Debian Bug report logs -
#851798
tor: IPv6 connections through tor do not appear to work
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Peter Palfrader <weasel@debian.org>:
Bug#851798; Package tor.
(Wed, 18 Jan 2017 21:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Peter Palfrader <weasel@debian.org>.
(Wed, 18 Jan 2017 21:21:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tor
Version: 0.3.0.1-alpha-1
Severity: normal
Control: block 849845 with -1
Control: affects -1 dirmgnr
consider the following two commands:
curl --socks5-hostname 127.0.0.1:9050 http://www.google.com
curl --socks5-hostname 127.0.0.1:9050 http://ipv6.google.com
www.google.com has A and AAAA records.
ipv6.google.com has only AAAA records.
the first command shows me the body of the 302 redirection.
the second command sends this line to stderr:
curl: (7) Can't complete SOCKS5 connection to 0.0.0.0:0. (4)
and returns error code 7.
afaict, this is true for every connection to an IPv6 address through
tor.
I'm not sure how to debug, but this appears to be what's causing the
tor+ipv6 failures for dirmngr over on https://bugs.debian.org/849845,
so i'm marking this as blocking that bug.
Any suggestions for debugging? can you reproduce the problem? Should
i be trying to do this some other way?
--dkg
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages tor depends on:
ii adduser 3.115
ii init-system-helpers 1.46
ii libc6 2.24-8
ii libevent-2.0-5 2.0.21-stable-2.1
ii libseccomp2 2.3.1-2.1
ii libssl1.1 1.1.0c-2
ii libsystemd0 232-8
ii lsb-base 9.20161125
ii zlib1g 1:1.2.8.dfsg-4
Versions of packages tor recommends:
pn logrotate <none>
ii tor-geoipdb 0.2.9.8-2
ii torsocks 2.2.0-1
Versions of packages tor suggests:
pn apparmor-utils <none>
pn mixmaster <none>
pn obfs4proxy <none>
pn obfsproxy <none>
ii socat 1.7.3.1-2
pn tor-arm <none>
ii torbrowser-launcher 0.2.6-3
-- no debconf information
Added indication that bug 851798 blocks 849845,850606
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to submit@bugs.debian.org.
(Wed, 18 Jan 2017 21:21:05 GMT) (full text, mbox, link).
Added indication that 851798 affects dirmgnr
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to submit@bugs.debian.org.
(Wed, 18 Jan 2017 21:21:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Peter Palfrader <weasel@debian.org>:
Bug#851798; Package tor.
(Mon, 23 Jan 2017 18:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to Peter Palfrader <weasel@debian.org>.
(Mon, 23 Jan 2017 18:54:04 GMT) (full text, mbox, link).
Message #16 received at 851798@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 851798 + patch upstream
On Wed 2017-01-18 16:20:24 -0500, Daniel Kahn Gillmor wrote:
> IPv6 connections through tor do not appear to work
Weasel pointed out that upstream doesn't have IPv6Traffic enabled by
default, though they do ship with it for years in the TBB config.
I've supplied the patch below upstream. I have tested it on top of
debian-tor-0.3.0.2-alpha-1 and it WorksForMe™.
Regards,
--dkg
[0002-set-IPv6Traffic-to-on-by-default.patch (text/x-diff, inline)]
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 23 Jan 2017 13:22:11 -0500
Subject: set IPv6Traffic to on by default
See:
https://trac.torproject.org/projects/tor/ticket/21269
https://bugs.debian.org/851798
---
src/or/config.c | 3 ++-
src/test/test_config.c | 9 ++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 2c239a5e3..83ffe71b1 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6255,6 +6255,7 @@ port_cfg_new(size_t namelen)
tor_assert(namelen <= SIZE_T_CEILING - sizeof(port_cfg_t) - 1);
port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1);
cfg->entry_cfg.ipv4_traffic = 1;
+ cfg->entry_cfg.ipv6_traffic = 1;
cfg->entry_cfg.dns_request = 1;
cfg->entry_cfg.onion_traffic = 1;
cfg->entry_cfg.cache_ipv4_answers = 1;
@@ -6608,7 +6609,7 @@ parse_port_config(smartlist_t *out,
/* This must be kept in sync with port_cfg_new's defaults */
int no_listen = 0, no_advertise = 0, all_addrs = 0,
bind_ipv4_only = 0, bind_ipv6_only = 0,
- ipv4_traffic = 1, ipv6_traffic = 0, prefer_ipv6 = 0, dns_request = 1,
+ ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 0, dns_request = 1,
onion_traffic = 1,
cache_ipv4 = 1, use_cached_ipv4 = 0,
cache_ipv6 = 0, use_cached_ipv6 = 0,
diff --git a/src/test/test_config.c b/src/test/test_config.c
index eeda34e08..3b19cad03 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -4129,6 +4129,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
config_free_lines(config_port_invalid); config_port_invalid = NULL;
config_port_invalid = mock_config_line("SOCKSPort",
"unix:/tmp/foo/bar NoIPv4Traffic "
+ "NoIPv6Traffic "
"NoOnionTraffic");
ret = parse_port_config(NULL, config_port_invalid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4150,6 +4151,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_valid = mock_config_line("DNSPort", "127.0.0.1:80 "
+ "NoIPv6Traffic "
"NoIPv4Traffic NoOnionTraffic");
ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
CONN_TYPE_AP_DNS_LISTENER, NULL, 0,
@@ -4165,6 +4167,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
// Test failure if we have DNS but no ipv4 and no ipv6
config_free_lines(config_port_invalid); config_port_invalid = NULL;
config_port_invalid = mock_config_line("SOCKSPort",
+ "NoIPv6Traffic "
"unix:/tmp/foo/bar NoIPv4Traffic");
ret = parse_port_config(NULL, config_port_invalid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4177,6 +4180,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_valid = mock_config_line("SOCKSPort", "unix:/tmp/foo/bar "
+ "NoIPv6Traffic "
"NoDNSRequest NoIPv4Traffic");
ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4198,6 +4202,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_valid = mock_config_line("SOCKSPort", "unix:\"/tmp/foo/ bar\" "
+ "NoIPv6Traffic "
"NoDNSRequest NoIPv4Traffic");
ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4219,6 +4224,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_valid = mock_config_line("SOCKSPort", "unix:\"/tmp/foo/ bar "
+ "NoIPv6Traffic "
"NoDNSRequest NoIPv4Traffic");
ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4230,6 +4236,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
smartlist_clear(slout);
config_port_valid = mock_config_line("SOCKSPort", "unix:\"\" "
+ "NoIPv6Traffic "
"NoDNSRequest NoIPv4Traffic");
ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS",
CONN_TYPE_AP_LISTENER, NULL, 0,
@@ -4604,7 +4611,7 @@ test_config_parse_port_config__ports__ports_given(void *data)
tt_int_op(smartlist_len(slout), OP_EQ, 1);
port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1);
- tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 0);
+ tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1);
// Test failure for a SessionGroup argument with invalid value
config_free_lines(config_port_invalid); config_port_invalid = NULL;
[signature.asc (application/pgp-signature, inline)]
Added tag(s) upstream and patch.
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to 851798-submit@bugs.debian.org.
(Mon, 23 Jan 2017 18:54:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Peter Palfrader <weasel@debian.org>:
Bug#851798; Package tor.
(Mon, 23 Jan 2017 19:06:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to Peter Palfrader <weasel@debian.org>.
(Mon, 23 Jan 2017 19:06:14 GMT) (full text, mbox, link).
Message #23 received at 851798@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: reassign 849845 tor
Control: forcemerge 851798 849845
I believe that the only remaining problems with dirmngr and keyserver
resolution over Tor have to do with IPv6Traffic being set to "off" in
the standard tor configuration. So this isn't really a bug in dirmngr
(other than weak error reporting, which i hope we can get addressed
upstream in https://bugs.gnupg.org/gnupg/issue2902)
--dkg
[signature.asc (application/pgp-signature, inline)]
Removed indication that bug 851798 blocks 849845,850606
Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net>
to control@bugs.debian.org.
(Mon, 23 Jan 2017 20:15:21 GMT) (full text, mbox, link).
Message #28 received at 849845-done@bugs.debian.org (full text, mbox, reply):
Version: 0.3.0.3-alpha-1
This should have been fixed in February with
| o Minor feature (client):
| - Enable IPv6 traffic on the SocksPort by default. To disable this,
| a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 05 Aug 2017 07:25:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Nov 2 01:36:40 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.