[tor-bugs] #7555 [Tor]: MapAddress from FQDN to .onion fails because resolve requests for hidden services are not allowed.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 23 12:50:52 UTC 2012
#7555: MapAddress from FQDN to .onion fails because resolve requests for hidden
services are not allowed.
--------------------+-------------------------------------------------------
Reporter: aagbsn | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: Tor | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Description changed by aagbsn:
Old description:
> Example torrc:
>
> MapAddress irc.oftc.net 37lnq2veifl4kar7.onion
>
> (Why would I want to do that? So that the host my IRC client connects to
> matches the SSL certificate prested by the server)
>
> Here's what a connection to a hidden service without a MapAddress looks
> like.
> {{{
> Nov 22 13:41:54.000 [debug] connection_ap_handshake_rewrite_and_attach():
> Client asked for [scrubbed]:7000
> Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
> Got a hidden service request for ID '[scrubbed]'
> Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
> Unknown descriptor [scrubbed]. Fetching.
> Nov 22 13:41:54.000 [debug] rend_client_refetch_v2_renddesc(): Fetching
> v2 rendezvous descriptor for service [scrubbed]
> }}}
>
> And here's what happens with the above MapAddress:
>
> {{{
> Nov 22 13:53:52.000 [debug] connection_ap_handshake_rewrite_and_attach():
> Client asked for [scrubbed]:0
> Nov 22 13:53:52.000 [info] addressmap_rewrite(): Addressmap: rewriting
> [scrubbed] to [scrubbed]
> Nov 22 13:53:52.000 [warn] Resolve requests to hidden services not
> allowed. Failing.
> }}}
>
> So it looks like the socks client tries to resolve www.duckduckgo.com,
> the address gets rewritten to 3g2upl4pq6kufc4m.onion, and then the
> request fails because resolving .onion doesn't make sense. Where do
> resolve requests for .onion normally get handled? I think I'd probably
> want to catch this MapAddress case in addressmap_rewrite and then proceed
> as usual for hidden services.
>
> Thanks for any pointers!
New description:
Example torrc:
MapAddress irc.oftc.net 37lnq2veifl4kar7.onion
(Why would I want to do that? So that the host my IRC client connects to
matches the SSL certificate presented by the server)
Here's what a connection to a hidden service without a MapAddress looks
like.
{{{
Nov 22 13:41:54.000 [debug] connection_ap_handshake_rewrite_and_attach():
Client asked for [scrubbed]:7000
Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
Got a hidden service request for ID '[scrubbed]'
Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
Unknown descriptor [scrubbed]. Fetching.
Nov 22 13:41:54.000 [debug] rend_client_refetch_v2_renddesc(): Fetching v2
rendezvous descriptor for service [scrubbed]
}}}
And here's what happens with the above MapAddress:
{{{
Nov 22 13:53:52.000 [debug] connection_ap_handshake_rewrite_and_attach():
Client asked for [scrubbed]:0
Nov 22 13:53:52.000 [info] addressmap_rewrite(): Addressmap: rewriting
[scrubbed] to [scrubbed]
Nov 22 13:53:52.000 [warn] Resolve requests to hidden services not
allowed. Failing.
}}}
So it looks like the socks client tries to resolve www.duckduckgo.com, the
address gets rewritten to 3g2upl4pq6kufc4m.onion, and then the request
fails because resolving .onion doesn't make sense. Where do resolve
requests for .onion normally get handled? I think I'd probably want to
catch this MapAddress case in addressmap_rewrite and then proceed as usual
for hidden services.
Thanks for any pointers!
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7555#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list