Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.
Use "preferred OR port" for all entry nodes, not only for bridges.
Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.
Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.
Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.
Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)
Implements ticket 5535.
--- /dev/null
+ o Major features:
+ - If configured with ClientUseIPv6, clients may connect to entry
+ nodes over IPv6. Another new config option, ClientPreferIPv6ORPort,
+ can be set to make this even more likely to happen.
+ Implements ticket 5535.
If no defaults are available there, these options default to 20, .70,
0.0, 200, and 4 respectively.
+**ClientUseIPv6** **0**|**1**::
+ If this option is set to 1, Tor might connect to entry nodes over
+ IPv6. Note that clients configured with an IPv6 address in a
+ **Bridge** option will try connecting over IPv6 if even if
+ **ClientUseIPv6** is set to 0. (Default: 0)
+
+**ClientPreferIPv6ORPort** **0**|**1**::
+ If this option is set to 1, Tor prefers an OR port with an IPv6
+ address over one with IPv4 if a given entry node has both. Other
+ things may influence the choice. This option breaks a tie to the
+ favor of IPv6. (Default: 0)
+
SERVER OPTIONS
--------------
} else if (cur_len == 0) { /* picking first node */
const node_t *r = choose_good_entry_server(purpose, state);
if (r) {
- /* If we're extending to a bridge, use the preferred address
- rather than the primary, for potentially extending to an IPv6
- bridge. */
- int use_pref_addr = (r->ri != NULL &&
- r->ri->purpose == ROUTER_PURPOSE_BRIDGE);
- info = extend_info_from_node(r, use_pref_addr);
+ /* If we're a client, use the preferred address rather than the
+ primary address, for potentially connecting to an IPv6 OR
+ port. */
+ info = extend_info_from_node(r, server_mode(get_options()) == 0);
tor_assert(info);
}
} else {
/** Allocate and return a new extend_info that can be used to build a
* circuit to or through the node <b>node</b>. Use the primary address
- * of the node unless <b>for_direct_connect</b> is true, in which case
- * the preferred address is used instead. May return NULL if there is
- * not enough info about <b>node</b> to extend to it--for example, if
- * there is no routerinfo_t or microdesc_t.
+ * of the node (i.e. its IPv4 address) unless
+ * <b>for_direct_connect</b> is true, in which case the preferred
+ * address is used instead. May return NULL if there is not enough
+ * info about <b>node</b> to extend to it--for example, if there is no
+ * routerinfo_t or microdesc_t.
**/
extend_info_t *
extend_info_from_node(const node_t *node, int for_direct_connect)
}
}
- /* Indicate that we prefer connecting to this bridge over the
- protocol that the bridge address indicates. Last bridge
- descriptor handled wins. */
- node->ipv6_preferred = tor_addr_family(&bridge->addr) == AF_INET6;
+ /* Mark bridge as preferably connected to over IPv6 if its IPv6
+ address is in a Bridge line and ClientPreferIPv6ORPort is
+ set. Unless both is true, a potential IPv6 OR port of this
+ bridge won't get selected.
+
+ XXX ipv6_preferred is never reset (#6757) */
+ if (get_options()->ClientPreferIPv6ORPort == 1 &&
+ tor_addr_family(&bridge->addr) == AF_INET6)
+ node->ipv6_preferred = 1;
/* XXXipv6 we lack support for falling back to another address for
the same relay, warn the user */
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"),
+ V(ClientPreferIPv6ORPort, BOOL, "0"),
V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientTransportPlugin, LINELIST, NULL),
+ V(ClientUseIPv6, BOOL, "0"),
V(ConsensusParams, STRING, NULL),
V(ConnLimit, UINT, "1000"),
V(ConnDirectionStatistics, BOOL, "0"),
node->is_bad_directory = rs->is_bad_directory;
node->is_bad_exit = rs->is_bad_exit;
node->is_hs_dir = rs->is_hs_dir;
+ if (options->ClientPreferIPv6ORPort == 1)
+ node->ipv6_preferred = !tor_addr_is_null(&rs->ipv6_addr);
}
} SMARTLIST_FOREACH_END(rs);
{
tor_assert(ap_out);
- if (node_ipv6_preferred(node))
+ /* Cheap implementation of config option ClientUseIPv6 -- simply
+ don't prefer IPv6 when ClientUseIPv6 is not set. (See #4455 for
+ more on this subject.) Note that this filter is too strict since
+ we're hindering not only clients! Erring on the safe side
+ shouldn't be a problem though. XXX move this check to where
+ outgoing connections are made? -LN */
+ if (get_options()->ClientUseIPv6 == 1 && node_ipv6_preferred(node))
node_get_pref_ipv6_orport(node, ap_out);
else
node_get_prim_orport(node, ap_out);
int node_is_me(const node_t *node);
int node_exit_policy_rejects_all(const node_t *node);
smartlist_t *node_get_all_orports(const node_t *node);
-void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
-void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
-void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
-uint32_t node_get_prim_addr_ipv4h(const node_t *node);
int node_allows_single_hop_exits(const node_t *node);
const char *node_get_nickname(const node_t *node);
const char *node_get_platform(const node_t *node);
+uint32_t node_get_prim_addr_ipv4h(const node_t *node);
void node_get_address_string(const node_t *node, char *cp, size_t len);
long node_get_declared_uptime(const node_t *node);
time_t node_get_published_on(const node_t *node);
const smartlist_t *node_get_declared_family(const node_t *node);
int node_ipv6_preferred(const node_t *node);
+void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
+void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
+void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
smartlist_t *nodelist_get_list(void);
* over randomly chosen exits. */
int ClientRejectInternalAddresses;
+ /** If true, clients may connect over IPv6. XXX we don't really
+ enforce this -- clients _may_ set up outgoing IPv6 connections
+ even when this option is not set. */
+ int ClientUseIPv6;
+ /** If true, prefer an IPv6 OR port over an IPv4 one. */
+ int ClientPreferIPv6ORPort;
+
/** The length of time that we think a consensus should be fresh. */
int V3AuthVotingInterval;
/** The length of time we think it will take to distribute votes. */
projects / thirdparty / tor.git / commitdiff
