[tor-dev] onionoo: understanding 'exit_policy_v6_summary'

Karsten Loesing karsten at torproject.org
Sun Jan 29 13:51:34 UTC 2017


On 28/01/17 00:07, nusenu wrote:
> Hi Karsten,

Hi nusenu,

> given this torrc configuration and exit policy:
> https://lists.torproject.org/pipermail/tor-relays/2017-January/011806.html
> 
> would you expect onionoo's  'exit_policy_v6_summary' to be not set? [1]
> 
> https://onionoo.torproject.org/protocol.html#details writes:
>> Missing if the relay rejects all connections to IPv6 addresses.

It looks like that relay doesn't include an "ipv6-policy" line in its
server descriptor, and that's what Onionoo puts in its
"exit_policy_v6_summary" field.  If that line is not present, it omits
that field.

I'm including a server descriptor published by that relay and another
server descriptor published by another relay that includes an
"ipv6-policy" line.

Not much we can do in Onionoo here, I'm afraid.

All the best,
Karsten



@type server-descriptor 1.0
router sorrentini 128.199.76.145 443 0 0
identity-ed25519
-----BEGIN ED25519 CERT-----
AQQABk6tATJwpoULEu5H8HCHYVLNZXDiISzqjcVnkaqWOM3vLEoDAQAgBADpkqcx
UBgQJwILiFx0QzbguYeKDdNmm9W69fwOQi1tz594JOaj5yNu8LNMiWVzr1YoTDRh
d/tpHeqb+tJkQlSIPdpdeS54voU/RuFPuMzpNvQEZY3ZWQLfNNGCa5vNrAE=
-----END ED25519 CERT-----
master-key-ed25519 6ZKnMVAYECcCC4hcdEM24LmHig3TZpvVuvX8DkItbc8
or-address [2400:6180:0:d0::18a7:d001]:443
platform Tor 0.2.9.8 on Linux
proto Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 Link=1-4
LinkAuth=1 Microdesc=1-2 Relay=1-2
published 2017-01-29 11:24:39
fingerprint 5E76 2A58 B1F7 FF92 E791 A1EA 4F18 695C AC66 77CE
uptime 719708
bandwidth 1073741824 1073741824 1794389
extra-info-digest 33D4178248F3C6CB2F65F5C88EC3F13A9779A21F
NQuYjUhIVzt2ottgQ4PUro8KX0zoEk2UnUO1gM3kDLY
onion-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKcAM5bLS516y9QYp4XQYYCQohS6EwFdx/2K4PYgMuBfIOO/OnKaGy97
wSmU1XMVUNdfry8nvbmCHhgtnSXBE4h3VemDyHZSrk6qYg8tV4OdytU06uw1Ht01
RMrSOnHD8HHD2ZOuqI9whzBvAeYPKEYN1DuogMc0Oi7XoI4EyOQxAgMBAAE=
-----END RSA PUBLIC KEY-----
signing-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMcFm6QomBKSr2yaMNa0oEZ6UEOk8s2XFzfYemqZjn1Hyw6IHHUxHJDp
b47fGNy0ftJWi5uWLNhAiJCBonlzFMCvyExXAnXR7Yp8xtjgL7mQzpXPA52T8uGN
vasorifvrzqvz7q+8ch7cBWMxzl6HgSHZSQsvX71R1LjZo7ghALZAgMBAAE=
-----END RSA PUBLIC KEY-----
onion-key-crosscert
-----BEGIN CROSSCERT-----
E2kutDFW+cLFijxU/Lqvq16IP4QnUoJFmRxIF2XDozkS5cfA+E9C85jwNv9VR/4f
0xt2NsKVaez4jDwrOIY7mJ/1diztLYVUCxMKKXiSp1R6TTsfaOIR7c1Eoqz/25QR
rFJZQGOmyfU00LTcKz9mclsTDpeS9Eh3DC/R8jCteeM=
-----END CROSSCERT-----
ntor-onion-key-crosscert 1
-----BEGIN ED25519 CERT-----
AQoABky8AemSpzFQGBAnAguIXHRDNuC5h4oN02ab1br1/A5CLW3PAEZCTkgOK9Y4
9C2pJTTxQUtLMcH4qyM5+P9VAM/uHzNyrSsUAm7BtqrfWE55wMiaNE//zHttJzoC
HOS0rSt+PwA=
-----END ED25519 CERT-----
family $82C92FBAF2196EC346670D12BB9650FE9FF55741
$EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7
hidden-service-dir
contact 0x44BB1BA79F6C6333 <tor-admin AT zumbi dot com dot ar>
ntor-onion-key NxlQ1ZK2FDW361t8v9EPuru5wSuGPM63gGz5p4X5aBs=
reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject 128.199.76.145:*
accept *:53
accept *:80
accept *:110
accept *:143
accept *:220
accept *:443
accept *:873
accept *:989-990
accept *:991
accept *:992
accept *:993
accept *:995
accept *:1194
accept *:1293
accept *:3690
accept *:4321
accept *:5222-5223
accept *:5228
accept *:9418
accept *:11371
accept *:64738
reject *:*
router-sig-ed25519
smKoIRGEyT0uUQDtuQSJ0r95+3aId6WX8ippWbdmIXTRtSTOSx+tNszEVcNQGEO3BoZk5WlSycfWoscdwN//Bg
router-signature
-----BEGIN SIGNATURE-----
KC5UaCUD+CxhmsIDivIzzNOlHIHB1CRODtg+txUeDE9sPZGffv7+x0g+93tSsSLq
GM5JApWwdljFMioE5W688lTqWC9vfoRkBL1zJJUhuSENFOhB+VqdpLw6k/L9Jv6h
XK8sFmN/m2lkXMaqPykOLSOrCi+zZzOYDYQ3hV3DPJ8=
-----END SIGNATURE-----



