#31115 closed defect (not a bug)

tor returns first 4 bytes of IPv6 address only when using SOCKS command "F0"

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



Tor has a custom extension to the SOCKS protocol, defined in:

that allows resolving hostnames.

exitmap makes use of this SOCKS extension.

When the answer is an IPv6 address (ATYP=04) only the first 4 bytes are contained in the response instead of the entire IPv6 address.

Expected behavior: The entire IPv6 address should be in the response (128 bit instead of 32 bit).


Child Tickets

Change History (5)

comment:1 Changed 11 months ago by cypherpunks


SOCKS response for resolving "ipv6.google.com" ("2a00:1450:4007:80c::200e")

0x05 00 00 04 2a001450 4001

05 = version
00 = resp code: succeeded
00 = reserved
04 = ATYP: IPv6
2a001450 = first bytes of the IPv6 address

last to bytes are "BND.PORT" as per spec but they might also be part of the IPv6 address
so the answer might contain the first 6 bytes not just 4 bytes.

Last edited 11 months ago by cypherpunks (previous) (diff)

comment:2 Changed 11 months ago by cypherpunks

you can close this one.

comment:3 Changed 11 months ago by nickm

Milestone: Tor: 0.4.2.x-final

Why? Is this not an issue?

comment:4 Changed 11 months ago by cypherpunks

exitmap reads only 10 bytes of the response, that is why it does not see more.

You can close it.

comment:5 Changed 11 months ago by nickm

Resolution: not a bug
Status: newclosed

ah, ok

Note: See TracTickets for help on using tickets.