add IPv6 support / port to nftables or Berkeley Packet Filter (BPF)

[adrelanos]

IPv6 is coming.

https://trac.torproject.org/projects/tor/ticket/21269

Having corridor support IPv6 would be of tremendous help leak testing Whonix if/when it gets added IPv6 supports / ported to nftables.

https://phabricator.whonix.org/T509

[rustybird]

The IPv6Traffic option discussed in that ticket only affects connections from the exit node to the destination host. For IPv6 connections between the tor client and the Tor network, there's ClientUseIPv6. It too is disabled by default, and not enabled by Tor Browser. Until that changes, corridor should probably continue to block all forwarded IPv6 traffic unconditionally.

But being able to also log the blocked IPv6 traffic would be helpful, indeed. We could add a $LOGGED6 environment variable selecting some IPv6 client addresses, like $LOGGED for IPv4. Or simplify things by changing $LOGGED to a list of incoming network interfaces (such as eth+ wlan0, or just + to match all) on which every kind of blocked traffic is logged for every client.