[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor/netfilter: packets without uid

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor/netfilter: packets without uid
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Fri, 11 May 2012 22:52:09 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 May 2012 22:52:29 -0400
In-reply-to: <CAJVRA1Rf3MqTa6E-Um--rit99Vpi30PzorCj5mf_rYWxGUr9fQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=42DDE84F; url=http://www.appelbaum.net/gpg.asc
References: <N1R-AGMzapz9RD@xxxxxxxxxxxxx> <4FAC8CE8.2080508@xxxxxxxxxxxxxxxxxx> <CAJVRA1Rf3MqTa6E-Um--rit99Vpi30PzorCj5mf_rYWxGUr9fQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: mutt

On 05/11/2012 07:43 PM, coderman wrote:
> On Thu, May 10, 2012 at 8:52 PM, Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx> wrote:
>> ...
>>> How is it possible for a packet not to have an associated uid?
>> ...
>> I'm not a netfilter expert, but it looks this is a pure TCP ACK packet. With
>> LEN=40 there's no application data in it. It may have been auto-generated by
>> the kernel as a reply to the external packet and never tagged with a user
>> for that reason.
> 
> if the application closes a socket there are time wait states that
> retain the socket ip:port endpoint in kernel land without an
> associated application user ID.
> 
> try disabling time wait to confirm. if it is indeed sockets locally
> closed but still receiving (and ACK'ing) you may get a little extra
> bandwidth dropping them (remote re-sends until timeout) but it
> shouldn't affect functionality.

If this is actually the case, I'd say that this is a kernel bug. :(

The best bet is probably to ensure that _all_ packets, regardless of UID
are sent over Tor and only specific UID's are _excepted_ from the policy.

All the best,
Jacob

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: coderman

References:
- [tor-talk] tor/netfilter: packets without uid
  - From: johnmurphy323
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: Marsh Ray
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: coderman

Prev by Author: Re: [tor-talk] Webserver on 127.0.0.1 only?
Next by Author: Re: [tor-talk] tor/netfilter: packets without uid
Previous by thread: Re: [tor-talk] tor/netfilter: packets without uid
Next by thread: Re: [tor-talk] tor/netfilter: packets without uid
Index(es):
- Author
- Thread