diff options
| author | teor <teor@torproject.org> | 2020-02-04 14:39:47 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2020-02-05 22:03:50 +1000 |
| commit | 6e7d4abd1f18292c501e8a4e173b83d2fa9313b1 (patch) | |
| tree | 9f547cbf91673000d7f45133181e21f053daddbe /proposals/312-relay-auto-ipv6-addr.txt | |
| parent | f090a2233c9180df6b606c1b598fe72a1ae5441c (diff) | |
| download | torspec-6e7d4abd1f18292c501e8a4e173b83d2fa9313b1.tar.gz torspec-6e7d4abd1f18292c501e8a4e173b83d2fa9313b1.zip | |
Prop 312: Use Authority IPs for the Socket Method
Add an optional section, where we propose using a directory authority
IPv4 and IPv6 address for socket-based local interface address
detection.
As suggested by Nick Mathewson.
Part of 33073.
Diffstat (limited to 'proposals/312-relay-auto-ipv6-addr.txt')
| -rw-r--r-- | proposals/312-relay-auto-ipv6-addr.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/proposals/312-relay-auto-ipv6-addr.txt b/proposals/312-relay-auto-ipv6-addr.txt index 3209e0b..1a672fb 100644 --- a/proposals/312-relay-auto-ipv6-addr.txt +++ b/proposals/312-relay-auto-ipv6-addr.txt @@ -935,6 +935,35 @@ Ticket: #33073 support IPv6 may be quite small. But we should still test this use case for clients connecting over IPv4 and IPv6, and extending over IPv4 and IPv6. +3.5.12. Using Authority Addresses for Socket-Based Address Detection + + We propose this optional change, to avoid issues with firewalls during + address detection. (And to reduce user confusion about firewall + notifications which show a strange IP address.) + + We propose that tor should use a directory authority IPv4 and IPv6 address, + for any sockets that it opens to detect local interface addresses (see + section 3.2.3). We propose that this change is applied regardless of the + role of the current tor instance (relay, bridge, directory authority, or + client). + + Tor currently uses the arbitrary IP addresses 18.0.0.1 and [2002::], which + may be blocked by firewalls. These addresses may also cause user confusion, + when they appear in logs or notifications. + + The relevant function is get_interface_address6_via_udp_socket_hack() in + lib/net. The hard-coded addresses are in app/config. Directly using these + addresses would break tor's module layering rules, so we propose: + * copying one directory authority's hard-coded IPv4 and IPv6 addresses to + an ADDRESS_PRIVATE macro or variable in lib/net/address.h + * writing a unit test that makes sure that the address used by + get_interface_address6_via_udp_socket_hack() is still in the list of + hard-coded directory authority addresses. + + When we choose the directory authority, we should avoid using a directory + authority that has different hard-coded and advertised IP addresses. (To + avoid user confusion.) + 4. Directory Protocol Specification Changes We propose explicitly supporting IPv6 X-Your-Address-Is HTTP headers in the |