[tor-bugs] #3595 [Orbot]: Connections with IPv4-mapped IPv6 addresses bypass transproxy
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jul 14 19:04:32 UTC 2011
#3595: Connections with IPv4-mapped IPv6 addresses bypass transproxy
-------------------------+--------------------------------------------------
Reporter: __sporkbomb | Owner: n8fr8
Type: defect | Status: new
Priority: major | Milestone:
Component: Orbot | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
A user (DEplan on #guardianproject) reported that Gibberbot was using his
real IP despite Orbot's transproxy being turned on; further research led
to the conclusion that recent releases of Android seem to use IPv4-mapped
IPv6 adresses for a large portion of connections. For examples, please see
http://pastebin.com/Z4KDDq40. These connections completely bypass
transproxy.
I am not yet sure about the circumstances under which Android employs
these addresses.
The problems in finding a solution are that Android usually does not
include ip6tables (though Orbot could simply package that) and kernels do
usually not include IPv6 netfilter modules. The latter is a major issue,
since Orbot can't package modules for every single kernel a user might be
running.
As a side note, IPv6 does not support NAT (which is what transproxying is
based on).
I'll try to figure out what triggers this behaviour of Android and find
possible solutions (using sysctl to disable IPv6 does not solve it).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3595>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list