[tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 10 17:30:15 UTC 2014
#11010: add ClientConnectPolicy config option
-----------------------------+--------------------------------
Reporter: cypherpunks | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by nickm):
Hm. After looking at this, I don't think I understand why you're doing
this with full addresses, and not just ports.
In other words, if the user allows "1.2.3.4/80", and then Tor receives a
SOCKS connection for "www.example.com:80", should the code allow the
request to be made or not? Keep in mind that a BEGIN cell does a lookup
and a connect in one step: Tor won't know whether www.example.com resolved
to 1.2.3.4 until the connection is made. With this patch, I think the
answer will depend on whether the user said to allow 0.0.0.0, which can't
really be the right behavior.
Given that address-based rules don't work the way that users might expect
here, are we losing anything important by having this be address-and-port
based rather than port-based alone?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11010#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list