[tor-bugs] #11360 [Tor]: Listen on IPv6 by default for SocksPort

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 29 04:14:19 UTC 2015


#11360: Listen on IPv6 by default for SocksPort
-----------------------------+------------------------------
 Reporter:  dgoulet          |          Owner:  teor
     Type:  enhancement      |         Status:  assigned
 Priority:  Medium           |      Milestone:  Tor: 0.2.???
Component:  Tor              |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  tor-client ipv6  |  Actual Points:
Parent ID:  #17811           |         Points:
  Sponsor:                   |
-----------------------------+------------------------------
Changes (by teor):

 * owner:   => teor
 * status:  new => assigned


Comment:

 To summarise, I think we need to implement the following changes (like
 #17901):
 * For every *Port that currently listens on 127.0.0.1 by default:
   * ControlPort TransPort/NATDPort DNSPort ExtORPort SocksPort
 * Bind all *Ports to:
   * IPv4 localhost as described in #17901
   * As long as there is an IPv4 localhost
 * Open another *Port listener on the same port on [::1]:
   * As long as there is no conflicting listener explicitly configured on
 [::1] or [::]
   * This relies on the IPV6_V6ONLY fix in #4760 to work without port
 conflicts
 * Since we've created up to two listeners for each configured *Port, make
 sure:
   * Listener shutdown closes both listeners, and
   * Any code that uses port_cfg_t doesn't rely on localhost being
 127.0.0.1, or local ports being on 127.0.0.1, or there being exactly one
 listener per port_cfg_t.

 This change makes IPv6-only configurations work, and allows programs to
 connect to tor over IPv6 localhost in the default tor configuration.

 This issue also affects HiddenServicePort, which defaults to connecting to
 127.0.0.1. This won't work on an IPv6-only system. We should add
 instructions to the failure warning to specify `HiddenServicePort
 <VirtPort> [::1]:<TargetPort>` for IPv6-only hidden services. (I think
 it's OK to require operators to do this explicitly, rather than
 unexpectedly connecting to a service bound to IPv6 localhost.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11360#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list