Opened 14 months ago

Closed 4 months ago

#19945 closed defect (not a bug)

tor 0.2.8.5-rc connecting/binding to 18.0.0.1 (regression)

Reported by: landers Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.8.5-rc
Severity: Normal Keywords: regression, windows, easy
Cc: Actual Points:
Parent ID: Points: 1.0
Reviewer: Sponsor:

Description

tor-win32-0.2.8.5-rc.zip and
torbrowser-install-6.5a2_en-US.exe

connecting/binding to 18.0.0.1

this was a bug 4 or 5 years ago for mac users, had a ticket and its been solved.

https://trac.torproject.org/projects/tor/ticket/1827

seems tor again is binding to 18.0.0.1

from Roger Dingledine @tor-talk-Aug2016:

Sounds like a regression. A search in the code for "18.0.0.1" led me to
get_interface_address6_via_udp_socket_hack(). Looking at the recent
commits that mention that function we have:
https://trac.torproject.org/projects/tor/ticket/17950
and
https://trac.torproject.org/projects/tor/ticket/17951

The ChangeLog entries are:

o Minor features (relay, address discovery):

  • Add a family argument to get_interface_addresses_raw() and subfunctions to make network interface address interogation more efficient. Now Tor can specifically ask for IPv4, IPv6 or both types of interfaces from the operating system. Resolves ticket 17950.
  • When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails to enumerate interface addresses using the platform-specific API, have it rely on the UDP socket fallback technique to try and find out what IP addresses (both IPv4 and IPv6) our machine has. Resolves ticket 17951.

That second one looks very related.
Hopefully teor and rl1987 will notice and work on a fix.
--Roger

in summary tickets are:

https://trac.torproject.org/projects/tor/ticket/1827
https://trac.torproject.org/projects/tor/ticket/17950
https://trac.torproject.org/projects/tor/ticket/17951

thank you

Child Tickets

Change History (8)

comment:1 Changed 14 months ago by dgoulet

Component: Core TorCore Tor/Tor
Keywords: regression added; 18.0.0.1 binding connection removed
Milestone: Tor: unspecifiedTor: 0.2.8.x-final
Priority: MediumHigh

comment:2 Changed 14 months ago by nickm

Priority: HighMedium

Why "high" on this one? This neither sends or receives traffic. It only confuses people.

comment:3 Changed 14 months ago by teor

Keywords: windows easy added
Milestone: Tor: 0.2.8.x-finalTor: 0.2.???
Points: 1.0

This isn't a bug - this is Tor functioning as designed to protect client anonymity, even if you change networks.

Tor clients generate a new SSL certificate each time their IP address changes - this makes sure they can't be tracked across different networks. (See client_check_address_changed for details.)

Tor uses two methods to find the address, GetAdaptersAddresses and the "UDP socket hack": asking the machine the local address of a UDP socket. For the hack to work, the socket has to be associated with a public IP address. Tor never sends data on the socket, it's entirely safe to block it with your firewall. Tor's just using it to check if your local address has changed.

Here are the gory details:

Tor uses get_interface_address6 to find the client's address, which calls get_interface_address6_list, which calls get_interface_addresses_raw, which calls GetAdaptersAddresses. If GetAdaptersAddresses fails to provide any addresses, get_interface_address6_list calls get_interface_address6_via_udp_socket_hack to make sure we know the address (this extra method of finding the IP address was added in #17951).

In this case, it's likely that GetAdaptersAddresses failed to return any addresses, and to the UDP socket hack is being used to find the client IP address. To confirm this, please check the info-level logs for messages like:

Unable to load iphlpapi.dll
Unable to obtain pointer to GetAdaptersAddresses
GetAdaptersAddresses failed (result:

It would be great if a Windows dev could update the code in get_interface_addresses_win32 to correctly find the IP address on newer systems. (We really, really need help from developers who can program on Windows!)

But this fix is not urgent. As far as I can tell, Tor is functioning as designed to make sure that users can't be linked when they change IP addresses. (Even though GetAdaptersAddresses isn't working.)

comment:4 Changed 14 months ago by landers

In this case, it's likely that GetAdaptersAddresses failed to return any addresses, and >to the UDP socket hack is being used to find the client IP address. To confirm this, >please check the info-level logs for messages like:

Unable to load iphlpapi.dll
Unable to obtain pointer to GetAdaptersAddresses
GetAdaptersAddresses failed

after setting Log info or log debug stdout.. i didnt get any info for the adapters. tor connects to the network and only
references 127.0.0.1 with "Notice"

"[Notice] Opening Socks listener on 127.0.0.1:xxxx"

"DisableIOCP 0/1" wont push away tor connecting to 18... either but i tried just in case to see if the behavior from
IOCP networking API would affect the connection.

Tor clients generate a new SSL certificate each time their IP address changes - this >makes sure they can't be tracked across different networks.
Tor uses two methods to find the address, GetAdaptersAddresses and the "UDP socket >hack": asking the machine the local address of a UDP socket. For the hack to work, the >socket has to be associated with a public IP address. Tor never sends data on the >socket, it's entirely safe to block it with your firewall. Tor's just using it to check >if your local address has changed.

yes blocking the ip does the trick for the fw while tor connects to the network.

thank you for the explanation.

comment:5 Changed 11 months ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 10 months ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 5 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:8 Changed 4 months ago by nickm

Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.