[tor-bugs] #10267 [Tor]: [PATCH] Fixed transparent proxy destination lookup on FreeBSD
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 2 00:48:07 UTC 2014
#10267: [PATCH] Fixed transparent proxy destination lookup on FreeBSD
-----------------------------+--------------------------------
Reporter: yurivict | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by yurivict1):
I agree with your suggestions about tor_addr_from_sockaddr() and keeping
the flag "/dev/pf exists"
On FreeBSD ipfw is the default, and to the minimal degree, is always used
for the default allow-all rule. It can't be turned off completely, and
also no additional rules can be added when pf is used. pf is a special-
case, replacement firewall functionality. So opening /dev/pf is probably
the best way to check what is the current firewall type in use.
You are right, this leaves the possibility for somebody to just connect to
that address without firewall forwarding and then getsockaddr would
produce the (meaningless) local address. This would be the error
condition. Tor should not be trying to recursively connect to its own
TransPort.
Another possibility is to allow the user to set the firewall type in
config file, for example like this:
TransFirewallType ipfw
But this may be an overkill for this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10267#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list