[tor-dev] Sanitizing IPv6 addresses in bridge descriptors
Karsten Loesing
karsten.loesing at gmx.net
Mon Jan 16 17:12:49 UTC 2012
On 1/16/12 8:46 AM, Karsten Loesing wrote:
> On 1/11/12 10:34 AM, Linus Nordberg wrote:
>> Alex Le Heux <alexlh at funk.org> wrote
>> Wed, 11 Jan 2012 09:57:00 +0100:
>>
>> | > RFC 3849 defines the prefix 2001:DB8::/32 as being reserved for
>> | > documentation. That should be fine for this.
>> |
>> | The documentation prefix is for just that, use in documentation :)
>> |
>> | ULA (RFC4193) is actually closer to the 10/8 (RFC1918) addresses that you use for IPv4.
>>
>> Oh, right. *blush*
>
> So, just to get that right: how would we apply RFC4193 here?
>
> - We start with FC00::/7 as the prefix for Local IPv6 unicast addresses.
>
> - We set the 8th bit, the L bit, to 1, because we're generating the
> subsequent Global ID locally.
>
> - We generate a random 40-bit Global ID for "Tor sanitized bridge IPv6
> addresses." We don't change it, ever.
>
> - We set the 16-bit Subnet ID to all zeros.
>
> - We use the least significant 24 bits of the 64-bit Interface ID for
> the actual sanitized bridge address that was formerly encoded in 10.x.x.x.
>
> As an example, a sanitized IPv6 bridge address would be:
>
> [fc01:0123:4567:89ab::fedc:ba98:7654]
Err... What I meant was something like this:
[fd9f:2e19:3bcf::f8:2444]
> Does that make sense?
The approach discussed above is now implemented:
https://gitweb.torproject.org/metrics-db.git/commitdiff/70a3d998
Unless somebody shouts at me within the next 48 hours and tells me the
approach is stupid, I'm going to deploy it.
Best,
Karsten
More information about the tor-dev
mailing list