On 30 Sep 2015, at 14:53, Jeff Burdges burdges@gnunet.org wrote: ... Filename: xxx-anycast-exit.txt Title: Anycast Exit Author: Jeffrey Burdges Created: 28 September 2015 Status: ? Implemented-In: ? … Server Side
We propose an AnycastExit Tor configuration option
AnycastExit <protocol> <host>:<port>
Here protocol must be a string consisting of letters, numbers, and underscores.
There are two changes Tor's behavior resulting from this option :
First, Tor adds the line "ACE <protocol> <host>:<port>" to the node's full descriptor.
Second, Tor allows connections to ip:port as if the torrc contains : ExitPolicy allow<host>:<port> As ExitPolicyRejectPrivate defaults to 1, these policies should be allowed even if the ip lies in a range usually restricted. In particular localhost and 127.0.0.1 are potentially allowed.
Tor exit policies don’t contain hostnames like “localhost", did you mean 127.0.0.0/8 and ::1?
I am concerned about the security considerations of opening up local addresses, as local processes often trust connections from the local machine. Perhaps we could clarify it to say that only the specific port on 127.0.0.0/8 and ::1 is allowed?
I also suggest that we specify the following rules based on the current (0.2.7.3) implementation of policies_parse_exit_policy_internal: * Block all IPv6 if IPv6Exit is 0 * If AnycastExit is set, allow 127.0.0.0/8:port and, if IPv6Exit is 1, [::1]:port * If ExitPolicyRejectPrivate is 1: * reject private addresses (0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, [::]/8, [fc00::]/7, [fe80::]/10, [fec0::]/10, [ff00::]/8, [::]/127) * reject relay’s configured IPv4 and IPv6 address * reject relay’s interfaces’ IPv4 and IPv6 addresses * Then add the default exit policy
Regards
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F