From 41fa07f751aaf50297d3139c440f7fb3ed71338a Mon Sep 17 00:00:00 2001 From: teor Date: Tue, 14 Apr 2020 12:16:48 +1000 Subject: core/or: Allow IPv6 connections to be canonical Consider IPv6 addresses when checking if a connection is canonical. In 17604, relays assumed that a remote relay could consider an IPv6 connection canonical, but did not set the canonical flag on their side of the connection. Fixes bug 33899; bugfix on 0.3.1.1-alpha. --- changes/bug33899 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changes/bug33899 (limited to 'changes') diff --git a/changes/bug33899 b/changes/bug33899 new file mode 100644 index 0000000000..319df45dff --- /dev/null +++ b/changes/bug33899 @@ -0,0 +1,5 @@ + o Minor bugfixes (IPv6, relay): + - Consider IPv6 addresses when checking if a connection is canonical. + In 17604, relays assumed that a remote relay could consider an IPv6 + connection canonical, but did not set the canonical flag on their side + of the connection. Fixes bug 33899; bugfix on 0.3.1.1-alpha. -- cgit v1.2.3-54-g00ecf From 8c55d34e0adfd9585befd7ce1f71fb219ed63146 Mon Sep 17 00:00:00 2001 From: teor Date: Tue, 14 Apr 2020 12:21:49 +1000 Subject: core/or: Accurately log remote relay IPv6 addresses Log IPv6 addresses on connections where this relay is the responder. Previously, responding relays would replace the remote IPv6 address with the IPv4 address from the consensus. (The port is replaced with the IPv6 ORPort from the consensus, we will resolve this issue in 33898.) Fixes bug 33899; bugfix on 0.3.1.1-alpha. --- changes/bug33899 | 4 ++++ src/core/or/connection_or.c | 14 +++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'changes') diff --git a/changes/bug33899 b/changes/bug33899 index 319df45dff..b9b7d7cf13 100644 --- a/changes/bug33899 +++ b/changes/bug33899 @@ -3,3 +3,7 @@ In 17604, relays assumed that a remote relay could consider an IPv6 connection canonical, but did not set the canonical flag on their side of the connection. Fixes bug 33899; bugfix on 0.3.1.1-alpha. + - Log IPv6 addresses on connections where this relay is the responder. + Previously, responding relays would replace the remote IPv6 address with + the IPv4 address from the consensus. + Fixes bug 33899; bugfix on 0.3.1.1-alpha. diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 2eecbc50a7..f059bae25d 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -909,6 +909,13 @@ connection_or_check_canonicity(or_connection_t *conn, int started_here) tor_addr_eq(&conn->base_.addr, &node_ipv6_ap.addr)) { connection_or_set_canonical(conn, 1); } + /* Choose the correct canonical address and port. */ + tor_addr_port_t *node_ap; + if (tor_addr_family(&conn->base_.addr) == AF_INET) { + node_ap = &node_ipv4_ap; + } else { + node_ap = &node_ipv6_ap; + } if (!started_here) { /* Override the addr/port, so our log messages will make sense. * This is dangerous, since if we ever try looking up a conn by @@ -920,13 +927,14 @@ connection_or_check_canonicity(or_connection_t *conn, int started_here) * right IP address and port 56244, that wouldn't be as helpful. now we * log the "right" port too, so we know if it's moria1 or moria2. */ - tor_addr_copy(&conn->base_.addr, &node_ap.addr); - conn->base_.port = node_ap.port; + /* See #33898 for a ticket that resolves this technical debt. */ + tor_addr_copy(&conn->base_.addr, &node_ap->addr); + conn->base_.port = node_ap->port; } tor_free(conn->nickname); conn->nickname = tor_strdup(node_get_nickname(r)); tor_free(conn->base_.address); - conn->base_.address = tor_addr_to_str_dup(&node_ap.addr); + conn->base_.address = tor_addr_to_str_dup(&node_ap->addr); } else { tor_free(conn->nickname); conn->nickname = tor_malloc(HEX_DIGEST_LEN+2); -- cgit v1.2.3-54-g00ecf