Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#19973 closed defect (fixed)

ReachableAddresses applied too broadly

Reported by: nickm Owned by:
Priority: High Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: 0.2.8.2-alpha
Severity: Major Keywords: regression path TorCoreTeam201608
Cc: teor Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The ReachableAddresses filter should only apply when picking a first node. But in 268608c in #17840 , it began to apply to the whole path.

This is bad for path selection, in proportion to the restrictiveness of your ReachableAddresses filter. It's probably not a hard break, but it's important to fix.

Teor found this issue and wrote a patch for it. It should go into an 028 release.

Child Tickets

Change History (6)

comment:1 Changed 18 months ago by nickm

My sample_path branch is supposed to help test this kind of thing.

comment:2 Changed 18 months ago by nickm

Status: newneeds_review

Teor's branch is in my public repository now as bug19973_028.

I hand-confirmed that this bug exists, and that this branch has the intended effect, by using ReachableAddresses to restrict myself to a class A network, and then using "GETINFO circuit-status" to see what paths were built.

comment:3 Changed 18 months ago by nickm

I believe that the patch is correct.

comment:4 Changed 18 months ago by dgoulet

ACK.

I confirm also that I was able to reproduce nickm's experiment as well with the patch and confirm that the bug exists without it although Exit node picking doesn't seem to be affected but Guard and Middle are all strictly picked from the A network (ReachableAddresses filter).

comment:5 Changed 18 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Thanks also for testing here. I've merged this to maint-0.2.8 and forwards.

comment:6 Changed 18 months ago by nickm

Keywords: TorCoreTeam201608 added
Note: See TracTickets for help on using tickets.