Retrieve connection information despite DisableDebuggerAttachment
For years tor's DisableDebuggerAttachment has been the bane of nyx. The feature wasn't intended to effect us, but screws with proc permissions breaking every connection resolver we have... https://trac.torproject.org/projects/tor/ticket/15259 Currently we read /proc/<pid>/fd to get connection inodes, then use that determine what from /proc/net/tcp belongs to our process. Tor's DisableDebuggerAttachment breaks that by making /proc/<pid>/fd only readable by root. However, even without knowing the inodes we can identify tor related connections by if they go to a relay or our ORPort/DirPort/ControlPort. This is exactly what nyx already does to identify a connection's type. TL;DR. Connection resolution works all the time now. Only drawbacks are... * Connection resolution can't work until we have consensus information. This can take a few seconds so we don't show connections right away. * When resolving this way we can't show client or exit connections. Nyx already scrubbed these so it's not a big loss, but means we now don't even show that they exist. If the user sets 'DisableDebuggerAttachment 0' in their torrc we still do connection resolution via the normal method.
parent
ff84e0da
Please register or sign in to comment