Re: [tor-bugs] #20247 [Core Tor/Tor]: crash after closing and opening ipv6 DirPort + OrPort

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#20247: crash after closing and opening ipv6 DirPort + OrPort
-------------------------------------+------------------------------------
 Reporter:  toralf                   |          Owner:
     Type:  defect                   |         Status:  needs_information
 Priority:  Medium                   |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor             |        Version:  Tor: 0.2.8.8
 Severity:  Normal                   |     Resolution:
 Keywords:  crash 028-backport ipv6  |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+------------------------------------
Changes (by teor):

 * status:  new => needs_information


Comment:

 In the case where you disable the sandbox, Tor needs to keep CAP_NET_BIND
 in order to bind to low ports (<1024). If not, it can't bind on reload, so
 it stops.

 In the case where you have the sandbox on, we need to allow setsockopt as
 a syscall in the sandbox. However, this might simply be another symptom of
 the above permissions issue on low-numbered ports. I don't know enough
 about the Linux sandbox to tell.

 The required setsockopt calls for all sockets are:
 * `setsockopt(sock, SOL_SOCKET, SO_REUSEADDR`
 And for IPv6:
 * `setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY`
 And for transproxy:
 * `setsockopt(s, SOL_IP, IP_TRANSPARENT`
 And for constrained socket buffers:
 * `setsockopt(sock, SOL_SOCKET, SO_SNDBUF`
 * `setsockopt(sock, SOL_SOCKET, SO_RCVBUF`

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20247#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs