[tor-bugs] #3595 [Orbot]: Connections with IPv4-mapped IPv6 addresses bypass transproxy

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Jul 14 19:04:32 UTC 2011


#3595: Connections with IPv4-mapped IPv6 addresses bypass transproxy
-------------------------+--------------------------------------------------
 Reporter:  __sporkbomb  |          Owner:  n8fr8
     Type:  defect       |         Status:  new  
 Priority:  major        |      Milestone:       
Component:  Orbot        |        Version:       
 Keywords:               |         Parent:       
   Points:               |   Actualpoints:       
-------------------------+--------------------------------------------------
 A user (DEplan on #guardianproject) reported that Gibberbot was using his
 real IP despite Orbot's transproxy being turned on; further research led
 to the conclusion that recent releases of Android seem to use IPv4-mapped
 IPv6 adresses for a large portion of connections. For examples, please see
 http://pastebin.com/Z4KDDq40. These connections completely bypass
 transproxy.

 I am not yet sure about the circumstances under which Android employs
 these addresses.

 The problems in finding a solution are that Android usually does not
 include ip6tables (though Orbot could simply package that) and kernels do
 usually not include IPv6 netfilter modules. The latter is a major issue,
 since Orbot can't package modules for every single kernel a user might be
 running.

 As a side note, IPv6 does not support NAT (which is what transproxying is
 based on).

 I'll try to figure out what triggers this behaviour of Android and find
 possible solutions (using sysctl to disable IPv6 does not solve it).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3595>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list