Opened 12 years ago

Last modified 7 years ago

#601 closed defect (Not a bug)

tor ignores ExitNodes even when StrictExitNodes is set

Reported by: iar Owned by:
Priority: Low Milestone: 0.2.0.x-final
Component: Core Tor/Tor Version: 0.1.2.19
Severity: Keywords:
Cc: iar, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

win xp sp2, vidalia bundle 0.0.16, tor v0.1.2.19

log shows chosen exits not from the ExitNodes list

[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]

Child Tickets

Change History (7)

comment:1 Changed 12 years ago by iar

Suspected spaces problem in specified paths first. Translated all paths to short form in torrc and vidalia.conf, but that did not help. Started tor from command line to make sure torrc gets parsed:

D:\Program Files\Vidalia Bundle\Tor>tor -f D:\DOCUME~1\ADMINI~1\APPLIC~1\Vidalia\torrc

Still uses nodes which are not listed for ExitNodes. Otherwise it works, FireFox loads web pages when used with privoxy and torbutton.

Please excuse me, attachment upload did not work for the current torrc file, therefore I paste it below:

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

# If set, Tor will accept connections from the same machine (localhost only)
# on this port, and allow those connections to control the Tor process using
# the Tor Control Protocol (described incontrol-spec.txt).
ControlPort 9051
# Store working data, state, keys, and caches here.
DataDirectory D:\DOCUME~1\ADMINI~1\APPLIC~1\tor
# A list of nodes never to use when building a circuit.
ExcludeNodes kooh4Equinut
# A list of preferred nodes to use for the last hop in circuits, when
# possible.
ExitNodes desync,jalopy,nixnix,lefkada,petspaper,AoF,bettyboop,MrRelay
HashedControlPassword 16:12B33EE8B77F30ED600A3DBEA89BAADED43DC85DDC06DB5047E38DFA90
# Where to send logging messages. Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log debug file D:\DOCUME~1\ADMINI~1\APPLIC~1\VIDALIA\tor-log.txt
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksListenAddress 127.0.0.1
# If set, Tor will fail to operate when none of the configured ExitNodes can
# be used.
StrictExitNodes 1

comment:2 Changed 12 years ago by nickm

Is this for regular requests to normal websites, or only for specific websites?

Are there any interesting statements in your Tor log for these?

comment:3 Changed 12 years ago by iar

Hmm, very good question. I took another look only to see while some cirles get constructed with invalid
exit nodes, they are never actually used when loading web pages. Vidalia shows me two invalid connections
as open, but these are not used. The other two have valid exit nodes, and traffic goes thru them. Strange
thing is that it seems to be keep picking only one exit node from the list (if I close one, the newly
constucted one has the same exit). Is it normal?

Anyway, I think the bug can be closed. Sorry, my fault.

I copied some relevant parts of the log file here for another test run. It shows two nodes used as an
exit node though they are not on the ExitNodes list: amphetamine and bellerophontes. Vidalia shows this
in the view the network screen, and the log seems to confirm that. One circle used here was hasselbach2

  • tor1lvps4belenus - amphetamine. Actually, this never gets use. The log file made me think that these

would be used:

...

Feb 09 01:14:25.203 [debug] routerstatus_list_update_from_networkstatus(): Router 'amphetamine' is listed by 5/5 directories, named by 1/3, validated by 5/5, and 3/3 recent directories think it's running.

...

