[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor TransPort on OpenBSD?
- To: Scott Bennett <bennett@xxxxxxxxxx>
- Subject: Re: Tor TransPort on OpenBSD?
- From: Christopher Davis <loafier@xxxxxxxxx>
- Date: Sun, 10 Aug 2008 18:12:15 -0700
- Cc: or-talk@xxxxxxxxxxxxx
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 10 Aug 2008 21:12:27 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=iyur/xkUf/HraoFpSC0gXKI/KIpQpKK7Nr1SORi5iEY=; b=qdjihGXuGNtEewq8nWEG2bQlz1i8dZ/eeEebSsoObAlM5R41O2kptwuKVr0gfIncPA UxMRh2CZR2ijEBEd3QRTsvMPrmpUq6+wMneHaTithAunE1DhcljGZUwZRkyGasVl0GgG z8/Ox6cZS5AWc4i3NwfEuYhy5Cj9YeicTLmCo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=QjgEKnHjwLbrVLYlGRmCNM7IK939HpqWYCxwTxebm7J0Mmr/4ujb06zA5AbCLaHl9r QU/g5CZe4TDqeVdoMvq3IHVBGnZhUJvUKfJ7fbb3eY16FujLdHTJaHJ/ZcLdHopb2Xs8 iIXkQwK0zau4Bf8+//HP3iz9m+hHHujD0YmkU=
- In-reply-to: <200808102311.m7ANBc13011955@xxxxxxxxxxxxx>
- References: <200808102311.m7ANBc13011955@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mutt/1.4.2.3i
On Sun, Aug 10, 2008 at 06:11:38PM -0500, Scott Bennett wrote:
> >
> I must be missing something here. Why does tor need access to /dev/pf
> to use the TransPort feature? I thought all that should be necessary was
> to add a RDR to /etc/pf.conf and reload it.
>
It needs to access /dev/pf in order to determine the original
destination address before redirection (using DIOCNATLOOK ioctl).
For Linux, Tor uses getsockopt() for the same purpose, so there
is no device node to access there.
See connection_ap_get_original_destination() in
src/or/connection_edge.c for details.
--
Christopher Davis