Opened 5 years ago

Last modified 2 years ago

#11397 new enhancement

Keep using too-dirty circuits if no new circuit can be built?

Reported by: evandro Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client needs-design security-relevant circuit-usage not-sure-if-good-idea
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When behind a firewall that not only lets only a few ports through but that also validates that only the expected protocol is passing through, it may take dozens of seconds to build a new circuit. In the meantime, new connections will timeout before new circuits are built.

This behavior deserves some attention. Perhaps until a new circuit is built, an old circuit should continue to be used or after a few seconds of waiting for the new circuit.

However, if there's no connection alive, there might not even be old circuits to fall back to. Then, the user might be given the choice to always keep an old circuit open, even if idle, until a new circuit is built.

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by nickm

Milestone: Tor: 0.2.6.x-final

comment:2 Changed 5 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.???
12:11 < athena> slightly worried about a change that makes us potentially use 
                an old circuit forever if the firewall starts blocking *all* 
                new connections
12:11 < athena> *maybe* it'd be okay if we introduced soft and hard timeouts 
                for circuits
12:11 <@nickm> with single-guard, you should pretty much always have a good 
               connection though.
12:12 < athena> i.e., older than the soft timeout means new connection triggers 
                building a new circuit and uses the old if it takes too long
12:12 < athena> hard blocks new connections until a fresh circuit is available
12:12 < athena> hmmm
12:12 < athena> (we still might have multiple guards if the user changes the 
                config setting manually, though, IIUC)
12:13 <@nickm> that's true, but I'm not sure how much time we should spend 
               optimizing for people behind fascist firewalls who also use 
               non-default guard settings
12:13 <@nickm> also, we are supposed to be building circuits preemptively, and 
               using them preemptively.  So for most people, this shouldn't be 
               a problem.
12:13 < athena> also, with single guard, when we build a new circuit, do we use 
                the existing channel to the guard to do it, or open a whole new 
                channel?
12:13 < athena> the former, i think
12:13 <@nickm> we use the existing channel
12:14 <@nickm> I say that I should copy-and-paste most of this discussion, and 
               put the ticket in ???
12:14 < athena> yeah

comment:3 Changed 5 years ago by nickm

Summary: Building circuits blocks new connectionsKeep using too-dirty circuits if no new circuit can be built?

comment:4 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 2 years ago by nickm

Keywords: tor-client needs-design security-relevant circuit-usage not-sure-if-good-idea added
Severity: Normal
Note: See TracTickets for help on using tickets.