Clients connect to public relays over IPv6.

Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
This commit is contained in:
Linus Nordberg 2012-08-27 15:03:34 +02:00 committed by Nick Mathewson
parent d6ad00a01f
commit e04e1a2e7d
7 changed files with 57 additions and 19 deletions

5
changes/bug5535 Normal file
View File

@ -0,0 +1,5 @@
o Major features:
- If configured with ClientUseIPv6, clients may connect to entry
nodes over IPv6. Another new config option, ClientPreferIPv6ORPort,
can be set to make this even more likely to happen.
Implements ticket 5535.

View File

@ -1171,6 +1171,18 @@ The following options are useful only for clients (that is, if
If no defaults are available there, these options default to 20, .70, If no defaults are available there, these options default to 20, .70,
0.0, 200, and 4 respectively. 0.0, 200, and 4 respectively.
**ClientUseIPv6** **0**|**1**::
If this option is set to 1, Tor might connect to entry nodes over
IPv6. Note that clients configured with an IPv6 address in a
**Bridge** option will try connecting over IPv6 if even if
**ClientUseIPv6** is set to 0. (Default: 0)
**ClientPreferIPv6ORPort** **0**|**1**::
If this option is set to 1, Tor prefers an OR port with an IPv6
address over one with IPv4 if a given entry node has both. Other
things may influence the choice. This option breaks a tie to the
favor of IPv6. (Default: 0)
SERVER OPTIONS SERVER OPTIONS
-------------- --------------

View File

@ -3792,12 +3792,10 @@ onion_extend_cpath(origin_circuit_t *circ)
} else if (cur_len == 0) { /* picking first node */ } else if (cur_len == 0) { /* picking first node */
const node_t *r = choose_good_entry_server(purpose, state); const node_t *r = choose_good_entry_server(purpose, state);
if (r) { if (r) {
/* If we're extending to a bridge, use the preferred address /* If we're a client, use the preferred address rather than the
rather than the primary, for potentially extending to an IPv6 primary address, for potentially connecting to an IPv6 OR
bridge. */ port. */
int use_pref_addr = (r->ri != NULL && info = extend_info_from_node(r, server_mode(get_options()) == 0);
r->ri->purpose == ROUTER_PURPOSE_BRIDGE);
info = extend_info_from_node(r, use_pref_addr);
tor_assert(info); tor_assert(info);
} }
} else { } else {
@ -3865,10 +3863,11 @@ extend_info_alloc(const char *nickname, const char *digest,
/** Allocate and return a new extend_info that can be used to build a /** Allocate and return a new extend_info that can be used to build a
* circuit to or through the node <b>node</b>. Use the primary address * circuit to or through the node <b>node</b>. Use the primary address
* of the node unless <b>for_direct_connect</b> is true, in which case * of the node (i.e. its IPv4 address) unless
* the preferred address is used instead. May return NULL if there is * <b>for_direct_connect</b> is true, in which case the preferred
* not enough info about <b>node</b> to extend to it--for example, if * address is used instead. May return NULL if there is not enough
* there is no routerinfo_t or microdesc_t. * info about <b>node</b> to extend to it--for example, if there is no
* routerinfo_t or microdesc_t.
**/ **/
extend_info_t * extend_info_t *
extend_info_from_node(const node_t *node, int for_direct_connect) extend_info_from_node(const node_t *node, int for_direct_connect)
@ -5607,10 +5606,15 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
} }
} }
/* Indicate that we prefer connecting to this bridge over the /* Mark bridge as preferably connected to over IPv6 if its IPv6
protocol that the bridge address indicates. Last bridge address is in a Bridge line and ClientPreferIPv6ORPort is
descriptor handled wins. */ set. Unless both is true, a potential IPv6 OR port of this
node->ipv6_preferred = tor_addr_family(&bridge->addr) == AF_INET6; bridge won't get selected.
XXX ipv6_preferred is never reset (#6757) */
if (get_options()->ClientPreferIPv6ORPort == 1 &&
tor_addr_family(&bridge->addr) == AF_INET6)
node->ipv6_preferred = 1;
/* XXXipv6 we lack support for falling back to another address for /* XXXipv6 we lack support for falling back to another address for
the same relay, warn the user */ the same relay, warn the user */

