[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [::]/8 is marked as private network, why?


On 29 Mar 2016, at 23:49, Tom Ritter <tom@xxxxxxxxx> wrote:

On 29 March 2016 at 02:29, Sebastian Hahn <hahn.seb@xxxxxx> wrote:
I've been wondering about the private_nets const in src/or/policies. It
was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
remember why, and I'm hoping someone has an idea (maybe teor, who I've
CCed here, who documented this in a later commit?). If nobody knows why
we do this I think we should remove it as likely incorrect.

0000::/8 is Reserved by the IETF, it is (a superset of) the deprecated
space for "IPv4 Compatible IPv6 Addresses".  The addresses are not to
be reassigned for any other purposes.

Authoritative source:
http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

I'm not necessarily sure what private networks are all used for in
Tor, but maybe this explains it and makes sense?

/** Private networks.  This list is used in two places, once to expand the
 *  "private" keyword when parsing our own exit policy, secondly to ignore
 *  just such networks when building exit policy summaries.  It is important
 *  that all authorities agree on that list when creating summaries, so don't
 *  just change this without a proper migration plan and a proposal and stuff.
 */

So I think we should keep [::]/8 in the list of private addresses.

That said, the list of IPv4 and IPv6 private addresses in tor is incomplete, and could be updated based on [0] [1] for IPv6, and [2] for IPv4 ([3] seems to have too much information to be useful).

If we want to update it, we should consider:
private_nets
tor_addr_is_internal
(any other checks?)

We would need to write a proposal - at the very least, it would need a new consensus method, and some discussion of what happens when clients and exits disagree on the definition of what's private and what's not.

I don't think it's something I'll have time for, but if anyone else wants to guide us through the process, I'd be happy to support it and review code.

Tim

[0]: https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
[1]: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
[2]: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
[3]: https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev