Michael G. Reed
reed at inet.org
Tue Dec 4 13:49:26 UTC 2007
On Tue, 4 Dec 2007, Marcus Wolschon wrote:
|> > |> - You're right that the preferred way to store addresses that could be
|> > |> either IPv4 or IPv6 is indeed with tor_addr_t. (Thanks for the
|> > |> reminder, BTW: I fixed tor_addr_t to be a tagged union of in_addr and
|> > |> in6_addr, not of sockaddr_in and sockaddr_in6.)
|> > Not sure if it applies in this case or not (I'm looking at this
|> > comment from 50,000 feet, not having looked at the actual usage/code),
|> > but an in6_addr is insufficient to fully specify all IPv6 addresses
|> > (it is fine for global-scope addresses, but cannot handle
|> > link/site-scoped addresses -
|> Hello Michael,
|> inside tor we only deal with addresses we are listening on and
|> the addresses of target-hosts and tor-servers.
|> I am aware of the scope-field but do not think there is need for
|> this in tor. Routing is done by the underlying operating-system
|> and as far as I could see we never deal with nexthops or the
|> local default-router but instead only with global scoped addresses
|> and ::1 .
|> Is anyone aware of a place in tor where this may be an issue?
As I said, I haven't looked at the usage/code, so it may be a complete
non-issue. I'm going off past history having done IPv6 work where
people made bad short-term decisions and then later had to refactor
because they forgot about the possibility of scoped addresses.
|> The only place I could imaging is some user manually binding
|> tor to a fe80:... but this will fail as soon as privacy-enhancements
|> are enabled as the link-local-address changes and does not reveal
|> the mac-address. (As far as I understood that feature.)
|> If that host has no global ipv6-address at all, it cannot have a route
|> to the outside world (no NAT in ipv6 on purpose) thus a tor-node with
|> no global-scoped address would be useless.
No real routers use privacy-enhancements (they break OSPFv3), only
IPv6 hosts should use that if at all (the whole privacy-enhancements
are stupid in the first place IMHO - they really buy you nothing in
terms of privacy and make life a LOT uglier for intelligent L3/L4
switches/routers, but that's a separate issue not to mention dealing
with rogue nodes and blacklists).
Normally, a scoped address is used purely for forcing traffic out a
particular interface (IE, giving a restriction on the routing engine
on which way the traffic must go). They make sense in a
point-to-point system/network where you are not relying on the normal
L3 global routing to get your traffic from point A to B -- in that
sense it is very TOR-like (IE, TOR picks the route thru the network
and tells the L3 network on a hop by hop basis how to get the traffic
to the destination)...of course, this breaks down because it relies on
the L3 network to actually route the traffic between nodes (because
nodes are rarely, if ever, directly connected to each other meaning we
need the L3 routing to move traffic inter-node).
More information about the tor-dev