On 8 Feb 2017, at 00:07, tor@afo-tm.org wrote:
On 06.02.17 09:25, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2]. So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially increases the tor network's IPv6 exit capacity. teor and nickm plan a backport for tor 0.2.9.x [1] https://trac.torproject.org/projects/tor/ticket/21357 [2] https://lists.torproject.org/pipermail/tor-talk/2017-February/042900.html These 47 exits account for more than 8.6% exit probability and currently do not allow IPv6 exiting (either due to this bug or due to missing IPv6Exit 1' or exit policy) ...
IPv6 only exits are still not possible with this patch?
No, and the reason depends what you mean by "IPv6 only exits".
If you mean "relays on IPv6 without an IPv4 listening port", then no, due to the current IPv4 clique requirement for the Tor network (this needs further research, there might be ways to preserve client anonymity without every relay being able to connect to every other relay).
If you mean "relays on IPv4 and IPv6 that only exit to IPv6" these can be configured:
ExitPolicy reject *4:* ExitPolicy accept *6:*
But relays do not get the Exit flag unless they exit to at least one IPv4 /8 on at least two of ports 80, 443, and 6667. An exit without the Exit flag won't be used by (most) clients.
And Exit port summaries in microdescriptors require a relay to Exit to almost all addresses (they can't reject more than an IPv4 /7 or IPv6 /16). An Exit with an empty IPv4 port summary won't be used by (most) clients. (There is a separate summary for IPv6.)
This is inconsistent, I've opened a ticket: https://trac.torproject.org/projects/tor/ticket/21413
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------