Opened 8 months ago

Closed 8 months ago

#25739 closed defect (fixed)

Nyx: empty exit policy if ipv6 address is not surrounded by [..]

Reported by: toralf Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version: Tor: 0.3.3.4-alpha
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

./run_nyx

gives an empty

	exit policy:

line in that case.
Example for a wrong line:

ExitPolicy reject6 <snip>/32

Good is

	ExitPolicy reject6 [<snip>]/32

Tested with latest stem and nyx Git trees.

Child Tickets

Change History (5)

comment:1 Changed 8 months ago by atagar

Component: - Select a componentCore Tor/Nyx
Owner: set to atagar

comment:2 Changed 8 months ago by atagar

Status: newneeds_information

Hi toralf. As mentioned on the list I need an actual torrc entry that reproes this. Doesn't need to be yours, just something that reproduces the problem. I just tried...

reject6 [fe80:0000:0000:0000:0202:b3ff:fe1e:8329]:90

... which tor accepts, but dropping the brackets...

reject6 fe80:0000:0000:0000:0202:b3ff:fe1e:8329:90

... or omitting the port...

reject6 fe80:0000:0000:0000:0202:b3ff:fe1e:8329

... gets rejected. So I need to see what a valid IPv6 exit policy rule without brackets looks like.

comment:3 Changed 8 months ago by toralf

The real-world example:

mr-fox nyx # cat /etc/tor/torrc.d/30_reject
ExitPolicy reject  194.9.149.49/24

# works
#
ExitPolicy reject6 [2a04:1447:4:3::74]/32

# does not work
#
#ExitPolicy reject6 2a04:1447:4:3::74/32
Last edited 8 months ago by toralf (previous) (diff)

comment:4 Changed 8 months ago by atagar

Status: needs_informationnew

Perfect, thanks toralf! Bug reproed.

comment:5 Changed 8 months ago by atagar

Resolution: fixed
Status: newclosed

There! Finally got some time to dig in. Story here is that Stem added ExitPolicy support in 2013 at which point the only game was parsing the torrc's myriad of options (ExitPolicy, ExitPolicy6, ExitPolicyRejectPrivate, etc).

Iirc I spoke with teor about this in 2014 and he graciously added new GETINFO options to get the user's effective exit policy. I didn't take advantage of it at the time, but enough years have now passed that we can safely assume folks have it.

Stem now uses tor's new (more reliable) method of getting the exit policy...

https://gitweb.torproject.org/stem.git/commit/?id=f7a3430

Pre-2014 tor versions will no longer show the exit policy in Nyx but I think that's ok. Your torrc should now work. :)

Thanks again for reporting this!

Note: See TracTickets for help on using tickets.