[tor-bugs] #4806 [Tor Client]: Detect and warn when running IPv6-using client without IPv6 address privacy

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Dec 30 19:26:10 UTC 2011 

#4806: Detect and warn when running IPv6-using client without IPv6 address privacy
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:                  
     Type:  enhancement  |         Status:  new             
 Priority:  normal       |      Milestone:  Tor: unspecified
Component:  Tor Client   |        Version:                  
 Keywords:               |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------
 Lots of IPv6 implementations default to deriving the last 48 bits of the
 address from local host's ethernet MAC address.  There's an optional,
 usually-off-by-default feature that randomizes addresses for outbound
 connections (see RFC 4941), but not all clients will know where it is, or
 know how to turn it on.

 That's problematic for users on laptops or other mobile devices, since
 their MAC address provides a way to tell it's still them as they move
 around the network.

 Perhaps when Tor is running as a client, we should detect whether the
 address(es) we're using on outbound connections match any MAC address, and
 warn if so.  (Without root, we can't do more than warn and suggest a
 workaround.)

 On Windows, it's part of the info we get from GetAdaptersAddresses().  On
 Linux and OSX this info *seems* to be available via getifaddrs(): we just
 need to check for AF_PACKET addresses on Linux and AF_LINK addresses on
 Mac.  BSDs seem to do the same thing as OSX here.

 Failing that, on Linux, we can learn the MAC address of a socket with
 ioctl(SIOCGIFHWADDR).  On OSX, it looks like we might need to mess around
 with the IOKit framework and a chain of twisty little calls that start
 with IOServiceMatching and end no place good.

 We'll need to suggest some action for the user to take. For a relay, no
 action is necessary.  For a bridge, I'm not too sure.  For a client, the
 OSX and FreeBSD fix appears to be "sysctl -w net.inet6.ip6.use_tempaddr=1
 " ; On Linux, it's maybe "sysctl net.ip6.conf.if.use_tempaddr=2".  On
 Windows, it's probably somthing fiddly.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4806>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list