[tor-bugs] #23588 [Core Tor/Tor]: Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs()

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 20 00:55:58 UTC 2018 

#23588: Write fascist_firewall_choose_address_ls() and use it in
hs_get_extend_info_from_lspecs()
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  neel
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  prop224, tor-hs, single-onion,       |  Actual Points:
  ipv6, 034-triage-20180328,                     |
  034-removed-20180328                           |
Parent ID:  #23493                               |         Points:  1
 Reviewer:  teor                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 No, I'm sorry, we need to check address reachability on clients. We can't
 disable reachability checks to work around other bugs in the code.

 Here is one bug:
 * When direct_conn is false, hs_get_extend_info_from_lspecs() calls
 fascist_firewall_choose_address_ls() on the IPv4 address.

 Here is a fix:
 * When direct_conn is false, hs_get_extend_info_from_lspecs() accepts any
 IPv4 address.

 Here's why that works:
 * An IPv6-only client can't connect to IPv4, but the relay at the end of
 its circuit should be able to extend to any IPv4 address.

 Replying to [comment:46 teor]:
 > Yes, "0" is the numeric value for AF_UNSPEC.
 fascist_firewall_allows_address_ap() returns an AF_UNSPEC address when
 neither address is reachable.
 >
 > That's a bug in the new code for this ticket, because each client should
 have at least one reachable address.
 >
 > In the hs-ipv6-md network, chutney configures:
 > * an IPv4-only client
 > * an IPv6-only client
 > * an IPv6-only onion service
 > * a few IPv4/IPv6 relays
 >
 > https://gitweb.torproject.org/chutney.git/tree/networks/hs-ipv6-md
 >
 > Please check the addresses that you're getting out of the lspecs. Maybe
 the parsing is wrong.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23588#comment:48>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list