#23819: Tor doesn't bind to link-local (ipv6) addresses ------------------------------+----------------------------- Reporter: Zakhar | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Component: Core Tor/Tor | Version: Tor: 0.2.9.11 Severity: Normal | Keywords: ipv6 link-local Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+----------------------------- This is either a '''bug''' or a '''documentation defect''' (didn't dive into the code yet).
Standard routing with ipv6 happens with link-local as next hop. Hence, for the sake of making a transparent proxy for VMs, I am trying to specify a '''TransPort''' with the link-local of my bridge. The standard way of specifying that is: [fe80::xxxx:xxxx:xxxx:xxxx%iface] Tor parses correctly this ipv6 address (removing iface) but fails to bind. To reproduce: `$cat /etc/tor/torrc:` (...) `TransPort fe80::1c9a:c3ff:fec8:7768%vnet0:9040` (...) `$ ifconfig vnet0` `vnet0 Link encap:Ethernet HWaddr 1e:9a:c3:c8:77:68` ` inet6: fe80::1c9a:c3ff:fec8:7768/64 c9a:c3ff:fec8:7768/64 Scope:Link` As you can see, I have a vnet0. It has the link-local address that is specified as TransPort. Now let's start tor: `$ sudo tor` `Oct 10 21:34:28.384 [notice] Tor 0.2.9.11 (git-aa8950022562be76) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.` (...) `Oct 10 21:34:28.385 [notice] You configured a non-loopback address '[fe80::1c9a:c3ff:fec8:7768]:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.` (...) `Oct 10 21:34:28.386 [notice] Opening Transparent pf/netfilter listener on [fe80::1c9a:c3ff:fec8:7768]:9040` `Oct 10 21:34:28.386 [warn] Could not bind to fe80::1[c9a:c3ff:fec8:7768:9040 c9a:c3ff:fec8:7768:9040]: Invalid argument` As you can see, it is correctly striping the '''%vnet0''' and reading my link-local address from the /etc/tor/torrc It then tries to open the "pf/netfilter" and fails to bind, and says "invalid argument"! Indeed, binding a link-local ipv6 address needs one more argument in the syscall to bind: the interface! '''Other tests:''' Trying with fancy notations like TransPort [fe80::1c9a:c3ff:fec8:7768]%vnet0:9040 fails at parsing. Trying with a global address (with ipV6 you can just add addresses to the interface) works but opens other headaches such as having to advertise a different router address to the clients. '''Conclusion''', this is either: * '''(bug)''' the implementation of the "interface" parameter when binding link-local addresses is missing or failing. or * '''(documentation)''' it works and it is a documentation defect since nowhere we can find how to bind a link-local ipv6 address or even a working example. '''Additional:''' there could be the exact same bug/missing documentation in other places where you can specify an ipv6 address. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23819> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs