Opened 2 months ago

Closed 8 weeks ago

Last modified 8 weeks ago

#27826 closed defect (invalid)

incompatibility between tor 0.3.4.8 and onionbalance 0.1.6

Reported by: pabs Owned by:
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor: 0.3.4.8
Severity: Normal Keywords: regression?, tor-hs, onionbalance 034-backport
Cc: dgoulet, asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Debian recently upgraded our onion services from tor 0.3.3.9-1~bpo9+1 to 0.3.4.8-1~bpo9+1 (from the Debian stretch-backports archive) while using onionbalance 0.1.6-1 from Debian stretch. This broke all of our onion services that are backed by multiple hosts using onionbalance. Access to the backend addresses was working fine in Tor Browser, but the frontend addresses were timing out. I tried downgrading tor on the backends but that did not help. Downgrading tor on the onionbalance host helped and upgrading onionbalance to 0.1.8-3 from Debian buster also fixed the issue. I've requested an onionbalance backport but on IRC arma requested I file a bug report about the incompatibility. The onionbalance logs showed lots of these errors:

[WARNING]: Error generating descriptor: No introduction points for service <frontend>.onion.
[INFO]: Our descriptor for instance <backend>.onion is too old. The instance may be offline.

PS: arma requested on IRC that dgoulet/asn look at this.

Child Tickets

Change History (11)

comment:1 Changed 2 months ago by arma

Note that these are v2 onion services.

I asked pabs to try the various version combinations again, to get more confidence that various combinations work / don't work.

dgoulet, asn, did 0.3.4.x change the publishing timeframes for v2 onion service descriptors? I didn't see anything about that in the release notes.

comment:2 Changed 2 months ago by pabs

Downgrading onionbalance to 0.1.6-1 reintroduced the errors in the logs, but I can still access the frontend onion addresses at this time. I guess the old working descriptors will take some time to expire? This is one of the onion services, more on the Debian site:

http://sgvtcaew4bxjd7ln.onion/debian-security/
https://onion.debian.org/

comment:3 Changed 2 months ago by traumschule

Keywords: regression? tor-hs onionbalance added; onion-service removed

comment:4 Changed 8 weeks ago by nickm

Keywords: 034-backport added
Milestone: Tor: 0.3.5.x-final

comment:5 Changed 8 weeks ago by pabs

The working descriptors have now expired and that onion service no longer works. Debian folks are going to be re-upgrading our onionbalance now.

comment:6 Changed 8 weeks ago by dgoulet

dgoulet, asn, did 0.3.4.x change the publishing timeframes for v2 onion service descriptors? I didn't see anything about that in the release notes.

v2 services have *not* changed in terms of publishing timeframe... I've gone over the ChangeLog and I can't see anything that would cause this regression... I've pinged Donnacha to know if he can point us to some places to look for.

comment:7 Changed 8 weeks ago by pabs

It looks like my initial assessment of incompatibility was incorrect, right now we are having the same issue with tor 0.3.4.8 and onionbalance 0.1.8.

comment:8 Changed 8 weeks ago by pabs

tor on the host has only logged 0% bootstrap after I restarted it recently, so maybe that is the issue.

comment:9 Changed 8 weeks ago by pabs

After some debugging I discovered the issue is nothing to do with onionbalance. I'll file a new bug, please close this one.

comment:10 Changed 8 weeks ago by pabs

Resolution: invalid
Status: newclosed

comment:11 Changed 8 weeks ago by traumschule

follow-up: #27849

Note: See TracTickets for help on using tickets.