Loading changes/bug6027 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor features: - Allow users to configure directory authorities and fallback directory servers with IPv6 addresses and ORPorts. Resolves ticket 6027. changes/feature17327 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor feature (IPv6): - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc options. Add hard-coded ipv6 addresses for directory authorities with ipv6 lines in their descriptors. Closes ticket 17327; patch from Nick Mathewson / "teor". doc/tor.1.txt +6 −3 Original line number Diff line number Diff line Loading @@ -358,7 +358,7 @@ GENERAL OPTIONS DataDirectory. If the option is set to 1, make the DataDirectory readable by the default GID. (Default: 0) [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]:: [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__] [ipv6=__address__:__orport__]:: When we're unable to connect to any directory cache for directory info (usually because we don't know about any yet) we try a directory authority. Clients also simultaneously try a FallbackDir, to avoid hangs on client Loading @@ -384,9 +384,12 @@ GENERAL OPTIONS "bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the given port when opening encrypted tunnels to the dirserver. If a flag "weight=**num**" is given, then the directory server is chosen randomly with probability proportional to that weight (default 1.0). Lastly, if a with probability proportional to that weight (default 1.0). If a flag "v3ident=**fp**" is given, the dirserver is a v3 directory authority whose v3 long-term signing key has the fingerprint **fp**. + whose v3 long-term signing key has the fingerprint **fp**. Lastly, if an "ipv6=__address__:__orport__" flag is present, then the directory authority is listening for IPv6 connections on the indicated IPv6 address and OR Port. + + If no **DirAuthority** line is given, Tor will use the default directory authorities. NOTE: this option is intended for setting up a private Tor Loading src/or/config.c +42 −7 Original line number Diff line number Diff line Loading @@ -600,9 +600,6 @@ static int options_transition_affects_descriptor( static int check_nickname_list(char **lst, const char *name, char **msg); static char *get_bindaddr_from_transport_listen_line(const char *line, const char *transport); static int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only); static int parse_ports(or_options_t *options, int validate_only, char **msg_out, int *n_ports_out, int *world_writable_control_socket); Loading Loading @@ -907,6 +904,7 @@ static const char *default_authorities[] = { "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", "tor26 orport=443 " "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "ipv6=[2001:858:2:2:aabb:0:563b:1526]:443 " "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 " "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " Loading @@ -915,21 +913,26 @@ static const char *default_authorities[] = { "82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D", "gabelmoo orport=443 " "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 " "ipv6=[2001:638:a000:4140::ffff:189]:443 " "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281", "dannenberg orport=443 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", "urras orport=80 " "v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417" /* XX/teor - urras may have an IPv6 address, but it's not in urras' * descriptor as of 11 Dec 2015. See #17813. */, "maatuska orport=80 " "v3ident=49015F787433103580E3B66A1707A00E60F2D15B " "ipv6=[2001:67c:289c::9]:80 " "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", "Faravahar orport=443 " "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", "longclaw orport=443 " "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 " "ipv6=[2620:13:4000:8000:60:f3ff:fea1:7cff]:443 " "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145", NULL }; Loading @@ -938,7 +941,7 @@ static const char *default_authorities[] = { * but only add them insofar as they share bits with <b>type</b>. * Each authority's bits are restricted to the bits shared with <b>type</b>. * If <b>type</b> is ALL_DIRINFO or NO_DIRINFO (zero), add all authorities. */ static void STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type) { int i; Loading Loading @@ -5634,13 +5637,14 @@ get_options_for_server_transport(const char *transport) * (minus whatever bits it's missing) as a valid authority. * Return 0 on success or filtering out by type, * or -1 if the line isn't well-formed or if we can't add it. */ static int STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only) { smartlist_t *items = NULL; int r; char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL; tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL; uint16_t dir_port = 0, or_port = 0; char digest[DIGEST_LEN]; char v3_digest[DIGEST_LEN]; Loading Loading @@ -5697,6 +5701,20 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, } else { type |= V3_DIRINFO|EXTRAINFO_DIRINFO|MICRODESC_DIRINFO; } } else if (!strcasecmpstart(flag, "ipv6=")) { if (ipv6_addrport_ptr) { log_warn(LD_CONFIG, "Redundant ipv6 addr/port on DirAuthority line"); } else { if (tor_addr_port_parse(LOG_WARN, flag+strlen("ipv6="), &ipv6_addrport.addr, &ipv6_addrport.port, -1) < 0 || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) { log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on DirAuthority line", escaped(flag)); goto err; } ipv6_addrport_ptr = &ipv6_addrport; } } else { log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line", flag); Loading Loading @@ -5739,6 +5757,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type, address, (int)dir_port, (char*)smartlist_get(items,0)); if (!