@type server-descriptor 1.0
router adressaparken 62.92.70.116 9001 0 0
platform Tor 0.2.4.27 on Linux
protocols Link 1 2 Circuit 1
published 2017-01-29 11:10:16
fingerprint 6393 1108 6F33 D534 D8FF 1A5B 516D B88A D17B EAA7
uptime 2463016
bandwidth 1073741824 1073741824 0
extra-info-digest DEC779FA2E344CFEA3DE9EC6685BB35733C1EBB9
onion-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAL5ww4bCutH6mun4Arx6P9Z7a8diu5zxC736c4mlyCS7auoCNLOzIcPZ
/a1dGRi15nCfwFDsgjzVe+8IGS6AMHQK1XJTq9DL1fspV56vBG6vZe+JBMjr/WKB
F4gyR0/HN1VNe8wi4jlu/YMwZijDDxP7Lj+EmOnkm1eCBQ/sAL6HAgMBAAE=
-----END RSA PUBLIC KEY-----
signing-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALsDS0ae9LmDkkeEvMDBt/AeJqhpex03dadnRgzyagfFTyh1Z79RFk9t
Q6Rc6H46So3eaoibHN0cuugQ5qJwi5lck6K4uCjIEQlbeTYOVZrl6dEnRtY+Y5WK
tFUpfCkBJYT35qCuyiyDn46IYW/lqSm2K6D8XGcnsIHEZ6KNbxFBAgMBAAE=
-----END RSA PUBLIC KEY-----
hibernating 1
hidden-service-dir
ntor-onion-key BshmNFxEThf5tAsdhPuoSTjtlnT8GylNqv5olVxw5Ro=
reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject 62.92.70.116:*
accept *:22
accept *:43
accept *:53
accept *:554
accept *:563
accept *:636
accept *:873
accept *:1194
accept *:4321
accept *:3690
accept *:5222-5223
accept *:5900
accept *:6660-6669
accept *:6679
accept *:6697
accept *:9418
reject *:*
ipv6-policy accept
22,43,53,554,563,636,873,1194,3690,4321,5222-5223,5900,6660-6669,6679,6697,9418
router-signature
-----BEGIN SIGNATURE-----
Zmb5Zws6Abjao9zINGAht/OvNuyS/y+fiFeon6k+UyamwSvPgn6vF6nGyKSBemga
Y4hQ1LbVUwO697PyDNeQCpc7NVdCo0z06sVXqgOcK1909+VTitVVDfzoU527DKOI
ZXb2NiLjFXn3tUz238q/55RwruN9Sj5YFs/4jS54jC4=
-----END SIGNATURE-----





> 
> 
> thanks,
> nusenu
> 
> 
> [1]
> https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
> 
> {"nickname":"sorrentini","fingerprint":"5E762A58B1F7FF92E791A1EA4F18695CAC6677CE","or_addresses":["128.199.76.145:443","[2400:6180:0:d0::18a7:d001]:443"],"last_seen":"2017-01-27
> 13:00:00","last_changed_address_or_port":"2017-01-11
> 09:00:00","first_seen":"2016-11-30
> 03:00:00","running":true,"flags":["Exit","Fast","Running","Stable","Valid"],"country":"sg","country_name":"Singapore","region_name":"Central
> Singapore Community Development
> Council","city_name":"Singapore","latitude":1.2855,"longitude":103.8565,"as_number":"AS133165","as_name":"Digital
> Ocean,
> Inc.","consensus_weight":420,"host_name":"128.199.76.145","last_restarted":"2017-01-21
> 03:29:31","bandwidth_rate":1073741824,"bandwidth_burst":1073741824,"observed_bandwidth":1225379,"advertised_bandwidth":1225379,"exit_policy":["reject
> 0.0.0.0/8:*","reject 169.254.0.0/16:*","reject 127.0.0.0/8:*","reject
> 192.168.0.0/16:*","reject 10.0.0.0/8:*","reject 172.16.0.0/12:*","reject
> 128.199.76.145:*","accept *:53","accept *:80","accept *:110","accept
> *:143","accept *:220","accept *:443","accept *:873","accept
> *:989-990","accept *:991","accept *:992","accept *:993","accept
> *:995","accept *:1194","accept *:1293","accept *:3690","accept
> *:4321","accept *:5222-5223","accept *:5228","accept *:9418","accept
> *:11371","accept *:64738","reject
> *:*"],"exit_policy_summary":{"accept":["53","80","110","143","220","443","873","989-993","995","1194","1293","3690","4321","5222-5223","5228","9418","11371","64738"]},"contact":"0x44BB1BA79F6C6333
> <tor-admin AT zumbi dot com dot ar>","platform":"Tor 0.2.9.8 on
> Linux","effective_family":["$82C92FBAF2196EC346670D12BB9650FE9FF55741","$EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7"],"consensus_weight_fraction":8.568019E-6,"guard_probability":0.0,"middle_probability":0.0,"exit_probability":3.799685E-5,"recommended_version":true,"measured":true}
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170129/50feeae4/attachment.sig>


More information about the tor-dev mailing list