when executed as the tor user, produces connection
>> results filtered to tor's connections.
>> - Example output.
>
> tor-jail# uname -or
> FreeBSD 9.0-CURRENT
> tor-jail# su -m _tor -c /bin/csh
> tor-jail# id
> uid=256(_tor) gid=256(_tor) groups=256(_tor)
> tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID'
>  PID COMM               FD T V FLAGS    REF  OFFSET PRO NAME
>  3561 tor                 4 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:22370
>  3561 tor                 5 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 0.0.0.0:0
>  3561 tor                 6 s - rw---n--   2       0 TCP 10.0.0.2:9040 
> 0.0.0.0:0
>  3561 tor                 7 s - rw---n--   2       0 UDP 10.0.0.2:53 0.0.0.0:0
>  3561 tor                 8 s - rw---n--   2       0 TCP 10.0.0.2:9051 
> 0.0.0.0:0
>  3561 tor                14 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:44381
>  3561 tor                15 s - rw---n--   2       0 TCP 10.0.0.2:33734 
> [scrubbed]:443
>  3561 tor                16 s - rw---n--   2       0 TCP 10.0.0.2:47704 
> [scrubbed]:9001
>  3561 tor                17 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:46343
>  3561 tor                18 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:64196
>  3561 tor                19 s - rw---n--   2       0 TCP 10.0.0.2:18856 
> [scrubbed]:443
>  3561 tor                20 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:20385
>  3561 tor                22 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:27541
>  3561 tor                23 s - rw---n--   2       0 TCP 10.0.0.2:9050 
> 10.0.0.1:21877
> (Public IP addresses scrubbed)
>
>> - Be available to test a potential fix.
>>
>> If you're up for that then I'm glad to have the help! Lets take
>> further discussion of this off the list. I don't think this is
>> generally of interest to the rest of the tor community. -Damian
>
> It's at least interesting to a part of the rest of the tor community.
> I intent to try Arm in the future. Are you aware of anyone working on a port?
>
> Fabian
>
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread John Case



On Fri, 3 Dec 2010, Fabian Keil wrote:


- Be available to test a potential fix.

If you're up for that then I'm glad to have the help! Lets take
further discussion of this off the list. I don't think this is
generally of interest to the rest of the tor community. -Damian


It's at least interesting to a part of the rest of the tor community.
I intent to try Arm in the future. Are you aware of anyone working on a port?



I have neither seen a port, nor seen discussion of one...
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-03 Thread Fabian Keil

Damian Johnson  wrote:

> The lsof command issued by arm [1] is:
> lsof -nPi | grep "\s*.*(ESTABLISHED)"
> 
> I'd be happy to work with you to provide a fix, if you'd like. Once
> upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo
> issues (thus far they're the only platforms to give arm any trouble).
> However, either VirtualBox, those OSes, or the combination of the two
> made this a colossal pain in the ass. Trying to wrangle even the most
> basic functionality out of those systems chewed up dozens of hours so
> that's definitely *not* a road I'm going down again.
> 
> What I'll need from you is the following:
> - A command that, when executed as the tor user, produces connection
> results filtered to tor's connections.
> - Example output.

tor-jail# uname -or
FreeBSD 9.0-CURRENT
tor-jail# su -m _tor -c /bin/csh
tor-jail# id
uid=256(_tor) gid=256(_tor) groups=256(_tor)
tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID'
  PID COMM   FD T V FLAGSREF  OFFSET PRO NAME
 3561 tor 4 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:22370
 3561 tor 5 s - rw---n--   2   0 TCP 10.0.0.2:9050 0.0.0.0:0
 3561 tor 6 s - rw---n--   2   0 TCP 10.0.0.2:9040 0.0.0.0:0
 3561 tor 7 s - rw---n--   2   0 UDP 10.0.0.2:53 0.0.0.0:0
 3561 tor 8 s - rw---n--   2   0 TCP 10.0.0.2:9051 0.0.0.0:0
 3561 tor14 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:44381
 3561 tor15 s - rw---n--   2   0 TCP 10.0.0.2:33734 
[scrubbed]:443
 3561 tor16 s - rw---n--   2   0 TCP 10.0.0.2:47704 
[scrubbed]:9001
 3561 tor17 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:46343
 3561 tor18 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:64196
 3561 tor19 s - rw---n--   2   0 TCP 10.0.0.2:18856 
[scrubbed]:443
 3561 tor20 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:20385
 3561 tor22 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:27541
 3561 tor23 s - rw---n--   2   0 TCP 10.0.0.2:9050 
10.0.0.1:21877
(Public IP addresses scrubbed)

> - Be available to test a potential fix.
> 
> If you're up for that then I'm glad to have the help! Lets take
> further discussion of this off the list. I don't think this is
> generally of interest to the rest of the tor community. -Damian

It's at least interesting to a part of the rest of the tor community.
I intent to try Arm in the future. Are you aware of anyone working on a port?

