commit 61c28b99a2ab9d2f828a346baec6d43c6ef8a144 Author: teor teor2345@gmail.com Date: Wed Nov 1 17:00:24 2017 +1100
Add networks that test that IPv6-only tor clients can use microdescriptors
These networks and torrc templates end in "ipv6-md".
Implements #21001. --- networks/client-ipv6-only-md | 21 +++++++++++++++++++ networks/hs-client-ipv6-md | 24 ++++++++++++++++++++++ networks/hs-ipv6-md | 25 +++++++++++++++++++++++ networks/hs-v23-ipv6-md | 26 ++++++++++++++++++++++++ networks/hs-v3-ipv6-md | 25 +++++++++++++++++++++++ networks/single-onion-client-ipv6-md | 24 ++++++++++++++++++++++ networks/single-onion-ipv6-md | 25 +++++++++++++++++++++++ networks/single-onion-v23-ipv6-md | 27 +++++++++++++++++++++++++ networks/single-onion-v3-ipv6-md | 25 +++++++++++++++++++++++ torrc_templates/client-only-v6-md.i | 2 ++ torrc_templates/client-only-v6-md.tmpl | 2 ++ torrc_templates/client-only-v6.i | 10 +++------ torrc_templates/hs-only-v6-md.tmpl | 3 +++ torrc_templates/hs3-only-v6-md.tmpl | 3 +++ torrc_templates/single-onion-only-v6-md.tmpl | 3 +++ torrc_templates/single-onion-v3-only-v6-md.tmpl | 3 +++ 16 files changed, 241 insertions(+), 7 deletions(-)
diff --git a/networks/client-ipv6-only-md b/networks/client-ipv6-only-md new file mode 100644 index 0000000..32f713e --- /dev/null +++ b/networks/client-ipv6-only-md @@ -0,0 +1,21 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +ExitRelay6 = Node(tag="r", relay=1, exit=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-exit.tmpl") +HS = Node(tag="h", hs=1, torrc="hs.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# The minimum number of authorities/relays/exits is 3, the minimum path length +# But for some reason, Tor wants 4 "acceptable routers" (Tor bug #20071) +NODES = Authority6.getN(3) + ExitRelay6.getN(1) + HS.getN(1) + Client6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/hs-client-ipv6-md b/networks/hs-client-ipv6-md new file mode 100644 index 0000000..c93c354 --- /dev/null +++ b/networks/hs-client-ipv6-md @@ -0,0 +1,24 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +HS = Node(tag="h", hs=1, torrc="hs.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client6.getN(1) + HS.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/hs-ipv6-md b/networks/hs-ipv6-md new file mode 100644 index 0000000..c64080f --- /dev/null +++ b/networks/hs-ipv6-md @@ -0,0 +1,25 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +HS6 = Node(tag="h", hs=1, torrc="hs-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + HS6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/hs-v23-ipv6-md b/networks/hs-v23-ipv6-md new file mode 100644 index 0000000..f562dd8 --- /dev/null +++ b/networks/hs-v23-ipv6-md @@ -0,0 +1,26 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +HSv2IPv6 = Node(tag="h", hs=1, torrc="hs-only-v6-md.tmpl") +HSv3IPv6 = Node(tag="h", hs=1, torrc="hs3-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + HSv2IPv6.getN(1) + HSv3IPv6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/hs-v3-ipv6-md b/networks/hs-v3-ipv6-md new file mode 100644 index 0000000..fc021d8 --- /dev/null +++ b/networks/hs-v3-ipv6-md @@ -0,0 +1,25 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +HS6 = Node(tag="h", hs=1, torrc="hs3-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + HS6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/single-onion-client-ipv6-md b/networks/single-onion-client-ipv6-md new file mode 100644 index 0000000..cdd64ec --- /dev/null +++ b/networks/single-onion-client-ipv6-md @@ -0,0 +1,24 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +SingleOnion = Node(tag="h", hs=1, torrc="single-onion.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client6.getN(1) + SingleOnion.