Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+---
 Reporter:  ioerror|  Owner:  dgoulet
 Type:  enhancement| Status:  closed
 Priority:  Very Low   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords:  tor-hs, socks, review-group-8  |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer: |Sponsor:  SponsorR-can
---+---

Comment (by teor):

 Replying to [comment:19 nickm]:
 > In b311f82026d51141a2ef6dd4a709d41a0dd3c388 -- what should we do if
 IPv4Traffic and IPv6Traffic are both disabled, but DNSTraffic is enabled,
 and we get a hostname? Right now it looks like we accept the request.  Is
 that right?  If not, please open a ticket.

 Yes, this is the intended behaviour - some unusual clients might just want
 to look up names, and not transmit traffic.

 > Otherwise looks good to me. Merging.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+---
 Reporter:  ioerror|  Owner:  dgoulet
 Type:  enhancement| Status:  closed
 Priority:  Very Low   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords:  tor-hs, socks, review-group-8  |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer: |Sponsor:  SponsorR-can
---+---
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => implemented


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+---
 Reporter:  ioerror|  Owner:  dgoulet
 Type:  enhancement| Status:  needs_review
 Priority:  Very Low   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks, review-group-8  |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer: |Sponsor:  SponsorR-can
---+---

Comment (by nickm):

 In b311f82026d51141a2ef6dd4a709d41a0dd3c388 -- what should we do if
 IPv4Traffic and IPv6Traffic are both disabled, but DNSTraffic is enabled,
 and we get a hostname? Right now it looks like we accept the request.  Is
 that right?  If not, please open a ticket.

 Otherwise looks good to me. Merging.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  dgoulet
 Type:  enhancement| Status:  needs_review
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer: |Sponsor:  SponsorR-can
---+
Changes (by dgoulet):

 * status:  accepted => needs_review


Comment:

 I addressed the latest from teor here. I've removed the NATD and Trans
 port restriction for IPv6. I've rebased this to current git master as
 well:

 See branch `ticket18693_029_01`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  dgoulet
 Type:  enhancement| Status:  accepted
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer: |Sponsor:  SponsorR-can
---+
Changes (by dgoulet):

 * status:  needs_revision => accepted
 * owner:   => dgoulet
 * points:  .5 => 0.5
 * reviewer:  special =>
 * actualpoints:  .5 => 0.5


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:
 Type:  enhancement| Status:  needs_revision
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  .5
Parent ID: | Points:  .5
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by teor):

 * status:  assigned => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:
 Type:  enhancement| Status:  assigned
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  .5
Parent ID: | Points:  .5
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by teor):

 * owner:  teor =>
 * status:  needs_information => assigned


Comment:

 Replying to [comment:8 special]:
 > > +  log_warn(LD_CONFIG, "You have a %sPort entry with DNSRequest
 enabled, "
 > > +   "but IPv4 and IPv6 disabled; DNS-based sites won't
 work.",
 > > +   portname);
 >
 > This is a valid configuration for a SOCKS port that only handles RESOLVE
 requests, isn't it?

 Well, let's not do that then.
 But don't they have to use IPv4 or IPv6 to process the resolve? Or do they
 just ask the Exit?

 > f63b322a77e41942546675f5229e134f50fc4b63
 >
 > So if I understand correctly, this is a behavior change: NATD and Trans
 ports will no longer allow IPv6 traffic by default. Is that right?

 Oops, we don't want that.

 I think it's better to set these defaults when we process the port
 configuration line, because otherwise they override the settings in the
 port configuration itself (you can't turn IPv6 off, at least in the onion-
 only case, and maybe other cases as well).

 This is complicated by the fact that port configs are initialised in 3
 different places. It will be easier to keep the NATD and Trans behaviour
 if that's refactored into one place.

 Un-assigning from me because I'm not sure if I can do this patch before
 0.2.9.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  teor
 Type:  enhancement| Status:  needs_information
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  .5
Parent ID: | Points:  .5
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by dgoulet):

 * status:  needs_revision => needs_information


Comment:

 Ok I jumped on this one so we can move it forward for 029. The code is
 good! I've rebased it on master and fixed special's comment in fixup
 commit `c39110f`.

 I've also added two extra fixup commits for minor syntax issues in
 comments. I've tested all options and it works fine.

 Although, I would really want an explanation for commit `a6f8fe9` (like
 special mentioned). Why is this a fix all of a sudden? Maybe we can
 improve the comment there telling us _why_ we do that?

 Branch: `ticket18693_029_01`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  teor
 Type:  enhancement| Status:  needs_revision
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  .5
Parent ID: | Points:  .5
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by nickm):

 * points:  small-remaining => .5
 * actualpoints:  6 hours => .5


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  teor
 Type:  enhancement| Status:  needs_revision
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  6 hours
Parent ID: | Points:  small-remaining
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by nickm):

 * status:  assigned => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18693 [Core Tor/Tor]: New SOCKS port restriction to only allow connections to .onion

[Tor Bug Tracker & Wiki]

#18693: New SOCKS port restriction to only allow connections to .onion
---+
 Reporter:  ioerror|  Owner:  teor
 Type:  enhancement| Status:  assigned
 Priority:  Very Low   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-hs, socks  |  Actual Points:  6 hours
Parent ID: | Points:  small-remaining
 Reviewer:  special|Sponsor:  SponsorR-can
---+
Changes (by nickm):

 * owner:   => teor
 * status:  needs_revision => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs