[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor/netfilter: packets without uid

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor/netfilter: packets without uid
From: coderman <coderman@xxxxxxxxx>
Date: Fri, 11 May 2012 22:14:45 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 12 May 2012 01:14:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=Yh6jXcMfp8Gp4DPJS//Ter4pQ7v9VXVrS9aXF5ffA90=; b=OiSrqIk4MQzDoK/S2vObMUL/Z0h0jL+O7wHGqSBZq/9hKYtdsnyR+/nMNQ9yeAc/n7 48em4ekoLiLIOc6BrXhUZY/KlfFbJG6axM0LF9o33/I8b4MZNlHT4xhdZ0uWLc0FLWQr aM1CAuqgkX2k/OaREOpQYpo1417PH3uZ6xAg/RyMUc5LTghQ4UUfG1P8XdVehAOxuLiz 2yx2smJ/pBUxa8l1BrQcn7hWkWKsyXmsOJOXQ4iVUThFRFvmIoxCjQetQGPFvawdOxYp 6jUTbD8HY81n6KjHoJBhPEMEsJTQdrTTJ3lz/Xu8USJVrmcxs0lbaXxht/47OKDu7OSY wUdA==
In-reply-to: <CAJVRA1Trkhds4s5DL3139+xfFdU7tkjeQzhj4uC7gLcf9FddbQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <N1R-9sVDs4RqYP@xxxxxxxxxxxxx> <CAJVRA1Trkhds4s5DL3139+xfFdU7tkjeQzhj4uC7gLcf9FddbQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

>  echo 1 > /proc/sys/net/ipv4/tcp_rfc1337

not the right option; this is different, and to avoid an issue with time wait.

the feature i'm thinking of is time-wait negotiation, which can be
tweaked to always put this state on the peer (or fail if not
available).

last time i messed with this is was kernel build tweaks; probably too
much for most tastes ;)


regarding the match rules, why are you whitelisting a firefox
instances? a robust setup is everything transparently routed, except
for Tor PID, and only this PID. kernel originated traffic and all
other application originated traffic is thus routed properly without
bypass, assuming Tor itself is not vulnerable.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: johnmurphy323
- Re: [tor-talk] tor/netfilter: packets without uid
  - From: coderman

Prev by Author: Re: [tor-talk] tor/netfilter: packets without uid
Next by Author: [tor-talk] please UN-subscribe me to your mailing list thank you
Previous by thread: Re: [tor-talk] tor/netfilter: packets without uid
Next by thread: Re: [tor-talk] tor/netfilter: packets without uid
Index(es):
- Author
- Thread