Skip to content

Tor's sybil protection doesn't consider IPv6

Some bugs:

get_possible_sybil_list() doesn't consider IPv6 addresses at all.

clear_status_flags_on_sybil() doesn't clear ipv6_addr (and maybe more flags). Obsoleted by consensus method 24, because it requires the Running flag for a router to be in the consensus.

Also, maybe we could add a log_notice or log_info to mention if and which relays were found to be part of a Sybil attack.

Finally (and this is a minor bug), in get_possible_sybil_list() we assume that max_with_same_addr < max_with_same_addr_on_authority, which is true in the current tor network, but maybe it shouldn't be an inherent property of the source code. Obsoleted by legacy/trac#20960 (moved): max_with_same_addr_on_authority has been removed.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information