Hi teor,
Thanks for this epic work, some lecture for me to deeply go over this weekend.
By briefly reviewing I've noticed something important is missing that should be a part of this proposal.
I am not sure under which section it should go under. I guess `3.2.2. Use the Advertised ORPort IPv4 and IPv6 Addresses`, or maybe it's important enough that we should make its own section.
In IPv6, besides publicly routable and non-publicly routable addresses (fe80:// etc.) which are documented in the proposal, we have temporary IPv6 addresses coming from Privacy extensions or RFC4941 IPv6 addresses.
https://tools.ietf.org/rfc/rfc4941.txt
These addresses are publicly routable, they can appear as reachable from the directory authorities or from directory data fetches, but they have limited lifetime and change over time. I am not sure if one such address becomes deprecated if already in use (say by Tor), as the RFC states MAY _if not in use by applications or upper layers_:
"As an optional optimization, an implementation MAY remove a deprecated temporary address that is not in use by applications or upper layers as detailed in Section 6."
But since this is implementation dependent, we cannot be sure about the behavior across different platforms that relays might run on.
It is up to the operating system if such addresses are used or not. In Debian they are disabled by default net.ipv6.conf.eth0.use_tempaddr=0 (unless some desktop packages that use network manager with different settings change it). In Windows (at least Windows 10) apparently they are enabled by default.
The question is, do we want such addresses in relay descriptors? I think such addresses will behave similar to dynamic IPv4 addresses, or even worse since these ones really change when they want, not just when we disconnect and reconnect the network interface. So maybe Tor should detect such behavior and log an error or something?
Actually I'll setup a vm this weekend and give it a native, static /64 IPv6 prefix, enable privacy extension to use temporary addresses and spin up a Tor process on it. Then disconnect the internet a couple of times and see how it behaves, how often it changes.
What do you think?
teor wrote:
Hi,
Here is an initial draft of Proposal 312: Automatic Relay IPv6 Addresses.
This proposal includes:
- relay auto IPv6 addresses, and
- relay auto IPv6 ORPorts.
This is the second of 3 proposals:
- Proposal 311: Relay IPv6 Reachability
- Proposal 312: Automatic Relay IPv6 Addresses
- Proposal 313: Relay IPv6 Statistics
(I haven't written the final one yet.)
I also want to make some minor changes to Proposal 306, so that bridge IPv6 behaviour stays in sync with client IPv6 behaviour. (See section 7 of this proposal for details.)