#33817: Perform all IPv4 and IPv6 extend checks in one place -------------------------------------------------+------------------------- Reporter: teor | Owner: teor Type: task | Status: | assigned Priority: Medium | Milestone: Tor: | 0.4.4.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: ipv6, prop311, technical-debt- | Actual Points: partial | Parent ID: #33220 | Points: 1 Reviewer: | Sponsor: | Sponsor55-must -------------------------------------------------+-------------------------
Old description: > Currently, tor checks that extend cells have IPv4 addresses in: > * some functions in circuitbuild_relay.c (a new file introduced by > #33633) > * check_extend_cell() in onion.c > * extend_cell_from_extend2_cell_body() in onion.c > * (note that all relays that support IPv6 extends should be using > extend2 cells, but we want to modify this code for consistency) > * channel_get_for_extend(), where only channels with IPv4 addresses are > searched, > * and possibly other functions. > > We also want to fix a missing IPv6 check in: > * connection_or_check_canonicity(), where only IPv4 addresses are > considered canonical, > * (note that channel_tls_process_netinfo_cell() already handles IPv6 > canonicity correctly) > Unlike the other changes, this change is a bug fix, and should not depend > on the relay's configuration. > > We want to perform all these checks in the same place, so we can modify > tor's behaviour based on: > * tor's configuration > * including consensus parameters > * the reachability of a relay's own IPv6 ORPort, and > * any other relevant factors. New description: Currently, tor checks that extend cells have IPv4 addresses in: [ ] some functions in circuitbuild_relay.c (a new file introduced by #33633) [ ] check_extend_cell() in onion.c [ ] extend_cell_from_extend2_cell_body() in onion.c * (note that all relays that support IPv6 extends should be using extend2 cells, but we want to modify this code for consistency) [ ] channel_get_for_extend(), where only channels with IPv4 addresses are searched, [ ] and possibly other functions. We also want to fix a missing IPv6 check in: [x] connection_or_check_canonicity(), where only IPv4 addresses are considered canonical, * (note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration. We want to perform all these checks in the same place, so we can modify tor's behaviour based on: * tor's configuration * including consensus parameters * the reachability of a relay's own IPv6 ORPort, and * any other relevant factors. -- Comment (by teor): Replying to [ticket:33817 teor]: > We also want to fix a missing IPv6 check in: > * connection_or_check_canonicity(), where only IPv4 addresses are considered canonical, > * (note that channel_tls_process_netinfo_cell() already handles IPv6 canonicity correctly) > Unlike the other changes, this change is a bug fix, and should not depend on the relay's configuration. I did this fix in #33899. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33817#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs