[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor/netfilter: packets without uid

On Thu, May 10, 2012 at 10:11:06PM -0400, johnmurphy323@xxxxxxxxxxxxx wrote:
> IN= OUT=eth0 SRC= DST=some-target LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50447 DPT=443 WINDOW=1002 RES=0x00 ACK URGP=0
> This packet is https, most likely generated by my firefox user when
>I was browsing a website. But it gets more interesting. There are lost
>packets, even when I only use Tor. A reverse dns lookup of the target
>ip shows that these are packets send by tor to the first relay.

These statements are contradictory. If the destination is a Tor relay,
and the destination port is 443, then it's a Tor relay whose ORPort is
443. (Many relays listen on 443 so they can be reachable by firewalled
users.) Your firefox user probably has nothing to do with it.

> How is it possible for a packet not to have an associated uid?

This I do not know.

It does sound like your iptables failing to categorize the packet,
rather than an actual application-level leak, though.


tor-talk mailing list