Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#18623 closed defect (fixed)

DirPort reachability test fails preventing the relay to work properly

Reported by: dgoulet Owned by:
Priority: Very High Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: 0.2.8.1-alpha
Severity: Blocker Keywords: must-fix-before-028-rc regression
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

(On git master: ea9472d)

Few seconds after the bootstrap is completed, this warning appears:

[warn] We just marked ourself as down. Are your external addresses reachable?

followed by this in the info log:

[info] TLS error while handshaking with "XXX.XXX.XXX.XXX": http request (in SSL routines:SSL23_GET_CLIENT_HELLO:unknown state)
[info] connection_tls_continue_handshake(): tls error [misc error]. breaking connection.
...
[info] connection_dir_client_reached_eof(): 'fetch' response not all here, but we're at eof. Closing.

and then the relay fails to join the network thus not usable. I track down the commit that introduces this regression (git bisect):

commit 2d33d192fc4dd0da2a2e038dd87b277f8e9b90de

This is a blocker because anyone using an IPv4 (haven't tested on v6) DirPort address will suffer from this. Only having an ORPort open is fine.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by teor

Keywords: must-fix-before-028-rc regression added

We fixed a similar bug on this commit in #18348.
Bugs were introduced in this area of the code by #12538 and #18050, and fixed in #18616.

I can replicate this issue when I run the latest master on a relay with a DirPort. I wonder what the cause is?

comment:2 Changed 3 years ago by dgoulet

This is what I have so far. After a bit more digging, this commit has an issue: e72cbf7a4

In function directory_initiate_command_rend(), we only send the request to the DirPort if or_connection is 0 else we use the ORPort.

const int or_connection = use_begindir || anonymized_connection;

The problem is that the dir port test does use an anonymized connection (DIRIND_ANON_DIRPORT). I've made a patch that correctly sets the or_connection but it's still failing for some reason. (At least, I can see that we do test the right port.)

comment:3 Changed 3 years ago by dgoulet

Status: newneeds_review

See branch: bug18623_028_01

(No changes file since that bug was never released.)

comment:4 Changed 3 years ago by nickm

Looks plausible, merged it!

comment:5 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

comment:6 Changed 3 years ago by teor

(I won't review this, it's been obsoleted by #18625.)

Note: See TracTickets for help on using tickets.