[tor-relays] (de)bug IPv6 exit policies?

nusenu nusenu at openmailbox.org
Mon Jan 30 18:13:00 UTC 2017 

tldr: would you send me your torrc if you aim to route IPv6 exit traffic
and are in the list at the bottom with the third colmn set to NULL?

teor:
> Either that, or there is a bug in Tor relating to IPv6 Exit policies.
> But I can't see anywhere in the code that makes the IPv6 exit policy
> dependent on anything except ExitPolicy and IPv6Exit.
> 
> Are there any log entries relating to IPv6 or exit policies?


moritz at torservers.net did sent me (unfortunately off-list) the torrc
file for
https://atlas.torproject.org/#details/FDAED15C98CFE7A416E5676F614254F78406105C

according to his torrc it is allowing IPv6 exit traffic but not
according to its descriptor.

Do exits do any outbound IPv6 reachability test before they create their
descriptor? (with the ipv6-policy entry)

In total there are currently 57 exits with an IPv6 ORPort but no IPv6
exit policy.
That on its own doesn't mean anything because they
might not set IPv6Exit to 1 but the big picture looks a bit odd.

Here is a (truncated) list of exits which have IPv6 connectivity
(ORPort) and their respective v6 exit policy (the last column) since the
v6 policy changes between none (NULL) to non-NULL even within the same
operator this seems strange. Usually an operator uses highly identical
torrc files across all their relays.

If you are on the this list with a NULL value in the v6_policy column
and your torrc contains
IPv6Exit 1
we'd be interested to see your complete torrc files (do not forget to
_remove_ any sensitive lines like HashedControlPassword).

I also had a look at the tor_version column but there was no correlation
there.
That said there _is_ a correlation with as_name, so maybe this not a bug
but operators only enabling IPv6 exiting on specific hosters (which
seems strange because I only list IPv6 enabled relays).

For example Frenn vun der Enn has no IPv6 exit policy only with the
relays in the BENESTRA AS.

