Opened 8 years ago
Last modified 6 days ago
#5940 new enhancement
Figure out own IPv6 address
| Reported by: | ln5 | Owned by: | |
|---|---|---|---|
| Priority: | Medium | Milestone: | Tor: 0.4.4.x-final |
| Component: | Core Tor/Tor | Version: | |
| Severity: | Normal | Keywords: | ipv6, tor-relay |
| Cc: | babut, massar, rl1987@…, sven.herzberg@… | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: | Sponsor55-must |
Description
A relay should be able to figure out if the system has got an IPv6
address configured, just like what's done for IPv4.
From #5146:
Should we turn resolve_my_address() into resolve_my_addresses() and
teach it about IPv6? get_interface_address6() used here needs some
work for #4806 too.
A few thoughts:
- resolve_my_address() looks at options->Address. What should 'Address' mean now that a relay doesn't have one single address any more?
- get_interface_address() says "This address should only be used in checking whether our address has changed" but is actually used by resolve_my_address() in the case where we fail to resolve our hostname. Does get_interface_address6() need more work or should we just add a comment to where we use it in a non-recommended way?
Child Tickets
| Ticket | Type | Status | Owner | Summary |
|---|---|---|---|---|
| #4806 | enhancement | needs_revision | Detect and warn when running IPv6-using client without IPv6 address privacy | |
| #12377 | defect | needs_revision | Prefer default route when checking local interface addresses | |
| #17605 | defect | needs_revision | jryans | Stop caches storing or modifying X-Your-Address-Is from Tor Directory documents |
| #19919 | defect | new | If ORPort address is publicly routable, use it to guess Address | |
| #24403 | task | assigned | Propose and implement IPv6 ORPort reachability checks on relays | |
| #24777 | defect | new | Make relays try IPv6 ORPorts for directory uploads and downloads | |
| #30954 | enhancement | assigned | neel | Address torrc option is ignored if set second time for the IPv6 address |
| #32707 | defect | closed | need a mechanism to automatically detect the ipv6 address of the node | |
| #32888 | enhancement | assigned | Log address config info when tor starts up | |
| #33073 | task | needs_information | teor | Write a proposal for Tor Relays to Automatically Find their IPv6 Address |
| #33091 | defect | closed | teor | Remove redundant checks in ip_address_changed() |
Change History (32)
comment:1 Changed 7 years ago by
| Milestone: | → Tor: 0.2.4.x-final |
|---|
comment:2 Changed 7 years ago by
comment:3 Changed 7 years ago by
| Keywords: | tor-relay added |
|---|
comment:4 Changed 7 years ago by
| Component: | Tor Relay → Tor |
|---|
comment:5 Changed 7 years ago by
| Milestone: | Tor: 0.2.4.x-final → Tor: 0.2.5.x-final |
|---|
comment:6 Changed 6 years ago by
| Milestone: | Tor: 0.2.5.x-final → Tor: 0.2.6.x-final |
|---|
comment:7 Changed 6 years ago by
| Keywords: | 026-triaged-1 026-deferrable added |
|---|
comment:8 Changed 5 years ago by
| Milestone: | Tor: 0.2.6.x-final → Tor: 0.2.7.x-final |
|---|
comment:9 Changed 5 years ago by
| Keywords: | lorax added |
|---|
comment:10 Changed 5 years ago by
| Cc: | massar added |
|---|
comment:11 Changed 5 years ago by
| Cc: | rl1987@… added |
|---|
comment:12 Changed 5 years ago by
| Status: | new → assigned |
|---|
comment:13 Changed 5 years ago by
| Keywords: | 027-triaged-1-out added |
|---|
Marking triaged-out items from first round of 0.2.7 triage.
comment:14 Changed 5 years ago by
| Milestone: | Tor: 0.2.7.x-final → Tor: 0.2.??? |
|---|
Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???
comment:15 Changed 4 years ago by
| Cc: | sven.herzberg@… added |
|---|---|
| Severity: | → Blocker |
comment:16 Changed 4 years ago by
FYI, the severity was displayed as blocker before. I think it was just unset (maybe a problem in the trac setup).
comment:17 Changed 4 years ago by
| Severity: | Blocker → Normal |
|---|
comment:18 Changed 4 years ago by
As of 0.2.7.3-rc, we also use get_interface_address6* to discover our IPv4 and IPv6 addresses so we can block them in the exit policy (#17027).
Relays also allow IPv6 ORPorts to be set, and the first IPv6 ORPort is used as the ipv6_addr for the relay.
Perhaps we need an option to tell relays it's ok to autodetect their IPv6 address?
IPv6Relay?
If it's an AUTOBOOL, we could change the default in the consensus from 0 to 1 once enough relays have upgraded, and once we check IPv6 reachability from the relay itself, and the authorities, and maybe the bwauths.
comment:19 Changed 4 years ago by
In #17281, I intend to use get_interface_address6* to determine whether the client has any non-local IPv6 address(es). That gets us halfway to fixing this issue.
comment:20 Changed 4 years ago by
When tor can figure out its own IPv6 address, a relay configured with ORPort [::]:443 should put the discovered IPv6 address in its descriptor. (See #18387.)
comment:21 Changed 3 years ago by
If we turned on IPv6 autodetection by default, operators with broken IPv6 configs might find their relays being excluded from the consensus because they are unreachable on IPv6.
We'd have to teach Tor to test IPv6 reachability, and stop advertising IPv6 if it was unreachable.
But this is counted as an address change by OnionOO, so it has flow-on effects in systems that analyse relay stability.
And there are race conditions involved - this is why we made IPv4 DirPort reachability a requirement in 0.2.8 in #18050.
comment:23 Changed 3 years ago by
| Keywords: | tor-03-unspecified-201612 added |
|---|---|
| Milestone: | Tor: 0.3.??? → Tor: unspecified |
Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.
comment:24 Changed 3 years ago by
| Keywords: | tor-03-unspecified-201612 removed |
|---|
Remove an old triaging keyword.
comment:25 Changed 3 years ago by
| Keywords: | 027-triaged-in added |
|---|
comment:26 Changed 3 years ago by
| Keywords: | 027-triaged-in removed |
|---|
comment:27 Changed 3 years ago by
| Keywords: | 027-triaged-1-out removed |
|---|
comment:28 Changed 3 years ago by
| Keywords: | 026-triaged-1 removed |
|---|
comment:29 Changed 3 years ago by
| Keywords: | 026-deferrable removed |
|---|
comment:30 Changed 3 years ago by
| Status: | assigned → new |
|---|
Change the status of all assigned/accepted Tor tickets with owner="" to "new".
comment:32 Changed 6 days ago by
| Keywords: | lorax removed |
|---|---|
| Milestone: | Tor: unspecified → Tor: 0.4.4.x-final |
| Sponsor: | → Sponsor55-must |

Since all the *port options allow Address to be overridden, I'm inclined to keep the current meaning of Address. When we resolve it, though, let's remember if it has any INET6 addresses in addition to its INET addresses, and use those as an appropriate fallback when finding our IPv6 address.
I think the right fix for the comment on get_interface_address() is to explain why it can tell you that the address has changed, but it's only a good guess for our current public address (that is, because NAT exists).