[tor-bugs] #29570 [Core Tor/Tor]: Enforce mutually exclusive logic for IPv6 ORPort flags
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 11 18:05:01 UTC 2019
#29570: Enforce mutually exclusive logic for IPv6 ORPort flags
-------------------------------------------------+-------------------------
Reporter: s7r | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: tor-relay, ipv6, reachability, | Actual Points:
needs-proposal-or-tor-dev-email |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by AVee):
Replying to [comment:19 s7r]:
> You are suggesting behavior that does not have any logic,
I'm suggesting **not** to change the existing behavior. You are suggesting
a change which makes a specific configuration illegal. Even though there
is at least one working relay using that config.
Can you answer this: Do you think it's a good idea to add restrictions
which break currently running nodes?
> is confusing for operators
You'd need to prove that first. It isn't confusing for me. It also wasn't
for the Charly Ghislain who, despite the complicated setup, got his config
correct without issues (what was confusing for him was the fact that it
took days before he got the IPv6Reachable flag). It seems to be confusing
for you, but that cannot be a reason to disallow other to do this.
Could you also answer this: Do you have any prove this is a common source
of configuration errors?
> Don't you see the logical fracture with advertising a v6 socket but not
listening on one?
Yes, I do. Which is why I know I need to do something somewhere in my
network to make sure the advertised address actually works.
> Why not just listen to v4, since that's your only open socket?
Because I want my node to be reachable over IPv6 as well, as teor stated
(goal 2) we want to "encourage more IPv6 relays".
> In this case I would like to have only a v6 socket open, and have only
one `NoListen` IPv4 ORPort entry to be advertised. And I will use HaProxy
to listen on that IPv4 addr:port and redirect to my IPv6 address. So I
will be having in my descriptor both IPv4 (which is mandatory) and IPv6,
and only listen on one IPv6 socket. You suggest this should be possible,
right?
Yes that should absolutely be possible as well. Why not?
> Otherwise why would we have different behavior for same thing, but only
different versions?
If that currently isn't allowed that would indeed be inconsistent. But
then the rule should be: If the node does not have at least one listening
ORPort it is not allowed to advertise any ORPorts, because the node cannot
possibly be reachable. (I also expect IPv6 only nodes to become possible
at some point.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29570#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list