subject:"\[tor\-bugs\] #31009 \[Core Tor\/Tor\]\: Tor lets transports advertise private IP addresses in descriptor"

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-06-11 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should, anticensorship-wants,  |
  044-deferred   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by nickm):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should,
 anticensorship-wants, 044-should
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should,
 anticensorship-wants, 044-deferred
 * type:  defect => enhancement
 * milestone:  Tor: 0.4.4.x-final => Tor: 0.4.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-05-21 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should, anticensorship-wants,  |
  044-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by nickm):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should,
 anticensorship-wants?, 044-should
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should,
 anticensorship-wants, 044-should


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-05-21 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should, anticensorship-wants?  |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by nickm):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should,
 anticensorship-wants?


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-04-15 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-

Comment (by teor):

 For IPv6, you can use the router_get_advertised_ipv6_or_ap() function. But
 I'm not sure which tor version we added the function in.

 See also #7961, which talks about a similar IPv6 issue in
 pt_get_extra_info_descriptor_string(). And #29128, which talks about
 writing the bridge line to a file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-03-23 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by catalyst):

 * owner:  ahf => catalyst
 * status:  needs_revision => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-03-17 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  ahf
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  ahf
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by teor):

 * cc: cjb (added)
 * status:  assigned => needs_revision


Comment:

 I noticed that cjb asked in the anti-censorship team meeting notes:
 > took a stab at #31009, but couldn't find an IPv6 replacement
 > for router_pick_published_address().  ahf's going to take it.
 https://lists.torproject.org/pipermail/tor-
 project/2020-January/002672.html

 There isn't an IPv6 version of router_pick_published_address(), but there
 will be in a few months time.
 See #5940, and my upcoming proposal (312?) to tor-dev,

 Here's what relays currently do, and what we should do for the moment:

 Replying to [comment:14 teor]:
 > * if the address is an IPv6 address, it is replaced with an IPv4 address
 >   * we should use the advertised IPv6 ORPort address to replace internal
 IPv6 addresses

 I'm going to make this ticket a child of #5940, so we don't forget to
 replace the IPv6 ORPort address with the new address function.

 Alternatively, you could use the IPv4 and IPv6 address fields in the relay
 descriptor. That's probably a better design, because then the relay
 descriptor and extra-info descriptor addresses will always be in sync.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-22 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  ahf
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by ahf):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1, 043-should


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-22 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  ahf
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1 |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by ahf):

 * status:  needs_revision => assigned
 * owner:  (none) => ahf
 * reviewer:  ahf =>


Comment:

 I'm assigning myself to help with the IPv6 issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-21 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1 |
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by phw):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
 censorship-roadmap-july, 042-deferred-20190918, network-team-roadmap-
 2020Q1
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport,
 042-deferred-20190918, network-team-roadmap-2020Q1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-16 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport, anti-censorship-   |
  roadmap-july, 042-deferred-20190918, network-  |
  team-roadmap-2020Q1|
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-

Comment (by phw):

 It's not urgent from the anti-censorship team's point of view but
 certainly a "nice to have". For what it's worth, I'm unlikely to be able
 to revise my patch any time soon, so I would appreciate somebody else
 implementing this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2020-01-15 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport, anti-censorship-   |
  roadmap-july, 042-deferred-20190918, network-  |
  team-roadmap-2020Q1|
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-

Comment (by nickm):

 (Is this needed urgently? Should we try to get it revised for 0.4.3, which
 is now in feature-freeze?)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-12-23 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport, anti-censorship-   |
  roadmap-july, 042-deferred-20190918, network-  |
  team-roadmap-2020Q1|
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by gaba):

 * keywords:
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
 censorship-roadmap-july, 042-deferred-20190918
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
 censorship-roadmap-july, 042-deferred-20190918, network-team-roadmap-
 2020Q1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-12-19 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport, anti-censorship-   |
  roadmap-july, 042-deferred-20190918|
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by teor):

 * keywords:
 tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
 041-backport, anti-censorship-roadmap-july, 042-deferred-20190918
 =>
 tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
 censorship-roadmap-july, 042-deferred-20190918
 * status:  needs_review => needs_revision
 * milestone:  Tor: unspecified => Tor: 0.4.3.x-final


Comment:

 Thanks for this patch!

 This patch has two issues:
 * if the address is an IPv6 address, it is replaced with an IPv4 address
   * we should use the advertised IPv6 ORPort address to replace internal
 IPv6 addresses
 * the replacement happens in test and internal networks, as well as the
 public Tor network
   * there's no way that the bridge can know if internal addresses are
 acceptable to the bridge authority or BridgeDB. But I think it's still ok
 to replace the address, because the published address should be the right
 kind of address for these networks, anyway. But we should add comments
 explaining why it's ok.

 I think we should also base this patch on maint-0.3.5, so we can backport
 it if needed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-12-19 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport,  |
  anti-censorship-roadmap-july,  |
  042-deferred-20190918  |
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by phw):

 * status:  needs_revision => needs_review


Comment:

 I turned Roger's patch into a pull request on GitHub:
 https://github.com/torproject/tor/pull/1622

 The patch worked for me. When using a 192.168.0.0/16 address in
 `ServerTransportListenAddr`, tor rewrote it to my machine's external IP
 address. I tested it by taking a look at my bridge's extrainfo descriptor
 on BridgeDB.

