[tor-bugs] #15518 [Tor]: Tor considers routers in the same IPv6 /16 to be "in the same subnet"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 31 00:51:47 UTC 2015
#15518: Tor considers routers in the same IPv6 /16 to be "in the same subnet"
------------------------+-----------------------------------
Reporter: isis | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords: ipv6, path, path-bias
Actual Points: | Parent ID:
Points: |
------------------------+-----------------------------------
Description changed by isis:
Old description:
> When `EnforceDistinctSubnets` is enabled, tor uses:
>
> {{{
> /** Return true iff router1 and router2 have similar enough network
> addresses
> * that we should treat them as being in the same family */
> static INLINE int
> addrs_in_same_network_family(const tor_addr_t *a1,
> const tor_addr_t *a2)
> {
> return 0 == tor_addr_compare_masked(a1, a2, 16, CMP_SEMANTIC);
> }
> }}}
>
> to determine if an address is in the same family. For an example IPv6
> address, `2001:1234::0:1`, its /16 representation is `2001::/16`, meaning
> that `2001:ffff::` would be in the same family. A `\16` for IPv6 is
> ''huge'', particularly considering that
> [https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6
> -unicast-address-assignments.xhtml only one-eighth of all IPv6 space is
> currently allocated for use on the internet] (`2000::/3`).
>
> For a related ticket, see #15517 governing how BridgeDB's version of
> `EnforceDistinctSubnets` will work for IPv6. (In that ticket, I proposed
> using IPv6 `/32`s, since that is the
> [https://www.arin.net/resources/request/ipv6_initial_assign.html minimum
> ARIN IPv6 subnet allocation for a LIR].
New description:
When `EnforceDistinctSubnets` is enabled, tor uses:
{{{
/** Return true iff router1 and router2 have similar enough network
addresses
* that we should treat them as being in the same family */
static INLINE int
addrs_in_same_network_family(const tor_addr_t *a1,
const tor_addr_t *a2)
{
return 0 == tor_addr_compare_masked(a1, a2, 16, CMP_SEMANTIC);
}
}}}
to determine if an address is in the same family. For an example IPv6
address, `2001:1234::0:1`, its /16 representation is `2001::/16`, meaning
that `2001:ffff::` would be in the same family. A `\16` for IPv6 is
''huge'', particularly considering that
[https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6
-unicast-address-assignments.xhtml only one-eighth of all IPv6 space is
currently allocated for use on the internet] (`2000::/3`). for the path
selection code, using `/16` essentially means that no two IPv6 routers in
the same country (or possibly even continent) will be in the same path,
and might possibly provide extremely increased chance of selection to
routers in weird/rare IPv6 subnets.
For a related ticket, see #15517 governing how BridgeDB's version of
`EnforceDistinctSubnets` will work for IPv6. (In that ticket, I proposed
using IPv6 `/32`s, since that is the
[https://www.arin.net/resources/request/ipv6_initial_assign.html minimum
ARIN IPv6 subnet allocation for a LIR].
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15518#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list