[tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 10 17:30:15 UTC 2014


#11010: add ClientConnectPolicy config option
-----------------------------+--------------------------------
     Reporter:  cypherpunks  |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-client
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by nickm):

 Hm.  After looking at this, I don't think I understand why you're doing
 this with full addresses, and not just ports.

 In other words, if the user allows "1.2.3.4/80", and then Tor receives a
 SOCKS connection for "www.example.com:80", should the code allow the
 request to be made or not?  Keep in mind that a BEGIN cell does a lookup
 and a connect in one step: Tor won't know whether www.example.com resolved
 to 1.2.3.4 until the connection is made.  With this patch, I think the
 answer will depend on whether the user said to allow 0.0.0.0, which can't
 really be the right behavior.

 Given that address-based rules don't work the way that users might expect
 here, are we losing anything important by having this be address-and-port
 based rather than port-based alone?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11010#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list