[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10892: Patches to proposal 117 from coderman (from or-dev, 18 Jun) (in tor/trunk: . doc/spec/proposals)
Date: 2007-07-20 13:40:49 -0400 (Fri, 20 Jul 2007)
New Revision: 10892
r13854@catbus: nickm | 2007-07-20 13:40:45 -0400
Patches to proposal 117 from coderman (from or-dev, 18 Jun)
Property changes on: tor/trunk
svk:merge ticket from /tor/trunk [r13854] on 8246c3cf-6607-4228-993b-4d95d33730f1
--- tor/trunk/doc/spec/proposals/117-ipv6-exits.txt 2007-07-20 16:25:27 UTC (rev 10891)
+++ tor/trunk/doc/spec/proposals/117-ipv6-exits.txt 2007-07-20 17:40:49 UTC (rev 10892)
@@ -44,12 +44,12 @@
When Tor is started on a host it should check for the presence of a
- global unicast address, [2000::]/3, and if present include the
- default IPv6 exit policies and any user specified IPv6 exit policies.
+ global unicast IPv6 address and if present include the default IPv6
+ exit policies and any user specified IPv6 exit policies.
- If a user provides IPv6 exit policies but no global unicast address
- is available Tor should generate a warning and not publish the IPv6
- policy in the router descriptor.
+ If a user provides IPv6 exit policies but no global unicast IPv6
+ address is available Tor should generate a warning and not publish the
+ IPv6 policies in the router descriptor.
It should be noted that IPv4 mapped IPv6 addresses are not valid exit
destinations. This mechanism is mainly used to interoperate with
@@ -270,22 +270,32 @@
IPv4 preference. Should more explicit control be available, through
either configuration directives or control commands?
- This can be worked around by resolving names and then CONNECTing to
- an IPv4 or IPv6 address as desired, however, not all client
- applications may have this option available.
+ Many applications support a inet6-only or prefer-family type option
+ that provides the user manual control over address preference. This
+ could be provided as a Tor configuration option.
-3.3. Support for IPv6 only clients
+ An explicit preference is still possible by resolving names and then
+ CONNECTing to an IPv4 or IPv6 address as desired, however, not all
+ client applications may have this option available.
- It may be useful to support IPv6 only clients using IPv4 mapped IPv6
- addresses. This would require transparent DNS proxy using IPv6
- transport and the ability to map A record responses into IPv4 mapped
- IPv6 addresses. The transparent TCP proxy would thus need to detect
- these mapped addresses and connect to the desired IPv4 host.
+3.3. Support for IPv6 only transparent proxy clients
- The relative lack of any IPv6 only hosts or applications makes this a
- lot of work for very little gain. Is there a compelling reason to
- support this capability?
+ It may be useful to support IPv6 only transparent proxy clients using
+ IPv4 mapped IPv6 like addresses. This would require transparent DNS
+ proxy using IPv6 transport and the ability to map A record responses
+ into IPv4 mapped IPv6 like addresses in the manner described in the
+ "NAT-PT" RFC for a traditional Basic-NAT-PT with DNS-ALG. The
+ transparent TCP proxy would thus need to detect these mapped addresses
+ and connect to the desired IPv4 host.
+ The IPv6 prefix used for this purpose must not be the actual IPv4
+ mapped IPv6 address prefix, though the manner in which IPv4 addresses
+ are embedded in IPv6 addresses would be the same.
+ The lack of any IPv6 only hosts which would use this transparent proxy
+ method makes this a lot of work for very little gain. Is there a
+ compelling reason to support this NAT-PT like capability?
3.4. IPv6 DNS and older Tor routers
It is expected that many routers will continue to run with older
@@ -299,7 +309,22 @@
routers that can resolve IPv6 addresses even if they can't exit such
+ There was also concern expressed about the ability of existing clients
+ to cope with new RELAY_RESOLVE responses that contain IPv6 addresses.
+ If this breaks backward compatibility, a new request type may be
+ necessary, like RELAY_RESOLVE6, or some other mechanism of indicating
+ the ability to parse IPv6 responses when making the request.
+3.5. IPv4 and IPv6 bindings in MAPADDRESS
+ It may be troublesome to try and support two distinct address mappings
+ for the same name in the existing MAPADDRESS implementation. If this
+ cannot be accommodated then the behavior should replace existing
+ mappings with the new address regardless of family. A warning when
+ this occurs would be useful to assist clients who encounter problems
+ when both an IPv4 and IPv6 application are using MAPADDRESS for the
+ same names concurrently, causing lost connections for one of them.
4.1. Sample IPv6 default exit policy
@@ -358,3 +383,5 @@
'INTERNET PROTOCOL VERSION 6 ADDRESS SPACE'
+ 'Network Address Translation - Protocol Translation (NAT-PT)'