no ipv6 traffic from/to relays ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Switching from 0.2.9.9 to 0.3.0.3-alpha now let 1/3 of my outgoing network traffic to exit ports (of my Tor exit relay) being ipv6. OTOH there's more or less no ipv6 traffic from/to other relays. Is this (another ipv6) bug/issue in Tor or just expected ? - -- Toralf PGP: C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iHYEAREIAB4FAliWTYAXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U7R/QD+Nr4q1CHmhVKgrUrqSp/fEXCEnLnpSfO+njxRdnICbOIA+wSwB02bIOgB mWS13po62pXdO8r3QJiiz5Q7G8ryvtkt =1Mzz -----END PGP SIGNATURE-----
Switching from 0.2.9.9 to 0.3.0.3-alpha now let 1/3 of my outgoing network traffic to exit ports (of my Tor exit relay) being ipv6. OTOH there's more or less no ipv6 traffic from/to other relays.
Is this (another ipv6) bug/issue in Tor or just expected ?
IPv6 is not used for relay-to-relay traffic (not implemented yet). https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6 https://trac.torproject.org/projects/tor/ticket/4565
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/05/2017 11:43 AM, nusenu wrote:
IPv6 is not used for relay-to-relay traffic (not implemented yet). Ah - thx.
- -- Toralf PGP: C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iHYEAREIAB4FAliXipgXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U5wLwD/ZFvlecxBR+wMc4WdO3iJreQkLXfA+N0W2NZTs9CQubgA/0APyzssErzK Dy8uNTbkJ16YF1v9Fo9GqRQX3G9aCjjb =itRA -----END PGP SIGNATURE-----
On 5 Feb 2017, at 08:54, Toralf Förster <toralf.foerster@gmx.de> wrote:
Signed PGP part Switching from 0.2.9.9 to 0.3.0.3-alpha now let 1/3 of my outgoing network traffic to exit ports (of my Tor exit relay) being ipv6.
Yes, this is expected, we fixed a bug in IPv6 exit policies in 0.3.0.2-alpha. See: https://lists.torproject.org/pipermail/tor-relays/2017-February/date.html
OTOH there's more or less no ipv6 traffic from/to other relays.
Relays do not use the IPv6 ORPort at all. Clients do not use the IPv6 ORPort unless specifically configured.
Is this (another ipv6) bug/issue in Tor or just expected ?
Automatic client IPv6 is a feature that has not been implemented yet. But we need relays to have IPv6 ORPorts before it will work. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
The first release with the fix for [1] was in 0.3.0.3-alpha [2]. So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially increases the tor network's IPv6 exit capacity. teor and nickm plan a backport for tor 0.2.9.x [1] https://trac.torproject.org/projects/tor/ticket/21357 [2] https://lists.torproject.org/pipermail/tor-talk/2017-February/042900.html These 47 exits account for more than 8.6% exit probability and currently do not allow IPv6 exiting (either due to this bug or due to missing IPv6Exit 1' or exit policy) +--------------------+--------------------------------+---------------+ | nickname | contact | tor_version | +--------------------+--------------------------------+---------------+ | ori | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | tollana | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | kree | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | rejozenger | 0x21DBEFD4 Rejo Zenger <rejo@z | 0.2.9.9 | | Unnamed | 0x3C68C8DBCBA783EF Joel R. Vos | 0.2.8.12 | | torpinkbyte | 0x60C0742D1F357D42 Sergey Popo | 0.2.8.12 | | marylou2 | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.9.8 | | ekumen | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.8.11 | | marylou1 | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.9.8 | | armbrust | 0xBA61EB09 Michael Armbruster | 0.2.8.9 | | AlphaCentauri | 0xD3364A0B Spydar007 <tor.abus | 0.2.9.9 | | Unzane | 0xFDB8716D Gerald Turner <gtur | 0.2.5.12 | | thirdexit | <demfloro AT demfloro dot ru> | 0.2.9.9 | | dredis | <demfloro AT demfloro dot ru> | 0.2.9.9 | | modio1 | <take AT modio dot se> | 0.2.8.12 | | thisisatorexitnode | Abuse <abuse .AT. uk .DOT. aql | 0.2.9.9 | | xshells | Admin <admin AT xshells DOT ne | 0.2.7.6 | | blackpearl | BlackPearl <tor-op(at)wach-it- | 0.2.9.9 | | CrashM | CrashM <crash AT crashm d0t co | 0.2.8.9 | | SentriesExit2 | echo gbeznfgre1609@fragevrf.be | 0.2.9.9 | | SentriesExit1 | echo gbeznfgre1609@fragevrf.be | 0.2.9.9 | | TastyStrawberry | Fabian Bakkum <fabianbakkum@ho | 0.2.9.9 | | kramse2 | Henrik Kramshoej <hlk AT zencu | 0.2.8.9 | | kramse | Henrik Kramshoej <hlk AT zencu | 0.2.8.9 | | w000000h00000 | http://torexitnodev6.dynv6.net | 0.2.9.8 | | criticalmass | https://www.torservers.net/don | 0.3.0.2-alpha | | iVPN | https://www.torservers.net/don | 0.3.0.2-alpha | | zwiebelfreund3 | https://www.torservers.net/don | 0.3.0.2-alpha | | dorrisdeebrown | https://www.torservers.net/don | 0.3.0.2-alpha | | russellteapot | https://www.torservers.net/don | 0.3.0.2-alpha | | zwiebelfreund2 | https://www.torservers.net/don | 0.3.0.2-alpha | | NeelTorExitCZ | Neel Chauhan <neel AT neelc DO | 0.3.0.1-alpha | | NeelTorExitRU | Neel Chauhan <neel AT neelc DO | 0.2.9.8 | | lupine | Nick Thomas <tor@ur.gs> | 0.2.9.9 | | heteigenwijsje | Random Person <gijsje+tor AT h | 0.2.7.6 | | Unnamed | Random Person <tor0102.10.swsn | 0.2.9.9 | | Unnamed | Random Person <tor0102.10.swsn | 0.2.9.9 | | artikel5ev3 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev2 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev1 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev5 | see https://www.artikel5ev.de/ | 0.2.9.8 | | UniversidadGalileo | System Administrators <sysadmi | 0.2.8.11 | | corewars | TOR Administrator <tor AT core | 0.2.8.12 | | tordienet | tor@die.net | 0.2.9.9 | | PrivacyExit1 | tor@lite.litedsl.nl | 0.2.8.9 | | torwedos | Viktor <vnikolov AT vnikolov d | 0.2.9.9 | | torwedos2 | Viktor <vnikolov AT vnikolov d | 0.2.9.9 | +--------------------+--------------------------------+---------------+ 47 rows
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/06/2017 09:25 AM, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2].
So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially increases the tor network's IPv6 exit capacity.
yes, I do now have: incoming traffic: 20 GB/hour at ipv4 and 10 GB/hour at ipv6 outgoing traffic: 30 GB/hour at ipv4 and <1 GB/hour at ipv6 - -- Toralf PGP: C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iHYEAREIAB4FAliY9ukXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U5HswD+JixL3EE67sBfpdwtu6TDgX2M5mVKCkPMgUKJuK4+ZmoBAI9IbHxy1GVo O/cRIRUye3euffvBS5it7TjdXTZGiAez =XYHi -----END PGP SIGNATURE-----
On 06.02.17 09:25, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2].
So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially increases the tor network's IPv6 exit capacity.
teor and nickm plan a backport for tor 0.2.9.x
[1] https://trac.torproject.org/projects/tor/ticket/21357 [2] https://lists.torproject.org/pipermail/tor-talk/2017-February/042900.html
These 47 exits account for more than 8.6% exit probability and currently do not allow IPv6 exiting (either due to this bug or due to missing IPv6Exit 1' or exit policy)
+--------------------+--------------------------------+---------------+ | nickname | contact | tor_version | +--------------------+--------------------------------+---------------+ | ori | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | tollana | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | kree | 0x02225522 Frenn vun der Enn ( | 0.2.9.9 | | rejozenger | 0x21DBEFD4 Rejo Zenger <rejo@z | 0.2.9.9 | | Unnamed | 0x3C68C8DBCBA783EF Joel R. Vos | 0.2.8.12 | | torpinkbyte | 0x60C0742D1F357D42 Sergey Popo | 0.2.8.12 | | marylou2 | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.9.8 | | ekumen | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.8.11 | | marylou1 | 0x9F29C15D42A8B6F3 Nos oignons | 0.2.9.8 | | armbrust | 0xBA61EB09 Michael Armbruster | 0.2.8.9 | | AlphaCentauri | 0xD3364A0B Spydar007 <tor.abus | 0.2.9.9 | | Unzane | 0xFDB8716D Gerald Turner <gtur | 0.2.5.12 | | thirdexit | <demfloro AT demfloro dot ru> | 0.2.9.9 | | dredis | <demfloro AT demfloro dot ru> | 0.2.9.9 | | modio1 | <take AT modio dot se> | 0.2.8.12 | | thisisatorexitnode | Abuse <abuse .AT. uk .DOT. aql | 0.2.9.9 | | xshells | Admin <admin AT xshells DOT ne | 0.2.7.6 | | blackpearl | BlackPearl <tor-op(at)wach-it- | 