Discussion:
[tor-dev] path selection constraints: /16 subnet rule when using bridges
nusenu
2017-12-19 16:10:00 UTC
Permalink
Hi,

does the following also apply if a Tor users chooses to use a bridge?
- We do not choose more than one router in a given /16 subnet
[1]

Will tor ensure that the relays are not in the same /16 netblock with the bridge?

thanks,
nusenu

[1] https://gitweb.torproject.org/torspec.git/tree/path-spec.txt#n239
--
https://mastodon.social/@nusenu
twitter: @nusenu_
teor
2017-12-19 16:23:00 UTC
Permalink
Post by nusenu
does the following also apply if a Tor users chooses to use a bridge?
- We do not choose more than one router in a given /16 subnet
[1]
Will tor ensure that the relays are not in the same /16 netblock with the bridge?
Yes, as each node is added to the path, its IPv4 address is checked
against the IPv4 /16 netblocks of the existing nodes in the path.
This includes relays and bridges.

There is no support for checking IPv6 addresses yet:
https://trac.torproject.org/projects/tor/ticket/24393
But when there is, we will check IPv6 /32s, for those nodes that have IPv6
addresses.
Post by nusenu


[1] https://gitweb.torproject.org/torspec.git/tree/path-spec.txt#n239
nusenu
2017-12-19 18:00:00 UTC
Permalink
Thanks for confirming.
--
https://mastodon.social/@nusenu
twitter: @nusenu_
nusenu
2017-12-19 23:00:00 UTC
Permalink
Post by teor
Post by nusenu
does the following also apply if a Tor users chooses to use a bridge?
- We do not choose more than one router in a given /16 subnet
[1]
Will tor ensure that the relays are not in the same /16 netblock with the bridge?
Yes, as each node is added to the path, its IPv4 address is checked
against the IPv4 /16 netblocks of the existing nodes in the path.
This includes relays and bridges.
https://trac.torproject.org/projects/tor/ticket/24393
But when there is, we will check IPv6 /32s, for those nodes that have IPv6
addresses.
Does it check only against actively used ORPort IPv4 address or all ORPort IPs
in the bridge descriptor when connecting to the bridge via IPv6?

example:
- bridge has an IPv6 and IPv4 1.1.2.2
- exit has 1.1.2.3
- tor client connects to the bridge using IPv6

Will the client use that exit if it connects to the bridge via IPv6?


thanks,
nusenu
--
https://mastodon.social/@nusenu
twitter: @nusenu_
teor
2017-12-20 01:45:50 UTC
Permalink
Post by nusenu
Post by teor
Post by nusenu
does the following also apply if a Tor users chooses to use a bridge?
- We do not choose more than one router in a given /16 subnet
[1]
Will tor ensure that the relays are not in the same /16 netblock with the bridge?
Yes, as each node is added to the path, its IPv4 address is checked
against the IPv4 /16 netblocks of the existing nodes in the path.
This includes relays and bridges.
https://trac.torproject.org/projects/tor/ticket/24393
But when there is, we will check IPv6 /32s, for those nodes that have IPv6
addresses.
Does it check only against actively used ORPort IPv4 address or all ORPort IPs
in the bridge descriptor when connecting to the bridge via IPv6?
- bridge has an IPv6 and IPv4 1.1.2.2
- exit has 1.1.2.3
- tor client connects to the bridge using IPv6
Will the client use that exit if it connects to the bridge via IPv6?
It only checks IPv4 addresses for the moment, regardless of how it
connects.

T

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------
Loading...