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/single-onion-ipv6-md b/networks/single-onion-ipv6-md new file mode 100644 index 0000000..7464e4b --- /dev/null +++ b/networks/single-onion-ipv6-md @@ -0,0 +1,25 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +SingleOnion6 = Node(tag="h", hs=1, torrc="single-onion-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + SingleOnion6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/single-onion-v23-ipv6-md b/networks/single-onion-v23-ipv6-md new file mode 100644 index 0000000..4450a66 --- /dev/null +++ b/networks/single-onion-v23-ipv6-md @@ -0,0 +1,27 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +SingleOnionv2IPv6 = Node(tag="h", hs=1, torrc="single-onion-only-v6-md.tmpl") +SingleOnionv3IPv6 = Node(tag="h", hs=1, torrc="single-onion-v3-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + \ + SingleOnionv2IPv6.getN(1) + SingleOnionv3IPv6.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/single-onion-v3-ipv6-md b/networks/single-onion-v3-ipv6-md new file mode 100644 index 0000000..fc166cd --- /dev/null +++ b/networks/single-onion-v3-ipv6-md @@ -0,0 +1,25 @@ +import os +# By default, Authorities are not configured as exits +Authority6 = Node(tag="a", authority=1, relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="authority-orport-v6.tmpl") +NonExitRelay6 = Node(tag="r", relay=1, + ipv6_addr=os.environ.get('CHUTNEY_LISTEN_ADDRESS_V6', + '[::1]'), + torrc="relay-orport-v6-non-exit.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +Client6 = Node(tag="c", client=1, torrc="client-only-v6-md.tmpl") +SingleOnionv3IPv6 = Node(tag="h", hs=1, torrc="single-onion-v3-only-v6-md.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority6.getN(2) + NonExitRelay6.getN(3) + \ + Client.getN(1) + Client6.getN(1) + SingleOnionv3IPv6.getN(1) + +ConfigureNodes(NODES) diff --git a/torrc_templates/client-only-v6-md.i b/torrc_templates/client-only-v6-md.i new file mode 100644 index 0000000..8c3d452 --- /dev/null +++ b/torrc_templates/client-only-v6-md.i @@ -0,0 +1,2 @@ +# A client that only uses IPv6 ORPorts +ClientUseIPv4 0 diff --git a/torrc_templates/client-only-v6-md.tmpl b/torrc_templates/client-only-v6-md.tmpl new file mode 100644 index 0000000..dd4471a --- /dev/null +++ b/torrc_templates/client-only-v6-md.tmpl @@ -0,0 +1,2 @@ +${include:client.tmpl} +${include:client-only-v6-md.i} diff --git a/torrc_templates/client-only-v6.i b/torrc_templates/client-only-v6.i index 3105c0f..985f237 100644 --- a/torrc_templates/client-only-v6.i +++ b/torrc_templates/client-only-v6.i @@ -1,10 +1,6 @@ # A client that only uses IPv6 ORPorts -ClientUseIPv4 0 +${include:client-only-v6-md.i} + # Due to Tor bug #19608, microdescriptors can't be used by IPv6-only clients +# running tor 0.2.9 and earlier UseMicrodescriptors 0 - -# Previous versions of Tor did not support IPv6-only operation -# But this is how it would have been configured -#ClientUseIPv6 1 -#ClientPreferIPv6ORPort 1 -#ReachableAddresses reject 0.0.0.0/0, accept [::]/0 diff --git a/torrc_templates/hs-only-v6-md.tmpl b/torrc_templates/hs-only-v6-md.tmpl new file mode 100644 index 0000000..3831a3d --- /dev/null +++ b/torrc_templates/hs-only-v6-md.tmpl @@ -0,0 +1,3 @@ +${include:hs.tmpl} +# Hidden services are just another kind of client +${include:client-only-v6-md.i} diff --git a/torrc_templates/hs3-only-v6-md.tmpl b/torrc_templates/hs3-only-v6-md.tmpl new file mode 100644 index 0000000..a017dd9 --- /dev/null +++ b/torrc_templates/hs3-only-v6-md.tmpl @@ -0,0 +1,3 @@ +${include:hs-v3.tmpl} +# Hidden services are just another kind of client +${include:client-only-v6-md.i} diff --git a/torrc_templates/single-onion-only-v6-md.tmpl b/torrc_templates/single-onion-only-v6-md.tmpl new file mode 100644 index 0000000..d32a503 --- /dev/null +++ b/torrc_templates/single-onion-only-v6-md.tmpl @@ -0,0 +1,3 @@ +${include:single-onion.tmpl} +# Onion services are just another kind of client +${include:client-only-v6-md.i} diff --git a/torrc_templates/single-onion-v3-only-v6-md.tmpl b/torrc_templates/single-onion-v3-only-v6-md.tmpl new file mode 100644 index 0000000..c4ac312 --- /dev/null +++ b/torrc_templates/single-onion-v3-only-v6-md.tmpl @@ -0,0 +1,3 @@ +${include:single-onion-v3.tmpl} +# Onion services are just another kind of client +${include:client-only-v6-md.i}