[tor-dev] Anycast Exits (related : Special-use-TLD support)

Tim Wilson-Brown - teor teor2345 at gmail.com
Wed Sep 30 13:39:29 UTC 2015 

> On 30 Sep 2015, at 14:53, Jeff Burdges <burdges at gnunet.org> wrote:
> ...
> Filename: xxx-anycast-exit.txt
> Title: Anycast Exit
> Author: Jeffrey Burdges
> Created: 28 September 2015
> Status: ?
> Implemented-In: ?
>> Server Side
> 
>  We propose an AnycastExit Tor configuration option
> 
>    AnycastExit <protocol> <host>:<port>
> 
>  Here protocol must be a string consisting of letters, numbers, and
>  underscores.
> 
>  There are two changes Tor's behavior resulting from this option :
> 
>  First, Tor adds the line "ACE <protocol> <host>:<port>" to the node's
>  full descriptor.
> 
>  Second, Tor allows connections to ip:port as if the torrc contains :
>    ExitPolicy allow<host>:<port>
>  As ExitPolicyRejectPrivate defaults to 1, these policies should be
>  allowed even if the ip lies in a range usually restricted.
>  In particular localhost and 127.0.0.1 are potentially allowed.

Tor exit policies don’t contain hostnames like “localhost", did you mean 127.0.0.0/8 and ::1?

I am concerned about the security considerations of opening up local addresses, as local processes often trust connections from the local machine. Perhaps we could clarify it to say that only the specific port on 127.0.0.0/8 and ::1 is allowed?

I also suggest that we specify the following rules based on the current (0.2.7.3) implementation of policies_parse_exit_policy_internal:
* Block all IPv6 if IPv6Exit is 0
* If AnycastExit is set, allow 127.0.0.0/8:port and, if IPv6Exit is 1, [::1]:port
* If ExitPolicyRejectPrivate is 1:
  * reject private addresses (0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, [::]/8, [fc00::]/7, [fe80::]/10, [fec0::]/10, [ff00::]/8, [::]/127)
  * reject relay’s configured IPv4 and IPv6 address
  * reject relay’s interfaces’ IPv4 and IPv6 addresses
* Then add the default exit policy

Regards

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150930/54c7ec2f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150930/54c7ec2f/attachment.sig>

More information about the tor-dev mailing list