[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 312: Automatic Relay IPv6 Addresses



Hi teor,

Thanks for this epic work, some lecture for me to deeply go over this
weekend.

By briefly reviewing I've noticed something important is missing that
should be a part of this proposal.

I am not sure under which section it should go under. I guess `3.2.2.
Use the Advertised ORPort IPv4 and IPv6 Addresses`, or maybe it's
important enough that we should make its own section.

In IPv6, besides publicly routable and non-publicly routable addresses
(fe80:// etc.) which are documented in the proposal, we have temporary
IPv6 addresses coming from Privacy extensions or RFC4941 IPv6 addresses.

https://tools.ietf.org/rfc/rfc4941.txt

These addresses are publicly routable, they can appear as reachable from
the directory authorities or from directory data fetches, but they have
limited lifetime and change over time. I am not sure if one  such
address becomes deprecated if already in use (say by Tor), as the RFC
states MAY _if not in use by applications  or upper layers_:

   "As an optional optimization, an implementation MAY remove a
   deprecated temporary address that is not in use by applications or
   upper layers as detailed in Section 6."

But since this is implementation dependent, we cannot be sure about the
behavior across different platforms that relays might run on.

It is up to the operating system if such addresses are used or not. In
Debian they are disabled by default net.ipv6.conf.eth0.use_tempaddr=0
(unless some desktop packages that use network manager with different
settings change it). In Windows (at least Windows 10) apparently they
are enabled by default.

The question is, do we want such addresses in relay descriptors? I think
such addresses will behave similar to dynamic IPv4 addresses, or even
worse since these ones really change when they want, not just when we
disconnect and reconnect the network interface. So maybe Tor should
detect such behavior and log an error or something?

Actually I'll setup a vm this weekend and give it a native, static /64
IPv6 prefix, enable privacy extension to use temporary addresses and
spin up a Tor process on it. Then disconnect the internet a couple of
times and see how it behaves, how often it changes.

What do you think?

teor wrote:
> Hi,
> 
> Here is an initial draft of Proposal 312: Automatic Relay IPv6 Addresses.
> 
> This proposal includes:
>  * relay auto IPv6 addresses, and
>  * relay auto IPv6 ORPorts.
> 
> This is the second of 3 proposals:
> * Proposal 311: Relay IPv6 Reachability
> * Proposal 312: Automatic Relay IPv6 Addresses
> * Proposal 313: Relay IPv6 Statistics
> (I haven't written the final one yet.)
> 
> I also want to make some minor changes to Proposal 306, so that bridge
> IPv6 behaviour stays in sync with client IPv6 behaviour. (See section
> 7 of this proposal for details.)
> 

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev