On 29 March 2016 at 02:29, Sebastian Hahn <
hahn.seb@web.de> wrote:
I've been wondering about the private_nets const in src/or/policies. It
was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
remember why, and I'm hoping someone has an idea (maybe teor, who I've
CCed here, who documented this in a later commit?). If nobody knows why
we do this I think we should remove it as likely incorrect.
0000::/8 is Reserved by the IETF, it is (a superset of) the deprecated
space for "IPv4 Compatible IPv6 Addresses". The addresses are not to
be reassigned for any other purposes.
Authoritative source:
http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtmlI'm not necessarily sure what private networks are all used for in
Tor, but maybe this explains it and makes sense?
/** Private networks. This list is used in two places, once to expand the
* "private" keyword when parsing our own exit policy, secondly to ignore
* just such networks when building exit policy summaries. It is important
* that all authorities agree on that list when creating summaries, so don't
* just change this without a proper migration plan and a proposal and stuff.
*/
So I think we should keep [::]/8 in the list of private addresses.
That said, the list of IPv4 and IPv6 private addresses in tor is incomplete, and could be updated based on [0] [1] for IPv6, and [2] for IPv4 ([3] seems to have too much information to be useful).
If we want to update it, we should consider:
private_nets
tor_addr_is_internal
(any other checks?)
We would need to write a proposal - at the very least, it would need a new consensus method, and some discussion of what happens when clients and exits disagree on the definition of what's private and what's not.
I don't think it's something I'll have time for, but if anyone else wants to guide us through the process, I'd be happy to support it and review code.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F