[tor-bugs] #15517 [BridgeDB]: BridgeDB considers IPv6 clients in the same /64 to be "in the same subnet"

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 31 00:36:30 UTC 2015 

#15517: BridgeDB considers IPv6 clients in the same /64 to be "in the same subnet"
-----------------------------------------------+----------------------
 Reporter:  isis                               |          Owner:  isis
     Type:  defect                             |         Status:  new
 Priority:  critical                           |      Milestone:
Component:  BridgeDB                           |        Version:
 Keywords:  bridgedb-dist, bridge-enumeration  |  Actual Points:
Parent ID:                                     |         Points:
-----------------------------------------------+----------------------
 And an IPv6 `/48` is rather trivial to obtain.  When discussing this in
 the IRC channel, several people immediately spoke up to say that they have
 an IPv6 `/48` subnet, which is equivalent to 65535 `/64`s. The current
 code (from #4297 and
 [https://gitweb.torproject.org/user/isis/bridgedb.git/commit/?h=develop&id=3bee35c8d3977d0645bd57b8fc7bf4ef003538af
 this commit]) at `bridgedb.Dist.uniformMap()` would allow anyone with an
 `/48` to pretend to be a maximum of 65535 clients to BridgeDB (which would
 still allow them to request IPv4 bridges, as well as Pluggable Transport
 bridges, I might add) and obtain a maximum of 65535 unique positions
 within a distributor's hashring per period, allowing the bridges within
 most hashrings to be entirely enumerated within a matter of a few hours.

 As for fixing this bug, I planned to use (both for IPv4 and IPv6) whatever
 logic tor uses for the `EnforceDistinctSubnets` option. However, as it
 turns out, there may be a bug in that logic (#XXXXX) with respect to IPv6.

 I propose (from talking to people, and glancing at
 https://en.wikipedia.org/wiki/IPv6_subnetting_reference and
 https://www.arin.net/resources/request/ipv6_initial_assign.html) that
 BridgeDB switch to treating IPv6 `/32`s (the minimum ARIN allocation for
 an LIR) as distinct subnets, and treat clients within the same `/32` as
 coming from the same IP address.

 [This was discovered while working on #4771 and #1839.]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15517>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list