[tor-dev] [::]/8 is marked as private network, why?

Tim Wilson-Brown - teor teor2345 at gmail.com
Tue Mar 29 22:59:21 UTC 2016


> On 29 Mar 2016, at 23:49, Tom Ritter <tom at ritter.vg> wrote:
> 
> On 29 March 2016 at 02:29, Sebastian Hahn <hahn.seb at web.de> wrote:
>> I've been wondering about the private_nets const in src/or/policies. It
>> was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
>> remember why, and I'm hoping someone has an idea (maybe teor, who I've
>> CCed here, who documented this in a later commit?). If nobody knows why
>> we do this I think we should remove it as likely incorrect.
> 
> 0000::/8 is Reserved by the IETF, it is (a superset of) the deprecated
> space for "IPv4 Compatible IPv6 Addresses".  The addresses are not to
> be reassigned for any other purposes.
> 
> Authoritative source:
> http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
> 
> I'm not necessarily sure what private networks are all used for in
> Tor, but maybe this explains it and makes sense?

/** Private networks.  This list is used in two places, once to expand the
 *  "private" keyword when parsing our own exit policy, secondly to ignore
 *  just such networks when building exit policy summaries.  It is important
 *  that all authorities agree on that list when creating summaries, so don't
 *  just change this without a proper migration plan and a proposal and stuff.
 */

So I think we should keep [::]/8 in the list of private addresses.

That said, the list of IPv4 and IPv6 private addresses in tor is incomplete, and could be updated based on [0] [1] for IPv6, and [2] for IPv4 ([3] seems to have too much information to be useful).

If we want to update it, we should consider:
private_nets
tor_addr_is_internal
(any other checks?)

We would need to write a proposal - at the very least, it would need a new consensus method, and some discussion of what happens when clients and exits disagree on the definition of what's private and what's not.

I don't think it's something I'll have time for, but if anyone else wants to guide us through the process, I'd be happy to support it and review code.

Tim

[0]: https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
[1]: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
[2]: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
[3]: https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160330/eb5789ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160330/eb5789ed/attachment.sig>


More information about the tor-dev mailing list