 My branch is based on master and I created a changes file as the documents
 in doc/HACKING/ told me. Let me know if there's anything wrong with the
 patch and I'll be happy to fix it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-07-18 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport,  |
  anti-censorship-roadmap-july   |
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by gaba):

 * keywords:
 tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
 041-backport
 =>
 tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
 041-backport, anti-censorship-roadmap-july


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-07-03 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by ahf):

 * status:  needs_review => needs_revision


Comment:

 Requested Github PR on IRC. The patch looks fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-07-01 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:  ahf  |Sponsor:
 |  Sponsor28-can
-+-
Changes (by asn):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-30 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-

Comment (by arma):

 For a related ticket, check out #7875: the issue there is that if you want
 to listen on a low-numbered port (<1024), e.g. by doing port forwarding in
 iptables, there's no way to tell your Tor bridge to advertise that low-
 numbered port in your extrainfo descriptor. So you can listen there, but
 clients won't know to connect there.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-28 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-

Comment (by arma):

 I'd be pleased for somebody else to write up a changes file and make some
 git branches here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-28 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by gaba):

 * sponsor:   => Sponsor28-can


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * cc: gaba (added)
 * keywords:   =>
 tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
 041-backport
 * status:  new => needs_review
 * milestone:   => Tor: 0.4.2.x-final


Comment:

 Looks sensible to me.

 I'll leave it to the reviewer to write the changes files, and make the
 backport branches.
 Unless you want to do it, arma?

 I also opened #31011 for the bridge authority side.

 Gaba, this ticket should go in the PT sponsor with #31011.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+

Comment (by arma):

 Replying to [comment:3 arma]:
 > when Tor is building its extrainfo descriptor, it should notice that
 it's about to advertise an internal address

 Here is my one-liner that implements this idea:

 {{{
 diff --git a/src/feature/client/transports.c
 b/src/feature/client/transports.c
 index 97bfc8a..bd7d955 100644
 --- a/src/feature/client/transports.c
 +++ b/src/feature/client/transports.c
 @@ -1641,7 +1641,7 @@ pt_get_extra_info_descriptor_string(void)
 * returned address. */
const char *addrport = NULL;
uint32_t external_ip_address = 0;
 -  if (tor_addr_is_null(>addr) &&
 +  if (tor_addr_is_internal(>addr, 0) &&
router_pick_published_address(get_options(),
  _ip_address, 0) >= 0) {
  tor_addr_t addr;
 }}}

 It turns out the code already did the idea, but only in the case where it
 was about to advertise 0.0.0.0. So now it would do the same thing for a
 wider variety of internal addresses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+

Comment (by arma):

 My first thought, in terms of a low-impact hack, would be: when Tor is
 building its extrainfo descriptor, it should notice that it's about to
 advertise an internal address, and if so, put in the main ipv4 address of
 that descriptor instead.

 (For internal and testing Tor networks, where the main ipv4 address is
 itself an internal address, no problem, we should use that.)

 I think that simple change would resolve the vast majority of the cases
 that we're seeing right now. Then we could imagine also adding a config
 option to be able to say "I want to write a different line about my obfs4
 PT into my extrainfo descriptor" -- but maybe that isn't an additional
 complexity that our operators actually need.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+

Comment (by dcf):

 Replying to [comment:1 teor]:
 > Is there a TOR_PT_SERVER_ADVERTISEADDR in the PT spec?
 > If not, we should add one?

 That's not necessary--the PT doesn't need to know the advertised external
 address because it is not the thing that constructs the descriptor. All
 that a PT could do with that information is reflect it back to tor.

 A PT process isn't even required to honor the address (port number) in
 TOR_PT_SERVER_BINDADDR. tor may suggest that the PT use a particular
 address, but it is ultimately the PT that chooses and informs tor of the
 actual address in an SMETHOD line.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+

Comment (by teor):

 We should try to imitate or re-use Tor's implementation of OR addresses as
 much as possible:

 * ExtendAllowPrivateAddresses
   * should Tor connect to bridges on private addresses?
   * currently Tor connects to private bridges, we probably don't want to
 break those configs, so we should make the default auto, which is relays 0
 bridges 1

 * DirAllowPrivateAddresses
   * this setting should make the bridge authority reject pluggable
 transport lines with private addresses

 * ORPort NoListen / NoAdvertise
   * these are ORPort flags, I'm not sure if we want to add similar flags
 to ServerTransportListenAddr
   * alternately, we could add a ServerTransportAdvertiseAddr in
 ServerTransportOptions, so the pluggable transport can find out about it

 Is there a TOR_PT_SERVER_ADVERTISEADDR in the PT spec?
 If not, we should add one?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

2019-06-27 Thread Tor Bug Tracker & Wiki

#31009: Tor lets transports advertise private IP addresses in descriptor
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  0.5   |   Reviewer:
  Sponsor:|
--+
 While dealing with broken obfs4 bridges, I realised that our bridge
 authority has several obfs4 bridges in its cached-extrainfo document that
 have private IP addresses, e.g.:
 {{{
 transport obfs4 10.0.254.17:[redacted]
 }}}

 The PT spec [https://gitweb.torproject.org/torspec.git/tree/pt-
 spec.txt?id=4707f3604cd06e3a627980c6863cca556f9f21a4#n305 explicitly
 allows private addresses] in `TOR_PT_SERVER_BINDADDR`:
 > The  MAY be a locally scoped address as long as port forwarding
 is done externally.
 [[br]]
 BridgeDB however ignores bridges with private IP addresses, so these obfs4
 bridges are effectively useless. We could address this issue in BridgeDB
 by replacing an obfs4 bridge's private IP address with the address in its
 ORPort but I think that tor shouldn't be writing private addresses to a
 descriptor in the first place.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

27 matches

Site Navigation

Mail list logo

Footer information