[tor-bugs] #3982 [Tor Client]: MAPADDRESS for IP ranges (CIDR, etc)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Sep 10 08:19:11 UTC 2011 

#3982: MAPADDRESS for IP ranges (CIDR, etc)
-------------------------+--------------------------------------------------
 Reporter:  grarpamp     |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  normal       |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client   |        Version:  Tor: 0.2.2.32     
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
 The general idea is to have MAPADDRES match blocks of IP addresses with
 one rule:
 MAPADDRESS 1.2.3.4/18 1.2.3.4/18.<fingerprint>.exit

 Very useful for:
 o  Same as domain wildcarding...
 o  Constraining known destination ranges to an exit. VPN's, corporate/edu
 DMZ's, location aware services, location/IP restricted services, etc.
 o  Catchall for unexpected/unknown use of IP's. Such as websites that code
 them in html page elements, services such as multimedia farms, places that
 don't use FQDNS, etc. If you know one IP (manual resolve, or see one pop
 up), you can MAP out a good sized CIDR block without disturbing your other
 Tor traffic.
 o  Simplicity, fewer MAP rules.

 Further rationale, examples and extensions...
 DOMAINS:
  http://archives.seul.org/or/dev/Jun-2009/msg00011.html
  http://archives.seul.org/or/dev/Jun-2009/msg00023.html
 CIDR:
  http://archives.seul.org/or/talk/Oct-2009/msg00150.html
  http://archives.seul.org/or/talk/Mar-2011/msg00154.html
 MISC:
  http://archives.seul.org/or/talk/Aug-2009/msg00295.html
  http://archives.seul.org/or/talk/Dec-2010/msg00175.html
  http://archives.seul.org/or/talk/Mar-2011/msg00144.html

 Split from ticket - MAPADDRESS for Domains:
 https://trac.torproject.org/projects/tor/ticket/933

 "[We] need to figure out (or somebody else would figure out) how this
 would interact with DNS resolution. :)" --NickM

 It's already figured out... DNS is just a user/app layer on top of Tor's
 network transport, and thus DNS is not involved :)

 Tor just needs to grab whatever IP's the client ultimately requests to get
 to via SOCKS/TransPort (if and after any DNS [resolved via SOCKS, the
 host, or otherwise]), and route them through the MAPPED exit... if the
 user specified such a MAP for said IP's.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3982>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list