Opened 3 years ago

Last modified 2 years ago

#25139 new defect

Link protocol negotiation without common version

Reported by: atagar Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Minor Keywords: spec-compliance, protocol, easy, 035-removed-20180711
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Hi lovely core tor folks. I'm presently teaching Stem to communicate over tor's ORPort, and wanted to check about edge case behavior I ran into with the integ tests.

The first step of establishing an ORPort connection is to negotiate the protocol. This is done by...

  • Sending a VERSIONS cell with the link protocol versions we support.
  • Receive a VERSIONS cell in reply with versions the other side supports.
  • All further cells are formatted using the highest common link protocol version.

This is all well and good, but when there isn't a common link protocol version the sender never receives a VERSIONS reply. That is to say, if I send a VERSIONS cell with 3, 4, or 5 things work, but if I send a cell with only other values (1, 2, 6, 20, etc) negotiation terminates right away.

The tor-spec is clear that the connection will be closed, but not if the caller should expect a VERSIONS reply...

If they have no such version in common, they cannot communicate and MUST close the connection.

Personally I have a slight preference for the sender to get a VERSIONS reply, then mutually close the socket. This way the caller will know *why* the connection was closed...

  • "They're a newer tor version than me and only speak higher protocol versions."

... verses...

  • "This is a really old relay that doesn't speak modern protocol versions."

Just food for thought. I'm not heartbroken that connections end right away - just makes for a vague error response to the user.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by nickm

Keywords: spec-compliance protocol easy added
Milestone: Tor: 0.3.5.x-final

comment:2 Changed 2 years ago by jvsg

channel_tls_process_versions_cell(...) in channeltls.c calls connection_or_close_for_error(...) which is responsible for killing connections. This function is called from several other places too.

We should not only implement this functionality for cases where the versions dont match, but we should also implement it for several other cases where a feedback might be useful for the client to know where it's going wrong.

comment:3 Changed 2 years ago by nickm

Keywords: 035-removed-20180711 added
Milestone: Tor: 0.3.5.x-finalTor: unspecified

These tickets are being triaged out of 0.3.5. The ones marked "035-roadmap-proposed" may return.

Note: See TracTickets for help on using tickets.