[tor-bugs] #19919 [Core Tor/Tor]: If ORPort address is publicly routable, use it to guess Address

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 13 23:25:32 UTC 2016 

#19919: If ORPort address is publicly routable, use it to guess Address
--------------------------+-------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.5.10
 Severity:  Normal        |     Resolution:
 Keywords:  030-proposed  |  Actual Points:
Parent ID:                |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+-------------------------------

Comment (by teor):

 Replying to [comment:5 s7r]:
 > Replying to [comment:4 teor]:
 > > > Also, I think it's fine to also assume `OutboundBindAddress` is the
 same IP address (first publicly routable Advertised ORPort), unless
 otherwise explicitly set in torrc. This can apply to both IPv4 and IPv6
 without any problems.
 > >
 > > Not when the relay is behind a NAT: OutboundBindAddress is the
 *internal* address.
 > > And if we use this default, there's no way to specify "your default
 interface", which is the current default behaviour. Unless there's a
 specific issue here that's causing confusion, let's just leave this alone.
 Or tackle it in a separate ticket.
 > >
 > Also true. So we need more cases:
 > 1. Simple ORPort (where user just enters ORPort 9001)
 > 2. Flagged ORPort (where user enters ORPort 9001 NoListen OR
 NoAdvertise)
 > 3. Explicit ORPort (where user enters ORPort public.ip:9001)
 > 4. Explicit flagged ORPort (where user enters ORPort public.ip:9001
 NoListen OR NoAdvertise)
 > 5. Explicit NAT ORPort (where user enters ORPort nat.ip:9001)
 > 6. Explicit flagged NAT ORPort (where user enters ORPort nat.ip:9001
 NoListen or NoAdvertise)
 >
 > Obviously for cases 1,2,5,6 and 4 if flagged NoListen we cannot make any
 assumption about `OutboundBindAddress` and that should remain as it is set
 now (equal to `Address` guessed by Tor via current methods).
 >
 > But for case 3 and case 4 if it's not NoListen, we can assume that IP
 address is also `Address` and also `OutboundBindAddress` (it's publicly
 routable and it's being listened on).

 Have there ever been any issues reported by relay operators about
 `OutboundBindAddress` being wrong? If not, let's leave it as an advanced
 option - the default seems fine for almost all relay operators. And
 there's the risk that any automatic guessing gets it wrong, causing
 inexplicable failures for some operators, where before it worked for them.

 Otherwise, I'm all for changing `Address` selection to be more robust.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19919#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list