[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sat, 19 Mar 2011 18:42:14 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 19 Mar 2011 18:42:29 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=am7FuIZF2tVgpdwW9aEgjo8lp7AyPeHwjKcQ9iW8yRw=; b=vqBfRwm/p1jLOjUyOr9JO8eXVyvrCa3Ai0bDBcDQil64xSQZngrnimsBi7nFoiAqes 7NgPS1mgIoCQCHVHzRixqa6+cp48N1X9Wpryqc4XTqMgYOR1PW6Vk6VL3eB7ZhvWdt+n 0jLNIzVzhsDzVeHibBpjioS5lAw18H92OsP3k=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=RjQKyl4dN67n0qV35In2Y6hxbnXvYZfhCfszLV6aTd3uAjunId5dEfD9gei5vq6b0B e03BcAFRab0bk74jcxmm0Z0FeoasheZZMBPvkgK/Y8a4wVwVJdXFeyLSkhKNjLpFCkhT 4xfsGvVRfEWz7uYXEnhKhZ+gCdB4dcYBqJVxU=
In-reply-to: <201103191156.42511.robert@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <AANLkTik5-7S_9Gmmz_xx+j7Rkw8SqVsLh306W-tvo6Bk@xxxxxxxxxxxxxx> <201103191156.42511.robert@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

>> Wouldn't a more capable MAPADDRESS function help some of you who
>> need to anchor certain services to a specified exit over long
>> term use?

> See https://trac.torproject.org/projects/tor/ticket/933

Awesome!!! I will read it in more detail for possible further comment
midweek. Likewise, for your reference, my original detailed proposals
and rationales are here:

domains:
Jun 05/12 2009 or-dev mid:
d2e731a10906121236v1d820a98q6375a4110d67fd9c@xxxxxxxxxxxxxx
Jun    16 2009 or-talk mid:
d2e731a10906152223m3063c9aci5ef9b18751e5f953@xxxxxxxxxxxxxx
Aug    24 2009 or-talk mid:
d2e731a10908241344h3b064218n4256c41b042f2a3d@xxxxxxxxxxxxxx
Dec    20 2010 or-talk mid:
AANLkTimnKfbpNMp4m8G2-OQnAHG1rMYcAoQ4og9u9UXO@xxxxxxxxxxxxxx

cidr:
Oct    30 2009 or-talk mid:
d2e731a10910292340l108dfffy8372b52dae1b132f@xxxxxxxxxxxxxx

Should I add all this to the ticket?

> If you have anything to add, now is the time!

Yes, per the above posts, add CIDR block mapping as well:
95.0.0.0/17 -> 95.0.0.0/17.<fingerprint>.exit

For MAPADDRESS entry marking purposes, it should allow any IP
address, so long as the address lies within the block boundary:
1.2.3.77/24 -> 1.2.3.77/24.<fingerprint>.exit

I know at least FreeBSD allows you to configure interfaces like
that, with both the address and netmask in one string, so you could
find a code example for the address within boundary thing there I'm
sure.

There are more examples in the above posts, particularly:
host: 45.2.1.7/32
everything: 0.0.0.0/0

Address list notation might be as such:
1.2.3.{1..4,7..9,23,54,99..136}
1.2.{3..5}.{0..10}

I might further suggest extending the MAPADDRESS parser to handle
Type Of Map declarations and defaulting unspecified ones to the old
style for backward compatibility. That way each type can be maintained
separately and new types can be added modularly.  It may be desireable
to replace the underscore with a space or a slash.  Not sure about
that yet. ie:

MAPADDRESS_DOMAIN *.foo.com
MAPADDRESS_CIDR 1.2.3.4/24
MAPADDRESS_LIST 1.2.3.{7..9}
MAPADDRESS_LEGACY a.foo.com
MAPADDRESS a.foo.com

This might be further enhanced as well: getinfo address-mappings/<type>
Types:
all = everything
DOMAIN, CIDR, LIST = as above
LEGACY = old style entries

And of course, removing any entry from the map remains the same:

Stop further dynamic mapping by setting the source=destination,
thus removing the request to generate dynamic maps:
1.0.0.0/24=1.0.0.0/24

Remove a specific dynamic entry by mapping the full exit=exit:
foo.com.<fingerprint>.exit=foo.com.<fingerprint>.exit
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
  - From: grarpamp
- Re: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
  - From: Robert Hogan

Prev by Author: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
Next by Author: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
Previous by thread: Re: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
Next by thread: [tor-talk] Better MAPADDRESS [was: FB/Yahoo]
Index(es):
- Author
- Thread