On 06/30/2017 01:43 PM, teor wrote:
On 30 Jun 2017, at 19:26, Mirimir mirimir@riseup.net wrote:
On 06/29/2017 08:41 PM, teor wrote:
On 30 Jun 2017, at 16:55, Scott Bennett bennett@sdf.org wrote:
<SNIP>
Also, is there a problem with having IPv6-only exit service where a relay is accessable via IPv4 for clients and other relays?
Most tor clients send a DNS name, and flags that say whether they allow IPv4 and IPv6, and which one they prefer. They rely on the Exit to resolve the IP address and connect to the site.
On the current network, an IPv6-only Exit won't get the Exit flag, and therefore won't get much client traffic.
OK, so exits need both IPv4 and IPv6.
Or just IPv4 works fine, too.
:)
And it probably shouldn't, until almost all internet sites are on IPv6. Otherwise clients will ask it to connect to IPv4-only sites, and it will fail them.
This confuses me a little. From another subthread:
On 06/29/2017 02:02 PM, teor wrote:
<SNIP>
Many Exit operators already enable IPv6Exit. Most Tor clients automatically Exit through IPv6 when it is available. (It is the default in recent versions of Tor.)
What happens for Tor clients without local IPv6 stacks, when they use a dual-stack exit to hit a dual-stack site? An IPv4 connection, right?
The Tor protocol is cells over circuits.
Those circuits are built over SSL connections, which use whatever IP versions are available to the client, relays, and remote site / onion service. Each connection's IP version can be different across the circuit.
For client to entry, this is mostly IPv4. For relays, this is always IPv4. For exit to internet site, this is IPv6 if available, and IPv4 otherwise.
So a client with only IPv4 stack, using a dual-stack exit, can hit IPv6-only Internet sites. Right? That's very cool! Because then, Tor not only offers privacy and anonymity advantages, but also allows users without IPv6 connectivity to reach IPv6-only Internet sites. That will be increasingly important as IPv6-only sites become common.
For service entry to onion service, this is mostly IPv4.
So IPv6-only machines can host onion services, as long as they use a dual-stack guard. Also very cool.
If the client is on a dual-stack machine, it would default to IPv6, right? So Tor circuits would be doing IPv6 over IPv4, yes?
No, there's no IP encapsulation inside Tor circuits, only cells.
Yes, of course. But Tor can be rather like an IPv4-IPv6 adapter.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays