Perform Basic Relay IPv6 Extends

changed milestone to %Tor: 0.4.4.x-final

Trac:
Parent Ticket: #33048 (moved)

added actualpoints::3.2 component::core tor/tor ipv6 milestone::Tor: 0.4.4.x-final owner::teor parent::33048 points::1 priority::medium prop311 resolution::implemented reviewer::nickm severity::normal sponsor::55-must status::closed type::task labels

Add channel_get_for_extend().

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in:

some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))
check_extend_cell() in onion.c
extend_cell_from_extend2_cell_body() in onion.c
- (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency)
and possibly other functions.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in:

some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))
check_extend_cell() in onion.c
extend_cell_from_extend2_cell_body() in onion.c
- (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency)
channel_get_for_extend(), where only channels with IPv4 addresses are searched,
and possibly other functions.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

Add a bug fix for connection_or_check_canonicity().

Trac:
Keywords: N/A deleted, technical-debt-partial added
Description: Currently, tor checks that extend cells have IPv4 addresses in:

some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))
check_extend_cell() in onion.c
extend_cell_from_extend2_cell_body() in onion.c
- (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency)
channel_get_for_extend(), where only channels with IPv4 addresses are searched,
and possibly other functions.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in:

some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))
check_extend_cell() in onion.c
extend_cell_from_extend2_cell_body() in onion.c
- (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency)
channel_get_for_extend(), where only channels with IPv4 addresses are searched,
and possibly other functions.

We also want to fix a missing IPv6 check in:

connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,
- (note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

Replying to teor:

We also want to fix a missing IPv6 check in:

connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

I did this fix in #33899 (moved).

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in:

some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))
check_extend_cell() in onion.c
extend_cell_from_extend2_cell_body() in onion.c
- (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency)
channel_get_for_extend(), where only channels with IPv4 addresses are searched,
and possibly other functions.

We also want to fix a missing IPv6 check in:

connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,
- (note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [ ] check_extend_cell() in onion.c [ ] extend_cell_from_extend2_cell_body() in onion.c

(note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency) channel_get_for_extend(), where only channels with IPv4 addresses are searched, [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

Note that channel_get_for_extend() is fixed by the canonical fix.

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [ ] check_extend_cell() in onion.c [ ] extend_cell_from_extend2_cell_body() in onion.c

(note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency) channel_get_for_extend(), where only channels with IPv4 addresses are searched, [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [ ] check_extend_cell() in onion.c [ ] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

Replying to teor:

Currently, tor checks that extend cells have IPv4 addresses in: ... [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c

I did these changes in #33901 (moved).

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [ ] check_extend_cell() in onion.c [ ] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

Here's my incomplete PR, it also contains the changes for #33899 (moved), #33900 (moved), and #33901 (moved):

don't merge: https://github.com/torproject/tor/pull/1864

Trac:
Status: assigned to needs_revision

Replying to teor:

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved))

I am most of the way through this change:

tor considers IPv6-only extend requests valid
tor checks IPv4 and IPv6 addresses before extending
tor re-uses existing IPv4 and IPv6 connections for extends

I still need to initiate new IPv6 connections in response to extend requests.

Here is the draft PR, with #33899 (moved), #33901 (moved), and #33917 (moved):

don't merge: https://github.com/torproject/tor/pull/1864

The PR also has #33918 (moved), but the next push will drop that commit - we can review and merge it separately.

Move refactor and config checks to the options ticket #33818 (moved).

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

We want to perform all these checks in the same place, so we can modify tor's behaviour based on:

tor's configuration
- including consensus parameters
the reachability of a relay's own IPv6 ORPort, and
any other relevant factors.

to

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.
Summary: Perform all IPv4 and IPv6 extend checks in one place to Perform Basic Relay IPv6 Extends

Further edits

Trac:
Description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

The canonical fix also fixes: [x] channel_get_for_extend(), where only channels with IPv4 addresses are searched.

Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration.

to

Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] channel_get_for_extend() in channel.c [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

Unlike the other changes, the connection_or_check_canonicity() change is a bug fix. Other code already considers IPv6 connections canonical.

This was a bit more complicated than I expected.

See my PR:

master: https://github.com/torproject/tor/pull/1864

Trac:
Keywords: technical-debt-partial deleted, N/A added
Actualpoints: N/A to 3
Status: needs_revision to needs_review
Description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] channel_get_for_extend() in channel.c [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [ ] and possibly other functions.

We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical,

(note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly)

Unlike the other changes, the connection_or_check_canonicity() change is a bug fix. Other code already considers IPv6 connections canonical.

to

Currently, tor checks that extend cells have IPv4 addresses in: [x] some functions in circuitbuild_relay.c (a new file introduced by #33633 (moved)) [x] channel_get_for_extend() in channel.c [x] check_extend_cell() in onion.c [x] extend_cell_from_extend2_cell_body() in onion.c [?] and possibly other functions.

We want to allow IPv6 in all these places.

And when we have an IPv4 and an IPv6 address, we want to choose between them at random.