False warning(?) and logging

maillist maillist at piirakka.com
Tue Jun 21 07:40:32 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry for flooding I forgot also this:


ExitPolicy reject *:25
ExitPolicy reject *:6660-6669
Exitpolicy reject 217.78.206.0/24:*
Exitpolicy reject 62.241.240.0/24:*
Exitpolicy reject 62.197.172.0/24:*
Exitpolicy reject 192.168.0.0/16:*
Exitpolicy reject 10.0.0.0/8:*
ExitPolicy accept *:*

With my old exit policy (above)  I didn't get any warnings.

Markus

- ----- Original Message -----
From: "maillist" <maillist at piirakka.com>
To: <or-talk at freehaven.net>
Sent: Tuesday, June 21, 2005 10:35 AM
Subject: Re: False warning(?) and logging


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm running on Linux  2.6.10-1-k7  i686 GNU/Linux and Tor version
> 0.1.0.10.
>
> Markus
>
> - ----- Original Message -----
> From: "maillist" <maillist at piirakka.com>
> To: <or-talk at freehaven.net>
> Sent: Tuesday, June 21, 2005 10:31 AM
> Subject: False warning(?) and logging
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi
>>
>> I had to change my nodes exit policy to much stricter due abuse, now my
>> node
>> only allows traffic to port 80 and 443 (thats just sad but hope it
>> helps).
>> When I restarted my node (do you have to restart node If policy changes?)
>> I
>> got following warning messages:
>>
>> Jun 21 10:13:14.751 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts localhost (127.x)
>> Jun 21 10:13:14.752 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts addresses in private network
>> 10.x
>> Jun 21 10:13:14.752 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts addresses in private network
>> 169.254.x
>> Jun 21 10:13:14.752 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts addresses in private network
>> 172.16.x
>> Jun 21 10:13:14.752 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts addresses in private network
>> 192.168.x
>>
>> Ok, my mistake. Added some lines to config, heres the whole exit policy:
>>
>> # Just for showoff
>> ExitPolicy reject *:25
>>
>> Exitpolicy reject 217.78.206.0/24:*
>> Exitpolicy reject 62.241.240.0/24:*
>> Exitpolicy reject 62.197.172.0/24:*
>> Exitpolicy reject 192.168.0.0/16:*
>> Exitpolicy reject 10.0.0.0/8:*
>> ExitPolicy reject 127.0.0.0/8:*
>> ExitPolicy reject 169.254.0.0/16:*
>> ExitPolicy reject 172.16.0.0/16:*
>>
>> ExitPolicy accept *:80
>> ExitPolicy accept *:443
>>
>> ExitPolicy reject *:*
>>
>>
>> Then I restarted my node:
>>
>> Jun 21 10:19:28.418 [warn]
>> exit_policy_implicitly_allows_local_networks():
>> Exit policy accept *:80 implicitly accepts addresses in private network
>> 172.16.x
>> done.
>>
>> Uh? Other messages disappeared but warning about 172.16.x... Bug or my
>> mistake?
>>
>> And logging (from my nodes config):
>> ## Send all messages of level 'notice' or higher to
>> /var/log/tor/notices.log
>> Log notice file /var/log/tor/notices.log
>>
>> Doesnt that mean that level 'warn' should go there too? Well it doesn't,
>> those warnings about exit policys never ended up in logs... How to fix
>> this
>> and really log notices and higher?
>>
>>
>> And third, is this anything to worry about?
>> directory_handle_command_get(): Client asked for the mirrored directory,
>> but
>> we don't have a good one yet. Sending 503 Dir not available.
>>
>>
>> Markus
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
>> Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE
>>
>> iD8DBQFCt8JH6fSN8IKlpYoRAqWRAJ43nB12Je0Wg4YXwNuoLymzHDKTZgCgm+gs
>> 1ulKqhF6oz7eMti2JWTMnsg=
>> =wBxp
>> -----END PGP SIGNATURE-----
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
> Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE
>
> iD8DBQFCt8Mr6fSN8IKlpYoRAgGYAKCiVcNmZaRbsSHxmRp0nFWOdpu8eQCgovZL
> 7qWW4BHVobl3QosVlqCa6zQ=
> =5Ia7
> -----END PGP SIGNATURE-----
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE

iD8DBQFCt8R16fSN8IKlpYoRAiAXAJ4vrrSRSuEkAqLHKCofe22UM4UpZQCcDOU0
sVJG1RxJ5i6sbCllq4c5EbA=
=MN3p
-----END PGP SIGNATURE-----

More information about the tor-talk mailing list