[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10267 [Tor]: [PATCH] Fixed transparent proxy destination lookup on FreeBSD
#10267: [PATCH] Fixed transparent proxy destination lookup on FreeBSD
-----------------------------+--------------------------------
Reporter: yurivict | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by yurivict1):
I agree with your suggestions about tor_addr_from_sockaddr() and keeping
the flag "/dev/pf exists"
On FreeBSD ipfw is the default, and to the minimal degree, is always used
for the default allow-all rule. It can't be turned off completely, and
also no additional rules can be added when pf is used. pf is a special-
case, replacement firewall functionality. So opening /dev/pf is probably
the best way to check what is the current firewall type in use.
You are right, this leaves the possibility for somebody to just connect to
that address without firewall forwarding and then getsockaddr would
produce the (meaningless) local address. This would be the error
condition. Tor should not be trying to recursively connect to its own
TransPort.
Another possibility is to allow the user to set the firewall type in
config file, for example like this:
TransFirewallType ipfw
But this may be an overkill for this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10267#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs