[tor-bugs] #23819 [Core Tor/Tor]: Tor doesn't bind to link-local (ipv6) addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 10 20:05:53 UTC 2017
#23819: Tor doesn't bind to link-local (ipv6) addresses
------------------------------+-----------------------------
Reporter: Zakhar | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.2.9.11
Severity: Normal | Keywords: ipv6 link-local
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+-----------------------------
This is either a '''bug''' or a '''documentation defect''' (didn't dive
into the code yet).
Standard routing with ipv6 happens with link-local as next hop.
Hence, for the sake of making a transparent proxy for VMs, I am trying to
specify a '''TransPort''' with the link-local of my bridge.
The standard way of specifying that is: [fe80::xxxx:xxxx:xxxx:xxxx%iface]
Tor parses correctly this ipv6 address (removing iface) but fails to bind.
To reproduce:
`$cat /etc/tor/torrc:`
(...)
`TransPort fe80::1c9a:c3ff:fec8:7768%vnet0:9040`
(...)
`$ ifconfig vnet0`
`vnet0 Link encap:Ethernet HWaddr 1e:9a:c3:c8:77:68`
` inet6: fe80::1c9a:c3ff:fec8:7768/64 c9a:c3ff:fec8:7768/64 Scope:Link`
As you can see, I have a vnet0. It has the link-local address that is
specified as TransPort.
Now let's start tor:
`$ sudo tor`
`Oct 10 21:34:28.384 [notice] Tor 0.2.9.11 (git-aa8950022562be76) running
on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.`
(...)
`Oct 10 21:34:28.385 [notice] You configured a non-loopback address
'[fe80::1c9a:c3ff:fec8:7768]:9040' for TransPort. This allows everybody on
your local network to use your machine as a proxy. Make sure this is what
you wanted.`
(...)
`Oct 10 21:34:28.386 [notice] Opening Transparent pf/netfilter listener on
[fe80::1c9a:c3ff:fec8:7768]:9040`
`Oct 10 21:34:28.386 [warn] Could not bind to
fe80::1[c9a:c3ff:fec8:7768:9040 c9a:c3ff:fec8:7768:9040]: Invalid
argument`
As you can see, it is correctly striping the '''%vnet0''' and reading my
link-local address from the /etc/tor/torrc
It then tries to open the "pf/netfilter" and fails to bind, and says
"invalid argument"!
Indeed, binding a link-local ipv6 address needs one more argument in the
syscall to bind: the interface!
'''Other tests:'''
Trying with fancy notations like
TransPort [fe80::1c9a:c3ff:fec8:7768]%vnet0:9040
fails at parsing.
Trying with a global address (with ipV6 you can just add addresses to the
interface) works but opens other headaches such as having to advertise a
different router address to the clients.
'''Conclusion''', this is either:
* '''(bug)''' the implementation of the "interface" parameter when
binding link-local addresses is missing or failing.
or
* '''(documentation)''' it works and it is a documentation defect since
nowhere we can find how to bind a link-local ipv6 address or even a
working example.
'''Additional:''' there could be the exact same bug/missing documentation
in other places where you can specify an ipv6 address.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23819>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list