[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21357 [Core Tor/Tor]: potential bug: Some IPv6Exits do not add the ipv6-policy line to their descriptor



#21357: potential bug: Some IPv6Exits do not add the ipv6-policy line to their
descriptor
-------------------------------+------------------------------------
 Reporter:  cypherpunks        |          Owner:
     Type:  defect             |         Status:  needs_information
 Priority:  Medium             |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor       |        Version:  Tor: 0.2.4.7-alpha
 Severity:  Major              |     Resolution:
 Keywords:  ipv6 029-backport  |  Actual Points:  1
Parent ID:                     |         Points:  2
 Reviewer:                     |        Sponsor:
-------------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_information


Comment:

 The relay operator who originally reported this bug has upgraded to a
 nightly including this patch, and reports that it works:
 https://lists.torproject.org/pipermail/tor-
 relays/2017-February/011856.html

 Their relay now has an IPv6 exit policy:
 https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE

 > It is likely that 0.2.8 and later are affected, possible that 0.2.7 is
 affected, and unlikely that earlier versions are affected.

 I'll clarify: earlier versions may be affected if they explicitly block
 networks smaller than an IPv6 /32 or larger than an IPv6 /7. The first
 behaviour is unintentional, the second is intentional but the wrong number
 of addresses for IPv6 (both are fixed in this patch).

 Later versions automatically block their own IPv6 ORPort's address, so
 IPv6 Exits with an IPv6 ORPort are almost always affected (unless their
 Exit policies start by blocking a /32 to /7 containing their IPv6 address,
 which ends up removing the individual address as redundant).

 I suggest we give it at least another week of testing before a backport.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21357#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs