[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Bug: improperly bound listen addresses?
- To: or-talk@xxxxxxxx
- Subject: Re: Bug: improperly bound listen addresses?
- From: grarpamp <grarpamp@xxxxxxxxx>
- Date: Wed, 6 Aug 2008 14:50:17 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 06 Aug 2008 14:50:26 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=UeZnRmEfHU25I/IzwwjDl7RtYENgzS+kRWpztxuAJSU=; b=c84Vo8T+LGhsbeT7joIXhrZvMRO4HhmmOKpi21JR84AWo1dgRzFLfiOfR0lA9ux1Lo JZoCuCbZzmiRR94pCZ2lRniBNfcK5hm0v05quJ9J9q95oYnTdBgQlhxSGNBwmeeKPTq4 7I8gCzpuNlOBRXfSpt2BTDJA3u5fd5KPuD8qg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=FnDJNfWLikBZJKeZtflHm9WKrnKM2j6vcjLOi0XQzciUxwpyKqkVAvMbJaaOg8TGgc EYpr8cLE6IUUTVjbm5m7nc7uehoedHohdrQ0DGTyVC58GG/TVW1tQo/Q3ZuVzSrq+EqI NLuFtkRUKj5z75oHZjryNQZhaD3smi4l1fPAM=
- In-reply-to: <200808060500.m7650EYR017194@xxxxxxxxxxxxx>
- References: <200808060500.m7650EYR017194@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
> I don't know of any way to tell the resolver routines to bind
> only to a particular network interface for sending their queries.
Not possible as of yet. But likely moot...
> AFAIK, tor uses the resolver library, so adding a command line/torrc
> option like you're asking for would have no effect.
sockstat/netstat always shows tor as having a connection tacked up
to the DNS servers specified in resolv.conf. I wasn't seeing any
gethostby* calls as other applications do, so I poked around...
eventdns.c
2098 _evdns_nameserver_add_impl(u32 address, int port) {
2117 ns->socket = socket(PF_INET, SOCK_DGRAM, 0);
2131 if (connect(ns->socket, (struct sockaddr *) &sin,
So I stuck this right before 2131:
printf("CONNECTevdns2131: %s\n", debug_ntoa(address));
and get:
CONNECTevdns2131: <nameserver_ip_from_resolv_conf> 53
Looks to me like a standalone DNS client implementation, bypassing
the resolver, no? ... Then me, not being great with C, might suggest
replacing the:
socket [dgram] --> connect [remote]
call order from the above with:
socket [dgram] --> bind [local] --> connect [remote]
That 'bind [local]' would honor a new -DNSClientAddress option.
And optionally a new -DNSClientPort option. And since the name
'resolv.conf' confusingly implies use of the normal system resolver
routines, some clarity regarding its actual usage could be added
to the docs.
I know about -DNSPort, -DNSListenAddress, that isn't part of the
above. Though -ServerDNS* are related to it.
Feel free to slap me with a wet fish if I'm being way off base and
clueless here :) But I'm wearing pretty strong deodorant now.