Detect Whonix and Tails, connect to their Tors specially

Author: nabijaczleweli

swap-tor/Cargo.toml

@@ -10,6 +10,7 @@ anyhow = { workspace = true }
 arti-client = { workspace = true, features = ["static-sqlite", "tokio", "rustls", "onion-service-service"] }
 data-encoding = "2.6"
 libp2p = { workspace = true, features = ["tcp", "dns", "tokio"] }
+once_cell = { workspace = true }
 
 # Tokio
 tokio = { workspace = true, features = ["net"] }

swap-tor/src/lib.rs

@@ -2,6 +2,7 @@ use arti_client::TorClient;
 use libp2p::core::multiaddr::Protocol;
 use libp2p::core::transport::{ListenerId, TransportEvent};
 use libp2p::{Multiaddr, Transport, TransportError};
+use std::fs;
 use std::future::Future;
 use std::net::SocketAddr;
 use std::pin::Pin;
@@ -160,3 +161,46 @@ impl std::fmt::Debug for TorBackend {
         })
     }
 }
+
+#[derive(Copy, Clone, Debug)]
+pub enum SpecialTorEnvironment {
+    /// Torsocksed userland, Tor control and SOCKS5 in `$TOR_...`, well-known SOCKS5 at `127.0.0.1:9050`
+    ///
+    /// The `$TOR_...` configuration uses unix-domain sockets which we'd have to wrap ourselves
+    ///
+    /// We can't support a hypothetical `TorsocksTransport` that'd substitute
+    ///   /onion3/cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd:13
+    /// with
+    ///   /dns/cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd.onion/tcp/13
+    /// then forward to TcpTransport,
+    /// because [hickory-resolver refuses to resolve `.onion` addresses](https://github.com/hickory-dns/hickory-dns/issues/3331).
+    Whonix,
+    /// Well-known SOCKS5 at `127.0.0.1:9050`, cf. `/usr/local/bin/curl`
+    ///
+    /// Userland pretends it's torsocksed but dialling actually doesn't work at all; *all* network traffic must go through SOCKS5.
+    Tails,
+}
+
+pub static TOR_ENVIRONMENT: once_cell::sync::Lazy<Option<SpecialTorEnvironment>> =
+    once_cell::sync::Lazy::new(|| {
+        if fs::exists("/usr/share/whonix/marker").unwrap_or(false) {
+            Some(SpecialTorEnvironment::Whonix)
+        } else if fs::read_to_string("/etc/os-release")
+            .unwrap_or(String::new())
+            .contains(r#"ID="tails""#)
+        {
+            Some(SpecialTorEnvironment::Tails)
+        } else {
+            None
+        }
+    });
+
+impl SpecialTorEnvironment {
+    pub fn backend(self) -> TorBackend {
+        match self {
+            Self::Whonix | Self::Tails => TorBackend::Socks(SocksServerAddress(
+                (std::net::Ipv4Addr::LOCALHOST, 9050).into(),
+            )),
+        }
+    }
+}

swap/src/common/tor.rs

@@ -13,10 +13,14 @@ use tor_rtcompat::tokio::TokioRustlsRuntime;
 
 /// Creates an unbootstrapped Tor client or connects to well-known Tor daemon, depending on configuration.
 ///
-/// 1. if the caller requests (user enables) `tor`: prepare an Arti client
-/// 2. `None`
+/// 1. if on a system with special Tor requirements (Whonix, Tails): call the daemon appropriately
+/// 2. if the caller requests (user enables) `tor`: prepare an Arti client
+/// 3. `None`
 pub async fn create_tor_client(data_dir: &Path, tor: bool) -> Result<TorBackend, Error> {
-    Ok(if tor {
+    Ok(if let Some(ste) = *TOR_ENVIRONMENT {
+        tracing::info!("On {ste:?}, not starting Tor");
+        ste.backend()
+    } else if tor {
         TorBackend::Arti(Arc::new(create_arti_tor_client(data_dir).await?))
     } else {
         TorBackend::None