[tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 27 02:30:01 UTC 2017 

#18100: src/or/connection_edge.c typo
-------------------------------------------------+-------------------------
 Reporter:  jirib                                |          Owner:
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.9.9
 Severity:  Normal                               |     Resolution:
 Keywords:  isaremoved, nickwants029, lorax,     |  Actual Points:
  tor-03-unspecified-201612                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by d4fq0fQAgoJ):

 System: Linux 4.10.5-1-ARCH x86_64, tor 0.2.9.9

 It appears to me that TPROXYing only works for me when connection tracking
 is active. When I apply the patch TPROXYing works for me no matter if
 conntection tracking is active or not.

 Steps to reproduce:

 Make sure no conntrack modules are loaded.
 # lsmod | grep conntrack
 should print nothing.

 Flush your firewall rules:
 # iptables -t raw -F
 # iptables -t mangle -F
 # iptables -t nat -F
 # iptables -t filter -F

 Setup TPROXYing with iptables:
 # iptables -t mangle -A PREROUTING -m socket --transparent -j ACCEPT
 # iptables -t mangle -A PREROUTING -p tcp --syn -d 127.192.0.0/10 -j
 TPROXY --on-port 9052

 Start Tor with the following config:
   SOCKSPort 0
   TransPort 9052 IsolateClientProtocol IsolateDestAddr
   TransProxyType TPROXY
   DNSPort 9053
   AutomapHostsOnResolve 1
   Log notice stdout
   DataDirectory /tmp/tor
   User tor
 # tor -f ./<TORRC>
 [notice] Opening DNS listener on 127.0.0.1:9053
 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9052

 Verify traffic to 127.192.0.0/10 is routed properly to localhost (should
 always be):
 # ip route get to 127.192.0.0/10 from 127.0.0.1
  local 127.192.0.0 from 127.0.0.1 dev lo uid 0
  cache <local>

 Ask Tor to automap an onion for us:
 # drill -p 9053 duskgytldkxiuqc6.onion @127.0.0.1

 Make sure no conntrack modules are loaded (or more precisely: connection
 tracking is not active for the path to 127.192.0.0/10), otherwise curl
 will succeed! Use the IP address reported by drill.
 # curl 127.192.A.B
 Tor will report:
 [warn] getsockopt() failed: No such file or directory
 [warn] Fetching original destination failed. Closing.

 Call curl again but this time with loaded conntrack modules.
 # modprobe nf_conntrack_ipv4
 # curl 127.192.A.B
 It should succeed now.

 Looking at the code it seems that getsockopt() is called. The patch
 activates a code path where getsockname() is called instead which seems to
 make it work even if no connection tracking is active. Maybe the author of
 that code can shed more light into that?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18100#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list