Opened 19 months ago

Last modified 13 months ago

#21355 new defect

Warn when IPv6Exits have no ipv6-policy line in their descriptor

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: ipv6 easy intro log tor-relay tor-dirauth
Cc: Actual Points:
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

There appears to be a bug in Tor's IPv6 Exit code, where exits that have IPv6Exit set do not have an ipv6-policy line in their descriptor.

To assist in diagnosing this bug, we should log a warning message (not a bug message) containing the full exit policy, when the IPv6 exit policy summary is empty, but IPv6Exit is 1 and ExitRelay is 1 or auto.

Child Tickets

Change History (5)

comment:2 Changed 19 months ago by teor

We should probably also warn when IPv4 Exits have an exit policy that has a reject all summary, as IPv4 summaries are used in the consensus and microdescriptors. (If a policy rejects more than 2 /8s, it is considered a reject policy.)

comment:3 Changed 19 months ago by teor

After #21357, if an IPv6 policy rejects more than an IPv6 /16, it is considered a reject policy. We should mention this in the log message.

comment:4 Changed 19 months ago by teor

I'd also like to add a notice when a relay is going to exit to IPv4, and has an IPv6 ORPort, but IPv6Exit is not set. This is slightly complicated, because ExitRelay is auto by default, and the auto logic might need to be abstracted.

comment:5 Changed 13 months ago by nickm

Keywords: tor-relay tor-dirauth added
Note: See TracTickets for help on using tickets.