[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18348 [Tor]: Tor conflates IPv4 Dir port with IPv6 OR Port



#18348: Tor conflates IPv4 Dir port with IPv6 OR Port
-----------------------+------------------------------------
 Reporter:  sysrqb     |          Owner:
     Type:  defect     |         Status:  needs_review
 Priority:  Very High  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor        |        Version:  Tor: 0.2.8.1-alpha
 Severity:  Major      |     Resolution:
 Keywords:             |  Actual Points:  small
Parent ID:             |         Points:  small
  Sponsor:             |
-----------------------+------------------------------------
Changes (by teor):

 * version:  Tor: unspecified => Tor: 0.2.8.1-alpha
 * points:   => small
 * actualpoints:   => small


Comment:

 There are two interrelated issues here:
 * enabling IPv4 on all relays wasn't working correctly
 * using IPv4/IPv6 based on the configured bridge address wasn't working
 correctly

 Please see my branch bug18348-v2 on https://github.com/teor2345/tor.git

 '''Relays'''

 Replying to [comment:3 sysrqb]:
 > So, yes and no. Yes, that patch does what's expected. teor, is this what
 you were planning or did you have a better patch? I don't think this is
 completely the correct answer, but it seems good enough for now.

 Your patch is OK - it enables IPv4 for all relays. But we want to allow
 relays to use IPv6 if they configure it (in addition to IPv4).

 25543387ede5a4143d9ef4fdff2b34846ca788c6 prevents relays from disabling
 IPv4.
 a4eddfff666226014545efd6f5bf390173c0fdfa refactors the code to make it
 clearer, and adds comments.

 > But, on the other hand, no, this doesn't completely solve the problem
 where we exhaust all the dir auths and log a warn/bug message. I'll open a
 different ticket for that.

 In the interim, be16c16bdaae9ac1ebddbe755236e62de9011f01 downgrades one of
 those warnings to info level. It's non-fatal, and may be triggered when
 using bridges.

 '''Bridges'''

 To fix the bridge issue, c281c0365482891d6c3e71f85b2a6615faa5990b
 redesigns the node address checks to use node_ipv6_or/dir_preferred(). The
 routerstatus address checks then use the node checks, and fall back to
 fascist_firewall_prefer_ipv6_or/dirport() if there's no node.

 (I thought we were doing this already when I changed how the bridge client
 code sets `node->ipv6_preferred`. But it turns out that we weren't
 checking `node->ipv6_preferred` at all.)

 The other commits are refactoring and unit tests. The unit tests are more
 comprehensive now, and cover fascist_firewall_choose_address_rs/node(),
 including all the desired bridge and relay behaviours.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18348#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs