Opened 19 months ago

Closed 19 months ago

Last modified 15 months ago

#22429 closed enhancement (fixed)

bridge: Add Lisbeth IPv6 address

Reported by: dgoulet Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-bridges TorBrowserTeam201706R
Cc: dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Turns out my obfs4 bridge in Tor Browser has an IPv6 so here it is:

Addr: 2001:470:b381:bfff:216:3eff:fe23:d6c3
Port: 443

Current bridge line for reference is:

Bridge obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=0
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJZLB6wAAoJEELoaioR9I02JMcH/1Sbyi6L+MgiKS0DZDHL53nl
VMKlGw/DdyOEy6zX+/W37Oyj6tQnWpoeo//JFlEqK6M/6Uf/WzQ+lPC0DRmQu7pu
n424WolCW+C9u+abb+CU6ETwdJPslRLpfiaM2VRl35gfu1Js+3GCKu7aeCmPRE9t
PUailXwHaWZIDRDfuNU0xeoa0nb1noGVebHIc0Yifd4DWAtLI6u3bQkSOv003alb
q+zsnC8JNyhz8DcWpguNXiT76RGAJYsPpSBrmAHovnmg1roQ0gkWDgQy470PruY0
7V3UX3OwzD7vznyUDNXpQ83nTjSe8RNpHZR3p+puo2yrYZcNGz62HzIe/jr1S9k=
=h1TJ
-----END PGP SIGNATURE-----

Child Tickets

Attachments (3)

0001-Bug-22429-Add-IPv6-address-for-Lisbeth-443-obfs4-bri.patch (1.8 KB) - added by dcf 19 months ago.
lisbeth-ip_version.png (48.7 KB) - added by dcf 15 months ago.
tor-bridge-ipversion.tar.gz (101.8 KB) - added by dcf 15 months ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 19 months ago by dcf

Cc: dcf added
Keywords: tbb-bridges added

comment:2 Changed 19 months ago by gk

Status: newneeds_information

dcf: Do you have plans with the IPv6 address or can we just add that to the default bridges list? If the latter, would you mind writing the patch which I would then review and merge? That might be the fastest way to get this bug fixed.

comment:3 Changed 19 months ago by dcf

Keywords: TorBrowserTeam201706R added
Status: needs_informationneeds_review

Here is a patch. I tested the bridge line by itself in a torrc file, but I wasn't able to test it in Tor Browser on an IPv6-capable system.

When Tor Browser tries to use the bridge line on an IPv4-only system, this is what appears in the log:

06/01/2017 13:06:18.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:18.700 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 5%: Connecting to directory server 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
06/01/2017 13:06:20.600 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 
06/01/2017 13:06:25.400 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:25.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:25.400 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 

comment:4 in reply to:  3 ; Changed 19 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Replying to dcf:

Here is a patch. I tested the bridge line by itself in a torrc file, but I wasn't able to test it in Tor Browser on an IPv6-capable system.

When Tor Browser tries to use the bridge line on an IPv4-only system, this is what appears in the log:

06/01/2017 13:06:18.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:18.700 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 5%: Connecting to directory server 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
06/01/2017 13:06:20.600 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 
06/01/2017 13:06:25.400 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:25.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:25.400 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 

Hrm. That's not good. I assume Tor Browser is randomly choosing one bridge the next time it starts (again) but we should be smarter here than making the user believe Tor Browser is broken. dcf: Do you know whether there is already a ticket anywhere for this issue?

Picked this up for now on master and maint-7.0 (commit 6dbe2e65a8d5822d024669e90d7f920b453adce4 and 94947a1c2333c4dcf0a0bf8af6228aceaf437ad2).

comment:5 in reply to:  4 ; Changed 19 months ago by dcf

Replying to gk:

Replying to dcf:

Here is a patch. I tested the bridge line by itself in a torrc file, but I wasn't able to test it in Tor Browser on an IPv6-capable system.

When Tor Browser tries to use the bridge line on an IPv4-only system, this is what appears in the log:

06/01/2017 13:06:18.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:18.700 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 5%: Connecting to directory server 
06/01/2017 13:06:20.600 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
06/01/2017 13:06:20.600 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 
06/01/2017 13:06:25.400 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 
06/01/2017 13:06:25.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
06/01/2017 13:06:25.400 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 

Hrm. That's not good. I assume Tor Browser is randomly choosing one bridge the next time it starts (again) but we should be smarter here than making the user believe Tor Browser is broken. dcf: Do you know whether there is already a ticket anywhere for this issue?

When I did my test, I commented out all bridges except for the IPv6 one. I'm guessing it would have worked (with only a warning in the log) if I had left the others uncommented.

I don't know exactly how it works, but Tor Browser seems to choose more than one bridge. For example, in my browser right now, the log mentions GreenBelt, Azadi, MaBishomarim, cymrubridge31, Lisbeth, noether, cymrubridge33, NX01, ndnop5.

In the past, we had a separate fte-ipv6 option where the IPv6 addresses were kept. Those IPv6 bridges were removed in #18976.

comment:6 in reply to:  5 Changed 19 months ago by arma

Replying to dcf:

I don't know exactly how it works, but Tor Browser seems to choose more than one bridge. For example, in my browser right now, the log mentions GreenBelt, Azadi, MaBishomarim, cymrubridge31, Lisbeth, noether, cymrubridge33, NX01, ndnop5.

The design as I understood it (hopefully it hasn't changed) is that when you choose a class of bridges, Tor Browser tells Tor about all of those bridges, and then it's up to Tor to use them smartly.

Tor tries to fetch a descriptor from each bridge every 15 minutes or something, to keep up to date. Separate from that, it tries to use the entry guard algorithm to focus its 3-hop circuits on only one or a few of the bridges.

So you should see descriptor refresh messages for each bridge every so often, or failure messages if there's something wrong with the bridge, for every bridge that Tor Browser tells Tor.

Changed 15 months ago by dcf

Attachment: lisbeth-ip_version.png added

Changed 15 months ago by dcf

Attachment: tor-bridge-ipversion.tar.gz added

comment:7 Changed 15 months ago by dcf

Here's a graph showing IPv4 and IPv6 connections to Lisbeth. The Tor Browser releases that added Lisbeth's addresses are marked: 6.0.6 for IPv4 and 7.0 for IPv6. It's just showing the bridge-ip-versions line from bridge-extra-info documents. I don't know what explains the bump in IPv6 in August 2017.


source code: attachment:tor-bridge-ipversion.tar.gz

Note: See TracTickets for help on using tickets.