Opened 7 years ago

Last modified 19 months ago

#4696 new enhancement

add OutboundBindInterface option to torrc

Reported by: mr-4 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.2.34
Severity: Normal Keywords: tor-relay network intro
Cc: Actual Points:
Parent ID: Points: 5
Reviewer: Sponsor:

Description

First, I am well-aware that there is OutboundBindAddress option in tor.

I am also aware that tor "automatically" chooses an IP address/interface to bind to (if OutboundBindAddress is not specified) based on the current routing table.

There are quite a few instances where OutboundBindAddress option is not suitable, particularly where the IP address changes frequently (vpn as well as most dhcp-dependant interfaces).

Whether I use OutboundBindAddress or just leave tor to make a decision which address to bind to is not suitable (at least) in the following two cases:

  1. When I temporarily loose my IP address which tor has used up until now due to dhcp client renewing its lease (and receive a new IP address) and that doesn't happen - for whatever reason - instantly.

This results in one of two possible - wrong - outcomes: a) in case of absence of OutboundBindAddress option, Tor decides that my IP address "has changed" and tries to bind to the default interface, which may not be the one I have used previously; or b) when OutboundBindAddress is specified, tor just sits there trying to use the "old" address specified, resulting in a stall.

  1. When I temporarily loose my current IP address due to vpn connection becoming (temporarily) unstable and it takes a bit of time for my machine to renew its IP address (this may take from a minute to up to 20+ minutes depending on the status of the vpn server at the other end) the outcome is exactly the same as I listed above - tor either tries to use the default interface (wrong!) or tries to bind to the IP address I specified with OutboundBindAddress (wrong again).

With the introduction of this new (OutboundBindInterface) option, tor can follow the IP address on the specified *interface* (regardless of what that might be) and the above - erroneous - outcome could be avoided.

Child Tickets

Change History (10)

comment:1 Changed 7 years ago by arma

Component: Tor ClientTor Relay

Sounds nice. Does it come with a patch, or are you hoping somebody will write one? :) One challenge will be to learn how to look up the interface address in a portable way.

comment:2 Changed 7 years ago by nickm

Milestone: Tor: unspecified

comment:3 in reply to:  1 Changed 7 years ago by nickm

Replying to arma:

One challenge will be to learn how to look up the interface address in a portable way.

See my bug #1827 work for that.

comment:4 Changed 7 years ago by nickm

As for an appropriate interface on this, I'd suggest that instead of adding a new option, anybody who's interested in working on this should make it so that the options which specify a local address (*port, *bindaddress) can take interfaces too. You'd want to require that the interfaces be wrapped in {} or <> or prefixed with $ or whatever is most usual to distinguish them from hostnames.

comment:5 in reply to:  1 Changed 7 years ago by mr-4

Replying to arma:

Sounds nice. Does it come with a patch, or are you hoping somebody will write one? :) One challenge will be to learn how to look up the interface address in a portable way.

Quick 'n' dirty shell script function:

find_first_interface_address() { # $1 = interface, $IP contains the full path & name of the "ip" program

addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)

[ -n "$addr" ]
startup_error "Can't determine the IP address of $1"

# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
echo $addr | sed 's/\s*inet ;s/\/.*;s/ peer.*'

}

I can't claim credit for this as it was initially designed by Thomas Eastep (the creator of Shorewall -> shorewall.org). Doing something similar, internally, by Tor would be nice...

comment:6 Changed 7 years ago by mr-4

arma, forgot to add: I object to the Tor Client -> Tor Relay change - as far as I know this is an option currently used on the Tor client side as well, isn't that so? If that is indeed the case, this option needs to be expanded for the Tor client too - it is most needed there as I indicated in my initial ticket.

comment:7 in reply to:  4 Changed 7 years ago by mr-4

Replying to nickm:

As for an appropriate interface on this, I'd suggest that instead of adding a new option, anybody who's interested in working on this should make it so that the options which specify a local address (*port, *bindaddress) can take interfaces too. You'd want to require that the interfaces be wrapped in {} or <> or prefixed with $ or whatever is most usual to distinguish them from hostnames.

Yep, makes sense - something like OutboundBindAddress ${eth0}:9050, or even ${eth0:1}:9050 in case where the specified interface has multiple IP addresses. This is indeed better than using a separate option for it.

This could also be expanded further with wildcards, like ${eth0:*}:9050 or even ${eth*}:9050 to bind to the first IP address match on the specified interface, or, as in the 2nd example to bind to the first IP address found on the eth* interface (tried in order, like eth0, eth1 ...).

comment:8 Changed 6 years ago by nickm

Keywords: tor-relay added

comment:9 Changed 6 years ago by nickm

Component: Tor RelayTor

comment:10 Changed 19 months ago by nickm

Keywords: network intro added
Points: 5
Severity: Normal
Note: See TracTickets for help on using tickets.