[tor-bugs] #7571 [Tor]: Make AutomapHostsOnResolve work with IPv6
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 17 19:12:39 UTC 2012
#7571: Make AutomapHostsOnResolve work with IPv6
-------------------------+--------------------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
> Why the loopback by default for IPv4 but link-local for IPv6?
rransom is right -- there's only one loopback address for IPv6.
> Other concern: letting 'attempts' be UINT32_MAX for picking random IPv6
addresses.
I believe that later in the branch (c50bb9e3), I reduced it to 1000.
> Is crypto_rand() actually *under our control*?
The crypto_rand() function uses OpenSSL's cryptographic PRNG. If that's
broken (like when Debian broke theirs), or replaced with an LCG or
something, all OpenSSL users on that platform will be almost totally
insecure, and an infinite loop in addressmap_get_virtual_address() would
be the least of our worries ;)
My inner perfectionist likes the idea of using crit-bit trees, but I'm
having a hard time constructing a reasonable scenario where 1000 isn't a
big enough number here. If that turns out to be wrong, though, we
shouldn't forget this stuff: maybe we should add a comment or another
ticket about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7571#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list