Opened 4 years ago

Last modified 5 months ago

#20165 new defect

When a relay advertises a new, unreachable address, OR reachability can succeed via the old address

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth testing reachability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor55-can


If a relay has advertised a reachable address in the past, and continues listening on the old address, clients and relays will continue to contact Tor on that address for a few hours.

If the relay starts advertising a new, unreachable address, ORPort reachability will appear to succeed for that new address, because Tor doesn't (and probably can't) check the address clients are connecting to is the one it actually advertised.

And Tor doesn't do ongoing reachability checks, so it publishes its descriptor based on the mistaken reachability, and assumes everthing is OK from then on.

Fortunately, the mandatory DirPort check catches this in 0.2.8 and later.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:2 Changed 4 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:3 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:4 Changed 3 years ago by nickm

Keywords: tor-dirauth testing reachability added

comment:5 Changed 5 months ago by nickm

Sponsor: Sponsor55-can
Note: See TracTickets for help on using tickets.