[tor-commits] [doctor/master] Start of a check for IPv6 ORPort reachability

[atagar at torproject.org]

commit a50f3e0ad51b82f9523963bce19aab883f310a96
Author: Damian Johnson <atagar at torproject.org>
Date:   Wed Oct 7 09:57:43 2015 -0700

    Start of a check for IPv6 ORPort reachability
    
    Jake and other authority operators have asked for a DocTor check that their
    IPv6 endpoint (if configured) is reachable. Honestly I'm green to ipv6 so
    unsure how to do this. Suspect it's gonna require a config change on
    cappadocicum so checking with weasel...
---
 consensus_health_checker.py |   40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py
index 82c21c7..d762f74 100755
--- a/consensus_health_checker.py
+++ b/consensus_health_checker.py
@@ -9,6 +9,7 @@ Performs a variety of checks against the present votes and consensus.
 import collections
 import datetime
 import os
+import socket
 import time
 import traceback
 
@@ -275,7 +276,7 @@ def main():
     log.debug('Sending notification for issues (%s)' % ', '.join(destination_labels))
 
     if TEST_RUN:
-      print '\n'.join(map(str, issues))
+      print('\n'.join(map(str, issues)))
     else:
       body = '\n'.join(map(str, issues))
       cc = [d.address for d in destinations.values() if d and not d.bcc]
@@ -700,6 +701,41 @@ def bandwidth_authorities_in_sync(latest_consensus, consensuses, votes):
       return Issue(Runlevel.NOTICE, 'BANDWIDTH_AUTHORITIES_OUT_OF_SYNC', authorities = ', '.join(entries), to = measurement_counts.keys())
 
 
+def is_ipv6_orport_reachable(latest_consensus, consensuses, votes):
+  """
+  Simple check to see if we can reach the authority's IPv6 ORPort when it has
+  one.
+  """
+
+  issues = []
+
+  for authority in DIRECTORY_AUTHORITIES.values():
+    desc = latest_consensus.routers.get(authority.fingerprint)
+
+    if not desc:
+      continue  # authority isn't in the consensus
+
+    for address, port, is_ipv6 in desc.or_addresses:
+      if is_ipv6:
+        # TODO: Ok, now for the bit I'm unfamiliar with. How do we ping
+        # this endpoint? On cappadocicum seems we're missing something...
+        #
+        #   % ping6 2001:858:2:2:aabb:0:563b:1526
+        #   connect: Network is unreachable
+        #
+        # Do we need a tunnel? 6to4 configuration?
+        #
+        #   https://wiki.debian.org/DebianIPv6#IPv6_6to4_Configuration
+        #
+        # Green to this space so lets ask...
+
+        orport_socket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
+        orport_socket.connect((address, port))
+        # ???
+
+  return issues
+
+
 def get_consensuses():
   """
   Provides a mapping of directory authority nicknames to their present consensus.
@@ -773,6 +809,6 @@ if __name__ == '__main__':
     log.error(msg)
 
     if TEST_RUN:
-      print "Error: %s" % msg
+      print("Error: %s" % msg)
     else:
       util.send("Script Error", body = msg, to = [util.ERROR_ADDRESS])