mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options. Use "preferred OR port" for all entry nodes, not only for bridges. Mark bridges with "prefer IPv6 OR port" if an IPv6 address is configured in Bridge line and ClientPreferIPv6ORPort is set. Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in descriptor and ClientPreferIPv6ORPort is set. Filter "preferred OR port" through the ClientUseIPv6 config option. We might want to move this test to where actual connection is being set up once we have a fall back mechanism in place. Have only non-servers pick an IPv6 address for the first hop: We don't want relays to connect over IPv6 yet. (IPv6 has never been used for second or third hops.) Implements ticket 5535.
This commit is contained in:
parent
d6ad00a01f
commit
e04e1a2e7d
5
changes/bug5535
Normal file
5
changes/bug5535
Normal file
@ -0,0 +1,5 @@
|
||||
o Major features:
|
||||
- If configured with ClientUseIPv6, clients may connect to entry
|
||||
nodes over IPv6. Another new config option, ClientPreferIPv6ORPort,
|
||||
can be set to make this even more likely to happen.
|
||||
Implements ticket 5535.
|
@ -1171,6 +1171,18 @@ The following options are useful only for clients (that is, if
|
||||
If no defaults are available there, these options default to 20, .70,
|
||||
0.0, 200, and 4 respectively.
|
||||
|
||||
**ClientUseIPv6** **0**|**1**::
|
||||
If this option is set to 1, Tor might connect to entry nodes over
|
||||
IPv6. Note that clients configured with an IPv6 address in a
|
||||
**Bridge** option will try connecting over IPv6 if even if
|
||||
**ClientUseIPv6** is set to 0. (Default: 0)
|
||||
|
||||
**ClientPreferIPv6ORPort** **0**|**1**::
|
||||
If this option is set to 1, Tor prefers an OR port with an IPv6
|
||||
address over one with IPv4 if a given entry node has both. Other
|
||||
things may influence the choice. This option breaks a tie to the
|
||||
favor of IPv6. (Default: 0)
|
||||
|
||||
|
||||
SERVER OPTIONS
|
||||
--------------
|
||||
|
@ -3792,12 +3792,10 @@ onion_extend_cpath(origin_circuit_t *circ)
|
||||
} else if (cur_len == 0) { /* picking first node */
|
||||
const node_t *r = choose_good_entry_server(purpose, state);
|
||||
if (r) {
|
||||
/* If we're extending to a bridge, use the preferred address
|
||||
rather than the primary, for potentially extending to an IPv6
|
||||
bridge. */
|
||||
int use_pref_addr = (r->ri != NULL &&
|
||||
r->ri->purpose == ROUTER_PURPOSE_BRIDGE);
|
||||
info = extend_info_from_node(r, use_pref_addr);
|
||||
/* If we're a client, use the preferred address rather than the
|
||||
primary address, for potentially connecting to an IPv6 OR
|
||||
port. */
|
||||
info = extend_info_from_node(r, server_mode(get_options()) == 0);
|
||||
tor_assert(info);
|
||||
}
|
||||
} else {
|
||||
@ -3865,10 +3863,11 @@ extend_info_alloc(const char *nickname, const char *digest,
|
||||
|
||||
/** Allocate and return a new extend_info that can be used to build a
|
||||
* circuit to or through the node <b>node</b>. Use the primary address
|
||||
* of the node unless <b>for_direct_connect</b> is true, in which case
|
||||
* the preferred address is used instead. May return NULL if there is
|
||||
* not enough info about <b>node</b> to extend to it--for example, if
|
||||
* there is no routerinfo_t or microdesc_t.
|
||||
* of the node (i.e. its IPv4 address) unless
|
||||
* <b>for_direct_connect</b> is true, in which case the preferred
|
||||
* address is used instead. May return NULL if there is not enough
|
||||
* info about <b>node</b> to extend to it--for example, if there is no
|
||||
* routerinfo_t or microdesc_t.
|
||||
**/
|
||||
extend_info_t *
|
||||
extend_info_from_node(const node_t *node, int for_direct_connect)
|
||||
@ -5607,10 +5606,15 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
|
||||
}
|
||||
}
|
||||
|
||||
/* Indicate that we prefer connecting to this bridge over the
|
||||
protocol that the bridge address indicates. Last bridge
|
||||
descriptor handled wins. */
|
||||
node->ipv6_preferred = tor_addr_family(&bridge->addr) == AF_INET6;
|
||||
/* Mark bridge as preferably connected to over IPv6 if its IPv6
|
||||
address is in a Bridge line and ClientPreferIPv6ORPort is
|
||||
set. Unless both is true, a potential IPv6 OR port of this
|
||||
bridge won't get selected.
