[tor-bugs] #33816 [Core Tor/Tor]: Fill in missing IPv6 addresses in extend cells
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 5 07:02:16 UTC 2020
#33816: Fill in missing IPv6 addresses in extend cells
-------------------------------------------+-------------------------------
Reporter: teor | Owner: (none)
Type: task | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ipv6, prop311, outreachy-ipv6 | Actual Points:
Parent ID: #33220 | Points: 1
Reviewer: | Sponsor: Sponsor55-can
-------------------------------------------+-------------------------------
Description changed by teor:
Old description:
> When an extend cell is missing an IPv6 address, tor relays could use the
> IPv6 address from the consensus. (If there is one.)
>
> Similarly, if the client only supplied an IPv6 address, the relay could
> add an IPv4 address.
>
> Relays already add ed25519 keys during an extend, when the client only
> supplies the RSA fingerprint.
>
> This change helps obfuscate:
> * whether clients know the IPv6 addresses of relays,
> * which clients implement sending IPv6 addresses in extends, and
> * which clients are configured to send IPv6 addresses in extends.
>
> It has a minor impact on testing:
> * increases the number of IPv6 extends, but
> * decreases the number of IPv4-only extends.
>
> This change can be made in circuit_extend():
> https://github.com/torproject/tor/pull/1801/files#diff-
> 84b529c5e46d955c02d683463cd3317bR230
>
> By calling a function that works like
> circuit_extend_add_ed25519_helper(), but adds IP addresses instead:
> https://github.com/torproject/tor/pull/1801/files#diff-
> 84b529c5e46d955c02d683463cd3317bR77
New description:
When an extend cell is missing an IPv6 address, tor relays could use the
IPv6 address from the consensus. (If there is one.)
Similarly, if the client only supplied an IPv6 address, the relay could
add an IPv4 address.
Relays already add ed25519 keys during an extend, when the client only
supplies the RSA fingerprint.
This change helps obfuscate:
* whether clients know the IPv6 addresses of relays,
* which clients implement sending IPv6 addresses in extends, and
* which clients are configured to send IPv6 addresses in extends.
This change also helps with reachability, if a relay has recently gained
an IPv6 ORPort, or its IPv4 ORPort is unreliable.
It has a minor impact on testing:
* increases the number of IPv6 extends, but
* decreases the number of IPv4-only extends.
This change can be made in circuit_extend():
https://github.com/torproject/tor/pull/1801/files#diff-
84b529c5e46d955c02d683463cd3317bR230
By calling a function that works like circuit_extend_add_ed25519_helper(),
but adds IP addresses instead:
https://github.com/torproject/tor/pull/1801/files#diff-
84b529c5e46d955c02d683463cd3317bR77
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33816#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list