[tor-bugs] #10267 [Tor]: [PATCH] Fixed transparent proxy destination lookup on FreeBSD

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 2 00:48:07 UTC 2014


#10267: [PATCH] Fixed transparent proxy destination lookup on FreeBSD
-----------------------------+--------------------------------
     Reporter:  yurivict     |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor          |    Version:  Tor: unspecified
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by yurivict1):

 I agree with your suggestions about tor_addr_from_sockaddr() and keeping
 the flag "/dev/pf exists"

 On FreeBSD ipfw is the default, and to the minimal degree, is always used
 for the default allow-all rule. It can't be turned off completely, and
 also no additional rules can be added when pf is used. pf is a special-
 case, replacement firewall functionality. So opening /dev/pf is probably
 the best way to check what is the current firewall type in use.

 You are right, this leaves the possibility for somebody to just connect to
 that address without firewall forwarding and then getsockaddr would
 produce the (meaningless) local address. This would be the error
 condition. Tor should not be trying to recursively connect to its own
 TransPort.

 Another possibility is to allow the user to set the firewall type in
 config file, for example like this:
 TransFirewallType ipfw
 But this may be an overkill for this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10267#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list