Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Philipp Winter@phw

Tor lets transports advertise private IP addresses in descriptor

While dealing with broken obfs4 bridges, I realised that our bridge authority has several obfs4 bridges in its cached-extrainfo document that have private IP addresses, e.g.:

transport obfs4 10.0.254.17:[redacted]

The PT spec explicitly allows private addresses in TOR_PT_SERVER_BINDADDR:

The

MAY be a locally scoped address as long as port forwarding is done externally.

BridgeDB however ignores bridges with private IP addresses, so these obfs4 bridges are effectively useless. We could address this issue in BridgeDB by replacing an obfs4 bridge's private IP address with the address in its ORPort but I think that tor shouldn't be writing private addresses to a descriptor in the first place.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information