Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #26646

Closed (moved)
Open
Opened Jul 04, 2018 by nusenu@nusenu

add support for multiple OutboundBindAddressExit IP(ranges)

tor has support for dedicated outbound IP addresses for on exit relays via OutboundBindAddressExit. This parameter supports only a single IPv4 and a single IPv6 address.

I propose to add an extension of this feature to support IPv4 and IPv6 ranges/prefixes.

The idea is to assign an IP address to each tor circuit. The exit IP address must never change during the lifetime of the circuit.

Exit IP addresses would be randomly assigned to circuits. Once the exit runs out of IPs it cycles through his pool of IPs again. With IPv6 address space availability this can take a long time with IPv4 it will be limited.

This aims to reduce the negative impact of few "bad" users on many "good" users since they will not share the same IP address on the exit.

This might also have some negative? side effect since it demultiplexes tor clients to multiple source IPs on the exit and an external observer (not running the exit itself) can tell clients apart by looking at source IPs.

Instead of doing it on the circuit level you could do it based on time. Change the exit IP every 5 minutes (but do not change the exit IPs for existing circuits even if they live longer than 5 minutes).

https://lists.torproject.org/pipermail/tor-dev/2018-March/013036.html

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Tor: unspecified
Milestone
Tor: unspecified
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#26646