Support IPv6 link-local interface addresses
This is either a bug or a documentation defect (didn't dive into the code yet).
Standard routing with ipv6 happens with link-local as next hop.
Hence, for the sake of making a transparent proxy for VMs, I am trying to specify a TransPort with the link-local of my bridge.
The standard way of specifying that is: [fe80::xxxx:xxxx:xxxx:xxxx%iface]
Tor parses correctly this ipv6 address (removing iface) but fails to bind.
To reproduce:
$cat /etc/tor/torrc:
(...)
TransPort fe80::1c9a:c3ff:fec8:7768%vnet0:9040
(...)
$ ifconfig vnet0
vnet0 Link encap:Ethernet HWaddr 1e:9a:c3:c8:77:68
inet6: fe80::1c9a:c3ff:fec8:7768/64 c9a:c3ff:fec8:7768/64 Scope:Link
As you can see, I have a vnet0. It has the link-local address that is specified as TransPort. Now let's start tor:
$ sudo tor
Oct 10 21:34:28.384 [notice] Tor 0.2.9.11 (git-aa8950022562be76) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
(...)
Oct 10 21:34:28.385 [notice] You configured a non-loopback address '[fe80::1c9a:c3ff:fec8:7768]:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
(...)
Oct 10 21:34:28.386 [notice] Opening Transparent pf/netfilter listener on [fe80::1c9a:c3ff:fec8:7768]:9040
Oct 10 21:34:28.386 [warn] Could not bind to fe80::1[c9a:c3ff:fec8:7768:9040 c9a:c3ff:fec8:7768:9040]: Invalid argument
As you can see, it is correctly striping the %vnet0 and reading my link-local address from the /etc/tor/torrc
It then tries to open the "pf/netfilter" and fails to bind, and says "invalid argument"!
Indeed, binding a link-local ipv6 address needs one more argument in the syscall to bind: the interface!
Other tests:
Trying with fancy notations like
TransPort [fe80::1c9a:c3ff:fec8:7768]%vnet0:9040
fails at parsing.
Trying with a global address (with ipV6 you can just add addresses to the interface) works but opens other headaches such as having to advertise a different router address to the clients.
Conclusion, this is either:
- (bug) the implementation of the "interface" parameter when binding link-local addresses is missing or failing. or
- (documentation) it works and it is a documentation defect since nowhere we can find how to bind a link-local ipv6 address or even a working example.
Additional: there could be the exact same bug/missing documentation in other places where you can specify an ipv6 address.
Trac:
Username: Zakhar