View File

@ -225,8 +225,10 @@ static config_var_t _option_vars[] = {
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/ V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(ClientDNSRejectInternalAddresses, BOOL,"1"), V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"), V(ClientOnly, BOOL, "0"),
V(ClientPreferIPv6ORPort, BOOL, "0"),
V(ClientRejectInternalAddresses, BOOL, "1"), V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientTransportPlugin, LINELIST, NULL), V(ClientTransportPlugin, LINELIST, NULL),
V(ClientUseIPv6, BOOL, "0"),
V(ConsensusParams, STRING, NULL), V(ConsensusParams, STRING, NULL),
V(ConnLimit, UINT, "1000"), V(ConnLimit, UINT, "1000"),
V(ConnDirectionStatistics, BOOL, "0"), V(ConnDirectionStatistics, BOOL, "0"),

View File

@ -242,6 +242,8 @@ nodelist_set_consensus(networkstatus_t *ns)
node->is_bad_directory = rs->is_bad_directory; node->is_bad_directory = rs->is_bad_directory;
node->is_bad_exit = rs->is_bad_exit; node->is_bad_exit = rs->is_bad_exit;
node->is_hs_dir = rs->is_hs_dir; node->is_hs_dir = rs->is_hs_dir;
if (options->ClientPreferIPv6ORPort == 1)
node->ipv6_preferred = !tor_addr_is_null(&rs->ipv6_addr);
} }
} SMARTLIST_FOREACH_END(rs); } SMARTLIST_FOREACH_END(rs);
@ -849,7 +851,13 @@ node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
{ {
tor_assert(ap_out); tor_assert(ap_out);
if (node_ipv6_preferred(node)) /* Cheap implementation of config option ClientUseIPv6 -- simply
don't prefer IPv6 when ClientUseIPv6 is not set. (See #4455 for
more on this subject.) Note that this filter is too strict since
we're hindering not only clients! Erring on the safe side
shouldn't be a problem though. XXX move this check to where
outgoing connections are made? -LN */
if (get_options()->ClientUseIPv6 == 1 && node_ipv6_preferred(node))
node_get_pref_ipv6_orport(node, ap_out); node_get_pref_ipv6_orport(node, ap_out);
else else
node_get_prim_orport(node, ap_out); node_get_prim_orport(node, ap_out);

View File

@ -42,18 +42,18 @@ int node_get_purpose(const node_t *node);
int node_is_me(const node_t *node); int node_is_me(const node_t *node);
int node_exit_policy_rejects_all(const node_t *node); int node_exit_policy_rejects_all(const node_t *node);
smartlist_t *node_get_all_orports(const node_t *node); smartlist_t *node_get_all_orports(const node_t *node);
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
int node_allows_single_hop_exits(const node_t *node); int node_allows_single_hop_exits(const node_t *node);
const char *node_get_nickname(const node_t *node); const char *node_get_nickname(const node_t *node);
const char *node_get_platform(const node_t *node); const char *node_get_platform(const node_t *node);
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
void node_get_address_string(const node_t *node, char *cp, size_t len); void node_get_address_string(const node_t *node, char *cp, size_t len);
long node_get_declared_uptime(const node_t *node); long node_get_declared_uptime(const node_t *node);
time_t node_get_published_on(const node_t *node); time_t node_get_published_on(const node_t *node);
const smartlist_t *node_get_declared_family(const node_t *node); const smartlist_t *node_get_declared_family(const node_t *node);
int node_ipv6_preferred(const node_t *node); int node_ipv6_preferred(const node_t *node);
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
smartlist_t *nodelist_get_list(void); smartlist_t *nodelist_get_list(void);

View File

@ -3487,6 +3487,13 @@ typedef struct {
* over randomly chosen exits. */ * over randomly chosen exits. */
int ClientRejectInternalAddresses; int ClientRejectInternalAddresses;
/** If true, clients may connect over IPv6. XXX we don't really
enforce this -- clients _may_ set up outgoing IPv6 connections
even when this option is not set. */
int ClientUseIPv6;
/** If true, prefer an IPv6 OR port over an IPv4 one. */
int ClientPreferIPv6ORPort;
/** The length of time that we think a consensus should be fresh. */ /** The length of time that we think a consensus should be fresh. */
int V3AuthVotingInterval; int V3AuthVotingInterval;
/** The length of time we think it will take to distribute votes. */ /** The length of time we think it will take to distribute votes. */