[tor-bugs] #33817 [Core Tor/Tor]: Perform all IPv4 and IPv6 extend checks in one place

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 6 03:03:49 UTC 2020 

#33817: Perform all IPv4 and IPv6 extend checks in one place
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  teor
     Type:  task                                 |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.4.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ipv6, prop311, technical-debt-       |  Actual Points:
  partial                                        |
Parent ID:  #33220                               |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor55-must
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:  ipv6, prop311 => ipv6, prop311, technical-debt-partial


Old description:

> Currently, tor checks that extend cells have IPv4 addresses in:
> * some functions in circuitbuild_relay.c (a new file introduced by
> #33633)
> * check_extend_cell() in onion.c
> * extend_cell_from_extend2_cell_body() in onion.c
>   * (note that all relays that support IPv6 extends should be using
> extend2 cells, but we want to modify this code for consistency)
> * channel_get_for_extend(), where only channels with IPv4 addresses are
> searched,
> * and possibly other functions.
>
> We want to perform all these checks in the same place, so we can modify
> tor's behaviour based on:
> * tor's configuration
>   * including consensus parameters
> * the reachability of a relay's own IPv6 ORPort, and
> * any other relevant factors.

New description:

 Currently, tor checks that extend cells have IPv4 addresses in:
 * some functions in circuitbuild_relay.c (a new file introduced by #33633)
 * check_extend_cell() in onion.c
 * extend_cell_from_extend2_cell_body() in onion.c
   * (note that all relays that support IPv6 extends should be using
 extend2 cells, but we want to modify this code for consistency)
 * channel_get_for_extend(), where only channels with IPv4 addresses are
 searched,
 * and possibly other functions.

 We also want to fix a missing IPv6 check in:
 * connection_or_check_canonicity(), where only IPv4 addresses are
 considered canonical,
   * (note that channel_tls_process_netinfo_cell() already handles IPv6
 canonicity correctly)
 Unlike the other changes, this change is a bug fix, and should not depend
 on the relay's configuration.

 We want to perform all these checks in the same place, so we can modify
 tor's behaviour based on:
 * tor's configuration
   * including consensus parameters
 * the reachability of a relay's own IPv6 ORPort, and
 * any other relevant factors.

--

Comment:

 Add a bug fix for connection_or_check_canonicity().

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33817#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list