[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #17949 [Tor]: Make loopback address search more efficient
#17949: Make loopback address search more efficient
-----------------------------+--------------------------------
Reporter: teor | Owner: teor
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Keywords: easy
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+--------------------------------
#17901 and #11360 search local interfaces for loopback addresses.
We could make this more efficient by using the flags returned with each
address:
* getifaddrs returns struct ifaddrs with ifa_flags which has IFF_LOOPBACK
* ioctl(.,SIOCGIFCONF,.) returns struct ifreq with ifr_flags which has
IFF_LOOPBACK
* GetAdaptersAddresses (Win32) returns IP_ADAPTER_ADDRESSES with IfType
which has IF_TYPE_SOFTWARE_LOOPBACK
* Also pass GAA_FLAG_SKIP_FRIENDLY_NAME as we never use it
* tor_getsockname/get_interface_address6_via_udp_socket_hack connects to a
public address. When passed the localhost flag, it could connect to a
loopback address, but this seems rather tautologous, and it's hard to know
which loopback address to pick in 127/8. Alternately, we could lookup
localhost using the resolver, and check the returned address is 127/8 or
::1 (otherwise, broken DNS configs could lead to security issues).
A design for this could be:
* pass a flag to get_interface_address* indicating whether we want
loopback addresses
* pass that flag down to get_interface_addresses_raw
* pass that flag to the API-specific functions
* when converting the address to a smartlist, include/exclude addresses
matching the specified types
* always exclude tor_addr_is_null()
* always exclude addresses matching tor_addr_is_multicast
* for extra points, create a flags argument for:
* loopback
* this will require disabling the checks for tor_addr_is_loopback() in
get_interface_address6_list() and
get_interface_address6_via_udp_socket_hack(), see #17901
* listen any (0.0.0.0 and [::], needs `tor_addr_is_listen_any()`)
* link-local (needs `tor_addr_is_link_local()`)
* other internal/private
* public
* with #defines:
* _INTERNAL: everything except public
* _INTERNAL_FOR_LISTENING: everything except public and listen any
After doing this, refactor the changes in #17901 and #11360, and all
existing code, to use the new flags argument.
This will also resolve issues where systems have addresses other than
127.0.0.0/8 or ::1 as the loopback address (like some BSD jails and
OpenVZ). But we're not too worried about this, they're non-standards-
compliant, so the operator can configure the exact address correctly, as
long as we fail with an informative message.
I need this to do #17835, I'll likely do it then if no-one gets to it
first.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17949>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs