[tor-dev] how to enable IPv6 exiting - aka "how to get p6 lines into your microdescriptors" (was: onionoo: understanding 'exit_policy_v6_summary')
nusenu
nusenu at openmailbox.org
Sat Jan 28 21:47:00 UTC 2017
tldr; How do you enable IPv6 exiting in torrc?
the following torrc part is apparently _not_ enough:
IPv6Exit 1
ExitRelay 1
ExitPolicy reject *:25
ExitPolicy accept *:*
ExitPolicy reject6 *:25, accept6 *:* # AFAIU from the tor man page
this line is redundant
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
@moritz: can you tell why exit 'amazonas' is different when it comes to
IPv6 exit policies? he is your only exit with p6 lines [4]
> https://onionoo.torproject.org/protocol.html#details writes:
>> Missing if the relay rejects all connections to IPv6 addresses.
Since none of the microdescriptors of that relay in Jan 2017 contained a
"p6" line onionoo works as expected.
(this relay might be a bad example since this relay switched from
non-exit to exit not to long ago, but almost all - except one - of
torservers' exits have no p6 lines either)
So I'm wondering why is there no p6 line in the microdescriptors even
though the relay's exit policy allows IPv6 traffic [3] and IPv6Exit set
to 1?
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1408 writes:
> "p6" SP ("accept" / "reject") SP PortList NL
>
> The IPv6 exit policy summary as specified in sections 3.4.1 and 3.8.2. A
> missing "p6" line is equivalent to "p6 reject 1-65535".
To provide an example exit relay with p6 line:
https://atlas.torproject.org/#details/D30226D0F4771E93B562AC650C9093931408D8BD
from its descriptor [5] (note the last line: 'ipv6-policy'):
reject 0.0.0.0/8:*
[...]
accept *:5222-5223
accept *:5900
accept *:6660-6669
accept *:6697
accept *:11371
reject *:*
ipv6-policy accept
20-21,23,53,79,81,110,143,443,554,1194,5222-5223,5900,6660-6669,6697,11371
[5] (temporary URL)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-28-04-05-00-server-descriptors
[3] (temporary URL)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-28-18-05-00-server-descriptors
wrote:
> accept *:53
> accept *:80
> accept *:110
> accept *:143
> accept *:220
> accept *:443
> accept *:873
> accept *:989-990
> accept *:991
> accept *:992
> accept *:993
> accept *:995
> accept *:1194
> accept *:1293
> accept *:3690
> accept *:4321
> accept *:5222-5223
> accept *:5228
> accept *:9418
> accept *:11371
> accept *:64738
> reject *:*
[4]
>> +------------+----------------+------------------------+
>> | first_seen | nickname | exit_policy_v6_summary |
>> +------------+----------------+------------------------+
>> | 2014-02-13 | amazonas | {u'reject': [u'25']} |
>> | 2014-02-13 | politkovskaja2 | NULL |
>> | 2014-02-13 | politkovskaja | NULL |
>> | 2014-05-01 | rehm | NULL |
>> | 2016-09-02 | hessel0 | NULL |
>> | 2016-09-02 | hessel2 | NULL |
>> | 2016-09-02 | hessel1 | NULL |
>> | 2016-11-15 | andregorz0 | NULL |
>> | 2016-11-15 | edwardsnowden2 | NULL |
>> | 2016-11-15 | edwardsnowden1 | NULL |
>> | 2016-12-23 | russellteapot | NULL |
>> | 2016-12-23 | dorrisdeebrown | NULL |
>> | 2016-12-30 | criticalmass | NULL |
>> | 2016-12-30 | zwiebelfreund | NULL |
>> | 2017-01-09 | zwiebelfreund2 | NULL |
>> | 2017-01-22 | zwiebelfreund3 | NULL |
>> +------------+----------------+------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170128/acb6a648/attachment.sig>
More information about the tor-dev
mailing list