This proposal regarding domain name mapping is still alive and maybe made it into a developer queue somewhere :)
However I forgot to add the IP address version of it. This is very rough... wanted to get it out there for comment as time is short to do much with it atm. It is known that both fqdn's and ip's are commonly published, embedded and otherwise used for various purposes on the internet at large. Therefore: Mapaddress should also be able to map any destination IPv4 or IPv6 address in CIDR notation through any particular exit. The CIDR notation is what's new and provides the wildcard function. Example: # catch just one address, route it through this exit MAPADDRESS 1.2.3.4/32 1.2.3.4/32.<fingerprint>.exit # map a range of addresses MAPADDRESS 10.0.0.0/22 10.0.0.0/22.<fingerprint>.exit # map all traffic MAPADDRESS 0.0.0.0/0 0.0.0.0/0.<fingerprint>.exit Other interesting variations may be possible or useful: # one to one by name, name could be wildcarded MAPADDRESS foo.com 1.2.3.4/32.<fingerprint>.exit # many to one name/ip MAPADDRESS 10.0.0.0/22 foo.com.<fingerprint>.exit MAPADDRESS 10.0.0.0/22 1.2.3.4/32.<fingerprint>.exit # address translation MAPADDRESS 2.3.4.5/20 7.8.9.0/20.<fingerprint>.exit There should be a control flag somewhere that says socks requests for fqdn's that are resolved to ip addresses should then be final checked against the CIDR maps. Default = 1. # MapFqdnCidr = 0 foo.com -> socks -> tor_resolve [ip1] -> exit -> internet [ip1] # MapFqdnCidr = 1 foo.com -> socks -> tor_resolve [ip1] -> tor_map [ip2] -> exit -> internet [ip2] There could also be something where tor will auto-create a matching one to one host map like 1.2.3.4/32 1.2.3.4/32.<fingerprint>.exit. foo.com maps to an ip, so might as well also map whatever that resolves to to the same exit. I think it already does this to some extent but would catch the cases where say, a webserver admin coded both the fqdn and ip in html page. Could get funky if multiple A records come back. And could be covered by 0/0 ip and *. fqdn maps, so a non priority. Just thinking... thanks! *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
