[tor-bugs] #7971 [Tor]: review address lists in tor_addr_is_internal_()

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#7971: review address lists in tor_addr_is_internal_()
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:     
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:     
Component:  Tor          |        Version:     
 Keywords:               |         Parent:     
   Points:               |   Actualpoints:     
-------------------------+--------------------------------------------------
 Tor's common/address.c's tor_addr_is_internal_() might be a bit dated,
 regarding it's list of IANA special-purpose registry, and the IETF
 RFCs/I-Ds it uses.  That code looks for reserved/localhost addresses, and
 mentions RFCs: 1918, 3879, 4193, and 4291, all of which are outdated.

 Yesterday's I-D draft-bonica-special-purpose-06 <http://tools.ietf.org/id
 /draft-bonica-special-purpose-06.txt> is a list of all of the addresses,
 which are in RFC5735 (IPv4 addresses) and RFC5156 (IPv6 addresses).  The
 I-D lists 16 addresses for IPv4 and 12 addresses for IPv6.

 Tor appears to handle 7 IPv4 addresses (not 16), and 5 IPv6 addresses (not
 12); and I don't think one of those (FEC0/10) is shared between the Tor
 and I-D lists, and might be either a Tor bug or an IETF I-D bug, or my
 misreading).

 Someone who has a better understanding of how Tor uses local addresses,
 might want to review Tor's code, alongside a current I-D, to see if any of
 those missing addresses should be added. The I-D has more data than the
 below tables, so more helpful for deciding.

 Tor IPv4 cases:
   "0.0.0.0"
   "10/8"
   "0/8"
   "127/8"
   "169.254/16"
   "172.16/12"
   "192.168/16"

 I-D IPv4 cases:
   "0.0.0.0/8"          (RFC 1122: 'This' Network)
   "10.0.0.0/8"         (RFC 1918: Private-Use)
   "100.64.0.0/10"      (RFC 6598: Shared Address Space)
   "127.0.0.0/8"        (RFC 1122: Loopback)
   "169.254.0.0/16"     (RFC 3927: Link Local)
   "172.16.0.0/12"      (RFC 1122: Private-Use)
   "192.0.0.0/24"       (RFC 5736: IETF Protocol Assignments)
   "192.0.0.0/29"       (RFC 6333: DS-Lite)
   "192.0.2.0/24"       (RFC 5737: Documentation (TEST-NET-1))
   "192.88.99.0/24"     (RFC 3068: 6to4 Relay Anycast)
   "192.168.0.0/16"     (RFC 1918: Private-Use)
   "198.18.0.0/15"      (RFC 2544: Benchmarking)
   "198.51.100.0/24"    (RFC 5737: Documentation (TEST-NET-2))
   "203.0.113.0/24"     (RFC 5737: Documentation (TEST-NET-3))
   "240.0.0.0/4"        (RFC 1112: Reserved)
   "255.255.255.255/32" (RFC 0919: Limited Broadcast)

 Tor IPv6 cases:
   "::"
   "::/127"
   "fc00/7"
   "fe80/10"
   "fec0/10"

 I-D IPv6 cases:
   "::1/128"            (RFC 4291: Loopback Address)
   "::/128"             (RFC 4291: Unspecified Address)
   "::FFFF:0:0/96"      (RFC 4291: IPv4-mapped Address)
   "0100::/64"          (RFC 6666: Discard-Only Prefix)
   "2001:0000::/23"     (RFC 2928: IETF Protocol Assignments)
   "2001:0000::/32"     (RFC 4380: TEREDO)
   "2001:0002::/48"     (RFC 5180: Benchmarking)
   "2001:db8::/32"      (RFC 3849: Documentation)
   "2001:10::/28"       (RFC 4843: ORCHID)
   "2002::/16"          (RFC 3056: 6to4)
   "FC00::/7"           (RFC 4193: Unique-Local)
   "FE80::/10"          (RFC 4291: Linked-Scoped Unicast)

 Thanks,
 Lee

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7971>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs