[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] tor/netfilter: packets without uid

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] tor/netfilter: packets without uid
From: johnmurphy323@xxxxxxxxxxxxx
Date: Thu, 10 May 2012 22:11:06 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 10 May 2012 23:26:02 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net; b=nXWbLEDEKvS0vXyQ0YNRMwxvQAl8RMYORn7YMHW5/rN0kfGg9o7VwfEOUv71B55D dYuqo3kPQNisBucRPlBjGD9DkAl2v0oEuxLOXvSb4RaSp0SXyJFhLAP1Z++4GP+i DNPkfdRw51q2/Oc43lUJNBUicNjrO9hcSYpkRWNizmk=;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Hi List,

I am trying to tweak my transparent netfilter setup (Tor Stable, Debian Wheezy, GNU/Linux, iptables v1.4.12.2, Kernel 3.2.0-amd64). So far, redirection and torification works fine. I have have several users, some of them have their TCP traffic forwarded to Tor, some are allowed to send packets directly. It works splendid.

There is just one issue. About every once or twice a second there is a tcp packet running along my filter (that is the iptables -t filter) table that has no associated UID.

This is what they look like:

IN= OUT=eth0 SRC=192.168.178.50 DST=some-target LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50447 DPT=443 WINDOW=1002 RES=0x00 ACK URGP=0

This packet is https, most likely generated by my firefox user when I was browsing a website. But it gets more interesting. There are lost packets, even when I only use Tor. A reverse dns lookup of the target ip shows that these are packets send by tor to the first relay.

How is it possible for a packet not to have an associated uid? Dropping these packets of course works, but the logging clutters my syslog, and after all, why is there this type of leaking in the first place?

What am I missing?

-- John

PS: Sent this message about four days ago to tor-talk. What has happened?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: Marsh Ray
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: Roger Dingledine

Prev by Author: [tor-talk] Setting up redirection to TORs transparent proxy
Next by Author: Re: [tor-talk] tor/netfilter: packets without uid
Previous by thread: [tor-talk] If you build your own OpenSSL, and you're on 1.0.1, please upgrade to 1.0.1c
Next by thread: Re: [tor-talk] tor/netfilter: packets without uid
Index(es):
- Author
- Thread