Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
+--
 Reporter:  jirib   |  Owner:
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:  Tor:
|  0.2.9.x-final
Component:  Core Tor/Tor|Version:  Tor: 0.2.9.9
 Severity:  Normal  | Resolution:  fixed
 Keywords:  029-backport, 030-backport  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed
 * milestone:  Tor: 0.3.0.x-final => Tor: 0.2.9.x-final


Comment:

 Merged to 0.2.9 and 0.3.0.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
---+---
 Reporter:  jirib  |  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:  Tor: 0.2.9.9
 Severity:  Normal | Resolution:
 Keywords:  029-backport 030-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
---+---
 Reporter:  jirib  |  Owner:
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:  Tor: 0.2.9.9
 Severity:  Normal | Resolution:
 Keywords:  029-backport 030-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * keywords:  isaremoved, nickwants029, lorax, tor-03-unspecified-201612 =>
 029-backport 030-backport
 * status:  merge_ready => needs_review
 * milestone:  Tor: 0.3.1.x-final => Tor: 0.3.0.x-final


Comment:

 Okay, sounds good.  I've put your patch in a new branch `bug18100_029` in
 my public repository, along with a commit message and a changes file. I'm
 merging it into master now. If nothing goes wrong (and I don't expect it
 will) we can backport to 0.2.9 and 0.3.0.  Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by d4fq0fQAgoJ):

 I've been using the patched version (0001-trans_tproxy.patch) with a
 TPROXY iptables setup since I commented here and so far it's been working
 as expected for me.

 The only real documentation about the TPROXY feature I found is from the
 kernel documentation (Documentation/networking/tproxy.txt). Unfortunately
 it does not say anything about getsockname() or
 getsockopt(SO_ORIGINAL_DST).

 It seems that the TPROXY kernel feature enables transparent proxy
 capabilities without the need to DNAT (what else would be it's purpose
 then?). The above experiment backs this up because TPROXYing works without
 conntrack kernel modules loaded (conntracking is required for NAT). This
 only works with the above patch applied which utilizes getsockname()
 instead of getsockopt(SO_ORIGINAL_DST). Therefore it seems that
 getsockname() is the correct way.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 Hm.  Okay, I will need some confirmation about what to actually merge and
 what has actually been tested.  Teor's branch?  The small patch from
 d4fq0fQAgoJ above?  Both? Neither?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:20 d4fq0fQAgoJ]:
 > System: Linux 4.10.5-1-ARCH x86_64, tor 0.2.9.9
 >
 > It appears to me that TPROXYing only works for me when connection
 tracking is active. When I apply the patch TPROXYing works for me no
 matter if conntection tracking is active or not.
 >
 > ...
 > Looking at the code it seems that getsockopt() is called. The patch
 activates a code path where getsockname() is called instead which seems to
 make it work even if no connection tracking is active. Maybe the author of
 that code can shed more light into that?

 I think the behaviour you describe is what we want.

 I re-wrote the code to make it behave consistently and improve how it was
 structured back in early 2016.

 I don't know enough about transparent proxying to say anything else with
 any confidence.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * cc: teor (added)


Comment:

 teor -- can you comment on d4fq0fQAgoJ's questions above before I merge?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => merge_ready


Comment:

 lgtm;

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  needs_revision => needs_review
 * milestone:  Tor: unspecified => Tor: 0.3.1.x-final


Comment:

 Thanks for analyzing and testing, d4fq0fQAgoJ.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by d4fq0fQAgoJ):

 System: Linux 4.10.5-1-ARCH x86_64, tor 0.2.9.9

 It appears to me that TPROXYing only works for me when connection tracking
 is active. When I apply the patch TPROXYing works for me no matter if
 conntection tracking is active or not.

 Steps to reproduce:

 Make sure no conntrack modules are loaded.
 # lsmod | grep conntrack
 should print nothing.

 Flush your firewall rules:
 # iptables -t raw -F
 # iptables -t mangle -F
 # iptables -t nat -F
 # iptables -t filter -F

 Setup TPROXYing with iptables:
 # iptables -t mangle -A PREROUTING -m socket --transparent -j ACCEPT
 # iptables -t mangle -A PREROUTING -p tcp --syn -d 127.192.0.0/10 -j
 TPROXY --on-port 9052

 Start Tor with the following config:
   SOCKSPort 0
   TransPort 9052 IsolateClientProtocol IsolateDestAddr
   TransProxyType TPROXY
   DNSPort 9053
   AutomapHostsOnResolve 1
   Log notice stdout
   DataDirectory /tmp/tor
   User tor
 # tor -f ./
 [notice] Opening DNS listener on 127.0.0.1:9053
 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9052

 Verify traffic to 127.192.0.0/10 is routed properly to localhost (should
 always be):
 # ip route get to 127.192.0.0/10 from 127.0.0.1
  local 127.192.0.0 from 127.0.0.1 dev lo uid 0
  cache 

 Ask Tor to automap an onion for us:
 # drill -p 9053 duskgytldkxiuqc6.onion @127.0.0.1

 Make sure no conntrack modules are loaded (or more precisely: connection
 tracking is not active for the path to 127.192.0.0/10), otherwise curl
 will succeed! Use the IP address reported by drill.
 # curl 127.192.A.B
 Tor will report:
 [warn] getsockopt() failed: No such file or directory
 [warn] Fetching original destination failed. Closing.

