[tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
Rusty Bird
rustybird at openmailbox.org
Wed Apr 2 17:59:26 UTC 2014
Rusty Bird:
> I've reproduced those packets on kernel 3.13 using your iptables rules.
> Strangely enough my own personal transproxy setup does not exhibit this
> issue [...]
Maybe it can be boiled down to this: When redirecting *and* filtering,
the filtering should be done in OUTPUT (instead of INPUT), because there
you can also verify that the traffic has been redirected to the right place.
Rusty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140402/37d96278/attachment.sig>
More information about the tor-talk
mailing list