Opened 8 weeks ago

Closed 4 weeks ago

#30953 closed enhancement (duplicate)

ServerTransportListenAddr is ignored when stated second time for the IPv6 address

Reported by: s7r Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: ipv6, tor-pt
Cc: ahf, cohosh Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently is possible to run a dual stacked IPv4 + IPv6 bridge.

ORPort can be set 2 times in torrc, once for IPv4 and once for IPv6 - it will open ports on both address families and listen for connections.

However, ServerTransportListenAddr will only work for IPv4 and be ignored if set second time in the same torrc for the IPv6 family (no obfs4 port open on the IPv6 address).

Log file does not even mention it, it only confirms the IPv4 one:
[notice] Registered server transport 'obfs4' at '<xxx>:port'

Child Tickets

Change History (5)

comment:1 Changed 8 weeks ago by teor

Cc: ahf cohosh added
Keywords: tor-pt added
Milestone: Tor: unspecified
Type: defectenhancement
Version: Tor: 0.4.1.2-alphaTor: unspecified

ahf, cohosh: Is this something you'd like to work on as part of our pluggable transport changes?

comment:2 Changed 8 weeks ago by ahf

Without having looked at specifications or implementation yet, it sounds like something we should fix, yeah.

comment:3 in reply to:  2 Changed 8 weeks ago by teor

Replying to ahf:

Without having looked at specifications or implementation yet, it sounds like something we should fix, yeah.

One to fix this is to run two instances of the PT on different addresses. But I don't think the extra-info format allows that. And it doesn't allow multiple IP addresses, either:
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1211

So we either need to:

  1. use a different transportname, like obfs4-ipv6
  2. allow IPv4 and IPv6 lines with the same transportname
  3. add an "ipv6=" arg to the arglist

Option 3 is more like what we do for authorities and fallbacks. And it avoids issues with having two lines for the same bridge, which has caused subtle bugs in the past.

comment:4 Changed 8 weeks ago by yawning

Currently is possible to run a dual stacked IPv4 + IPv6 bridge.

But not with any pluggable transport, because of the descriptor file and PT configuration protocol. Really the correct fix is to allow a single PT instance to be configured for and publish multiple addresses as a vector.

This was brought up the last time there was talk about revamping the PT spec, but the people that did the 2.0 spec didn't care about it.

comment:5 Changed 4 weeks ago by phw

Resolution: duplicate
Status: newclosed

This is a duplicate of #11211. Let's continue the discussion over there.

Note: See TracTickets for help on using tickets.