[tor-bugs] #19919 [Core Tor/Tor]: If ORPort address is publicly routable, use it to guess Address
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 13 23:25:32 UTC 2016
#19919: If ORPort address is publicly routable, use it to guess Address
--------------------------+-------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version: Tor: 0.2.5.10
Severity: Normal | Resolution:
Keywords: 030-proposed | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
--------------------------+-------------------------------
Comment (by teor):
Replying to [comment:5 s7r]:
> Replying to [comment:4 teor]:
> > > Also, I think it's fine to also assume `OutboundBindAddress` is the
same IP address (first publicly routable Advertised ORPort), unless
otherwise explicitly set in torrc. This can apply to both IPv4 and IPv6
without any problems.
> >
> > Not when the relay is behind a NAT: OutboundBindAddress is the
*internal* address.
> > And if we use this default, there's no way to specify "your default
interface", which is the current default behaviour. Unless there's a
specific issue here that's causing confusion, let's just leave this alone.
Or tackle it in a separate ticket.
> >
> Also true. So we need more cases:
> 1. Simple ORPort (where user just enters ORPort 9001)
> 2. Flagged ORPort (where user enters ORPort 9001 NoListen OR
NoAdvertise)
> 3. Explicit ORPort (where user enters ORPort public.ip:9001)
> 4. Explicit flagged ORPort (where user enters ORPort public.ip:9001
NoListen OR NoAdvertise)
> 5. Explicit NAT ORPort (where user enters ORPort nat.ip:9001)
> 6. Explicit flagged NAT ORPort (where user enters ORPort nat.ip:9001
NoListen or NoAdvertise)
>
> Obviously for cases 1,2,5,6 and 4 if flagged NoListen we cannot make any
assumption about `OutboundBindAddress` and that should remain as it is set
now (equal to `Address` guessed by Tor via current methods).
>
> But for case 3 and case 4 if it's not NoListen, we can assume that IP
address is also `Address` and also `OutboundBindAddress` (it's publicly
routable and it's being listened on).
Have there ever been any issues reported by relay operators about
`OutboundBindAddress` being wrong? If not, let's leave it as an advanced
option - the default seems fine for almost all relay operators. And
there's the risk that any automatic guessing gets it wrong, causing
inexplicable failures for some operators, where before it worked for them.
Otherwise, I'm all for changing `Address` selection to be more robust.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19919#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list