----- Original Message ----- From: "Ralf-Philipp Weinmann" ralf@coderpunks.org To: tor-dev@lists.torproject.org Sent: Thursday, 31 May, 2012 5:46:49 PM Subject: Re: [tor-dev] Help with pf and iOS
Whoohoo!
LOL, thanks!
I expect that you really _DO NEED_ that second loopback interface for the above config, otherwise your packets will just end up in one big loop. A workaround might be to tag the packets when they are rdr'ed and make sure that you only rdr packets that are non-tagged. I have to look up the exact syntax on how to do that. I strongly suggest testing your pf rules on another machine first (OpenBSD or FreeBSD VM) and then deploying in iOS.
Yeah, I sense the loop there. I thought that
pass quick on lo0 keep state pass out quick inet proto tcp user nobody flags S/SA modulate state
was my "exit strategy", anyway. Looks like they never really work ;-) Tagging packets is a good idea! It's something I didn't think to try in first place as, usually, it's useless when it comes to iptables but it's pf here, so I should definitively try it.
Do you have the kernel crash log handy by any chance? It should be in /Library/Logs/CrashReporter/Panics
Gone, but I will try to replicate it. Looking for some 0days, are you? :-P