Opened 8 months ago

Last modified 6 weeks ago

#23507 accepted defect

Add single onion unreachable address algorithm to prop224

Reported by: teor Owned by: dgoulet
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: doc, tor-spec, prop224, tor-hs, single-onion, ipv6, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: #23493 Points: 0.5
Reviewer: Sponsor:

Description

Here is how we make IPv6 (and other unreachable addresses) work with single-hop client and service connections to intro and rend points. It works for v2 single onion services. We talked about it for v3, but it never made it into the prop224 spec.

Here are the steps:

  1. The service chooses and connects to the intro point (possibly using a 3-hop path if it is a single onion service and can't reach it directly)
  2. The service always puts IPv4 and IPv6 in its descriptor link specifiers (if they are available in directory documents)
  3. If the link specifier has a reachable address, and the service is not a single onion service, a Tor2web client (currently v2 only) can use it to make a direct connection to the intro point
  4. Otherwise, the client connects over a 3-hop path via one of its reachable entry nodes

The process for client rendezvous is similar, but if the client knows that the service is a single onion service, it *must* connect to the rend point using a 3-hop path. (Again, this only matters for Tor2web, which is v2 only).

Child Tickets

Change History (10)

comment:1 Changed 8 months ago by dgoulet

Status: newneeds_information

I do think we have all this logic in place already *except* for the concept of both IPv4 or IPv6 but that is a know limitation for now and postponed to 033 (#23502).

Can you confirm it?

  • pick_intro_point() when a service picks intro points.
  • hs_get_extend_info_from_lspecs() is the function called by the client to get the extend_info_t from the descriptor. It has many checks (and some a missing for IPv6 #23502). It WILL NEVER be a direct connection for client in v3 (no Tor2web).
  • hs_get_extend_info_from_lspecs() (same as the above) is used by the service to connect to the rendezvous point. This time it can consider for direct connection.

Again, you'll notice that the IPv6 problem in #23502 aren't addressed but apart from that, is the algorithm you describe followed?

comment:2 Changed 8 months ago by dgoulet

Owner: set to dgoulet
Status: needs_informationaccepted

comment:3 Changed 8 months ago by teor

Keywords: doc added

IPv6 v3 single onion services appear to work on master. We should say that they're using a work around in the 0.3.2 release notes.

But this ticket is about getting the algorithm in the prop224 spec. Then we can document the behaviour we want, and implement the rest of it in 0.3.3.

comment:4 Changed 8 months ago by teor

Oh, no it doesn't work on master. I think we should fix that.

comment:5 in reply to:  1 Changed 8 months ago by teor

Replying to dgoulet:

I do think we have all this logic in place already *except* for the concept of both IPv4 or IPv6 but that is a know limitation for now and postponed to 033 (#23502).

Can you confirm it?
...
Again, you'll notice that the IPv6 problem in #23502 aren't addressed but apart from that, is the algorithm you describe followed?

No, it's broken in several places in 0.3.2.1-alpha (single onion service descriptor link specifiers, and fallback 3-hop connections for intro and rend). That's why the test doesn't work.

For fixes for 0.3.2 and a plan for 0.3.3, see https://trac.torproject.org/projects/tor/ticket/23493#comment:9

comment:6 Changed 7 months ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

Full dual stack single onion service should be in 033+ so I propose we make a proper spec of the algo once we have it working correctly so I'm postponing this to 033.

comment:7 Changed 4 months ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Move 033 ticket I own to 034

comment:8 Changed 8 weeks ago by nickm

Keywords: 034-triage-20180328 added

comment:9 Changed 8 weeks ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:10 Changed 6 weeks ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.