[tor-bugs] #16069 [Tor]: ipv4 + ipv6 exit : v6 policy is displayed twice, v4 isn't displayed

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 9 13:25:00 UTC 2015 

#16069: ipv4 + ipv6 exit : v6 policy is displayed twice, v4 isn't displayed
--------------------------+-----------------------------------------------
     Reporter:  toralf    |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor       |    Version:  Tor: 0.2.7
   Resolution:            |   Keywords:  026-backport, ipv6, PostFreeze027
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+-----------------------------------------------

Comment (by teor):

 We can't make the changes I suggested above.

 I just read `router_add_exit_policy`, which already enforces the following
 conditions when parsing Exit relay descriptors:
 * accept/reject must not be followed by an IPv6 address
 * accept6/reject6 must not be followed by an IPv4 address
 This descriptor-parsing code is already deployed to the authorities,
 thousands of relays, and millions of clients.

 So I suggest a matching set of changes on the torrc parsing side:
 * accept6/reject6 must not be followed by an IPv4 address, including *4
   * if this happens, warn and ignore the ExitPolicy entry
 * accept6/reject6 *:* produces an accept6/reject6 IPv6 wildcard address
 only
   * this is changed behaviour, but it's probably what the operator
 expected
   * info about changed behaviour?
 * accept/reject must not be followed by an IPv6 address, including *6
   * if this happens, warn and ignore the ExitPolicy entry
 * accept/reject *:* produces an accept/reject wildcard IPv4 address only
   * info/warn about changed behaviour?)

 This last change is consistent with the other changes, and resolves
 toralf's issue. But it might confuse operators who end their policies in
 accept/reject *:* and expect it to catch IPv4 and IPv6. That said, the
 existing order dependency between IPv4 and IPv6 lines is how we got into
 this mess, and we need to kill it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16069#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list