(ds = trusted_dir_server_new(nickname, address, dir_port, or_port, ipv6_addrport_ptr, digest, v3_digest, type, weight))) goto err; dir_server_add(ds); Loading Loading @@ -5776,6 +5795,7 @@ parse_dir_fallback_line(const char *line, int ok; char id[DIGEST_LEN]; char *address=NULL; tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL; double weight=1.0; memset(id, 0, sizeof(id)); Loading @@ -5794,6 +5814,20 @@ parse_dir_fallback_line(const char *line, } else if (!strcmpstart(cp, "id=")) { ok = !base16_decode(id, DIGEST_LEN, cp+strlen("id="), strlen(cp)-strlen("id=")); } else if (!strcasecmpstart(cp, "ipv6=")) { if (ipv6_addrport_ptr) { log_warn(LD_CONFIG, "Redundant ipv6 addr/port on FallbackDir line"); } else { if (tor_addr_port_parse(LOG_WARN, cp+strlen("ipv6="), &ipv6_addrport.addr, &ipv6_addrport.port, -1) < 0 || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) { log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on FallbackDir line", escaped(cp)); goto end; } ipv6_addrport_ptr = &ipv6_addrport; } } else if (!strcmpstart(cp, "weight=")) { int ok; const char *wstring = cp + strlen("weight="); Loading Loading @@ -5835,7 +5869,8 @@ parse_dir_fallback_line(const char *line, if (!validate_only) { dir_server_t *ds; ds = fallback_dir_server_new(&addr, dirport, orport, id, weight); ds = fallback_dir_server_new(&addr, dirport, orport, ipv6_addrport_ptr, id, weight); if (!ds) { log_warn(LD_CONFIG, "Couldn't create FallbackDir %s", escaped(line)); goto end; Loading src/or/config.h +5 −3 Original line number Diff line number Diff line Loading @@ -152,10 +152,12 @@ STATIC int parse_transport_line(const or_options_t *options, int server); STATIC int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options); STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type); MOCK_DECL(STATIC void, add_default_fallback_dir_servers, (void)); STATIC int parse_dir_fallback_line(const char *line, STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only); STATIC int parse_dir_fallback_line(const char *line, int validate_only); #endif #endif Loading Loading
changes/bug6027 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor features: - Allow users to configure directory authorities and fallback directory servers with IPv6 addresses and ORPorts. Resolves ticket 6027.
changes/feature17327 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor feature (IPv6): - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc options. Add hard-coded ipv6 addresses for directory authorities with ipv6 lines in their descriptors. Closes ticket 17327; patch from Nick Mathewson / "teor".
doc/tor.1.txt +6 −3 Original line number Diff line number Diff line Loading @@ -358,7 +358,7 @@ GENERAL OPTIONS DataDirectory. If the option is set to 1, make the DataDirectory readable by the default GID. (Default: 0) [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]:: [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__] [ipv6=__address__:__orport__]:: When we're unable to connect to any directory cache for directory info (usually because we don't know about any yet) we try a directory authority. Clients also simultaneously try a FallbackDir, to avoid hangs on client Loading @@ -384,9 +384,12 @@ GENERAL OPTIONS "bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the given port when opening encrypted tunnels to the dirserver. If a flag "weight=**num**" is given, then the directory server is chosen randomly with probability proportional to that weight (default 1.0). Lastly, if a with probability proportional to that weight (default 1.0). If a flag "v3ident=**fp**" is given, the dirserver is a v3 directory authority whose v3 long-term signing key has the fingerprint **fp**. + whose v3 long-term signing key has the fingerprint **fp**. Lastly, if an "ipv6=__address__:__orport__" flag is present, then the directory authority is listening for IPv6 connections on the indicated IPv6 address and OR Port. + + If no **DirAuthority** line is given, Tor will use the default directory authorities. NOTE: this option is intended for setting up a private Tor Loading
