diff options
-rw-r--r-- | dir-spec.txt | 24 | ||||
-rw-r--r-- | proposals/117-ipv6-exits.txt | 2 | ||||
-rw-r--r-- | proposals/208-ipv6-exits-redux.txt | 2 | ||||
-rw-r--r-- | tor-spec.txt | 19 |
4 files changed, 40 insertions, 7 deletions
diff --git a/dir-spec.txt b/dir-spec.txt index c5ca5c1..dd4a9c9 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -476,6 +476,14 @@ the address will be accepted. For clarity, the last such entry SHOULD be accept *:* or reject *:*. + "ipv6-policy" SP ("accept" / "reject") SP PortList NL + + [At most once.] + + An exit-policy summary as specified in 3.3 and 3.5.2, summarizing + the router's rules for connecting to IPv6 addresses. A missing + "ipv6-policy" line is equivalent to "ipv6-policy reject 1-65535". + "router-signature" NL Signature NL [At end, exactly once] @@ -1114,7 +1122,7 @@ The "ntor-onion-key" element as specified in 2.1. - (Only included when the vote or consensus is generated with + (Only included when generating microdescriptors for consensus-method 16 or later.) "a" SP address ":" portlist NL @@ -1141,6 +1149,17 @@ BEGIN request, and might get end-reason-exit-policy if they guessed wrong, in which case they'll have to try elsewhere.] + "p6" SP ("accept" / "reject") SP PortList NL + + [At most once] + + The IPv6 exit policy summary as specified in 3.3 and 3.5.2. A + missing "p6" line is equivalent to "p6 reject 1-65535". + + (Only included when generating microdescriptors for + consensus-method 15 or later.) + + (Note that with microdescriptors, clients do not learn the identity of their routers: they only learn a hash of the identity key. This is all they need to confirm the actual identity key when doing a TLS handshake, @@ -1855,7 +1874,8 @@ consensuses may include "a" lines listing additional OR ports. - * XXXXX 15 + * If consensus method 15 or later is used, microdescriptors + include "p6" lines including IPv6 exit policies. * If consensus method 16 or later is used, ntor-onion-key are included in microdescriptors diff --git a/proposals/117-ipv6-exits.txt b/proposals/117-ipv6-exits.txt index 9c51cf2..f343ff7 100644 --- a/proposals/117-ipv6-exits.txt +++ b/proposals/117-ipv6-exits.txt @@ -2,7 +2,7 @@ Filename: 117-ipv6-exits.txt Title: IPv6 exits Author: coderman Created: 10-Jul-2007 -Status: Finished +Status: Closed Target: 0.2.4.x Implemented-In: 0.2.4.7-alpha diff --git a/proposals/208-ipv6-exits-redux.txt b/proposals/208-ipv6-exits-redux.txt index e25a901..32fb09c 100644 --- a/proposals/208-ipv6-exits-redux.txt +++ b/proposals/208-ipv6-exits-redux.txt @@ -2,7 +2,7 @@ Filename: 208-ipv6-exits-redux.txt Title: IPv6 Exits Redux Author: Nick Mathewson Created: 10-Oct-2012 -Status: Finished +Status: Closed Target: 0.2.4.x Implemented-In: 0.2.4.7-alpha diff --git a/tor-spec.txt b/tor-spec.txt index 0c333e7..6831744 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1252,14 +1252,27 @@ see tor-design.pdf. and constructs a RELAY_BEGIN cell with a payload encoding the address and port of the destination host. The payload format is: - ADDRESS | ':' | PORT | [00] + ADDRPORT [nul-terminated string] + FLAGS [4 bytes] + + ADDRPORT is made of ADDRESS | ':' | PORT | [00] where ADDRESS can be a DNS hostname, or an IPv4 address in dotted-quad format, or an IPv6 address surrounded by square brackets; and where PORT is a decimal integer between 1 and 65535, inclusive. - [What is the [00] for? -NM] - [It's so the payload is easy to parse out with string funcs -RD] + The FLAGS value has one or more of the following bits set, where + "bit 1" is the LSB of the 32-bit value, and "bit 32" is the MSB. + bit meaning + 1 -- IPv6 okay. We support learning about IPv6 addresses and + connecting to IPv6 addresses. + 2 -- IPv4 not okay. We don't want to learn about IPv4 addresses + or connect to them. + 3 -- IPv6 preferred. If there are both IPv4 and IPv6 addresses, + we want to connect to the IPv6 one. (By default, we connect + to the IPv4 address.) + 4..32 -- Reserved. Current clients MUST NOT set these. Servers + MUST ignore them. Upon receiving this cell, the exit node resolves the address as necessary, and opens a new TCP connection to the target port. If the |