[tor-relays] (de)bug IPv6 exit policies?

teor teor2345 at gmail.com
Tue Jan 31 00:02:09 UTC 2017


> On 31 Jan 2017, at 10:51, nusenu <nusenu at openmailbox.org> wrote:
> 
> teor:
>> Here are the log entries I'd like to see:
> 
> Does tor log any warning if IPv6Exit is set to 1 and the resulting
> descriptor will not contain any ipv6-policy line?
> 
> If that is not the case then this might makes sense to add such a log
> entry because it would help the operator to understand that his
> intention (IPv6Exit 1) is not achieved - for whatever reason.
> 
> If this is indeed a bug then you might get some reports with such a
> warning message in the logfile (at least from operators looking at their
> logs).

https://trac.torproject.org/projects/tor/ticket/21355

>>> Do exits do any outbound IPv6 reachability test before they create their
>>> descriptor? (with the ipv6-policy entry)
>> No, there is no IPv6 reachability testing in Tor for anything,
>> except for authorities checking IPv6 ORPorts.
> 
> Ok, so there are no requirements beyond ExitPolicy + IPv6Exit.
> So a relay without IPv6 connectivity could also get an ipv6-policy line
> into his descriptor to test this.

Yes, Exits can lie about having connectivity, and they will (eventually)
get the BadExit flag when they refuse too many connections by our
scanners.

But I don't know whether we check IPv6.

>>> I also had a look at the tor_version column but there was no correlation
>>> there.
>>> That said there _is_ a correlation with as_name, so maybe this not a bug
>>> but operators only enabling IPv6 exiting on specific hosters (which
>>> seems strange because I only list IPv6 enabled relays).
>> Some providers may require certain port configurations, which could
>> cause the issue.
> 
> Do you mean physical port configuration?
> Since they have an IPv6 ORPort their IPv6 (inbound) connectivity should
> be working I guess.

Not quite, I mean IP addresses listed in the torrc, and addresses on
the local machine's interfaces.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170131/3a076e95/attachment-0001.sig>


More information about the tor-relays mailing list