Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #18456

Closed (moved)
Open
Created Mar 01, 2016 by teor@teor

Exits on 0.2.7 publicise all their IP addresses in their descriptor

Roger and I just spoke about the feature in 0.2.7 where Exits ban all their local / configured IP addresses in their descriptor.

If processes on an Exit trust connections from the local machine, this prevents Exits being attacked by making a connection to their IP addresses.

But it also means that all exit addresses appear in the consensus.

Roger thinks this will surprise some Exit operators. It also makes Exit IP addresses easier to censor.

That said, if we silently block connections to these IP addresses, then clients can scan Exits and see which addresses are refused even though they are not banned in the Exit policy.

We should contact relay operators with multiple IP addresses, and see if they appreciate this feature, or if they are surprised by it.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Tor: 0.2.9.x-final
Milestone
Tor: 0.2.9.x-final
Assign milestone
Time tracking
None
Due date
None