IPv6 exit proposal

coderman coderman at gmail.com
Wed Jul 18 22:21:07 UTC 2007

i've attached a patch for some clarifications to the proposal.  i've
also answered some questions inline below...

On 7/10/07, Nick Mathewson <nickm at freehaven.net> wrote:
> ...
> Alternatively, we could just apply IPv4 exit policies to IPv4-mapped
> IPv6 addresses.  Would that be cleaner?

all of the IPv4 mapped IPv6 should occur at the client side, not exit,
so this shouldn't be necessary.

also, this would only be needed for the transparent proxy of IPv6 only
clients, as the usual IPv4 mapped IPv6 applies to listening sockets,
making it internal to Tor itself, and not exposed to either clients or

> >   All routers which perform DNS resolution on behalf of clients
> >   (RELAY_RESOLVE) should perform and respond with both A and AAAA
> >   resources.
> Hm.  We need some way to do this inside the current relay_resolve
> format without confusing existing clients.

i added a paragraph to "3.4. IPv6 DNS and older Tor routers" with this
concern.  hopefully this can be done without confusing existing
clients, perhaps by always returning the IPv4 address(es) first,
followed by IPv6 in the response.

i'd like to avoid a RELAY_RESOLVE6 kind of hack like that used for
exit policies.

best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipv6-exits-update.patch
Type: text/x-patch
Size: 4801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070718/cd28b1e6/attachment.bin>

More information about the tor-dev mailing list