Fabian


signature.asc
Description: PGP signature

Re: Arm Release 1.4.0

2010-12-02 Thread Damian Johnson

The lsof command issued by arm [1] is:
lsof -nPi | grep "\s*.*(ESTABLISHED)"

I'd be happy to work with you to provide a fix, if you'd like. Once
upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo
issues (thus far they're the only platforms to give arm any trouble).
However, either VirtualBox, those OSes, or the combination of the two
made this a colossal pain in the ass. Trying to wrangle even the most
basic functionality out of those systems chewed up dozens of hours so
that's definitely *not* a road I'm going down again.

What I'll need from you is the following:
- A command that, when executed as the tor user, produces connection
results filtered to tor's connections.
- Example output.
- Be available to test a potential fix.

If you're up for that then I'm glad to have the help! Lets take
further discussion of this off the list. I don't think this is
generally of interest to the rest of the tor community. -Damian

[1] https://svn.torproject.org/svn/arm/trunk/src/util/connections.py

On Wed, Dec 1, 2010 at 10:34 PM, John Case  wrote:
>
> On Wed, 1 Dec 2010, Damian Johnson wrote:
>
>> Arm should work just fine under BSD with the exception of the
>> connection listing.
>>
>> The problem there is that FreeBSD's netstat lacks the flag to list the
>> pids associated with connections (so I can't narrow the list to tor
>> connections), ss is a completely different program (a spreadsheet
>> application instead of connection resolver), and lsof either had
>> similar issues, though I don't recall exactly what. If you know a
>> method of getting the connections for a given process under FreeBSD
>> then I'm all ears. :)
>
>
> Right - I've been familiar with the limitation, and the reason for the
> limitation, for the lifetime of your project.
>
> I run Arm very well on FreeBSD, but I'd really love to have the connection
> listing ...
>
> Can you use this:
>
> http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html
>
> to cross reference, and get what you need ?
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-01 Thread John Case



On Wed, 1 Dec 2010, Damian Johnson wrote:


Arm should work just fine under BSD with the exception of the
connection listing.

The problem there is that FreeBSD's netstat lacks the flag to list the
pids associated with connections (so I can't narrow the list to tor
connections), ss is a completely different program (a spreadsheet
application instead of connection resolver), and lsof either had
similar issues, though I don't recall exactly what. If you know a
method of getting the connections for a given process under FreeBSD
then I'm all ears. :)



Right - I've been familiar with the limitation, and the reason for the 
limitation, for the lifetime of your project.


I run Arm very well on FreeBSD, but I'd really love to have the connection 
listing ...


Can you use this:

http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html

to cross reference, and get what you need ?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-12-01 Thread Damian Johnson

Arm should work just fine under BSD with the exception of the
connection listing.

The problem there is that FreeBSD's netstat lacks the flag to list the
pids associated with connections (so I can't narrow the list to tor
connections), ss is a completely different program (a spreadsheet
application instead of connection resolver), and lsof either had
similar issues, though I don't recall exactly what. If you know a
method of getting the connections for a given process under FreeBSD
then I'm all ears. :)

That said, everything else (bandwidth graph, logging, configuration
editing, etc) should work just fine. -Damian

On Tue, Nov 30, 2010 at 10:56 PM, John Case  wrote:
>
> Hi Damian,
>
> On Tue, 30 Nov 2010, Damian Johnson wrote:
>
>> Hi. After over a year it's about time that I announced an arm release
>> so here it is! What's new since August of 2009 [1], you ask? Lots. The
>> project has been under very active development, continuing to add
>> usability improvements to make relay operation nicer and less error
>> prone. If you're really curious what I've been up to this last year
>> then it's all available in the change log [2].
>
>
> Any news on getting all of Arms functions to work under FreeBSD ?
>
> Thanks.
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

2010-11-30 Thread John Case



Hi Damian,

On Tue, 30 Nov 2010, Damian Johnson wrote:


Hi. After over a year it's about time that I announced an arm release
so here it is! What's new since August of 2009 [1], you ask? Lots. The
project has been under very active development, continuing to add
usability improvements to make relay operation nicer and less error
prone. If you're really curious what I've been up to this last year
then it's all available in the change log [2].



Any news on getting all of Arms functions to work under FreeBSD ?

Thanks.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

Re: Arm Release 1.4.0

28 matches

Site Navigation

Mail list logo

Footer information