Opened 5 years ago

Last modified 5 years ago

#5979 new Bug

tr_globalIPv6 returns an RFC 4941 temporary address if one exists

Reported by: delan Owned by: jordan
Priority: Normal Milestone: None Set
Component: libtransmission Version: 2.84+
Severity: Minor Keywords: IPv6
Cc:

Description

Without implementing PCP, there’s no way to automatically tell an upstream firewall to open a port to the host with IPv6. Because of this, traffic over IPv6 will only flow if the host is directly connected to their ISP, or if users manually update the IPv6 firewall rules on their routers.

Transmission announces and listens on the host’s temporary address, instead of its public address, as per RFC 4941. The problem is that this means that users behind a router with a firewall may have to update their firewall rules every day (RFC 4941 § 5).

It looks like this is because tr_globalIPv6 calls tr_globalAddress, which in turn opens a socket to grab its source address. I don’t know much about networking APIs, but would it be possible to query the host for its permanent unicast address, possibly using a platform specific method, falling back on the source address method if that’s not possible?

Privacy Extensions enabled:

https://www.azabani.com/bug/4/privacy_on.png

Privacy Extensions disabled:

https://www.azabani.com/bug/4/privacy_off.png

Change History (3)

comment:1 follow-up: Changed 5 years ago by simon.vetter

Temporary (privacy) addresses are globally routable and should be used instead of EUI-64 (fixed) addresses whenever possible to avoid host tracking (within a /64 or when roaming between different networks).

IMO this is working as intended.

If your firewall requires you to use stable addresses to allow incoming traffic, you might be able to tell Transmission to use that with the bind-address-ipv6 config file option, or disable privacy extensions on your host entirely.

comment:2 in reply to: ↑ 1 Changed 5 years ago by delan

Thanks! The workaround helps with my use case.

Are there any plans to implement PCP, perhaps via MiniUPnP?

comment:3 Changed 5 years ago by mike.dld

See #5415.

Note: See TracTickets for help on using tickets.