Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4760 closed enhancement (fixed)

"ORPort [::]:9001" sometimes listens to both IPv4 and IPv6, sometimes to IPv4 only.

Reported by: dcf Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: 0.2.3.10-alpha
Severity: Keywords: tor-bridge
Cc: ln5 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On some operating systems, an AF_INET6 socket listening on :: can also receive IPv4 connections, but whether it does by default is OS-dependent. It depends whether the IPV6_V6ONLY socket option is set.

You may want to set this socket option on all sockets resulting from an IPv6 Bridge line, for uniformity and to avoid accidentally listening on IPv4 when you don't intend to. Linux by default has this option set; Windows and FreeBSD apparently do not.

An observable effect of this phenomenon is that this configuration fails on Linux:

ORPort 9001
ORPort [::]:9001

The problem is that "ORPort 9001" binds to IPv4, and "ORPort [::]:9001" tries to bind to both IPv4 and IPv6.

Dec 22 05:58:48.104 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 22 05:58:48.104 [notice] Opening OR listener on 0.0.0.0:9001
Dec 22 05:58:48.104 [notice] Opening OR listener on :::9001
Dec 22 05:58:48.104 [warn] Could not bind to :::9001: Address already in use. Is Tor already running?
Dec 22 05:58:48.104 [notice] Closing partially-constructed listener Socks listener on 127.0.0.1:9050
Dec 22 05:58:48.104 [notice] Closing partially-constructed listener OR listener on 0.0.0.0:9001
Dec 22 05:58:48.104 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Dec 22 05:58:48.104 [err] Reading config failed--see warnings above.

http://tools.ietf.org/html/rfc3493#section-5.3 describes the IPV6_V6ONLY option.

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by ln5

Cc: ln5 added

comment:2 Changed 8 years ago by nickm

Status: newneeds_review

Fix candidate in branch "bug4760" in my public repository (commit visible at https://gitweb.torproject.org/nickm/tor.git/commit/dd68d596cdf68999c0cb4c0caf594d8580eaba40 ).

Please review?

comment:3 Changed 8 years ago by BarkerJr

The patch seems to be working for me on 0.2.3.12-alpha. I haven't tried connecting to it with a bridge, though.

comment:4 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Thanks for testing! It still looks okay to me. Merging it.

comment:5 Changed 7 years ago by nickm

Keywords: tor-bridge added

comment:6 Changed 7 years ago by nickm

Component: Tor BridgeTor
Note: See TracTickets for help on using tickets.