[tor-bugs] #7193 [Core Tor/Tor]: Tor's sybil protection doesn't consider IPv6

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 15 11:01:28 UTC 2020 

#7193: Tor's sybil protection doesn't consider IPv6
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  (none)
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ipv6, intro, tor-dirauth security    |  Actual Points:
  sybil                                          |
Parent ID:  #24403                               |         Points:  small
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Old description:

> Some bugs:
>
> `get_possible_sybil_list()` doesn't consider IPv6 addresses at all.
>
> `clear_status_flags_on_sybil()` doesn't clear `ipv6_addr` (and maybe more
> flags).
>
> Also, maybe we could add a `log_notice` or `log_info` to mention if and
> which relays were found to be part of a Sybil attack.
>
> Finally (and this is a minor bug), in `get_possible_sybil_list()` we
> assume that `max_with_same_addr < max_with_same_addr_on_authority`, which
> is true in the current tor network, but maybe it shouldn't be an inherent
> property of the source code.

New description:

 Some bugs:

 `get_possible_sybil_list()` doesn't consider IPv6 addresses at all.

 ~~`clear_status_flags_on_sybil()` doesn't clear `ipv6_addr` (and maybe
 more flags).~~ Obsoleted by consensus method 24, because it requires the
 Running flag for a router to be in the consensus.

 Also, maybe we could add a `log_notice` or `log_info` to mention if and
 which relays were found to be part of a Sybil attack.

 ~~Finally (and this is a minor bug), in `get_possible_sybil_list()` we
 assume that `max_with_same_addr < max_with_same_addr_on_authority`, which
 is true in the current tor network, but maybe it shouldn't be an inherent
 property of the source code.~~ Obsoleted by #20960:
 max_with_same_addr_on_authority has been removed.

--

Comment (by teor):

 We've made some progress on this issue, via other tickets that obsolete
 some of the bugs listed here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7193#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list