0.2.9.9 | | CrashM | CrashM <crash AT crashm d0t co | 0.2.8.9 | | SentriesExit2 | echo gbeznfgre1609@fragevrf.be | 0.2.9.9 | | SentriesExit1 | echo gbeznfgre1609@fragevrf.be | 0.2.9.9 | | TastyStrawberry | Fabian Bakkum <fabianbakkum@ho | 0.2.9.9 | | kramse2 | Henrik Kramshoej <hlk AT zencu | 0.2.8.9 | | kramse | Henrik Kramshoej <hlk AT zencu | 0.2.8.9 | | w000000h00000 | http://torexitnodev6.dynv6.net | 0.2.9.8 | | criticalmass | https://www.torservers.net/don | 0.3.0.2-alpha | | iVPN | https://www.torservers.net/don | 0.3.0.2-alpha | | zwiebelfreund3 | https://www.torservers.net/don | 0.3.0.2-alpha | | dorrisdeebrown | https://www.torservers.net/don | 0.3.0.2-alpha | | russellteapot | https://www.torservers.net/don | 0.3.0.2-alpha | | zwiebelfreund2 | https://www.torservers.net/don | 0.3.0.2-alpha | | NeelTorExitCZ | Neel Chauhan <neel AT neelc DO | 0.3.0.1-alpha | | NeelTorExitRU | Neel Chauhan <neel AT neelc DO | 0.2.9.8 | | lupine | Nick Thomas <tor@ur.gs> | 0.2.9.9 | | heteigenwijsje | Random Person <gijsje+tor AT h | 0.2.7.6 | | Unnamed | Random Person <tor0102.10.swsn | 0.2.9.9 | | Unnamed | Random Person <tor0102.10.swsn | 0.2.9.9 | | artikel5ev3 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev2 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev1 | see https://www.artikel5ev.de/ | 0.2.8.9 | | artikel5ev5 | see https://www.artikel5ev.de/ | 0.2.9.8 | | UniversidadGalileo | System Administrators <sysadmi | 0.2.8.11 | | corewars | TOR Administrator <tor AT core | 0.2.8.12 | | tordienet | tor@die.net | 0.2.9.9 | | PrivacyExit1 | tor@lite.litedsl.nl | 0.2.8.9 | | torwedos | Viktor <vnikolov AT vnikolov d | 0.2.9.9 | | torwedos2 | Viktor <vnikolov AT vnikolov d | 0.2.9.9 | +--------------------+--------------------------------+---------------+ 47 rows
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
IPv6 only exits are still not possible with this patch?
tor@afo-tm.org:
IPv6 only exits are still not possible with this patch?
What do you mean exactly with "IPv6 only exits"? If you want to add a relay to the tor network that has no IPv4 address: This does not work (for a long time I guess). If you have IPv4 and IPv6 connectivity but you want to allow IPv6 exit traffic exclusively (no IPv4 destinations): Yes that is possible, just write your ExitPolicy accordingly.
On 8 Feb 2017, at 00:07, tor@afo-tm.org wrote:
On 06.02.17 09:25, nusenu wrote:
The first release with the fix for [1] was in 0.3.0.3-alpha [2]. So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially increases the tor network's IPv6 exit capacity. teor and nickm plan a backport for tor 0.2.9.x [1] https://trac.torproject.org/projects/tor/ticket/21357 [2] https://lists.torproject.org/pipermail/tor-talk/2017-February/042900.html These 47 exits account for more than 8.6% exit probability and currently do not allow IPv6 exiting (either due to this bug or due to missing IPv6Exit 1' or exit policy) ...
IPv6 only exits are still not possible with this patch?
No, and the reason depends what you mean by "IPv6 only exits". If you mean "relays on IPv6 without an IPv4 listening port", then no, due to the current IPv4 clique requirement for the Tor network (this needs further research, there might be ways to preserve client anonymity without every relay being able to connect to every other relay). If you mean "relays on IPv4 and IPv6 that only exit to IPv6" these can be configured: ExitPolicy reject *4:* ExitPolicy accept *6:* But relays do not get the Exit flag unless they exit to at least one IPv4 /8 on at least two of ports 80, 443, and 6667. An exit without the Exit flag won't be used by (most) clients. And Exit port summaries in microdescriptors require a relay to Exit to almost all addresses (they can't reject more than an IPv4 /7 or IPv6 /16). An Exit with an empty IPv4 port summary won't be used by (most) clients. (There is a separate summary for IPv6.) This is inconsistent, I've opened a ticket: https://trac.torproject.org/projects/tor/ticket/21413 T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
participants (4)
-
nusenu -
teor -
tor@afo-tm.org -
Toralf Förster