[tor-bugs] #9067 [Tor]: Choice of address and match of fascist_firewall_allows_address* need to consider ipv6
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 14 13:46:56 UTC 2015
#9067: Choice of address and match of fascist_firewall_allows_address* need to
consider ipv6
-------------------------------------------+-------------------------------
Reporter: nickm | Owner: teor
Type: defect | Status: accepted
Priority: Medium | Milestone: Tor:
Component: Tor | 0.2.8.x-final
Severity: Normal | Version:
Keywords: tor-client, 025-triaged, ipv6 | Resolution:
Parent ID: #17840 | Actual Points:
Sponsor: | Points:
-------------------------------------------+-------------------------------
Comment (by teor):
Replying to [comment:5 nickm]:
> Deferring to 0.2.6; fixing it has just as much risk for causing false
positives. (For instance, if you have a reachableaddresses policy that is
accurate for IPv4, but you have no idea what IPv6 stuff your firewall
blocks.)
The only risk of false positives is if the policy contains "reject *".
(And I can't see any way we can work around that.)
Otherwise, fascist_firewall_allows_address_* eventually calls
compare_known_tor_addr_to_addr_policy, where the default action is
ADDR_POLICY_ACCEPTED.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9067#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list