[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] IPv6 to IPv4 tor exit relays would fix many daily tor-problems



> On 30 Jun 2017, at 19:26, Mirimir <mirimir@xxxxxxxxxx> wrote:
> 
> On 06/29/2017 08:41 PM, teor wrote:
>> 
>>> On 30 Jun 2017, at 16:55, Scott Bennett <bennett@xxxxxxx> wrote:
> 
> <SNIP>
> 
>>>    Also, is there a problem with having IPv6-only exit service where a
>>> relay is accessable via IPv4 for clients and other relays?
>> 
>> Most tor clients send a DNS name, and flags that say whether they
>> allow IPv4 and IPv6, and which one they prefer. They rely on the Exit
>> to resolve the IP address and connect to the site.
>> 
>> On the current network, an IPv6-only Exit won't get the Exit flag, and
>> therefore won't get much client traffic.
> 
> OK, so exits need both IPv4 and IPv6.

Or just IPv4 works fine, too.

>> And it probably shouldn't, until almost all internet sites are on IPv6.
>> Otherwise clients will ask it to connect to IPv4-only sites, and it
>> will fail them.
> 
> This confuses me a little. From another subthread:
> 
> On 06/29/2017 02:02 PM, teor wrote:
> 
> <SNIP>
> 
>> Many Exit operators already enable IPv6Exit.
>> Most Tor clients automatically Exit through IPv6 when it is available.
>> (It is the default in recent versions of Tor.)
> 
> What happens for Tor clients without local IPv6 stacks, when they use a
> dual-stack exit to hit a dual-stack site? An IPv4 connection, right?

The Tor protocol is cells over circuits.

Those circuits are built over SSL connections, which use whatever
IP versions are available to the client, relays, and remote site /
onion service. Each connection's IP version can be different across
the circuit.

For client to entry, this is mostly IPv4.
For relays, this is always IPv4.
For exit to internet site, this is IPv6 if available, and IPv4
otherwise.
For service entry to onion service, this is mostly IPv4.

> If the client is on a dual-stack machine, it would default to IPv6,
> right? So Tor circuits would be doing IPv6 over IPv4, yes?

No, there's no IP encapsulation inside Tor circuits, only cells.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays