[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] tor/netfilter: packets without uid

Hi List,

I am trying to tweak my transparent netfilter setup (Tor Stable, Debian Wheezy, GNU/Linux, iptables v1.4.12.2, Kernel 3.2.0-amd64). So far, redirection and torification works fine. I have have several users, some of them have their TCP traffic forwarded to Tor, some are allowed to send packets directly. It works splendid.

There is just one issue. About every once or twice a second there is a tcp packet running along my filter (that is the iptables -t filter) table that has no associated UID.

This is what they look like:

IN= OUT=eth0 SRC= DST=some-target LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50447 DPT=443 WINDOW=1002 RES=0x00 ACK URGP=0

This packet is https, most likely generated by my firefox user when I was browsing a website. But it gets more interesting. There are lost packets, even when I only use Tor. A reverse dns lookup of the target ip shows that these are packets send by tor to the first relay.

How is it possible for a packet not to have an associated uid? Dropping these packets of course works, but the logging clutters my syslog, and after all, why is there this type of leaking in the first place?

What am I missing?

-- John

PS: Sent this message about four days ago to tor-talk. What has happened?
tor-talk mailing list