|
||||
|
||||
XXX ipv6_preferred is never reset (#6757) */
|
||||
if (get_options()->ClientPreferIPv6ORPort == 1 &&
|
||||
tor_addr_family(&bridge->addr) == AF_INET6)
|
||||
node->ipv6_preferred = 1;
|
||||
|
||||
/* XXXipv6 we lack support for falling back to another address for
|
||||
the same relay, warn the user */
|
||||
|
@ -225,8 +225,10 @@ static config_var_t _option_vars[] = {
|
||||
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
|
||||
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
|
||||
V(ClientOnly, BOOL, "0"),
|
||||
V(ClientPreferIPv6ORPort, BOOL, "0"),
|
||||
V(ClientRejectInternalAddresses, BOOL, "1"),
|
||||
V(ClientTransportPlugin, LINELIST, NULL),
|
||||
V(ClientUseIPv6, BOOL, "0"),
|
||||
V(ConsensusParams, STRING, NULL),
|
||||
V(ConnLimit, UINT, "1000"),
|
||||
V(ConnDirectionStatistics, BOOL, "0"),
|
||||
|
@ -242,6 +242,8 @@ nodelist_set_consensus(networkstatus_t *ns)
|
||||
node->is_bad_directory = rs->is_bad_directory;
|
||||
node->is_bad_exit = rs->is_bad_exit;
|
||||
node->is_hs_dir = rs->is_hs_dir;
|
||||
if (options->ClientPreferIPv6ORPort == 1)
|
||||
node->ipv6_preferred = !tor_addr_is_null(&rs->ipv6_addr);
|
||||
}
|
||||
|
||||
} SMARTLIST_FOREACH_END(rs);
|
||||
@ -849,7 +851,13 @@ node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
|
||||
{
|
||||
tor_assert(ap_out);
|
||||
|
||||
if (node_ipv6_preferred(node))
|
||||
/* Cheap implementation of config option ClientUseIPv6 -- simply
|
||||
don't prefer IPv6 when ClientUseIPv6 is not set. (See #4455 for
|
||||
more on this subject.) Note that this filter is too strict since
|
||||
we're hindering not only clients! Erring on the safe side
|
||||
shouldn't be a problem though. XXX move this check to where
|
||||
outgoing connections are made? -LN */
|
||||
if (get_options()->ClientUseIPv6 == 1 && node_ipv6_preferred(node))
|
||||
node_get_pref_ipv6_orport(node, ap_out);
|
||||
else
|
||||
node_get_prim_orport(node, ap_out);
|
||||
|
@ -42,18 +42,18 @@ int node_get_purpose(const node_t *node);
|
||||
int node_is_me(const node_t *node);
|
||||
int node_exit_policy_rejects_all(const node_t *node);
|
||||
smartlist_t *node_get_all_orports(const node_t *node);
|
||||
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
|
||||
int node_allows_single_hop_exits(const node_t *node);
|
||||
const char *node_get_nickname(const node_t *node);
|
||||
const char *node_get_platform(const node_t *node);
|
||||
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
|
||||
void node_get_address_string(const node_t *node, char *cp, size_t len);
|
||||
long node_get_declared_uptime(const node_t *node);
|
||||
time_t node_get_published_on(const node_t *node);
|
||||
const smartlist_t *node_get_declared_family(const node_t *node);
|
||||
int node_ipv6_preferred(const node_t *node);
|
||||
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
|
||||
|
||||
smartlist_t *nodelist_get_list(void);
|
||||
|
||||
|
@ -3487,6 +3487,13 @@ typedef struct {
|
||||
* over randomly chosen exits. */
|
||||
int ClientRejectInternalAddresses;
|
||||
|
||||
/** If true, clients may connect over IPv6. XXX we don't really
|
||||
enforce this -- clients _may_ set up outgoing IPv6 connections
|
||||
even when this option is not set. */
|
||||
int ClientUseIPv6;
|
||||
/** If true, prefer an IPv6 OR port over an IPv4 one. */
|
||||
int ClientPreferIPv6ORPort;
|
||||
|
||||
/** The length of time that we think a consensus should be fresh. */
|
||||
int V3AuthVotingInterval;
|
||||
/** The length of time we think it will take to distribute votes. */
|
||||
|
Loading…
Reference in New Issue
Block a user