[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy

On Thu, Mar 10, 2005 at 05:38:59PM -0600, Wes Felter wrote:
> Geoffrey Goodell wrote:
> ># reject private networks (no surprises!)  My understanding is that you
> ># might want to eliminate the line if your kernel
> ># short-circuits connections to local services and if you want those
> ># services to be available to Tor users who happen to choose your Tor
> ># node as an exit... someone please correct me if this is wrong.
> I can't imagine why a kernel would rewrite destination addresses that 
> way, but it doesn't matter since the kernel sees the packets after they 
> come out of Tor. But I could imagine a case where the DNS resolver 
> returns when a machine looks up its own hostname (even though 
> that doesn't sound like it should happen either).

This has nothing to do with DNS resolution.  The point is that some
kernels short-circuit packets destined to IP addresses corresponding to
other interfaces of the machine.  If I had such a kernel, and one
network interface configured as, then all packets
destined to would be short-circuited to the loopback

I am not sure how to characterize which kernels have this "feature" and
which do not.


Attachment: signature.asc
Description: Digital signature