[tor-bugs] #29570 [Core Tor/Tor]: Enforce mutually exclusive logic for IPv6 ORPort flags

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 28 21:39:47 UTC 2019 

#29570: Enforce mutually exclusive logic for IPv6 ORPort flags
-------------------------------------------+-------------------------------
 Reporter:  s7r                            |          Owner:  (none)
     Type:  defect                         |         Status:  new
 Priority:  Medium                         |      Milestone:  Tor:
                                           |  unspecified
Component:  Core Tor/Tor                   |        Version:  Tor:
                                           |  unspecified
 Severity:  Normal                         |     Resolution:
 Keywords:  tor-relay, ipv6, reachability  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+-------------------------------

Comment (by s7r):

 Replying to [comment:4 AVee]:
 > I'm not sure there is a bug here. As per
 https://lists.torproject.org/pipermail/tor-
 relays/2019-February/016994.html it seems this setup is actually working.
 >

 Negative.
 This rare setup is working because the IPv6 address is assigned to a
 HAProxy daemon, which translates it to IPv4 and forwards it to the IPv4
 address behind NAT, where is also the ORPort 0.0.0.0 listening.

 This is of course transparent to the directory authorities since HAProxy
 handles the conversion from v6 to v4 they can't know that the relay there
 is not actually listening on a v6 address.

 But this does not mean the bug doesn't exist. It's possible with current
 ticket not fixed to only state a v6 address to advertise, and NONE to
 listen, which is not good.

 And the action should be to exit as loud and as fast as possible as teor
 says.

 > I fully agree that IPv6 is intended to provide end to end connectivity,
 but in practice there are a number of ways (and reasons) for network
 traffic to move from IPv4 to IPv6 and vice-versa. This setup is one of
 just them. While this case runs counter to what IPv6 intends to achieve,
 it does work... Moreover, a relay in an IPv6 only network that is through
 router tricks still reachable on a IPv4 address seems a sensible case to
 me.
 >
 > The assumption here seems to be that IPv4 and IPv6 are strictly separate
 worlds, but they are not. Therefore I'd be inclined to say pretty much
 anything advertised could be valid because pretty much anything can be
 made to work at network level and it's impossible for Tor to know about
 that. Isn't that why connectivity testing is done?

 They are separate worlds actually, totally separate. But there were some
 solutions engineered to make transition from v4 easier and faster and to
 allow existent v4 network to adopt v6 without rebuilding from 0.

 Again, of course whatever relay operators choose to do at their network
 level does not concern us, as long as the relay is reachable and can be
 used. Like in this case, the bug is not that this particular operator
 chose to use HAProxy to translate v6 traffic to v4 and forward it to the
 NAT IPv4 address - regardless this is not recommended - this does not
 affect Tor.

 The bug is that you can build a descriptor with an address from a class
 (v6 class) when you are not listening on any address of that class, at
 all. This opens the door for many mistaken setups, and also fills
 descriptors with useless data that make directory authorities chase green
 horses.

 >
 > I'm not sufficiently into the internals of Tor to know if anything there
 may prevent any of this from working. But in that case I might even argue
 that's actually a bug.
 >
 > (A warning like 'You are advertising IPv''X'' but not listening there'
 would still be useful for troubleshooting.)

 As stated above, it is preferred to exit as fast as possible on such
 misconfigurations. There are such warnings for mismatches when you listen
 on something and advertise something else, but such a warning cannot work
 in this ticket because it breaks logic:

 The correct message here should be "You are advertising IPv6 address
 xxxx:xxxx but you are not listening on ANY IPv6 address" -- this is
 irrational because this shouldn't be possible in the first place.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29570#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list