[tor-dev] Sanitizing IPv6 addresses in bridge descriptors
karsten.loesing at gmx.net
Mon Jan 16 17:12:49 UTC 2012
On 1/16/12 8:46 AM, Karsten Loesing wrote:
> On 1/11/12 10:34 AM, Linus Nordberg wrote:
>> Alex Le Heux <alexlh at funk.org> wrote
>> Wed, 11 Jan 2012 09:57:00 +0100:
>> | > RFC 3849 defines the prefix 2001:DB8::/32 as being reserved for
>> | > documentation. That should be fine for this.
>> | The documentation prefix is for just that, use in documentation :)
>> | ULA (RFC4193) is actually closer to the 10/8 (RFC1918) addresses that you use for IPv4.
>> Oh, right. *blush*
> So, just to get that right: how would we apply RFC4193 here?
> - We start with FC00::/7 as the prefix for Local IPv6 unicast addresses.
> - We set the 8th bit, the L bit, to 1, because we're generating the
> subsequent Global ID locally.
> - We generate a random 40-bit Global ID for "Tor sanitized bridge IPv6
> addresses." We don't change it, ever.
> - We set the 16-bit Subnet ID to all zeros.
> - We use the least significant 24 bits of the 64-bit Interface ID for
> the actual sanitized bridge address that was formerly encoded in 10.x.x.x.
> As an example, a sanitized IPv6 bridge address would be:
Err... What I meant was something like this:
> Does that make sense?
The approach discussed above is now implemented:
Unless somebody shouts at me within the next 48 hours and tells me the
approach is stupid, I'm going to deploy it.
More information about the tor-dev