Opened 5 weeks ago

Last modified 25 hours ago

#31408 assigned defect

torrc : ClientOnionAuthDir after include directives breaks client to v2 services

Reported by: xaho Owned by: asn
Priority: Very High Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords: tor-hs regression 042-must
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


If I append these two statements to torrc, in this order :

ClientOnionAuthDir /etc/tor/auth/
%include /etc/tor/torrc.d/

and restart tor.service, I can connect to 1 × v3 and 4 × v2 services, within seconds.

But if I reverse their order ( %include first ), I can only connect to the v3 service -- all other connections will eventually time out.

In man, I missed to find any recommandation about ordering these statements.

( this is on Debian Stretch with torproject's stretch repo )


Child Tickets

Change History (9)

comment:1 Changed 5 weeks ago by xaho

n.b. if it matters, all of these 5 services are set with an auth/stealth key

comment:2 Changed 5 weeks ago by dgoulet

Keywords: tor-hs regression added; torrc include ClientOnionAuthDir order removed
Milestone: Tor: 0.4.2.x-final

comment:3 Changed 7 days ago by nickm

Keywords: 042-must added

comment:4 Changed 2 days ago by nickm

Priority: MediumVery High

Make all 042-must objects "Very High" priority.

comment:5 Changed 40 hours ago by teor

What's in the rest of your torrc file?
How many files are in torrc.d, and what's in them?

comment:6 Changed 39 hours ago by teor

(We have a new option testing framework in #31637, we could try using it to replicate this issue. And to ensure it doesn't happen again.)

comment:7 Changed 39 hours ago by xaho

In torrc, the above two lines are the only non-commented lines, appended to the maintainer's version.

In torrc.d, there are twelve files containing one or more commented or empty lines, and only one non-commented HidServAuth statement each, all in the format :

HidServAuth name.onion stealthkey # client : hostname

Yet another file is named 'wip' and contains only commented lines. :)

comment:8 Changed 34 hours ago by asn

Owner: set to asn
Status: newassigned

comment:9 Changed 25 hours ago by Jigsaw52

I think it might be useful to have both torrc and the actual files within /etc/tor/torrc.d/ with any sensitive information replaced by 'x'. I am thinking this could be a parsing bug and things like whitespace and new line differences and empty files vs files with only comments/whitespace could matter here.

Note: See TracTickets for help on using tickets.