Changes between Initial Version and Version 1 of Ticket #29570, comment 6


Ignore:
Timestamp:
Feb 28, 2019, 9:47:00 PM (6 months ago)
Author:
s7r
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #29570, comment 6

    initial v1  
    1 In this particular case, if only `ORPort 0.0.0.0:9050` was set, and it was just HAProxy that listened on the IPv6 address and forwarded to the NAT IPv4 address ORPort, while indeed strange and not recommended, would be totally transparent to Tor / directory authorities and would of course not be a bug.
     1In this particular case, if only `ORPort 0.0.0.0:9050` was set, and it was just HAProxy that listened on the IPv6 address and forwarded to the NAT IPv4 address ORPort, while indeed strange and not recommended, would be totally transparent to Tor / directory authorities and would of course not be a bug.  But it wouldn't be possible because there would be no IPv6 address in the descriptor. In this setup, the relay is only v4 reachable actually, but HAProxy is reachable also on IPv6 and converts traffic to IPv4 and forwards to the IPv4 ORPort.
    22
    3 But if you can have only a line: `ORPort [ipv6:address]:9050 NoListen` and no following IPv6 ORPort with NoAdvertise, this is a bug as in config parameters are not properly sanitized.
     3Since you can have only a line: `ORPort [ipv6:address]:9050 NoListen` and no following IPv6 ORPort with NoAdvertise, this is a bug as in config parameters are not properly sanitized.
     4
     5Hope this clarifies what this ticket is about.