Hey,
I've been wondering about the private_nets const in src/or/policies. It was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't remember why, and I'm hoping someone has an idea (maybe teor, who I've CCed here, who documented this in a later commit?). If nobody knows why we do this I think we should remove it as likely incorrect.
Cheers and thanks Sebastian
On 29 March 2016 at 02:29, Sebastian Hahn hahn.seb@web.de wrote:
I've been wondering about the private_nets const in src/or/policies. It was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't remember why, and I'm hoping someone has an idea (maybe teor, who I've CCed here, who documented this in a later commit?). If nobody knows why we do this I think we should remove it as likely incorrect.
0000::/8 is Reserved by the IETF, it is (a superset of) the deprecated space for "IPv4 Compatible IPv6 Addresses". The addresses are not to be reassigned for any other purposes.
Authoritative source: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
I'm not necessarily sure what private networks are all used for in Tor, but maybe this explains it and makes sense?
-tom
On 29 Mar 2016, at 23:49, Tom Ritter tom@ritter.vg wrote:
On 29 March 2016 at 02:29, Sebastian Hahn hahn.seb@web.de wrote:
I've been wondering about the private_nets const in src/or/policies. It was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't remember why, and I'm hoping someone has an idea (maybe teor, who I've CCed here, who documented this in a later commit?). If nobody knows why we do this I think we should remove it as likely incorrect.
0000::/8 is Reserved by the IETF, it is (a superset of) the deprecated space for "IPv4 Compatible IPv6 Addresses". The addresses are not to be reassigned for any other purposes.
Authoritative source: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
I'm not necessarily sure what private networks are all used for in Tor, but maybe this explains it and makes sense?
/** Private networks. This list is used in two places, once to expand the * "private" keyword when parsing our own exit policy, secondly to ignore * just such networks when building exit policy summaries. It is important * that all authorities agree on that list when creating summaries, so don't * just change this without a proper migration plan and a proposal and stuff. */
So I think we should keep [::]/8 in the list of private addresses.
That said, the list of IPv4 and IPv6 private addresses in tor is incomplete, and could be updated based on [0] [1] for IPv6, and [2] for IPv4 ([3] seems to have too much information to be useful).
If we want to update it, we should consider: private_nets tor_addr_is_internal (any other checks?)
We would need to write a proposal - at the very least, it would need a new consensus method, and some discussion of what happens when clients and exits disagree on the definition of what's private and what's not.
I don't think it's something I'll have time for, but if anyone else wants to guide us through the process, I'd be happy to support it and review code.
Tim
[0]: https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml [1]: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia... [2]: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia... [3]: https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 3/29/16, Tim Wilson-Brown - teor teor2345@gmail.com wrote:
/** Private networks. This list is used in two places, once to expand the
So I think we should keep [::]/8 in the list of private addresses.
That said, the list of IPv4 and IPv6 private addresses in tor is incomplete,
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia... https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia...
I'd only bother with what's in these two lists, primarily the Global False. Otherwise you end up determining and maintaining your own "bogon" style lists which was not really the original intent of tracking IETF provided rfc1918 style "private" address space list. Thus I'd remove it.
-
grarpamp -
Sebastian Hahn -
Tim Wilson-Brown - teor -
Tom Ritter