tools.tor_transproxy_tools module

Per-process transparent Tor proxy via cgroup v2 + iptables NAT.

Moves a PID into a dedicated cgroup v2 slice and adds OUTPUT nat rules that REDIRECT TCP and DNS (UDP/53) to Tor’s TransPort and DNSPort. Linux iptables cannot match by PID directly; cgroup path matching is used instead.

Requires: Tor with TransPort/DNSPort (see /etc/tor/torrc), cgroup v2 mounted at /sys/fs/cgroup, iptables xt_cgroup match ( cgroup directory must exist before adding rules). Transparent TCP only except DNS; other UDP is not routed via Tor.

All tools require the UNSANDBOXED_EXEC privilege.

tools.tor_transproxy_tools.parse_tor_trans_dns_ports()[source]

Resolve the Tor TransPort and DNSPort to redirect to from torrc.

The transparent proxy must REDIRECT a process’s TCP to Tor’s TransPort and its DNS to Tor’s DNSPort, so this reads the live /etc/tor/torrc (the module-level TORRC path) to discover the ports the local Tor instance is actually listening on. It scans non-comment lines for TransPort and DNSPort directives (case-insensitive) and extracts the numeric port from each via _extract_port_from_tor_directive, so flag-only or addr:port forms are handled. When torrc is missing or a directive is absent, it falls back to the module defaults (_DEFAULT_TRANS_PORT 9040, _DEFAULT_DNS_PORT 5353).

It only reads the torrc file and has no other side effects. It is called by _tor_transproxy_status (to report the configured ports) and by _tor_transproxy_enable (to build the per-PID REDIRECT rule specs).

Return type:: tuple[int, int]
Returns:: A (trans_port, dns_port) tuple of the resolved ports.