Yesterday I wrote about Tor on Firefox OS. Further testing showed an issue when switching networks - a common thing to happen when carrying a mobile device. The iptables rule I was using didn't exclude the tor process itself from having traffic redirected. When a network switch occurred tor would attempt to reestablish connections and this would fail.

A fix for this is to exclude tor from the iptables rules or to use rules for specific processes only. The processes that belong to an Firefox OS application be be viewed with b2g-ps :

APPLICATION SEC USER PID PPID VSIZE RSS NAME b2g 0 root 181 1 494584 135544 /system/b2g/b2g (Nuwa) 0 root 830 181 55052 20420 /system/b2g/plugin-container Built-in Keyboa 2 u0_a912 912 830 67660 26048 /system/b2g/plugin-container Vertical 2 u0_a1088 1088 830 103336 34428 /system/b2g/plugin-container Usage 2 u0_a4478 4478 830 65544 23584 /system/b2g/plugin-container Browser 2 u0_a26328 26328 830 75680 21164 /system/b2g/plugin-container Settings 2 u0_a27897 27897 830 79840 28044 /system/b2g/plugin-container (Preallocated a 2 u0_a28176 28176 830 62316 18556 /system/b2g/plugin-container

Unfortunately the iptables that ships with Firefox OS doesn't seem to support the --pid-owner option for rule selection so I can't select specifically the tor or application processes. I can however select based on user or group . Each application gets their own user so the option to redirect traffic for applications can use that. I wasn't able to get this working reliably though so I switched to targeting the tor process itself.

In my writeup I ran tor as root. I need to run as a different user so that I can use --uid-owner on iptables . Firefox OS inherits the Android method of users and groups where specific users are hardcoded into the system. Since this is a proof of concept and I want to get things working quickly I decided to pick an existing user, system , and run tor as that. By setting the User option in the Tor configuration file I can have Tor switch to that user at run time. Nothing is ever that easy though as user does not have permission to do the many things that tor requires. It can't create sockets for example.

Enter Linux capabilities. It is possible to grant a process certain capabilities which give it the right to perform priviledged actions without being a superuser. There is an existing Tor trac ticket about this and I used the sample code in that ticket to modify tor to keep the required capabilities when it switches user, I put the code I cobbled together to patch tor in tor.patch.

To use this change the Building tor section of my original post to use these commands:

$ cd $HOME/build $ wget https://www.torproject.org/dist/tor-0.2.4.22.tar.gz $ cd tor-0.2.4.22 $ curl http://bluishcoder.co.nz/b2g/tor.patch | patch -p1 $ ./configure --host=arm-linux-androideabi \ --prefix=$HOME/build/install \ --enable-static-libevent $ make $ make install

Change the Tor configuration file to switch the user to system in the Packaging Tor for the device section:

DataDirectory /data/local/tor/tmp SOCKSPort 127.0.0.1:9050 IsolateDestAddr SOCKSPort 127.0.0.1:9063 RunAsDaemon 1 Log notice file /data/local/tor/tmp/tor.log VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 9053 User system

I've also changed the location of the data files to be in a tmp directory which needs to be given the system user owner. Change the steps in Running tor to:

$ adb shell # cd /data/local/tor # mkdir tmp # chown system:system tmp # ./tor -f torrc & # iptables -t nat -A OUTPUT ! -o lo -m owner ! --uid-owner system \ -p udp --dport 53 -j REDIRECT --to-ports 9053 # iptables -t nat -A OUTPUT ! -o lo \ -m owner ! --uid-owner system \ -p tcp -j REDIRECT --to-ports 9040

Now tor should work in the presence of network switching. I've updated the b2g_tor.tar.gz to include the new tor binary, the updated configuration file, and a couple of shell scripts that will run the iptables commands to redirect traffic to tor and to cancel the redirection.

As before the standard disclaimer applies:

All files and modifications described and provided here are at your own risk. This is a proof of concept. Don't tinker on devices you depend on and don't want to risk losing data. These changes are not an official Mozilla project and do not represent any future plans for Mozilla projects.

This is probably as far as I'll take things for now with this proof of concept and see what happens from here after using it for a while.