+----------+------------------------------------------+-----------+
| nick     | contact                                  | v6_policy |
+----------+------------------------------------------+-----------+
| ori      | 0x02225522 Frenn vun der Enn (FVDE) <inf | NULL      |
| tollana  | 0x02225522 Frenn vun der Enn (FVDE) <inf | NULL      |
| kree     | 0x02225522 Frenn vun der Enn (FVDE) <inf | NULL      |
| orion    | 0x02225522 Frenn vun der Enn (FVDE) <inf | {u'reject |
| aurora   | 0x02225522 Frenn vun der Enn (FVDE) <inf | {u'reject |
| destiny  | 0x02225522 Frenn vun der Enn (FVDE) <inf | {u'reject |
| chulak   | 0x02225522 Frenn vun der Enn (FVDE) <inf | {u'reject |
| rejozeng | 0x21DBEFD4 Rejo Zenger <rejo at zenger.nl>  | NULL      |
| torinitl | 0x36AC3365 Ludost TOR <tor AT ludost DOT | {u'reject |
| Unnamed  | 0x3C68C8DBCBA783EF Joel R. Voss <jvoss a | NULL      |
| sorrenti | 0x44BB1BA79F6C6333 <tor-admin AT zumbi d | NULL      |
| torpinkb | 0x60C0742D1F357D42 Sergey Popov <admin+t | NULL      |
| partyvan | 0x989971B2A6B7AF4B WubTheCaptain <wub at pa | {u'accept |
| marylou2 | 0x9F29C15D42A8B6F3 Nos oignons <adminsys | NULL      |
| ekumen   | 0x9F29C15D42A8B6F3 Nos oignons <adminsys | NULL      |
| marylou1 | 0x9F29C15D42A8B6F3 Nos oignons <adminsys | NULL      |
| armbrust | 0xBA61EB09 Michael Armbruster <tor at armbr | NULL      |
| AlphaCen | 0xD3364A0B Spydar007 <tor.abuse at spydar00 | NULL      |
| Unzane   | 0xFDB8716D Gerald Turner <gturner at unzane | NULL      |
| NormalCi | 1HDWeYX59Ayp3x8dAUWcpyUeTXEDwrh7vD       | {u'accept |
| modio    | < spider AT modio dot SE>                | {u'accept |
| thisisat | <abuse .AT. uk .DOT. aql . DOT . com >   | {u'accept |
| thirdexi | <demfloro AT demfloro dot ru> - 1Jowqcwd | NULL      |
| dredis   | <demfloro AT demfloro dot ru> - 1Jowqcwd | NULL      |
| bsdexit  | <demfloro AT demfloro dot ru> - 1Jowqcwd | {u'accept |
| modio1   | <take AT modio dot se>                   | NULL      |
| thisisat | Abuse <abuse .AT. uk .DOT. aql . DOT . c | NULL      |
| xshells  | Admin <admin AT xshells DOT net>         | NULL      |
| AquaRayT | Aqua Ray Tor Operators <tor-operators-fr | {u'accept |
| BabylonN | Babylon Network | noc <AT> babylon <DOT> | NULL      |
| BabylonN | Babylon Network | noc <AT> babylon <DOT> | NULL      |
| BabylonN | Babylon Network | noc <AT> babylon <DOT> | NULL      |
| BabylonN | Babylon Network | noc <AT> babylon <DOT> | NULL      |
| blackpea | BlackPearl <tor-op(at)wach-it-solutions. | {u'accept |
| CrashM   | CrashM <crash AT crashm d0t co DoT uk>   | NULL      |
| digineo3 | Digineo GmbH <tor AT digineo dot de>     | {u'accept |
| Sentries | echo gbeznfgre1609 at fragevrf.bet | rot13  | NULL      |
| Sentries | echo gbeznfgre1609 at fragevrf.bet | rot13  | NULL      |
| TastyStr | Fabian Bakkum <fabianbakkum at hotmail.com> | NULL      |
| liskov0  | gmail is teor2345 | http://tor-relays.ne | {u'accept |
| kramse   | Henrik Kramshoej <hlk AT zencurity dot d | NULL      |
| w000000h | http://torexitnodev6.dynv6.net           | NULL      |
| critical | https://www.torservers.net/donate.html < | NULL      |
| zwiebelf | https://www.torservers.net/donate.html < | NULL      |
| zwiebelf | https://www.torservers.net/donate.html < | NULL      |
| dorrisde | https://www.torservers.net/donate.html < | NULL      |
| russellt | https://www.torservers.net/donate.html < | NULL      |
| zwiebelf | https://www.torservers.net/donate.html < | NULL      |
| amazonas | https://www.torservers.net/donate.html < | {u'reject |
| UnivOfPA | Jacob Henner <tor-exit at lists (dot) se | {u'accept |
| yuicat2  | Jordan <jordan at yui.cat>                  | {u'accept |
| NeelTorE | Neel Chauhan <neel AT neelc DOT org> | B | NULL      |
| NeelTorE | Neel Chauhan <neel AT neelc DOT org> | B | NULL      |
| NeelTorE | Neel Chauhan <neel AT neelc DOT org> | B | {u'accept |
| lupine   | Nick Thomas <tor at ur.gs>                  | NULL      |
| Unnamed  | Random Person <tor0102.10.swsnyder AT sp | NULL      |
| Unnamed  | Random Person <tor0102.10.swsnyder AT sp | NULL      |
| Unnamed  | Random Person <tor0102.10.swsnyder AT sp | {u'accept |
| Unnamed  | Random Person <tor0102.10.swsnyder AT sp | {u'accept |
| Unnamed  | Random Person <tor0102.10.swsnyder AT sp | {u'accept |
| zwiebelt | replace k with c : kontakt @ zwiebeltora | NULL      |
| artikel5 | see https://www.artikel5ev.de/torcontact | NULL      |
| artikel5 | see https://www.artikel5ev.de/torcontact | NULL      |
| artikel5 | see https://www.artikel5ev.de/torcontact | NULL      |
| artikel5 | see https://www.artikel5ev.de/torcontact | NULL      |
| Universi | System Administrators <sysadmin at galileo. | NULL      |
| corewars | TOR Administrator <tor AT corewars dot n | NULL      |
| cowcat   | tor-relays at coldhak.ca                    | NULL      |
| chaucer  | tor-relays at coldhak.ca                    | NULL      |
| manipogo | tor-relays at coldhak.ca                    | NULL      |
| starfish | tor-relays at coldhak.ca                    | NULL      |
| snowfall | tor-relays at coldhak.ca                    | NULL      |
| prawksi  | tor-relays at coldhak.ca                    | NULL      |
| ogopogo  | tor-relays at coldhak.ca                    | NULL      |
| tordiene | tor at die.net                              | NULL      |
| PrivacyE | tor at lite.litedsl.nl                      | NULL      |
| torwedos | Viktor <vnikolov AT vnikolov dot cz>     | NULL      |
| torwedos | Viktor <vnikolov AT vnikolov dot cz>     | NULL      |
+----------+------------------------------------------+-----------+

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170130/a2d72869/attachment.sig>

More information about the tor-relays mailing list