Opened 5 years ago

Closed 3 years ago

#1169 closed enhancement (wontfix)

Disable 'local bypass'

Reported by: dg Owned by:
Priority: minor Milestone:
Component: router/general Version: 0.9.9
Keywords: Cc:
Parent Tickets:

Description

Connections through I2P's streaming library will bypass the I2P network and loopback locally. This can cause problems for reachability testing or somebody providing a shared SOCKS5/HTTP proxy.

In the case of a shared SOCKS5/HTTP proxy, a user could try various eepsites and notice some connect instantly. This provides a link between the destinations running on the router and the proxy.

The 'local bypass' should be optional per-tunnel or entirely.

Subtickets

Change History (9)

comment:1 follow-up: Changed 5 years ago by zzz

Your scenario is you're providing a SOCKS or HTTP proxy used by other people but you don't want those people to know that you are hosting an eepsite on the same router?

That scenario sounds really implausible to me. Who would do that and why?

comment:2 in reply to: ↑ 1 Changed 5 years ago by dg

Replying to zzz:

Your scenario is you're providing a SOCKS or HTTP proxy used by other people but you don't want those people to know that you are hosting an eepsite on the same router?

That scenario sounds really implausible to me. Who would do that and why?

It allows a host to provide a proxy to its users without exposing sites owned by that router.
As for "eepsite status" sites (or any eepsite that allows you to lookup/enter an eepsite for input), an attacker/user could insert various sites and notice how long it takes for the response.

comment:3 follow-up: Changed 5 years ago by zzz

But wouldn't anybody running a status site already realize this, and either not run other sites on the same router, or put in some fake ping time?

Is this an actual request from somebody running such a site and doesn't have a good workaround, or is this some hypothetical scenario only?

comment:4 in reply to: ↑ 3 Changed 5 years ago by dg

Replying to zzz:

But wouldn't anybody running a status site already realize this, and either not run other sites on the same router, or put in some fake ping time?

Is this an actual request from somebody running such a site and doesn't have a good workaround, or is this some hypothetical scenario only?

It was a problem for me when I was planning an eepsite but I retired it. So, hypothetical.

comment:5 Changed 5 years ago by zzz

  • Component changed from unspecified to router/general
  • Milestone 0.9.10 deleted
  • Priority changed from major to minor

comment:6 Changed 4 years ago by zzz

comment:7 Changed 4 years ago by zzz

3 options:

  • whole router i.e. router.config
  • per local dest (i.e. i2ptunnel.config, and a new I2CP option, would need to set on both)
  • per packet (how would we know when to set?)

Vaguely related part 2: ​http://zzz.i2p/topics/1865

comment:8 Changed 3 years ago by str4d

  • Status changed from new to open

comment:9 Changed 3 years ago by zzz

  • Resolution set to wontfix
  • Status changed from open to closed

Closing wontfix. As it's all hypothetical, and there's no use case to target it for. If somebody really wants it they can express a preference for the choices in comment 7 above. A patch would be even better.

Note: See TracTickets for help on using tickets.