Tor socks and requests to IPs "Your application (using socks4 to port X) is giving Tor only an IP address."
Hi,
was there a recent change that tor now drops connections to IPs instead of just logging a warning and passing them? (Edit: No, I just added SafeSocks 1
and forgot to restart tor for a while, mostly docs issue now. See below)
In my logs I see countless lines like this:
[warn] Your application (using socks4 to port X) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks. Rejecting. [11 similar message(s) suppressed in last 60 seconds]
When I look at the documentation at the provided link it doesn't say anything about "Rejecting" like the above log message itself does. Instead that page only talks about this being a warning.
Tor ships with a program called tor-resolve that can use the Tor network to look up hostnames remotely; if you resolve hostnames to IPs with tor-resolve, then pass the IPs to your applications, you'll be fine. (Tor will still give the warning, but now you know what it means.)
config:
AvoidDiskWrites 1
FetchHidServDescriptors 1
FetchServerDescriptors 1
FetchUselessDescriptors 1
HardwareAccel 1
SafeLogging 1
Sandbox 1
SafeSocks 1
DormantCanceledByStartup 1
DormantClientTimeout 30 days
SOCKSPort 9050 IPv6Traffic ExtendedErrors
TransPort 8080 IPv6Traffic
Log notice file /var/log/tor/notices.log
DataDirectory /var/lib/tor
ORPort 9001
DirPort 9030
ExitRelay 0
IPv6Exit 0
ReducedExitPolicy 0
ExitPolicy reject *:* # no exits allowed
BridgeRelay 1
Is there a new flag to add to that SOCKSPort line to have tor just accept such connections anyway? My issue is that "the application" tries to reach an explicit IP (I.E. it doesn't have a dns name to begin with)
EDIT: I found my issue. It was SafeSocks 1
EDIT2: Could we either move SafeSocks into the flags of SOCKSPort or add an overwrite using a flag? E.g. to be able to have one with and one without SafeSocks
(same for WarnUnsafeSocks
and TestSocks
)?