[tor-talk] [tor-dev] Linux kernel transproxy packet leak (w/ repro case + workaround)
abel at guardianproject.info
Wed Apr 9 17:50:24 UTC 2014
> On Saturday 29 March 2014 03:10:47 grarpamp wrote:
> > On Fri, Mar 28, 2014 at 5:20 PM, intrigeri <intrigeri at boum.org> wrote:
> > > grarpamp wrote (28 Mar 2014 21:02:35 GMT) :
> > >> [...] what happens with entire vm IP transproxy (perhaps like
> > >> Tails)?
> > >
> > > Tails only uses a transproxy for the automapped .onion addresses:
> > > https://tails.boum.org/contribute/design/Tor_enforcement/
> > My mistake. I think I meant to say whonix , just haven't followed
> > the developments of those two projects in quite some time.
> >  Or any model that sandboxes apps/OS/vm behind a firewall that
> > redirects all tcp and dns traffic into tor Trans* options and drops
> > the rest.
> As the maintainer of the qubes-tor (TorVM) plugin for Qubes, I'm definitely
> interested in this answer as I imagine Patrick @ whonix is too.
> I'll see if I can reproduce this bug with the Qubes context 
> : https://github.com/abeluck/qubes-tor/blob/master/start_tor_proxy.sh
Yup, qubes-tor (TorVM) does leak these packets. If explicit egress was
configured, it wouldn't have, but it isn't. Fix is incoming!
More information about the tor-talk