Feb 09 01:14:31.562 [debug] connection_tls_continue_handshake(): wanted read
Feb 09 01:14:31.562 [debug] global_read_bucket now 6291456.
Feb 09 01:14:31.562 [debug] global_write_bucket now 6291456.
Feb 09 01:14:31.562 [info] circuit_predict_and_launch_new(): Have 3 clean circs (1 uptime-internal, 1 internal), need another hidserv circ.
Feb 09 01:14:31.562 [debug] new_route_len(): Chosen route length 3 (1918 routers available).
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Path is 0 long; we want 3
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Chose router hasselbach2 for hop 1 (exit is amphetamine)
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Path is 1 long; we want 3
Feb 09 01:14:31.562 [debug] choose_good_middle_server(): Contemplating intermediate hop: random choice.
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Chose router tor1lvps4belenus for hop 2 (exit is amphetamine)
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Path is 2 long; we want 3
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Chose router amphetamine for hop 3 (exit is amphetamine)
Feb 09 01:14:31.562 [debug] onion_extend_cpath(): Path is complete: 3 steps long
Feb 09 01:14:31.562 [debug] circuit_handle_first_hop(): Looking for firsthop '80.237.160.214:9001'
Feb 09 01:14:31.562 [debug] circuit_handle_first_hop(): Conn open. Delivering first onion skin.
Feb 09 01:14:31.562 [debug] circuit_send_next_onion_skin(): First skin; sending create cell.
Feb 09 01:14:31.562 [debug] circuit_deliver_create_cell(): Chosen circID 52837.
Feb 09 01:14:31.562 [debug] write_to_buf(): added 512 bytes to buf (now 512 total).
Feb 09 01:14:31.562 [info] circuit_send_next_onion_skin(): First hop: finished sending CREATE_FAST cell to 'hasselbach2'
Feb 09 01:14:31.562 [debug] conn_write_callback(): socket 1688 wants to write.

...

Feb 09 01:14:31.734 [debug] command_process_created_cell(): at OP. Finishing handshake.
Feb 09 01:14:31.734 [info] circuit_finish_handshake(): Finished building fast circuit hop:
Feb 09 01:14:31.734 [info] internal (high-uptime) circ (length 3, exit amphetamine): hasselbach2(open) tor1lvps4belenus(closed) amphetamine(closed)
Feb 09 01:14:31.734 [debug] command_process_created_cell(): Moving to next skin.
Feb 09 01:14:31.734 [debug] circuit_send_next_onion_skin(): starting to send subsequent skin.

...

Feb 09 01:14:31.890 [debug] circuit_receive_relay_cell(): Sending to origin.
Feb 09 01:14:31.890 [debug] connection_edge_process_relay_cell(): Now seen 2 relay cells here.
Feb 09 01:14:31.890 [debug] connection_edge_process_relay_cell(): Got an extended cell! Yay.
Feb 09 01:14:31.890 [info] circuit_finish_handshake(): Finished building circuit hop:
Feb 09 01:14:31.890 [info] internal (high-uptime) circ (length 3, exit amphetamine): hasselbach2(open) tor1lvps4belenus(open) amphetamine(closed)
Feb 09 01:14:31.890 [debug] circuit_send_next_onion_skin(): starting to send subsequent skin.

...

Feb 09 01:14:32.046 [debug] circuit_receive_relay_cell(): Sending to origin.
Feb 09 01:14:32.046 [debug] connection_edge_process_relay_cell(): Now seen 3 relay cells here.
Feb 09 01:14:32.046 [debug] connection_edge_process_relay_cell(): Got an extended cell! Yay.
Feb 09 01:14:32.062 [info] circuit_finish_handshake(): Finished building circuit hop:
Feb 09 01:14:32.062 [info] internal (high-uptime) circ (length 3, exit amphetamine): hasselbach2(open) tor1lvps4belenus(open) amphetamine(open)

comment:4 Changed 12 years ago by nickm

Tor only uses exit nodes for connections that "exit" the tor network (potentially in plaintext). Circuits that
are used to connect _to_ hidden services don't need to end with exit nodes, since they never actually leave the
Tor network, and traffic isn't sent in the clear.

You can tell from the logs that these are special circuits because they're labeled as "internal" [rather than
"general".

I'm going to leave this bug open for now, though, since this point has confused other people as well. The answer
is probably to make the log messages more clear about what circuits are being used for, and to make vidalia do
a better job of distinguishing circuits by type.

comment:5 Changed 12 years ago by nickm

The confusing UI issue here has been added as vidalia issue #335:
http://trac.vidalia-project.net/ticket/335

Closing the Tor issue as Not A Bug.

comment:6 Changed 12 years ago by nickm

flyspray2trac: bug closed.

comment:7 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.