[tor-bugs] #23819 [Core Tor/Tor]: Support IPv6 link-local interface addresses

Wed Oct 11 21:50:12 UTC 2017

#23819: Support IPv6 link-local interface addresses
-----------------------------+----------------------------------
 Reporter:  Zakhar           |          Owner:  (none)
     Type:  enhancement      |         Status:  new
 Priority:  Medium           |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor     |        Version:  Tor: unspecified
 Severity:  Normal           |     Resolution:
 Keywords:  ipv6 link-local  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+----------------------------------

Comment (by Zakhar):

 Sorry I can confirm it is a '''BUG'''.

 ------------
 ''Function names and lines below from the source downloaded from repo:''
 `apt-get source tor` ''(Running Ubuntu 16.04x64)''
 ---------------

 The bug happens in the '''file''': `src/common/address.c`

 '''function''': `tor_addr_lookup()` [line 239]

 From there we go down `#ifdef HAVE_GETADDRINFO`

 ...since we are in Linux an we have that function.

 [line 273] getaddrinfo (in fact sandbox_getaddrinfo) correctly parses the
 ipv6 address''' including the additional interface''' with the standard
 notation.

 As you can see in this StackOverflow report:
 https://stackoverflow.com/questions/2455762/why-cant-i-bind-ipv6-socket-
 to-a-linklocal-address

 The field: `sin6_scope_id` of the struct sockaddr_in6 is correctly filled
 with this call.

 In my case (debugged through nemiver), it happens this 32bits value is 3.

 After that, the function is happy to have gotten an ipv6 address and calls
 `tor_addr_from_in6` [line 298]... which '''(BUG)''' saves only the 16 bits
 of the ipv6 address and '''completely drops the field `sin6_scope_id` from
 the sockaddr structure'''.

 Since the structure returned by getaddrinfo is correctly freed at [line
 302] by freeaddrinfo, we have now lost this essential `sin6_scope_id`!

 A little bit later during the initialisation process, we will try to bind
 what we have read from the configuration file.

 That happens in the file: `src/or/connection.c` in the function
 `connection_listener_new`

 In this function at line [line 1214] we are now binding.
 When we try binding our link-local interface, since we haven't save the
 `sin6_scope_id` that we correctly got before, obviously the bind fails.

 I have proven that, again with nemiver, I set a breakpoint on this line
 1214 where we bind, and when we were binding our ipv6 link-local, I just
 added the value of the `sin6_scope_id` [value =3] by changing the memory
 buffer directly from nemiver.

 Surprise... it works perfectly!

 So the next thing now is to check on you last version (from your git) if
 that was fixed or if the bug is still there.

 If the bug is still there, I'll propose on patch against 0.2.9-11 ...
 which hopefully will work on the last version.

 ''Sorry for the initial post, my addresses I correct, it is only the
 syntax of this wiki that tricked me into mixing things up! ''

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23819#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online