[tor-bugs] #19919 [Core Tor/Tor]: If ORPort address is publicly routable, use it to guess Address

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 15 01:53:54 UTC 2016 

#19919: If ORPort address is publicly routable, use it to guess Address
--------------------------+-------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.5.10
 Severity:  Normal        |     Resolution:
 Keywords:  030-proposed  |  Actual Points:
Parent ID:                |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+-------------------------------

Comment (by teor):

 Replying to [comment:7 s7r]:
 > Replying to [comment:6 teor]:
 > > Have there ever been any issues reported by relay operators about
 `OutboundBindAddress` being wrong? If not, let's leave it as an advanced
 option - the default seems fine for almost all relay operators. And
 there's the risk that any automatic guessing gets it wrong, causing
 inexplicable failures for some operators, where before it worked for them.
 > >
 > > Otherwise, I'm all for changing `Address` selection to be more robust.
 >
 > Not that I am aware of. But it makes sense for cases 3 and 4 if not
 NoListen to assume `OutboundBindAddress` == `Address` == first publicly
 routable explicitly configured ORPort that we listen on. The logic here is
 that usually an explicit ORPort listening on public IP is configured on
 boxes with multiple public IP addresses, and the user wants to assign one
 of them for the relay (or run multiple different Tor instances/relays)
 case in which having the outgoing address the same with the one we receive
 traffic on is reasonable.
 >
 > If it's just few more lines of code to also add this algorithm for
 `OutboundBindAddress` only for cases 3 and 4 if not NoListen, it could
 payoff (there is no risk, if it's configured as ORPort obviously it's an
 IP to be used with Tor, so making sure we also use it for outgoing
 shouldn't be catastrophic).
 >
 > If it's not so easy then yes, `Address` is of course the most important
 part of the problem.

 It is more complex: Tor never modifies the current OutboundBindAddress,
 and has no mechanism for guessing that address. Please open a separate
 ticket for OutboundBindAddress.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19919#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list