Opened 6 years ago

Closed 2 years ago

#9432 closed enhancement (duplicate)

[PATCH] respect RFC5735 and disallow 'Special Use IPv4 Addresses' per default

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: tor-relay, privaddr
Cc: Actual Points:
Parent ID: #7971 Points:
Reviewer: Sponsor:

Description

My last ticket #9426 treated only multicast addresses,
so new ticket with proper summary and patch created.

patch extended function tor_addr_is_internal() by 'Special Use IPv4 Addresses' net ranges.
More informations at RFC5735.

Child Tickets

Attachments (1)

tor-0.2.3.25-rfc5735.patch (1.6 KB) - added by cypherpunks 6 years ago.
tor-0.2.3.25-rfc5735.patch

Download all attachments as: .zip

Change History (10)

Changed 6 years ago by cypherpunks

Attachment: tor-0.2.3.25-rfc5735.patch added

tor-0.2.3.25-rfc5735.patch

comment:1 Changed 6 years ago by nickm

Keywords: tor-relay privaddr 024-backport added
Milestone: Tor: 0.2.3.x-finalTor: 0.2.5.x-final
Parent ID: #7971

Have a look at the discussion on #7971 ; there are issues concerning adding new addresses here. In particular, adding new addresses that get rejected by servers but which clients don't expect to be rejected can make older clients decide that the servers are no good.

I'm going to see if I can write a design proposal for this one.

comment:2 Changed 6 years ago by cypherpunks

Ah, thanks for pointing me in right direction. Guilty for not using ticket search hard enough. :)

This 'client will mark server as bad exit when appreciation of private net ranges are different' match for exit nodes or also for relay only nodes?

I ask myself, who can propagate/announce multicast destinations which will try to connect my relay only node?

comment:3 Changed 6 years ago by nickm

I think that the quick solution for this stuff for now is probably to divide the tor_addr_is_internal() function into a use-specific versions, possibly by changing the "for_listener" flag in to an enum. Then we could get the full list of internal address blocks for every case where it isn't problematic, and the current limited list for stuff like exit connections.

comment:4 Changed 6 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.???

comment:5 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:8 Changed 2 years ago by nickm

Keywords: 024-backport removed

None of these is ripe for backport to 0.2.4 even if it does get fixed.

comment:9 Changed 2 years ago by nickm

Resolution: duplicate
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.