Clients should always tunnel connections, and never fall back to a DirPort
Otherwise, client privacy might be compromised.
Activity
changed milestone to %Tor: 0.2.8.x-final
Does this apply also to more cases? I see in
should_use_directory_guards():if (options->DownloadExtraInfo || options->FetchDirInfoEarly || options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors) return 0;At that point, we know it's a client, should it simply return 1 all the time instead so we always use a dir guard? (Also, am I looking at the right place? :)
Trac:
Sponsor: N/A to None
Status: new to needs_information
Directory guards isn't the same as tunneled connections. Directory guards means "Use a fixed node (a guard node!) for directory connections, just as with regular circuits." Tunneled connections mean to use a tor connection and BEGINDIR, instead of simply connecting to an HTTP dirport.
Or do I misunderstand the question?
Roger's fixes in #18809 (moved) might mean that we need this in 0.2.8 as well.
Trac:
Keywords: N/A deleted, must-fix-before-028-rc addedWhen a Tor client selects a directory mirror with an ORPort it can't reach, it uses the DirPort. Instead, clients should only select relays with ORPorts they can reach, and should never use DirPorts.
Clients (and onion services, and bridges(?)) should never use the following dir_indirection_t:
- DIRIND_DIRECT_CONN
- DIRIND_ANON_DIRPORT
We should modify the meaning of DIRIND_ONEHOP so tor only falls back when it is in public_server_mode():
Default: connect over a one-hop Tor circuit. Only fall back to direct connection if you are a non-bridge relay or authority.
Is this too big a change to make just before the 0.2.8 release? I'm concerned because we need it to make #18809 (moved) simpler, and that's a fix on a feature that's in 0.2.8.
Trac:
Summary: Clients should always tunnel connections, even if FetchDirInfoExtraEarly is set to Clients should always tunnel connections, and never fall back to a DirPort
Status: needs_information to newPlease see my branch feature18483 on https://github.com/teor2345/tor.git
Trac:
Type: defect to enhancement
Status: new to needs_review
Points: N/A to small
Parent: N/A to #18809 (moved)
Actualpoints: N/A to 2 hoursI've added 3 more commits to this branch, to fix #18929 (moved).
Added further commits to this branch as part of #18929 (moved), including a unit test from isis.
I split #18483 (moved), #18921 (moved), and #18929 (moved) into three separate branches for 0.2.8, and a branch for 0.2.9. Please see feature18483-028 on https://github.com/teor2345/tor.git for this issue. feature18483-028 depends on bug18921 and bug18929-v2. It needs to be merged to 0.2.8. I split off a branch which contains cosmetic changes only into #18962 (moved).
Replying to nickm from #18921:
Initial Questions:
- e726459eaf57ffe98c36730af58287229c9531d6: Are we really really sure that every possible case of the big complicated function directory_fetches_from_authorities() should be replaced with !directory_must_use_begindir() ?
Calling this NM1.
e726459eaf57ffe98c36730af58287229c9531d6 is Make clients always use begindir for directory requests. After the split, it is 0de9faa402bebc98a58c9f65149e72e598926184 in feature18483-028. The code is unchanged from the original commit.
This function determines whether one-hop connections use a DirPort or begindir over ORPort.
Previously, our logic was "if connecting to an authority, don't use begindir". (Perhaps this was to reduce load? If so, the fallback directories feature should reduce load on the authorities, more than enough to compensate for the increased load from begindir. Also, some relays will not use begindir now, when they used to before.)
Now, our logic is, "if you are a client, or hidden service, or bridge, use begindir".
Here are the cases from directory_fetches_from_authorities, and how they change:
-
FetchDirInfoEarly- changes clients to use begindir
- previously, anything with FetchDirInfoEarly 1 used DirPort, which is bad for clients
- now, clients with FetchDirInfoEarly will use begindir, which is what we want
- now, relays with FetchDirInfoEarly will use DirPort, which is also what we want
-
BridgeRelay- stays the same
- unchanged, bridge relays will continue to use begindir
-
server_mode() and don't know our address- stays the same
- previously, relays without an IP address used DirPort to get an IP address
- now, all relays will use DirPort (including relays without an IP address)
-
!dir_server_mode(options) && !refuseunknown- changes some relays to use DirPort
- previously, non-directory non-exits used to use begindir
- now, all relays will use DirPort (including non-directory non-exit relays)
- now, all clients will use begindir
-
!server_mode(options) || !advertised_server_mode()- changes some relays to use DirPort
- previously, non-servers or non-advertised servers used to use begindir
- now, all public servers will use DirPort
- now, all clients and bridges will use begindir
-
!router_get_my_routerinfo || (!supports_tunnelled_dir_requests && !refuseunknown)- changes some relays to use DirPort
- previously, tors without descriptors (clients), and non-directory non-exits used to use begindir
- now, all relays will use DirPort (including non-directory non-exit relays)
- now, all clients will use begindir
- default
- stays the same
- previously, directories and exits used to use DirPort
- now, all relays will use DirPort (including directories and exits)
Edit: quote code for readability on trac
Trac:
Keywords: TorCoreTeam201605 deleted, N/A added-
NOTE to nickm: I'll have to rebase this one last time since I went and squashed and merged #18921 (moved). That's on me, though.
0de9faa402bebc98a58c9f65149e72e598926184:
- begindir_reason will never be set! You need to declare the
reasonargument indirectory_command_should_use_begindiras "const char * *", notconst char *.
Otherwise, this looks good.
- begindir_reason will never be set! You need to declare the
Replying to nickm:
NOTE to nickm: I'll have to rebase this one last time since I went and squashed and merged #18921 (moved). That's on me, though.
I did the rebase into my branch feature18483-028-v2 because of changes in #18929 (moved):
Old commit / New commit / Name 0de9faa a5b5447 Make clients always use begindir for directory requests 15fe5e8 950eae4 Make clients only select directories with reachable ORPorts aec84c5 8febffe Only choose directory DirPorts on relays
The following commits were deleted because this no longer depends on #18929 (moved): 8adbfab Merge branch 'bug18921' into feature18483-028 1100a70 Revert "Remove must_have_or from router_has_non_preferred_address_rs" 5c8fde2 Only fall back to nodes with valid ORPorts when using begindir
0de9faa402bebc98a58c9f65149e72e598926184:
- begindir_reason will never be set! You need to declare the
reasonargument indirectory_command_should_use_begindiras "const char * *", notconst char *.
Oops! Pointer handling error. Calling this NM1. 9f01dc4 fixup! Make clients always use begindir for directory requests
Otherwise, this looks good.
Let's get it merged, I am much happier with it now it's disentangled and #18929 (moved) has shrunk. (And it merges fine on top of both maint-0.2.8 and the new #18929 (moved).)
See #18962 (moved) for a rebased feature18483-cleanup-v2, which can go in 0.2.9.
- begindir_reason will never be set! You need to declare the
mentioned in issue #18809 (moved)
mentioned in issue #18921 (moved)
mentioned in issue #18929 (moved)
mentioned in issue #18962 (moved)
mentioned in issue #19006 (moved)
mentioned in issue #19129 (moved)
moved to tpo/core/tor#18483 (closed)
mentioned in issue tpo/core/fallback-scripts#19129
