https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy#Talking_to_the_real_Tor_Control_Port (oneboxing failure)
Why is a password required, doesn’t it already authenticate via cookie? Can I switch the steps to use cookie path instead?
1 Like
@adrelanos ping
https://www.whonix.org/wiki/Tor_Controller#On_Whonix-Workstation (onebox failure)
I fixed tor-ctrl for the WS, can it be installed by default on the workstation so I can guide to use tor-ctrl on both Workstation and Gateway. The things is that only the tor-ctrl program will work, the others that requires stream, circuits, will be filtered, which is a good job by the onion-grater, but is a program installed that won’t work.
Excellent plan!
Sure. Just a short mention and link from one to another.
Ah. Yes. If a simpler way works with the cookie, then by all means. Please use the cookie. Probably is like it is before because I didn’t get the idea to research that socat could pass the cookie somehow. Surely that would be much nicer.
Yes. Absolutely can switch to simpler tor-ctrl method.
It needs to past the decoding of the cookie… which is not as easy as a password but does not require changing the torrc.
Then please add tor-ctrl to Workstation packages to be installed so documentation becomes correct.
1 Like
Meta package whonix-shared-packages-recommended-cli already has a Depends: on tor-ctrl. Already pre-installed. Included in Whonix 16.0.8.2 - for VirtualBox - Point Release!. That has also reached stable upgrades already.
1 Like
Another thing is that cookie is on the GW, and not WS, but the WS receives
PROTOCOLINFO
250-PROTOCOLINFO 1
250-AUTH METHODS=NULL
so it does not even require a cookie or password there.
And is better this way, WS, should have limited commands already by onion-grater proxying.
1 Like
Please make them uniform, I don’t believe I have rights to this.
Upper case o
Lower case o
1 Like
Please create templates for Remove and List just like there is for Add on Template:Control Port Filter Python Profile Add - Whonix
1 Like
That would be nice but MediaWiki has a limitation that doesn’t allow for lower case letters for the first letter in the article page name in a wiki link:
https://www.mediawiki.org/wiki/Manual:$wgCapitalLinks
Done. Created Template:Control_Port_Filter_Python_Profile_List just now.
there is wiki/Onion-grater and wiki/Dev/onion-grater
Then both Onion-grater with capital o would be fine.
1 Like
Due to my native language background and this MediaWiki issue I actually personally prefer proper names starting with a capital letter
Upstream (Tails) decided to use the lower case variant onion-grater. So unless we change the name in Whonix’s for of onion-grater completely, forking the name to only change capitalization would be weird.
It’s only the URL where there is the upper case issue. The page title “onion-grater: a Tor Control Port Filter Proxy” is correct.
Maybe one day we should go for Manual:$wgCapitalLinks - MediaWiki. And then making all links always lower case by default. Writing links by hand is confusing because some letters are sometimes upper case.
Currently:
- functional:
https://www.whonix.org/wiki/Onion-grater - functional:
https://www.whonix.org/wiki/onion-grater - functional:
https://www.whonix.org/wiki/Template:Control_Port_Filter_Python_Profile_Add - functional:
https://www.whonix.org/wiki/Template:Control_Port_Filter_Python_Profile_Add - functional:
https://www.whonix.org/wiki/template:control_Port_Filter_Python_Profile_Add - broken
https://www.whonix.org/wiki/Template:control_port_filter_python_profile_add - broken
https://www.whonix.org/wiki/template:control_port_filter_python_profile_add
But this would be a lot of effort. Would require automating changing the links all over the wiki. These two things would help:
- Extension:Replace Text - MediaWiki
- GitHub - adrelanos/mediawiki-shell: Fetch and edit mediawiki pages from the shell
So in summary the proper name is onion-grater as named by upstream. The capital O in the page name is considered a bug. It is a MediaWiki issue which is very time consuming to resolve. But by changing the name from lower capitalization to first letter capitalized we’d introduce more bugs.
Happens a lot when I try to type whonix wiki links.
1 Like
Since there’s no dedicated onion-grater forum thread yet, and maybe not worth having a seaprate one let’s increase scope of this one…?
Thanks for this pull request! @nyxnor
Merged, thanks!
Yes
1 Like
Does this points needs to be addressed on the filter proxy page? If yes, the I will categorize them, under which description?
1 Like
Why does it present vif interface for Qubes-Whonix-Gateway when eth1 is available for that gateway?
Also which vif interface? I see two anyway.
Total devices: lo, eth0, eth1, vifX, vifY
Dev/Control_Port_Filter_Proxy#tcpdump_-_Less_Important)
On another note, I didn’t manage to make the tcpdump command work with any device/interface.
1 Like
Dev/Control_Port_Filter_Proxy#onion_client_auth_add
Says that requires extensive modifications to the default profiles and shows that profile.
But then is /usr/share/doc/onion-grater-merger/examples/40_onion_authentication.yml not enough? Not good enough?
1 Like
Improvement request to onion-grater-list
available, used
The available will list every available profile of couse and used the included ones. I think this helps people see which are the available profiles, just a wrapper to ls the examples dir.
1 Like
This is important because not allowing this in Tor Browser might result in Tor Browser being broken one day. Then we would have to address it with onion-grater… Which could be difficult → onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands - Design Documentation - Whonix
Therefore good to mention.
Depends. What was the follow-up of
? Is there no a clockskew related Tor control protocol command or some other change in result of that ticket?