Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:  fixed
 Keywords:  asn-merge, dgoulet-merge, consider-  |  Actual Points:  0.4
  backport-after-authority-test, consider-   |
  backport-after-0421-alpha, 040-backport-   |
  maybe, 041-backport-maybe, ipv6, tor-relay,|
  tor-client, tor-dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by asn):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  asn-merge, dgoulet-merge, consider-  |  Actual Points:  0.4
  backport-after-authority-test, consider-   |
  backport-after-0421-alpha, 040-backport-   |
  maybe, 041-backport-maybe, ipv6, tor-relay,|
  tor-client, tor-dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * keywords:  ipv6, tor-relay, tor-client, tor-dirauth =>
 asn-merge, dgoulet-merge, consider-backport-after-authority-test,
 consider-backport-after-0421-alpha, 040-backport-maybe, 041-backport-
 maybe, ipv6, tor-relay, tor-client, tor-dirauth
 * status:  needs_review => merge_ready
 * actualpoints:   => 0.4


Comment:

 Ok, looks good to me.

 Neel, let us know if you have any concerns about Nick's extra commits.

 We might decide to backport this change to our supported authority
 releases 0.4.0 and 0.4.1.
 It's a low-risk change that improves code correctness, and relay operator
 feedback when IPv6 is misconfigured.
 But we should make sure we test master on moria1 first.

 This is not a security issue, because authorities can't reach private
 addresses anyway, so the relay will never be in the consensus.
 So it is also ok not to backport it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by nickm):

 * status:  needs_revision => needs_review


Comment:

 Fixed in `pr1182_squashed_v2`, PR at
 https://github.com/torproject/tor/pull/1267

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 I reviewed nickm's changes in the PR:
 * please fix the routerinfo comment
 * please remove the empty commit "Check for private IPv6 addresses in
 circuit_extend()"

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by nickm):

 Oh dear, I moved to my next task too quickly. The PR is at
 https://github.com/torproject/tor/pull/1265

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by teor):

 Where is the new PR?
 I can't find it in:
 https://github.com/torproject/tor/pulls

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by nickm):

 This is looking better!  I've made a new, squashed PR here, since the
 history of the old branch had grown a bit long to review.

 I've added a couple of fixes to the unit test code; please let me know if
 you agree with them?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * reviewer:  nickm, teor => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-

Comment (by teor):

 I  finished #21003 so that we can see the IPv6 addresses in
 router_describe() when an IPv6 address is rejected.

 I think that's a necessary part of this patch: otherwise, the rejection
 messages are going to be very confusing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


Comment:

 I removed the unnecessary changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 There are still a few unnecessary changes, I added comments to the pull
 request.

 I'll leave the final review to nickm.

 I did a draft implementation of #21003 so that we can see the IPv6
 addresses in router_describe().

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


Comment:

 Made the changes requested.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.21-rc
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision
 * version:   => Tor: 0.2.3.21-rc
 * milestone:  Tor: unspecified => Tor: 0.4.2.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-

Comment (by neel):

 Replying to [comment:11 teor]:
 > Replying to [comment:9 teor]:
 > > Replying to [comment:2 neel]:
 > > > Also here:
 > > > > And when clients connect:
 > > > >
 
​https://github.com/torproject/tor/blob/f7e8b3b68c8e2cecfc7ff4072e9f00d316aaba4f/src/core/or/circuitbuild.c#L552
 > > >
 > > > I didn't see any mention of separate IPv4 or IPv6 addresses here or
 in `extend_info_t`.
 > >
 > > That's because you're working on a child ticket of #24403, which will
 introduce separate IPv4 and IPv6 addresses in extend_info_t. (Or proposal
 306 will introduce them if we do it first.)
 > >
 > > Please open a separate ticket for the parts of this ticket that you
 can't do yet, because they depend on future planned changes.
 >
 > You've added some code that isn't needed yet. Please reject all IPv6
 extends in this patch, and open a separate child ticket of #24403 for
 allowing IPv6 extends.


 Opened #31413 for this purpose.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


Comment:

 I made your requested changes. Setting as needs review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm, teor  |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision
 * reviewer:  nickm => nickm, teor


Comment:

 Replying to [comment:9 teor]:
 > Replying to [comment:2 neel]:
 > > Also here:
 > > > And when clients connect:
 > > >
 
​https://github.com/torproject/tor/blob/f7e8b3b68c8e2cecfc7ff4072e9f00d316aaba4f/src/core/or/circuitbuild.c#L552
 > >
 > > I didn't see any mention of separate IPv4 or IPv6 addresses here or in
 `extend_info_t`.
 >
 > That's because you're working on a child ticket of #24403, which will
 introduce separate IPv4 and IPv6 addresses in extend_info_t. (Or proposal
 306 will introduce them if we do it first.)
 >
 > Please open a separate ticket for the parts of this ticket that you
 can't do yet, because they depend on future planned changes.

