[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r5523 - in GNUnet: . contrib src/transports
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r5523 - in GNUnet: . contrib src/transports |
|
Date: |
Sun, 19 Aug 2007 03:38:03 -0600 (MDT) |
Author: grothoff
Date: 2007-08-19 03:37:54 -0600 (Sun, 19 Aug 2007)
New Revision: 5523
Modified:
GNUnet/README
GNUnet/contrib/config-daemon.scm
GNUnet/src/transports/http.c
Log:
enable advertised port and real port to be different
Modified: GNUnet/README
===================================================================
--- GNUnet/README 2007-08-19 09:11:29 UTC (rev 5522)
+++ GNUnet/README 2007-08-19 09:37:54 UTC (rev 5523)
@@ -196,7 +196,21 @@
https://gnunet.org/mantis/.
+Running http on port 80
+=======================
+In order to hide GNUnet's HTTP traffic perfectly, you might consider
+running GNUnet's HTTP transport on port 80. However, you should not
+run GNUnet as root. Instead, forward port 80 to say 8080 with this
+command (as root, in your startup scripts):
+
+# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 8080
+
+Then set in the HTTP section of gnunetd.conf the "ADVERTISED-PORT"
+to "80" and "PORT" to 8080.
+
+
+
Stay tuned
==========
Modified: GNUnet/contrib/config-daemon.scm
===================================================================
--- GNUnet/contrib/config-daemon.scm 2007-08-19 09:11:29 UTC (rev 5522)
+++ GNUnet/contrib/config-daemon.scm 2007-08-19 09:37:54 UTC (rev 5523)
@@ -891,6 +891,18 @@
(cons 0 65535)
'nat-unlimited))
+(define (http-advertised-port builder)
+ (builder
+ "HTTP"
+ "ADVERTISED-PORT"
+ (_ "Which is the external port of the HTTP transport?")
+ (_ "Use this option if your firewall maps say port 80 to your real HTTP port.
This can be useful in making the HTTP messages appear even more legit (without
the need for running gnunetd as root due to the use of a priviledged port).")
+ '()
+ #t
+ 80
+ (cons 0 65535)
+ 'nat-unlimited))
+
(define (http builder)
(builder
"HTTP"
Modified: GNUnet/src/transports/http.c
===================================================================
--- GNUnet/src/transports/http.c 2007-08-19 09:11:29 UTC (rev 5522)
+++ GNUnet/src/transports/http.c 2007-08-19 09:37:54 UTC (rev 5523)
@@ -597,6 +597,27 @@
}
/**
+ * Get the GNUnet HTTP port from the configuration, or from
+ * /etc/services if it is not specified in the config file.
+ */
+static unsigned short
+getGNUnetAdvertisedHTTPPort ()
+{
+ unsigned long long port;
+
+ if (!GC_have_configuration_value (coreAPI->cfg, "HTTP", "ADVERTISED-PORT"))
+ {
+ port = getGNUnetHTTPPort ();
+ }
+ else if (-1 == GC_get_configuration_value_number (coreAPI->cfg,
+ "HTTP",
+ "ADVERTISED-PORT", 0,
+ 65535, 80, &port))
+ port = getGNUnetHTTPPort ();
+ return (unsigned short) port;
+}
+
+/**
* A (core) Session is to be associated with a transport session. The
* transport service may want to know in order to call back on the
* core if the connection is being closed. Associate can also be
@@ -681,7 +702,7 @@
HostAddress *haddr;
unsigned short port;
- port = getGNUnetHTTPPort ();
+ port = getGNUnetAdvertisedHTTPPort ();
if (0 == port)
{
GE_LOG (NULL,
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r5523 - in GNUnet: . contrib src/transports,
gnunet <=