Opened 6 years ago

Closed 6 years ago

#10412 closed enhancement (fixed)

IPv6 Support By Pluggable Transport

Reported by: sysrqb Owned by: asn
Priority: Medium Milestone:
Component: Circumvention/Pluggable transport Version:
Severity: Keywords:
Cc: dcf1, asn, yawning Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor clients can't send a proxy request for an ipv6 address connection to a pluggable transport if the PT says it supports socks4. This is not so good because IPv6 addresses are becoming more prevalent. The three options, as I see them, are:

  • Change pt-spec to state that PTs can support either socks4a or socks5 (and change Tor and implementation to adhere to this)
  • If a PT supports IPv6 addresses then it must use SOCKS5
  • Allow a PT to claim it supports both socks4 and socks5 in the CMETHOD line and Tor will need to decide which SOCKS version to use depending on the IP version.

The first one seems like a good idea. The second requires no spec change but will cause some pain with existing PTs. The last seems useful but requires a lot of modifications and so it's unnecessary.

(Thanks to dcf1 and arma for their help)

Child Tickets

Change History (6)

comment:1 in reply to:  description Changed 6 years ago by asn

Replying to sysrqb:

Tor clients can't send a proxy request for an ipv6 address connection to a pluggable transport if the PT says it supports socks4. This is not so good because IPv6 addresses are becoming more prevalent. The three options, as I see them, are:

  • Change pt-spec to state that PTs can support either socks4a or socks5 (and change Tor and implementation to adhere to this)

This is currently the case, right? But socks4a doesn't support IPv6 either.

  • If a PT supports IPv6 addresses then it must use SOCKS5.

Yep. #9221 is the relevant ticket here.
The problem with SOCKS5 is that it only supports 255 bytes of username/password, which is the field we are using as a covert channel to pass PT parameters. I have considered making a custom SOCKS5 handshake (using the reserved codes) to allow bigger username/passwords, but I'm not sure if it's worth the effort just yet.

  • Allow a PT to claim it supports both socks4 and socks5 in the CMETHOD line and Tor will need to decide which SOCKS version to use depending on the IP version.

Interesting idea, but why not always go for SOCKS5 if it's available?

The first one seems like a good idea. The second requires no spec change but will cause some pain with existing PTs. The last seems useful but requires a lot of modifications and so it's unnecessary.

(Thanks to dcf1 and arma for their help)

comment:2 Changed 6 years ago by yawning

Cc: yawning@… added

comment:3 Changed 6 years ago by arma

Cc: yawning added; yawning@… removed

comment:4 Changed 6 years ago by yawning

Parent ID: #9221

comment:5 Changed 6 years ago by asn

Parent ID: #9221

comment:6 Changed 6 years ago by yawning

Resolution: fixed
Status: newclosed

Fixed in obfsproxy master with the move to SOCKS5.

Note: See TracTickets for help on using tickets.