[tor-bugs] #28525 [Core Tor/Tor]: Make tor_addr_is_internal_() aware of RFC 6598 (Carrier Grade NAT/Large Scale NAT) IPv4 Ranges
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 17 04:22:01 UTC 2018
#28525: Make tor_addr_is_internal_() aware of RFC 6598 (Carrier Grade NAT/Large
Scale NAT) IPv4 Ranges
--------------------------+------------------------------------
Reporter: neel | Owner: neel
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ipv6 | Actual Points:
Parent ID: | Points:
Reviewer: nickm | Sponsor:
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:11 nickm]:
> This patch does what it is supposed to do. It would be good to have a
test.
>
> One problem here is that I'm not sure that this changed behavior is
correct. If you have an address inside a carrier NAT, you have the worst
of both worlds: it is an address that the public internet cannot reach,
but it is an address that other random people on your internet provider
can still connect to. In other words, these addresses are not useful
enough to call them public, but not safe enough to call them private. So
we need to treat these addresses as internal for the purpose of "can this
address go onto the public tor network", but we need to treat them as non-
internal for the purpose of "is it safe to have a socksport/extorport/etc
here."
>
> The main purpose of the rest of my review here is to see what else we
would need to change to make sure this change is safe. I'm going to do
this by looking at all the users of tor_addr_is_internal in the codebase.
>
> * In warn_nonlocal_client_ports(), we will stop warning about binding
a socksport to one of these addresses. Is this a problem? I need more
guidance from others.
We should not let random people at your ISP connect to your SOCKSPorts.
> * In warn_nonlocal_ext_orports(), we will stop warning about binding
an extorport to one of these addresses. (same note as above)
We should not let random people at your ISP connect to your ExtORPorts.
> * In connection_is_rate_limited(), we no longer count connections to
or from one of these addresses as having any rate limits.
If these addresses aren't allowed to be ORPorts on the public network,
then rate limits probably aren't needed. There might be the rare case of a
private bridge that we need to think about.
> * In channeltls.c [which calls tor_addr_is_internal via
is_local_addr()], we count any OR connections to these addresses as
"local", which seems unwise.
I don't know what local OR connections mean. I'd need to look at the code
and check.
> But all the other cases that I could find seemed like an improvement.
>
> Maybe what we need here is to replace the `for_listening` argument with
a more general set of bitflags?
Seems sensible.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28525#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list