src/or/config.c +42 −7 Original line number Diff line number Diff line Loading @@ -600,9 +600,6 @@ static int options_transition_affects_descriptor( static int check_nickname_list(char **lst, const char *name, char **msg); static char *get_bindaddr_from_transport_listen_line(const char *line, const char *transport); static int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only); static int parse_ports(or_options_t *options, int validate_only, char **msg_out, int *n_ports_out, int *world_writable_control_socket); Loading Loading @@ -907,6 +904,7 @@ static const char *default_authorities[] = { "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", "tor26 orport=443 " "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "ipv6=[2001:858:2:2:aabb:0:563b:1526]:443 " "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 " "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " Loading @@ -915,21 +913,26 @@ static const char *default_authorities[] = { "82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D", "gabelmoo orport=443 " "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 " "ipv6=[2001:638:a000:4140::ffff:189]:443 " "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281", "dannenberg orport=443 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", "urras orport=80 " "v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417" /* XX/teor - urras may have an IPv6 address, but it's not in urras' * descriptor as of 11 Dec 2015. See #17813. */, "maatuska orport=80 " "v3ident=49015F787433103580E3B66A1707A00E60F2D15B " "ipv6=[2001:67c:289c::9]:80 " "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", "Faravahar orport=443 " "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", "longclaw orport=443 " "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 " "ipv6=[2620:13:4000:8000:60:f3ff:fea1:7cff]:443 " "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145", NULL }; Loading @@ -938,7 +941,7 @@ static const char *default_authorities[] = { * but only add them insofar as they share bits with <b>type</b>. * Each authority's bits are restricted to the bits shared with <b>type</b>. * If <b>type</b> is ALL_DIRINFO or NO_DIRINFO (zero), add all authorities. */ static void STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type) { int i; Loading Loading @@ -5634,13 +5637,14 @@ get_options_for_server_transport(const char *transport) * (minus whatever bits it's missing) as a valid authority. * Return 0 on success or filtering out by type, * or -1 if the line isn't well-formed or if we can't add it. */ static int STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only) { smartlist_t *items = NULL; int r; char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL; tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL; uint16_t dir_port = 0, or_port = 0; char digest[DIGEST_LEN]; char v3_digest[DIGEST_LEN]; Loading Loading @@ -5697,6 +5701,20 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, } else { type |= V3_DIRINFO|EXTRAINFO_DIRINFO|MICRODESC_DIRINFO; } } else if (!strcasecmpstart(flag, "ipv6=")) { if (ipv6_addrport_ptr) { log_warn(LD_CONFIG, "Redundant ipv6 addr/port on DirAuthority line"); } else { if (tor_addr_port_parse(LOG_WARN, flag+strlen("ipv6="), &ipv6_addrport.addr, &ipv6_addrport.port, -1) < 0 || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) { log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on DirAuthority line", escaped(flag)); goto err; } ipv6_addrport_ptr = &ipv6_addrport; } } else { log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line", flag); Loading Loading @@ -5739,6 +5757,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type, address, (int)dir_port, (char*)smartlist_get(items,0)); if (!(ds = trusted_dir_server_new(nickname, address, dir_port, or_port, ipv6_addrport_ptr, digest, v3_digest, type, weight))) goto err; dir_server_add(ds); Loading Loading @@ -5776,6 +5795,7 @@ parse_dir_fallback_line(const char *line, int ok; char id[DIGEST_LEN]; char *address=NULL; tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL; double weight=1.0; memset(id, 0, sizeof(id)); Loading @@ -5794,6 +5814,20 @@ parse_dir_fallback_line(const char *line, } else if (!strcmpstart(cp, "id=")) { ok = !base16_decode(id, DIGEST_LEN, cp+strlen("id="), strlen(cp)-strlen("id=")); } else if (!strcasecmpstart(cp, "ipv6=")) { if (ipv6_addrport_ptr) { log_warn(LD_CONFIG, "Redundant ipv6 addr/port on FallbackDir line"); } else { if (tor_addr_port_parse(LOG_WARN, cp+strlen("ipv6="), &ipv6_addrport.addr, &ipv6_addrport.port, -1) < 0 || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) { log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on FallbackDir line", escaped(cp)); goto end; } ipv6_addrport_ptr = &ipv6_addrport; } } else if (!strcmpstart(cp, "weight=")) { int ok; const char *wstring = cp + strlen("weight="); Loading Loading @@ -5835,7 +5869,8 @@ parse_dir_fallback_line(const char *line, if (!validate_only) { dir_server_t *ds; ds = fallback_dir_server_new(&addr, dirport, orport, id, weight); ds = fallback_dir_server_new(&addr, dirport, orport, ipv6_addrport_ptr, id, weight); if (!ds) { log_warn(LD_CONFIG, "Couldn't create FallbackDir %s", escaped(line)); goto end; Loading
src/or/config.h +5 −3 Original line number Diff line number Diff line Loading @@ -152,10 +152,12 @@ STATIC int parse_transport_line(const or_options_t *options, int server); STATIC int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options); STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type); MOCK_DECL(STATIC void, add_default_fallback_dir_servers, (void)); STATIC int parse_dir_fallback_line(const char *line, STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only); STATIC int parse_dir_fallback_line(const char *line, int validate_only); #endif #endif Loading