 You've added some code that isn't needed yet. Please reject all IPv6
 extends in this patch, and open a separate child ticket of #24403 for
 allowing IPv6 extends.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


Comment:

 A test for `dirserv_router_has_valid_address()` has been implemented.
 However, `dirserv_router_has_valid_address()` does not mark null IPv6 as
 internal as relays may not have IPv6 addresses.

 An internal IPv6 address in `dirserv_router_has_valid_address()` logic is
 when it passes `tor_addr_is_internal()` and isn't null (so we don't flag
 IPv4-only relays as internal).

 A `circuit_extend()` test would not be trivial because it would involve
 circuit extending logic, but this is tested in the chutney tests.
 `circuit_extend()` is only called in
 `connection_edge_process_relay_cell()` on these use cases:

 {{{
 case RELAY_COMMAND_EXTEND:
 case RELAY_COMMAND_EXTEND2:
 }}}

 And I did not see these be tested outside of chutney.

 Setting as needs review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:2 neel]:
 > I have a PR here: https://github.com/torproject/tor/pull/1182
 >
 > I'm not sure if tests are needed here. I don't think they're needed so I
 didn't include them here.

 Tests are always needed. Please write tests.

 > Also here:
 > > And when clients connect:
 > >
 
​https://github.com/torproject/tor/blob/f7e8b3b68c8e2cecfc7ff4072e9f00d316aaba4f/src/core/or/circuitbuild.c#L552
 >
 > I didn't see any mention of separate IPv4 or IPv6 addresses here or in
 `extend_info_t`.

 That's because you're working on a child ticket of #24403, which will
 introduce separate IPv4 and IPv6 addresses in extend_info_t. (Or proposal
 306 will introduce them if we do it first.)

 Please open a separate ticket for the parts of this ticket that you can't
 do yet, because they depend on future planned changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by teor):

 Replying to [comment:7 neel]:
 > I don't believe a null address will count as internal, but I removed the
 check because in `tor_addr_is_internal_()` at the end of the function on a
 null family (or any non-IPv4/IPv6):
 >
 > {{{
 >   /* unknown address family... assume it's not safe for external use */
 >   /* rather than tor_assert(0) */
 >   log_warn(LD_BUG, "tor_addr_is_internal() called from %s:%d with a "
 >"non-IP address of type %d", filename, lineno,
 (int)v_family);
 >   tor_fragile_assert();
 >   return 1;
 > }}}
 >
 > So (I guess) it would report as internal anyways.

 We don't want to execute a tor_fragile_assert().

 So the null address checks are required, and we should treat a null
 address as a missing address:
 * if one address is null, use the result for the other address
 * if both addresses are null, reject, because the request can never
 succeed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by neel):

 I don't believe a null address will count as internal, but I removed the
 check because in `tor_addr_is_internal_()` at the end of the function on a
 null family (or any non-IPv4/IPv6):

 {{{
   /* unknown address family... assume it's not safe for external use */
   /* rather than tor_assert(0) */
   log_warn(LD_BUG, "tor_addr_is_internal() called from %s:%d with a "
"non-IP address of type %d", filename, lineno, (int)v_family);
   tor_fragile_assert();
   return 1;
 }}}

 So (I guess) it would report as internal anyways.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-

Comment (by nickm):

 > I decided to remove the is_null check and pushed it also.

 What is the reason for not checking for null addresses?  Will a null
 address count as internal?  Do we want it to?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


Comment:

 I have made the changes.

 Replying to [comment:4 nickm]:
 > Two issues.
 >
 > First, have a look at your checks in circuit_extend(): it will make the
 extend cell get rejected only when *BOTH* of the target addresses are
 internal.  I don't think that's right.

 I fixed it.

 > Second, I see that in dirserv_router_has_valid_address() you're testing
 the address for is_null, but in circuit_extend() you aren't.  What's the
 reasoning there?

 I originally planned to do this in the if statement, but broke off it. I
 decided to remove the is_null check and pushed it also.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 Two issues.

 First, have a look at your checks in circuit_extend(): it will make the
 extend cell get rejected only when *BOTH* of the target addresses are
 internal.  I don't think that's right.

 Second, I see that in dirserv_router_has_valid_address() you're testing
 the address for is_null, but in circuit_extend() you aren't.  What's the
 reasoning there?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by dgoulet):

 * reviewer:   => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by neel):

 * status:  assigned => needs_review


Comment:

 I have a PR here: https://github.com/torproject/tor/pull/1182

 I'm not sure if tests are needed here. I don't think they're needed so I
 didn't include them here.

 Also here:
 > And when clients connect:
 >
 
​https://github.com/torproject/tor/blob/f7e8b3b68c8e2cecfc7ff4072e9f00d316aaba4f/src/core/or/circuitbuild.c#L552

 I didn't see any mention of separate IPv4 or IPv6 addresses here or in
 `extend_info_t`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends

[Tor Bug Tracker & Wiki]

#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, tor-relay, tor-client, tor-|  Actual Points:
  dirauth|
Parent ID:  #24403   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by neel):

 * status:  new => assigned
 * cc: neel (added)
 * owner:  (none) => neel


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs