Changes between Version 1 and Version 2 of Ticket #27590, comment 13


Ignore:
Timestamp:
Jun 2, 2019, 8:28:27 PM (4 months ago)
Author:
gk
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #27590, comment 13

    v1 v2  
    22> So, here is an interesting issue: If you load the website the first time the circuit display actually shows part of the onion circuit (the one the client controls) *but* the website still says that the content got loaded over the regular Tor circuit. This is true. What happens is that a second request is issued for the favicon which uses the onion in the alt-svc header which then updates the circuit display even though the content did not get loaded over the .onion. What should the display show here?
    33
    4 This is actually a circuit display issue (which we should deal with, though) in the sense that it does not show any alt-svc routing requests at all using the Cloudflare .onion service but rather an orthogonal one. This happens because once the Alt-Svc header is processed the mapping is created and part of that is validating it (see: `AltSvcCache::UpdateAltServiceMapping`) which means in the https:// case just establishing a connection to the alt-svc host. And the circuit display gets in turn updated with the client side rend circuit caused by that validation request.
     4The favicon explanation/idea was actually a red herring. What we see is actually a circuit display issue (which we should deal with, though) in the sense that it does not show any alt-svc routing requests at all using the Cloudflare .onion service but rather an orthogonal one. This happens because once the Alt-Svc response header is processed the mapping is created and part of that is validating it (see: `AltSvcCache::UpdateAltServiceMapping`) which means in the https:// case just establishing a connection to the alt-svc host. And the circuit display gets in turn updated with the client side rend circuit caused by that validation request. There is no actual content sent back and forth here as it takes the non-alt-svc route.