[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21357 [Core Tor/Tor]: potential bug: Some IPv6Exits do not add the ipv6-policy line to their descriptor
#21357: potential bug: Some IPv6Exits do not add the ipv6-policy line to their
descriptor
-------------------------------+------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version: Tor: 0.2.4.7-alpha
Severity: Major | Resolution:
Keywords: ipv6 029-backport | Actual Points: 1
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------+------------------------------------
Changes (by teor):
* status: needs_review => needs_information
Comment:
The relay operator who originally reported this bug has upgraded to a
nightly including this patch, and reports that it works:
https://lists.torproject.org/pipermail/tor-
relays/2017-February/011856.html
Their relay now has an IPv6 exit policy:
https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
> It is likely that 0.2.8 and later are affected, possible that 0.2.7 is
affected, and unlikely that earlier versions are affected.
I'll clarify: earlier versions may be affected if they explicitly block
networks smaller than an IPv6 /32 or larger than an IPv6 /7. The first
behaviour is unintentional, the second is intentional but the wrong number
of addresses for IPv6 (both are fixed in this patch).
Later versions automatically block their own IPv6 ORPort's address, so
IPv6 Exits with an IPv6 ORPort are almost always affected (unless their
Exit policies start by blocking a /32 to /7 containing their IPv6 address,
which ends up removing the individual address as redundant).
I suggest we give it at least another week of testing before a backport.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21357#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs