[tor-bugs] #33817 [Core Tor/Tor]: Perform all IPv4 and IPv6 extend checks in one place
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 14 09:02:53 UTC 2020
#33817: Perform all IPv4 and IPv6 extend checks in one place
-------------------------------------------------+-------------------------
Reporter: teor | Owner: teor
Type: task | Status:
| assigned
Priority: Medium | Milestone: Tor:
| 0.4.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ipv6, prop311, technical-debt- | Actual Points:
partial |
Parent ID: #33220 | Points: 1
Reviewer: | Sponsor:
| Sponsor55-must
-------------------------------------------------+-------------------------
Old description:
> Currently, tor checks that extend cells have IPv4 addresses in:
> [ ] some functions in circuitbuild_relay.c (a new file introduced by
> #33633)
> [ ] check_extend_cell() in onion.c
> [ ] extend_cell_from_extend2_cell_body() in onion.c
> [ ] and possibly other functions.
>
> We also want to fix a missing IPv6 check in:
> [x] connection_or_check_canonicity(), where only IPv4 addresses are
> considered canonical,
> * (note that channel_tls_process_netinfo_cell() already handles IPv6
> canonicity correctly)
>
> The canonical fix also fixes:
> [x] channel_get_for_extend(), where only channels with IPv4 addresses are
> searched.
>
> Unlike the other changes, this change is a bug fix, and should not depend
> on the relay's configuration.
>
> We want to perform all these checks in the same place, so we can modify
> tor's behaviour based on:
> * tor's configuration
> * including consensus parameters
> * the reachability of a relay's own IPv6 ORPort, and
> * any other relevant factors.
New description:
Currently, tor checks that extend cells have IPv4 addresses in:
[ ] some functions in circuitbuild_relay.c (a new file introduced by
#33633)
[x] check_extend_cell() in onion.c
[x] extend_cell_from_extend2_cell_body() in onion.c
[ ] and possibly other functions.
We also want to fix a missing IPv6 check in:
[x] connection_or_check_canonicity(), where only IPv4 addresses are
considered canonical,
* (note that channel_tls_process_netinfo_cell() already handles IPv6
canonicity correctly)
The canonical fix also fixes:
[x] channel_get_for_extend(), where only channels with IPv4 addresses are
searched.
Unlike the other changes, this change is a bug fix, and should not depend
on the relay's configuration.
We want to perform all these checks in the same place, so we can modify
tor's behaviour based on:
* tor's configuration
* including consensus parameters
* the reachability of a relay's own IPv6 ORPort, and
* any other relevant factors.
--
Comment (by teor):
Replying to [ticket:33817 teor]:
> Currently, tor checks that extend cells have IPv4 addresses in:
> ...
> [x] check_extend_cell() in onion.c
> [x] extend_cell_from_extend2_cell_body() in onion.c
I did these changes in #33901.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33817#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list