[tor-bugs] #13924 [Tor]: Reachability testing and channel is_local assume private addresses are local (was: Reachability testing and channel is_local assume DirAllowPrivateAddresses is 0)

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Dec 25 13:33:52 UTC 2014 

#13924: Reachability testing and channel is_local assume private addresses are
local
------------------------+--------------------------------
     Reporter:  teor    |      Owner:  teor
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:
    Component:  Tor     |    Version:  Tor: 0.2.6.1-alpha
   Resolution:          |   Keywords:  tor-relay
Actual Points:          |  Parent ID:  #13718
       Points:          |
------------------------+--------------------------------
Description changed by teor:

Old description:

> Split from #13718.
>
> The way tor determines reachability is broken for test, internal, and
> local networks.
>
> When we set is_local on a channel, we assume DirAllowPrivateAddresses is
> 0.
>
> I'm working on a patch that, when we're on a local address and
> DirAllowPrivateAddresses is 1, then checks whether we're connecting to
> our own digest, or another router's.
>
> When we don't (yet) have this information (e.g. a reverse proxied
> connection), I think it's safer to assume local, and defer confirmation
> of reachability until we know who is at the other end. (This is no worse
> than the current behaviour.)

New description:

 Split from #13718.

 The way tor determines reachability is broken for test, internal, and
 local networks.

 When we set is_local on a channel, we assume private addresses are local
 ~~DirAllowPrivateAddresses is 0~~. We then use is_local to determine
 whether a connection is from another router.

 To properly bootstrap a testing tor network on private address(es), we
 must assume that every incoming OR connection is remote.

 So we ignore is_local when TestingTorNetwork is 1.

 ~~I'm working on a patch that, when we're on a local address and
 DirAllowPrivateAddresses is 1, then checks whether we're connecting to our
 own digest, or another router's.~~

 ~~When we don't (yet) have this information (e.g. a reverse proxied
 connection), I think it's safer to assume local, and defer confirmation of
 reachability until we know who is at the other end. (This is no worse than
 the current behaviour.)~~

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13924#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list