 Call curl again but this time with loaded conntrack modules.
 # modprobe nf_conntrack_ipv4
 # curl 127.192.A.B
 It should succeed now.

 Looking at the code it seems that getsockopt() is called. The patch
 activates a code path where getsockname() is called instead which seems to
 make it work even if no connection tracking is active. Maybe the author of
 that code can shed more light into that?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 could someone (nickm?) explain/discuss the effect/significance of this
 bug?

 it appears that a block of code was ifdef'd with a typo'd name, so it was
 never running, and now it will run (when `TRANS_TPROXY` is set).

 what does this code do?

 (how) did transparent proxying support work without this code (with this
 typo)?

 thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.9
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by d4fq0fQAgoJ):

 * status:  needs_review => needs_revision
 * version:  Tor: 0.2.6.3-alpha => Tor: 0.2.9.9


Comment:

 See attachment patch 0001-trans_tproxy.patch.

 Revised patch for tor 0.2.9.9. Tested patch and TPROXY functionality on
 Linux.

 Please revise.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.3-alpha
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, lorax, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  needs_information => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
---+---
 Reporter:  jirib  |  Owner:
 Type:  defect | Status:
   |  needs_information
 Priority:  Medium |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.2.6.3-alpha
 Severity:  Normal | Resolution:
 Keywords:  isaremoved nickwants029 lorax  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by nickm):

 This will need somebody to actually test it, or it can't go in.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
---+---
 Reporter:  jirib  |  Owner:
 Type:  defect | Status:
   |  needs_information
 Priority:  Medium |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.2.6.3-alpha
 Severity:  Normal | Resolution:
 Keywords:  isaremoved nickwants029 lorax  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * keywords:  isaremoved => isaremoved nickwants029 lorax


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
--+
 Reporter:  jirib |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.3-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * keywords:  029-proposed =>
 * milestone:  Tor: 0.2.??? => Tor: 0.2.9.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
+--
 Reporter:  jirib   |  Owner:
 Type:  defect  | Status:
 Priority:  Medium  |  needs_information
Component:  Core Tor/Tor|  Milestone:  Tor: 0.2.???
 Severity:  Normal  |Version:  Tor:
 Keywords:  029-proposed TorCoreTeam201605  |  0.2.6.3-alpha
Parent ID:  | Resolution:
 Reviewer:  |  Actual Points:
| Points:
|Sponsor:
+--
Changes (by nickm):

 * keywords:  027-backport, 026-backport TorCoreTeam201605 => 029-proposed
 TorCoreTeam201605
 * milestone:  Tor: 0.2.8.x-final => Tor: 0.2.???


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
+--
 Reporter:  jirib   |  Owner:
 Type:  defect  | Status:
 Priority:  Medium  |  needs_information
Component:  Core Tor/Tor|  Milestone:  Tor:
 Severity:  Normal  |  0.2.8.x-final
 Keywords:  027-backport, 026-backport  |Version:  Tor:
Parent ID:  |  0.2.6.3-alpha
 Reviewer:  | Resolution:
|  Actual Points:
| Points:
|Sponsor:
+--

Comment (by nickm):

 sorry, whoops.  Were you able to test this with Linux?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18100 [Core Tor/Tor]: src/or/connection_edge.c typo

[Tor Bug Tracker & Wiki]

#18100: src/or/connection_edge.c typo
-+-
 Reporter:  jirib|  Owner:
 Type:  defect   | Status:
 Priority:  Medium   |  needs_information
Component:  Core Tor/Tor |  Milestone:  Tor:
 Severity:  Normal   |  0.2.8.x-final
 Keywords:  027-backport, 026-backport   |Version:  Tor:
  TorCoreTeam201605  |  0.2.6.3-alpha
Parent ID:   | Resolution:
 Reviewer:   |  Actual Points:
 | Points:
 |Sponsor:
-+-
Changes (by nickm):

 * keywords:  027-backport, 026-backport => 027-backport, 026-backport
 TorCoreTeam201605


Comment:

 sorry, whoops.  Were you able to test this with Linux?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs