[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19919 [Core Tor/Tor]: If ORPort address is publicly routable, use it to guess Address
#19919: If ORPort address is publicly routable, use it to guess Address
--------------------------+-------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version: Tor: 0.2.5.10
Severity: Normal | Resolution:
Keywords: 030-proposed | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
--------------------------+-------------------------------
Comment (by teor):
Replying to [comment:5 s7r]:
> Replying to [comment:4 teor]:
> > > Also, I think it's fine to also assume `OutboundBindAddress` is the
same IP address (first publicly routable Advertised ORPort), unless
otherwise explicitly set in torrc. This can apply to both IPv4 and IPv6
without any problems.
> >
> > Not when the relay is behind a NAT: OutboundBindAddress is the
*internal* address.
> > And if we use this default, there's no way to specify "your default
interface", which is the current default behaviour. Unless there's a
specific issue here that's causing confusion, let's just leave this alone.
Or tackle it in a separate ticket.
> >
> Also true. So we need more cases:
> 1. Simple ORPort (where user just enters ORPort 9001)
> 2. Flagged ORPort (where user enters ORPort 9001 NoListen OR
NoAdvertise)
> 3. Explicit ORPort (where user enters ORPort public.ip:9001)
> 4. Explicit flagged ORPort (where user enters ORPort public.ip:9001
NoListen OR NoAdvertise)
> 5. Explicit NAT ORPort (where user enters ORPort nat.ip:9001)
> 6. Explicit flagged NAT ORPort (where user enters ORPort nat.ip:9001
NoListen or NoAdvertise)
>
> Obviously for cases 1,2,5,6 and 4 if flagged NoListen we cannot make any
assumption about `OutboundBindAddress` and that should remain as it is set
now (equal to `Address` guessed by Tor via current methods).
>
> But for case 3 and case 4 if it's not NoListen, we can assume that IP
address is also `Address` and also `OutboundBindAddress` (it's publicly
routable and it's being listened on).
Have there ever been any issues reported by relay operators about
`OutboundBindAddress` being wrong? If not, let's leave it as an advanced
option - the default seems fine for almost all relay operators. And
there's the risk that any automatic guessing gets it wrong, causing
inexplicable failures for some operators, where before it worked for them.
Otherwise, I'm all for changing `Address` selection to be more robust.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19919#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs