[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 312: Automatic Relay IPv6 Addresses
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] Proposal 312: Automatic Relay IPv6 Addresses
- From: s7r <s7r@xxxxxxxxxx>
- Date: Wed, 29 Jan 2020 18:06:20 +0200
- Autocrypt: addr=s7r@xxxxxxxxxx; keydata= mQENBE9BogQBCADazBiEe0PGTgeUJ/JU4BDvdE2ZFD+MUOgf3+n78F6mXTxcLgyiE/3E4rA5 Sy3NzVRjqjzyn/MyDJDbsRpSKT6uVT5thYNyfDNBNqYmqdVS8Gu+H90z78x1WJ+DxVawk4IM mi8jmKcwlz7hOGROsR0+NyWjyghlzNHVgiJkWIvp5AVDg4F6o2oCH/vBbgomu3Ho5r7fiRZg I0uxsMLIkRI8bwB3SlVi3n4a94ZI2R9rXD9KNWzW4OT5LnICW1d/cuktwVBQRxGE6KFtVDzI chjuDWFaT9p6qROqoBRbsGF/mLg/sb26dwRxb7CnxfCWJn10ZGWo8jG6MM/QKEcxSj0JABEB AAG0NHM3ckBza3ktaXAub3JnIChBbm9ueW1pdHkgbWF0dGVycyEpIDxzN3JAc2t5LWlwLm9y Zz6JATgEEwECACIFAk9BogQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIN/pSyB JlsRbkQH/jfe6F9nbwwFBo2DuNJ+Ci2IpZEco1P6rWh2l3AzG0vOD82nYJ5uFIw+0v615tW8 WWNfeIsrbCRnmOAx8NGkGsk/j+SRJb41pQ79tyxdBg7txcbT9bAdcaImYoBBp+1bnyrAaROB 1wDq0jKX09ofKrrAUWOlddASpIBG5uKMLhHe1X14lmvgGHWDPHKrw4yzBN/nNfXYr+Ayjt9s NM6JETHIgqO6uvchiT20v2/SzD3FlysROkPeoFjGWUwAqH2r7RQyDLF6EoqkrcuwvjFXiOFE nFdNRbHQsKYXPhbk2JUiFQQcdLtJg6iaoRBnhATl4V6soP2EHYn3K1bz+eYL+AS5AQ0ET0Gi BAEIAMO7MGEfdMn72SQAK0m5rcEPj3mtSRRokMHl3YBNjFbj3O4QAwjpKBJ7RuPdF9B9IDAP a7mc+f33mpIgRnxKDwkjswPk74mMQRxe2wgv4AQ7yBICYYK99e6RYP0LC1PDIGXFPLjs0Teu QAxASFvNycC5JSfQUsAI3OTQjaGUaiUfavmJYkn9B6C2ktQgvM7qbxJvLP5X02tgp4G4gNiu 8ZA3aOUdX+8EQwERJZ8CuA/R6/2M2nEO3YRCsxaYSzob7nicjfoPvyvSYu3zXRFj+3uvDOK6 AGNILmftVUoRQ6/WsNaAQX42cDfSNYQ8uZ/zgTGatO3ArNb1uqWbMdbUA5sAEQEAAYkBHwQY AQIACQUCT0GiBAIbDAAKCRCDf6UsgSZbEZjSB/41TviTCxdiS4PLSDrQ3GOmQPpWZRk/O1tv 3y6T9p0XuC/oq6kKfToKuV2/Ok+589rtmrXhjzdk2otDKCRGejJFpVoU/vfR+jokArzpwyPa TWDAhMGmf5wmEAojsiOc9Zgj/CuS5nd/eLFi4QGtbLoDLrTrQSXB4qR0zJFoQfykVaERT2dm UV/D22opJc8jo3UBOBckgGi9jBi/2OvwEiFcZSl1u9Qi4+gbINOObQF5a0h9ReZCT1BUs5FV DSXBBYZTJJ2flnZH69Mb+9KxRMyqjhRzyGDUfY73SYlCpKX9buWMl0CCsDx+GrRVSxvQnA8b aSq1wlfKsJBimGtSAqf8
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 29 Jan 2020 11:06:53 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1580313997; bh=Y3AbuRn1IKXovQoRw/FRBdSdKP98E7O/tm9UXPj7Ao4=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To; b=UH4t4fDI4PDmLD/kCmOTEcq3Adxz3OAESHxa2MVC7lTQKCBNwDw3OYg/5R5HGoiTO emITp6A+6IZV7fhABbr0Oi8UcH03jxfobiDmls+5arEE6hD9Ja9kg+OxSEyElCsYj2 GyM9Ph0OEa33KmMqVrMThVICchRhtYlrJRBeCgrI=
- In-reply-to: <FE948078-0823-4294-B525-1A6D72A7E5FD@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- References: <FE948078-0823-4294-B525-1A6D72A7E5FD@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
Hi teor,
Thanks for this epic work, some lecture for me to deeply go over this
weekend.
By briefly reviewing I've noticed something important is missing that
should be a part of this proposal.
I am not sure under which section it should go under. I guess `3.2.2.
Use the Advertised ORPort IPv4 and IPv6 Addresses`, or maybe it's
important enough that we should make its own section.
In IPv6, besides publicly routable and non-publicly routable addresses
(fe80:// etc.) which are documented in the proposal, we have temporary
IPv6 addresses coming from Privacy extensions or RFC4941 IPv6 addresses.
https://tools.ietf.org/rfc/rfc4941.txt
These addresses are publicly routable, they can appear as reachable from
the directory authorities or from directory data fetches, but they have
limited lifetime and change over time. I am not sure if one such
address becomes deprecated if already in use (say by Tor), as the RFC
states MAY _if not in use by applications or upper layers_:
"As an optional optimization, an implementation MAY remove a
deprecated temporary address that is not in use by applications or
upper layers as detailed in Section 6."
But since this is implementation dependent, we cannot be sure about the
behavior across different platforms that relays might run on.
It is up to the operating system if such addresses are used or not. In
Debian they are disabled by default net.ipv6.conf.eth0.use_tempaddr=0
(unless some desktop packages that use network manager with different
settings change it). In Windows (at least Windows 10) apparently they
are enabled by default.
The question is, do we want such addresses in relay descriptors? I think
such addresses will behave similar to dynamic IPv4 addresses, or even
worse since these ones really change when they want, not just when we
disconnect and reconnect the network interface. So maybe Tor should
detect such behavior and log an error or something?
Actually I'll setup a vm this weekend and give it a native, static /64
IPv6 prefix, enable privacy extension to use temporary addresses and
spin up a Tor process on it. Then disconnect the internet a couple of
times and see how it behaves, how often it changes.
What do you think?
teor wrote:
> Hi,
>
> Here is an initial draft of Proposal 312: Automatic Relay IPv6 Addresses.
>
> This proposal includes:
> * relay auto IPv6 addresses, and
> * relay auto IPv6 ORPorts.
>
> This is the second of 3 proposals:
> * Proposal 311: Relay IPv6 Reachability
> * Proposal 312: Automatic Relay IPv6 Addresses
> * Proposal 313: Relay IPv6 Statistics
> (I haven't written the final one yet.)
>
> I also want to make some minor changes to Proposal 306, so that bridge
> IPv6 behaviour stays in sync with client IPv6 behaviour. (See section
> 7 of this proposal for details.)
>
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev