[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 27 11:38:45 UTC 2020 

#31009: Tor lets transports advertise private IP addresses in descriptor
-------------------------------------------------+-------------------------
 Reporter:  phw                                  |          Owner:  ahf
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,    |  Actual Points:
  040-backport, 041-backport,                    |
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should                             |
Parent ID:                                       |         Points:  0.5
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor28-can
-------------------------------------------------+-------------------------
Changes (by teor):

 * cc: cjb (added)
 * status:  assigned => needs_revision


Comment:

 I noticed that cjb asked in the anti-censorship team meeting notes:
 > took a stab at #31009, but couldn't find an IPv6 replacement
 > for router_pick_published_address().  ahf's going to take it.
 https://lists.torproject.org/pipermail/tor-
 project/2020-January/002672.html

 There isn't an IPv6 version of router_pick_published_address(), but there
 will be in a few months time.
 See #5940, and my upcoming proposal (312?) to tor-dev,

 Here's what relays currently do, and what we should do for the moment:

 Replying to [comment:14 teor]:
 > * if the address is an IPv6 address, it is replaced with an IPv4 address
 >   * we should use the advertised IPv6 ORPort address to replace internal
 IPv6 addresses

 I'm going to make this ticket a child of #5940, so we don't forget to
 replace the IPv6 ORPort address with the new address function.

 Alternatively, you could use the IPv4 and IPv6 address fields in the relay
 descriptor. That's probably a better design, because then the relay
 descriptor and extra-info descriptor addresses will always be in sync.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list