[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Linux kernel transproxy packet leak (w/ repro case + workaround)



On Fri, Mar 28, 2014 at 3:43 PM, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote:
> I've discovered that the Linux kernel appears to have a leak in how it
> applies transproxy rules to the TCP CLOSE_WAIT shutdown condition under
> certain circumstances.
> ...
> At this point, you will see a FIN ACK or RST ACK packet appear in your
> tcpdump window. That packet has leaked past the iptables firewall rules,
> and past the transproxy rules. It went straight to Google.

Good eye.

> This applies to both the kernels in use by common
> Android devices (Cyanogenmod 10.x and 11-M4), as well as the Linux
> kernel in Ubuntu 13.04 (3.8.0-35-generic).

It someone here can also verifiy and second it against a current stock
kernel, such as 3.12.15, why not submit it to Linux Bugzilla?
https://www.kernel.org/
https://bugzilla.kernel.org/

> For a workaround, I was able to prevent this issue with the addition
> of the following rules:

That is, if it's a bug and not a 'use a proper ruleset' issue.

> None of the transproxy documentation I could find mentions this issue

So that Tor and folks like Tails won't have to carry such docs and
workaround forever.

The ruleset seems to use uid based transproxy, what happens with
entire vm IP transproxy (perhaps like Tails)?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk