[tor-bugs] #16103 [Tor]: Clarification about reject6/accept6 torrc entries

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 18 21:39:35 UTC 2015 

#16103: Clarification about reject6/accept6 torrc entries
--------------------+---------------------
 Reporter:  atagar  |          Owner:
     Type:  defect  |         Status:  new
 Priority:  minor   |      Milestone:
Component:  Tor     |        Version:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+---------------------
 Hi Nick, toralf pointed out that
 [https://trac.torproject.org/projects/tor/ticket/16053 stem chokes on
 tor's reject6/accept6 torrc entries]. Fine thing to be fixed, but I'm not
 entirely clear how they should be handled. From what I can tell the only
 mention of them is a [https://www.torproject.org/docs/tor-
 manual.html.en#ExitPolicy brief note in the man page].

 Initially when I made Stem's exit policy handling it was based on server
 descriptors, where [https://gitweb.torproject.org/torspec.git/tree/dir-
 spec.txt#n1036 exit policy rules can be either IPv4 or IPv6] but don't
 have those special keywords...

 {{{
 accept *:80  # accepts any IPv4 or IPv6 address on port 80?
 accept 0.0.0.0/0:80  # accepts any IPv4 but not IPv6
 accept [0000:0000:0000:0000:0000:0000:0000:0000]/0:80  # accepts any IPv6
 but not IPv4
 }}}

 On reflection though, is even that right? I expect not. According to the
 spec 'accept/reject' can be IPv6, but then we later added a specific
 ipv6-policy, so I'm now successfully confused. :P

 I expect that the actual behavior is as follows...

 * A server descriptor's accept/reject lines can only be IPv4.
 * If IPv6 is allowed then it's on ipv6-policy. Those lines don't allow for
 addresses or subnets, so guess you can specify 'all addresses for port X'
 in descriptors.
 * The torrc allows you to specify IPv6 subnets (and maybe addresses?) so
 guess to make a circuit tor tries using an exit, sees if the address is
 reachable, and if not uses another?

 As for the torrc the examples given in the man page are just subnets
 ("reject6 /7:*"). Does reject6/accept6 take addresses? Do those addresses
 have brackets? Are the brackets optional?

 So TL;DR, the torrc entries need a specification, and the dir-spec could
 probably do with some corrections. :P

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16103>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list