[tor-bugs] #14958 [Tor]: address/get_if_addrs_ifaddrs and address/get_if_addrs_ioctl fail in FreeBSD jails

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 20 10:54:32 UTC 2015


#14958: address/get_if_addrs_ifaddrs and address/get_if_addrs_ioctl fail in FreeBSD
jails
------------------------+--------------------------------
     Reporter:  reezer  |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:  Tor: 0.2.6.3-alpha
   Resolution:          |   Keywords:  tor-relay
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by reezer):

 >es, that's what I meant. It is there, it just is not what it is supposed
 to be, cause the interface in there is actually the loopback of the host
 system. They are basically sharing it.

 So for example you could on the host system run netcat and inside the jail
 do a telnet 127.0.0.1 <port> and one could connect to it.

 That's a limitation of FreeBSD jails, as the network stack isn't
 completely virtualized yet. There is a project called VIMAGE to solve
 these limitations, but as of now I am not aware of any practical way to
 solve it.

 ifconfig -a looks like this:
 {{{
 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
 }}}

 No IP there, but you can still listen on 127.0.0.1, just the interface is
 shared, which might have security implications of course. Maybe it's a
 good thing that Tor now has unix socket support in these scenarios where
 you run in a FreeBSD jail.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14958#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list