[tor-commits] [torspec/master] Document IPv6-exit features in the specs
nickm at torproject.org
nickm at torproject.org
Thu Mar 14 16:43:12 UTC 2013
commit 8d7b559728a5361b9379d75a8e0741bc6ffd5881
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Mar 13 13:20:51 2013 -0400
Document IPv6-exit features in the specs
Closes proposals 117 and 208
---
dir-spec.txt | 24 ++++++++++++++++++++++--
proposals/117-ipv6-exits.txt | 2 +-
proposals/208-ipv6-exits-redux.txt | 2 +-
tor-spec.txt | 19 ++++++++++++++++---
4 files changed, 40 insertions(+), 7 deletions(-)
diff --git a/dir-spec.txt b/dir-spec.txt
index c5ca5c1..dd4a9c9 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -476,6 +476,14 @@
the address will be accepted. For clarity, the last such entry SHOULD
be accept *:* or reject *:*.
+ "ipv6-policy" SP ("accept" / "reject") SP PortList NL
+
+ [At most once.]
+
+ An exit-policy summary as specified in 3.3 and 3.5.2, summarizing
+ the router's rules for connecting to IPv6 addresses. A missing
+ "ipv6-policy" line is equivalent to "ipv6-policy reject 1-65535".
+
"router-signature" NL Signature NL
[At end, exactly once]
@@ -1114,7 +1122,7 @@
The "ntor-onion-key" element as specified in 2.1.
- (Only included when the vote or consensus is generated with
+ (Only included when generating microdescriptors for
consensus-method 16 or later.)
"a" SP address ":" portlist NL
@@ -1141,6 +1149,17 @@
BEGIN request, and might get end-reason-exit-policy if they guessed
wrong, in which case they'll have to try elsewhere.]
+ "p6" SP ("accept" / "reject") SP PortList NL
+
+ [At most once]
+
+ The IPv6 exit policy summary as specified in 3.3 and 3.5.2. A
+ missing "p6" line is equivalent to "p6 reject 1-65535".
+
+ (Only included when generating microdescriptors for
+ consensus-method 15 or later.)
+
+
(Note that with microdescriptors, clients do not learn the identity of
their routers: they only learn a hash of the identity key. This is all
they need to confirm the actual identity key when doing a TLS handshake,
@@ -1855,7 +1874,8 @@
consensuses may include "a" lines listing additional OR
ports.
- * XXXXX 15
+ * If consensus method 15 or later is used, microdescriptors
+ include "p6" lines including IPv6 exit policies.
* If consensus method 16 or later is used, ntor-onion-key
are included in microdescriptors
diff --git a/proposals/117-ipv6-exits.txt b/proposals/117-ipv6-exits.txt
index 9c51cf2..f343ff7 100644
--- a/proposals/117-ipv6-exits.txt
+++ b/proposals/117-ipv6-exits.txt
@@ -2,7 +2,7 @@ Filename: 117-ipv6-exits.txt
Title: IPv6 exits
Author: coderman
Created: 10-Jul-2007
-Status: Finished
+Status: Closed
Target: 0.2.4.x
Implemented-In: 0.2.4.7-alpha
diff --git a/proposals/208-ipv6-exits-redux.txt b/proposals/208-ipv6-exits-redux.txt
index e25a901..32fb09c 100644
--- a/proposals/208-ipv6-exits-redux.txt
+++ b/proposals/208-ipv6-exits-redux.txt
@@ -2,7 +2,7 @@ Filename: 208-ipv6-exits-redux.txt
Title: IPv6 Exits Redux
Author: Nick Mathewson
Created: 10-Oct-2012
-Status: Finished
+Status: Closed
Target: 0.2.4.x
Implemented-In: 0.2.4.7-alpha
diff --git a/tor-spec.txt b/tor-spec.txt
index 0c333e7..6831744 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -1252,14 +1252,27 @@ see tor-design.pdf.
and constructs a RELAY_BEGIN cell with a payload encoding the address
and port of the destination host. The payload format is:
- ADDRESS | ':' | PORT | [00]
+ ADDRPORT [nul-terminated string]
+ FLAGS [4 bytes]
+
+ ADDRPORT is made of ADDRESS | ':' | PORT | [00]
where ADDRESS can be a DNS hostname, or an IPv4 address in
dotted-quad format, or an IPv6 address surrounded by square brackets;
and where PORT is a decimal integer between 1 and 65535, inclusive.
- [What is the [00] for? -NM]
- [It's so the payload is easy to parse out with string funcs -RD]
+ The FLAGS value has one or more of the following bits set, where
+ "bit 1" is the LSB of the 32-bit value, and "bit 32" is the MSB.
+ bit meaning
+ 1 -- IPv6 okay. We support learning about IPv6 addresses and
+ connecting to IPv6 addresses.
+ 2 -- IPv4 not okay. We don't want to learn about IPv4 addresses
+ or connect to them.
+ 3 -- IPv6 preferred. If there are both IPv4 and IPv6 addresses,
+ we want to connect to the IPv6 one. (By default, we connect
+ to the IPv4 address.)
+ 4..32 -- Reserved. Current clients MUST NOT set these. Servers
+ MUST ignore them.
Upon receiving this cell, the exit node resolves the address as
necessary, and opens a new TCP connection to the target port. If the
More information about the tor-commits
mailing list