[tor-bugs] #5304 [Circumvention/Obfs4]: Obfsproxy should respect OutboundBindAddress in torrc

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 2 17:47:26 UTC 2019 

#5304: Obfsproxy should respect OutboundBindAddress in torrc
-------------------------------------------------+-------------------------
 Reporter:  korobkov                             |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/Obfs4                  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  needs-spec-change needs-tor-change,  |  Actual Points:  1.25
  anti-censorship-roadmap                        |
Parent ID:  #30471                               |         Points:  1
 Reviewer:  phw                                  |        Sponsor:
                                                 |  Sponsor28-must
-------------------------------------------------+-------------------------

Comment (by dcf):

 It seems like `TOR_PT_OUTBOUND_BIND_ADDRESS_V*` should not be a single
 address, but should be tied to specific transport names, just like
 `TOR_PT_SERVER_BINDADDR` is. Otherwise there's no way to use different
 outbound addresses for different outbound transports, or set an outbound
 address for only one transport and let the other use the default.

 It would be good for implementation to reuse the `TOR_PT_SERVER_BINDADDR`
 syntax. Something like:
 {{{
 TOR_PT_OUTBOUND_BIND_ADDRESS_V4=obfs4-0.0.0.0:5000
 }}}

 Remember that tor can run multiple transport plugins, and a transport
 plugin can run multiple transports. The PT spec already has the bug that
 you cannot run multiple instances of the same named transport with
 different options (because options are keyed by transport name); so it
 would be good to avoid making the problem worse with options that can only
 be specified globally.

 ----

 An alternative to extending the PT spec is to use per-connection arguments
 (on the client side), or SMETHOD ARGS: (on the server side). After all,
 the notion of a "port" or an "outbound address" only applies to a subset
 of notional transports. This could be something to be handled at the level
 of the individual transport implementation, not globally at the level of
 the PT spec.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5304#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list