Opened 10 months ago

Closed 10 months ago

Last modified 10 months ago

#27826 closed defect (invalid)

incompatibility between tor 0.3.4.8 and onionbalance 0.1.6

Reported by: pabs Owned by:
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor: 0.3.4.8
Severity: Normal Keywords: regression?, tor-hs, onionbalance 034-backport
Cc: dgoulet, asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Debian recently upgraded our onion services from tor 0.3.3.9-1~bpo9+1 to 0.3.4.8-1~bpo9+1 (from the Debian stretch-backports archive) while using onionbalance 0.1.6-1 from Debian stretch. This broke all of our onion services that are backed by multiple hosts using onionbalance. Access to the backend addresses was working fine in Tor Browser, but the frontend addresses were timing out. I tried downgrading tor on the backends but that did not help. Downgrading tor on the onionbalance host helped and upgrading onionbalance to 0.1.8-3 from Debian buster also fixed the issue. I've requested an onionbalance backport but on IRC arma requested I file a bug report about the incompatibility. The onionbalance logs showed lots of these errors:

[WARNING]: Error generating descriptor: No introduction points for service <frontend>.onion.
[INFO]: Our descriptor for instance <backend>.onion is too old. The instance may be offline.

PS: arma requested on IRC that dgoulet/asn look at this.

Child Tickets

Change History (11)

comment:1 Changed 10 months ago by arma

Note that these are v2 onion services.

I asked pabs to try the various version combinations again, to get more confidence that various combinations work / don't work.

dgoulet, asn, did 0.3.4.x change the publishing timeframes for v2 onion service descriptors? I didn't see anything about that in the release notes.

comment:2 Changed 10 months ago by pabs

Downgrading onionbalance to 0.1.6-1 reintroduced the errors in the logs, but I can still access the frontend onion addresses at this time. I guess the old working descriptors will take some time to expire? This is one of the onion services, more on the Debian site:

http://sgvtcaew4bxjd7ln.onion/debian-security/
https://onion.debian.org/

comment:3 Changed 10 months ago by traumschule

Keywords: regression? tor-hs onionbalance added; onion-service removed

comment:4 Changed 10 months ago by nickm

Keywords: 034-backport added
Milestone: Tor: 0.3.5.x-final

comment:5 Changed 10 months ago by pabs

The working descriptors have now expired and that onion service no longer works. Debian folks are going to be re-upgrading our onionbalance now.

comment:6 Changed 10 months ago by dgoulet

dgoulet, asn, did 0.3.4.x change the publishing timeframes for v2 onion service descriptors? I didn't see anything about that in the release notes.

v2 services have *not* changed in terms of publishing timeframe... I've gone over the ChangeLog and I can't see anything that would cause this regression... I've pinged Donnacha to know if he can point us to some places to look for.

comment:7 Changed 10 months ago by pabs

It looks like my initial assessment of incompatibility was incorrect, right now we are having the same issue with tor 0.3.4.8 and onionbalance 0.1.8.

comment:8 Changed 10 months ago by pabs

tor on the host has only logged 0% bootstrap after I restarted it recently, so maybe that is the issue.

comment:9 Changed 10 months ago by pabs

After some debugging I discovered the issue is nothing to do with onionbalance. I'll file a new bug, please close this one.

comment:10 Changed 10 months ago by pabs

Resolution: invalid
Status: newclosed

comment:11 Changed 10 months ago by traumschule

follow-up: #27849

Note: See TracTickets for help on using tickets.