[tor-dev] Sanitizing IPv6 addresses in bridge descriptors

Karsten Loesing karsten.loesing at gmx.net
Mon Jan 16 17:12:49 UTC 2012


On 1/16/12 8:46 AM, Karsten Loesing wrote:
> On 1/11/12 10:34 AM, Linus Nordberg wrote:
>> Alex Le Heux <alexlh at funk.org> wrote
>> Wed, 11 Jan 2012 09:57:00 +0100:
>>
>> | > RFC 3849 defines the prefix 2001:DB8::/32 as being reserved for
>> | > documentation.  That should be fine for this.
>> | 
>> | The documentation prefix is for just that, use in documentation :)
>> | 
>> | ULA (RFC4193) is actually closer to the 10/8 (RFC1918) addresses that you use for IPv4.
>>
>> Oh, right.  *blush*
> 
> So, just to get that right: how would we apply RFC4193 here?
> 
> - We start with FC00::/7 as the prefix for Local IPv6 unicast addresses.
> 
> - We set the 8th bit, the L bit, to 1, because we're generating the
> subsequent Global ID locally.
> 
> - We generate a random 40-bit Global ID for "Tor sanitized bridge IPv6
> addresses."  We don't change it, ever.
> 
> - We set the 16-bit Subnet ID to all zeros.
> 
> - We use the least significant 24 bits of the 64-bit Interface ID for
> the actual sanitized bridge address that was formerly encoded in 10.x.x.x.
> 
> As an example, a sanitized IPv6 bridge address would be:
> 
>   [fc01:0123:4567:89ab::fedc:ba98:7654]

Err...  What I meant was something like this:

    [fd9f:2e19:3bcf::f8:2444]

> Does that make sense?

The approach discussed above is now implemented:

  https://gitweb.torproject.org/metrics-db.git/commitdiff/70a3d998

Unless somebody shouts at me within the next 48 hours and tells me the
approach is stupid, I'm going to deploy it.

Best,
Karsten


More information about the tor-dev mailing list