[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] how to enable IPv6 exiting - aka "how to get p6 lines into your microdescriptors" (was: onionoo: understanding 'exit_policy_v6_summary')



tldr; How do you enable IPv6 exiting in torrc?

the following torrc part is apparently _not_ enough:

IPv6Exit 1
ExitRelay 1
ExitPolicy reject *:25
ExitPolicy accept *:*
ExitPolicy reject6 *:25, accept6 *:*    # AFAIU from the tor man page
this line is redundant

https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto

@moritz: can you tell why exit 'amazonas' is different when it comes to
IPv6 exit policies? he is your only exit with p6 lines [4]

> https://onionoo.torproject.org/protocol.html#details writes:
>> Missing if the relay rejects all connections to IPv6 addresses.

Since none of the microdescriptors of that relay in Jan 2017 contained a
"p6" line onionoo works as expected.

(this relay might be a bad example since this relay switched from
non-exit to exit not to long ago, but almost all - except one - of
torservers' exits have no p6 lines either)

So I'm wondering why is there no p6 line in the microdescriptors even
though the relay's exit policy allows IPv6 traffic [3] and IPv6Exit set
to 1?

https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1408 writes:
>      "p6" SP ("accept" / "reject") SP PortList NL
>
>         The IPv6 exit policy summary as specified in sections 3.4.1 and 3.8.2. A
>         missing "p6" line is equivalent to "p6 reject 1-65535".



To provide an example exit relay with p6 line:
https://atlas.torproject.org/#details/D30226D0F4771E93B562AC650C9093931408D8BD


from its descriptor [5] (note the last line: 'ipv6-policy'):

reject 0.0.0.0/8:*
[...]
accept *:5222-5223
accept *:5900
accept *:6660-6669
accept *:6697
accept *:11371
reject *:*
ipv6-policy accept
20-21,23,53,79,81,110,143,443,554,1194,5222-5223,5900,6660-6669,6697,11371





[5] (temporary URL)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-28-04-05-00-server-descriptors


[3] (temporary URL)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-28-18-05-00-server-descriptors
wrote:
> accept *:53
> accept *:80
> accept *:110
> accept *:143
> accept *:220
> accept *:443
> accept *:873
> accept *:989-990
> accept *:991
> accept *:992
> accept *:993
> accept *:995
> accept *:1194
> accept *:1293
> accept *:3690
> accept *:4321
> accept *:5222-5223
> accept *:5228
> accept *:9418
> accept *:11371
> accept *:64738
> reject *:*







[4]

>> +------------+----------------+------------------------+
>> | first_seen | nickname       | exit_policy_v6_summary |
>> +------------+----------------+------------------------+
>> | 2014-02-13 | amazonas       | {u'reject': [u'25']}   |
>> | 2014-02-13 | politkovskaja2 | NULL                   |
>> | 2014-02-13 | politkovskaja  | NULL                   |
>> | 2014-05-01 | rehm           | NULL                   |
>> | 2016-09-02 | hessel0        | NULL                   |
>> | 2016-09-02 | hessel2        | NULL                   |
>> | 2016-09-02 | hessel1        | NULL                   |
>> | 2016-11-15 | andregorz0     | NULL                   |
>> | 2016-11-15 | edwardsnowden2 | NULL                   |
>> | 2016-11-15 | edwardsnowden1 | NULL                   |
>> | 2016-12-23 | russellteapot  | NULL                   |
>> | 2016-12-23 | dorrisdeebrown | NULL                   |
>> | 2016-12-30 | criticalmass   | NULL                   |
>> | 2016-12-30 | zwiebelfreund  | NULL                   |
>> | 2017-01-09 | zwiebelfreund2 | NULL                   |
>> | 2017-01-22 | zwiebelfreund3 | NULL                   |
>> +------------+----------------+------------------------+

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev