[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option

Subject: Re: [tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 10 Mar 2014 17:30:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Mar 2014 13:30:32 -0400
In-reply-to: <051.a6cf6e07b5d43c6cf6b6e1fb448d7e37@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.a6cf6e07b5d43c6cf6b6e1fb448d7e37@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11010: add ClientConnectPolicy config option
-----------------------------+--------------------------------
     Reporter:  cypherpunks  |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-client
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by nickm):

 Hm.  After looking at this, I don't think I understand why you're doing
 this with full addresses, and not just ports.

 In other words, if the user allows "1.2.3.4/80", and then Tor receives a
 SOCKS connection for "www.example.com:80", should the code allow the
 request to be made or not?  Keep in mind that a BEGIN cell does a lookup
 and a connect in one step: Tor won't know whether www.example.com resolved
 to 1.2.3.4 until the connection is made.  With this patch, I think the
 answer will depend on whether the user said to allow 0.0.0.0, which can't
 really be the right behavior.

 Given that address-based rules don't work the way that users might expect
 here, are we losing anything important by having this be address-and-port
 based rather than port-based alone?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11010#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #11156 [Tor]: "can't find a pluggable transport proxy" errors when obfsproxy started up
Next by Author: Re: [tor-bugs] #5811 [Tor bundles/installation]: Review the latest set of changes in the âshort user manualâ
Previous by thread: Re: [tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option
Next by thread: Re: [tor-bugs] #11010 [Tor]: add ClientConnectPolicy config option
Index(es):
- Author
- Thread