[tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 1 06:07:49 UTC 2016


#18693: New SOCKS port restriction to only allow connections to .onion
---------------------------+------------------------------------
 Reporter:  ioerror        |          Owner:
     Type:  enhancement    |         Status:  assigned
 Priority:  Very Low       |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  .5
Parent ID:                 |         Points:  .5
 Reviewer:  special        |        Sponsor:  SponsorR-can
---------------------------+------------------------------------
Changes (by teor):

 * owner:  teor =>
 * status:  needs_information => assigned


Comment:

 Replying to [comment:8 special]:
 > > +      log_warn(LD_CONFIG, "You have a %sPort entry with DNSRequest
 enabled, "
 > > +               "but IPv4 and IPv6 disabled; DNS-based sites won't
 work.",
 > > +               portname);
 >
 > This is a valid configuration for a SOCKS port that only handles RESOLVE
 requests, isn't it?

 Well, let's not do that then.
 But don't they have to use IPv4 or IPv6 to process the resolve? Or do they
 just ask the Exit?

 > f63b322a77e41942546675f5229e134f50fc4b63
 >
 > So if I understand correctly, this is a behavior change: NATD and Trans
 ports will no longer allow IPv6 traffic by default. Is that right?

 Oops, we don't want that.

 I think it's better to set these defaults when we process the port
 configuration line, because otherwise they override the settings in the
 port configuration itself (you can't turn IPv6 off, at least in the onion-
 only case, and maybe other cases as well).

 This is complicated by the fact that port configs are initialised in 3
 different places. It will be easier to keep the NATD and Trans behaviour
 if that's refactored into one place.

 Un-assigning from me because I'm not sure if I can do this patch before
 0.2.9.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18693#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list