Commit e04e1a2e authored by Linus Nordberg's avatar Linus Nordberg Committed by Nick Mathewson
Browse files

Clients connect to public relays over IPv6.

Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
parent d6ad00a0
o Major features:
- If configured with ClientUseIPv6, clients may connect to entry
nodes over IPv6. Another new config option, ClientPreferIPv6ORPort,
can be set to make this even more likely to happen.
Implements ticket 5535.
......@@ -1171,6 +1171,18 @@ The following options are useful only for clients (that is, if
If no defaults are available there, these options default to 20, .70,
0.0, 200, and 4 respectively.
**ClientUseIPv6** **0**|**1**::
If this option is set to 1, Tor might connect to entry nodes over
IPv6. Note that clients configured with an IPv6 address in a
**Bridge** option will try connecting over IPv6 if even if
**ClientUseIPv6** is set to 0. (Default: 0)
**ClientPreferIPv6ORPort** **0**|**1**::
If this option is set to 1, Tor prefers an OR port with an IPv6
address over one with IPv4 if a given entry node has both. Other
things may influence the choice. This option breaks a tie to the
favor of IPv6. (Default: 0)
SERVER OPTIONS
--------------
......
......@@ -3792,12 +3792,10 @@ onion_extend_cpath(origin_circuit_t *circ)
} else if (cur_len == 0) { /* picking first node */
const node_t *r = choose_good_entry_server(purpose, state);
if (r) {
/* If we're extending to a bridge, use the preferred address
rather than the primary, for potentially extending to an IPv6
bridge. */
int use_pref_addr = (r->ri != NULL &&
r->ri->purpose == ROUTER_PURPOSE_BRIDGE);
info = extend_info_from_node(r, use_pref_addr);
/* If we're a client, use the preferred address rather than the
primary address, for potentially connecting to an IPv6 OR
port. */
info = extend_info_from_node(r, server_mode(get_options()) == 0);
tor_assert(info);
}
} else {
......@@ -3865,10 +3863,11 @@ extend_info_alloc(const char *nickname, const char *digest,
/** Allocate and return a new extend_info that can be used to build a
* circuit to or through the node <b>node</b>. Use the primary address
* of the node unless <b>for_direct_connect</b> is true, in which case
* the preferred address is used instead. May return NULL if there is
* not enough info about <b>node</b> to extend to it--for example, if
* there is no routerinfo_t or microdesc_t.
* of the node (i.e. its IPv4 address) unless
* <b>for_direct_connect</b> is true, in which case the preferred
* address is used instead. May return NULL if there is not enough
* info about <b>node</b> to extend to it--for example, if there is no
* routerinfo_t or microdesc_t.
**/
extend_info_t *
extend_info_from_node(const node_t *node, int for_direct_connect)
......@@ -5607,10 +5606,15 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
}
}
/* Indicate that we prefer connecting to this bridge over the
protocol that the bridge address indicates. Last bridge
descriptor handled wins. */
node->ipv6_preferred = tor_addr_family(&bridge->addr) == AF_INET6;
/* Mark bridge as preferably connected to over IPv6 if its IPv6
address is in a Bridge line and ClientPreferIPv6ORPort is
set. Unless both is true, a potential IPv6 OR port of this
bridge won't get selected.
XXX ipv6_preferred is never reset (#6757) */
if (get_options()->ClientPreferIPv6ORPort == 1 &&
tor_addr_family(&bridge->addr) == AF_INET6)
node->ipv6_preferred = 1;
/* XXXipv6 we lack support for falling back to another address for
the same relay, warn the user */
......
......@@ -225,8 +225,10 @@ static config_var_t _option_vars[] = {
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"),
V(ClientPreferIPv6ORPort, BOOL, "0"),
V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientTransportPlugin, LINELIST, NULL),
V(ClientUseIPv6, BOOL, "0"),
V(ConsensusParams, STRING, NULL),
V(ConnLimit, UINT, "1000"),
V(ConnDirectionStatistics, BOOL, "0"),
......
......@@ -242,6 +242,8 @@ nodelist_set_consensus(networkstatus_t *ns)
node->is_bad_directory = rs->is_bad_directory;
node->is_bad_exit = rs->is_bad_exit;
node->is_hs_dir = rs->is_hs_dir;
if (options->ClientPreferIPv6ORPort == 1)
node->ipv6_preferred = !tor_addr_is_null(&rs->ipv6_addr);
}
} SMARTLIST_FOREACH_END(rs);
......@@ -849,7 +851,13 @@ node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
{
tor_assert(ap_out);
if (node_ipv6_preferred(node))
/* Cheap implementation of config option ClientUseIPv6 -- simply
don't prefer IPv6 when ClientUseIPv6 is not set. (See #4455 for
more on this subject.) Note that this filter is too strict since
we're hindering not only clients! Erring on the safe side
shouldn't be a problem though. XXX move this check to where
outgoing connections are made? -LN */
if (get_options()->ClientUseIPv6 == 1 && node_ipv6_preferred(node))
node_get_pref_ipv6_orport(node, ap_out);
else
node_get_prim_orport(node, ap_out);
......
......@@ -42,18 +42,18 @@ int node_get_purpose(const node_t *node);
int node_is_me(const node_t *node);
int node_exit_policy_rejects_all(const node_t *node);
smartlist_t *node_get_all_orports(const node_t *node);
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
int node_allows_single_hop_exits(const node_t *node);
const char *node_get_nickname(const node_t *node);
const char *node_get_platform(const node_t *node);
uint32_t node_get_prim_addr_ipv4h(const node_t *node);
void node_get_address_string(const node_t *node, char *cp, size_t len);
long node_get_declared_uptime(const node_t *node);
time_t node_get_published_on(const node_t *node);
const smartlist_t *node_get_declared_family(const node_t *node);
int node_ipv6_preferred(const node_t *node);
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
smartlist_t *nodelist_get_list(void);
......
......@@ -3487,6 +3487,13 @@ typedef struct {
* over randomly chosen exits. */
int ClientRejectInternalAddresses;
/** If true, clients may connect over IPv6. XXX we don't really
enforce this -- clients _may_ set up outgoing IPv6 connections
even when this option is not set. */
int ClientUseIPv6;
/** If true, prefer an IPv6 OR port over an IPv4 one. */
int ClientPreferIPv6ORPort;
/** The length of time that we think a consensus should be fresh. */
int V3AuthVotingInterval;
/** The length of time we think it will take to distribute votes. */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment