Opened 4 months ago

Closed 4 months ago

#31115 closed defect (not a bug)

tor returns first 4 bytes of IPv6 address only when using SOCKS command "F0"

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor: 0.3.5.8
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Context:

Tor has a custom extension to the SOCKS protocol, defined in:
https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt#n48

that allows resolving hostnames.

exitmap makes use of this SOCKS extension.

When the answer is an IPv6 address (ATYP=04) only the first 4 bytes are contained in the response instead of the entire IPv6 address.

Expected behavior: The entire IPv6 address should be in the response (128 bit instead of 32 bit).

https://lists.torproject.org/pipermail/tor-dev/2019-July/013931.html

Child Tickets

Change History (5)

comment:1 Changed 4 months ago by cypherpunks

example:

SOCKS response for resolving "ipv6.google.com" ("2a00:1450:4007:80c::200e")

0x05 00 00 04 2a001450 4001

05 = version
00 = resp code: succeeded
00 = reserved
04 = ATYP: IPv6
2a001450

last to bytes are "BND.PORT" as per spec but they might also be part of the IPv6 address
so the answer might contain the first 6 bytes not just 4 bytes.

Version 0, edited 4 months ago by cypherpunks (next)

comment:2 Changed 4 months ago by cypherpunks

you can close this one.

comment:3 Changed 4 months ago by nickm

Milestone: Tor: 0.4.2.x-final

Why? Is this not an issue?

comment:4 Changed 4 months ago by cypherpunks

exitmap reads only 10 bytes of the response, that is why it does not see more.

You can close it.

comment:5 Changed 4 months ago by nickm

Resolution: not a bug
Status: newclosed

ah, ok

Note: See TracTickets for help on using tickets.