Opened 7 years ago

Closed 7 years ago

#6768 closed defect (fixed)

Client fails to pick an exit for https connection

Reported by: ln5 Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: ln5 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A TorTestingNetwork with 11 relays (3 dir auths, 1 bridge auth), most
of them running master as of late August plus IPv6 patches. Client and
exit running master as of early Sept without IPv6 patches.

Exit policy accept port 80, 443 and deny *. Haven't been able to
reproduce with default exit policy (i.e. no ExitPolicy directive in
config).

curl https://check.torproject.org/ fails with client saying

Sep 04 23:54:01.000 [info] exit circ (length 3, last hop dfri02x): $80CC45020AC1073A767DB5D038A31ED50D56F869(open) $42C79519EAB12BA36C627194DC4BD2228E67EB0F(open) $E0CF1972093B7D13DF82A620D56CFD0A6BB7687A(open)
Sep 04 23:54:01.000 [debug] circuit_send_next_onion_skin(): starting to send subsequent skin.
Sep 04 23:54:01.000 [debug] circuit_build_times_disabled(): CircuitBuildTime learning is not disabled. Consensus=0, Config=0, AuthDir=0, StateFile=0
Sep 04 23:54:01.000 [debug] circuit_build_times_add_time(): Adding circuit build time 13
Sep 04 23:54:01.000 [debug] circuit_build_times_disabled(): CircuitBuildTime learning is not disabled. Consensus=0, Config=0, AuthDir=0, StateFile=0
Sep 04 23:54:01.000 [info] circuit_build_times_get_xm(): Xm mode #0: 225 116
Sep 04 23:54:01.000 [info] circuit_build_times_get_xm(): Xm mode #1: 275 111
Sep 04 23:54:01.000 [info] circuit_build_times_get_xm(): Xm mode #2: 325 86
Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout_worker(): Circuit build measurement period of 60000ms is more than twice the maximum build time we have ever observed. Capping it to 2150ms.
Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout(): Set buildtimeout to low value 487.234426ms. Setting to 1500ms
Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout(): Set circuit build timeout to 2s (1500.000000ms, 2150.000000ms, Xm: 270, a: 2.726366, r: 0.000000) based on 1000 circuit times
Sep 04 23:54:01.000 [info] circuit_send_next_onion_skin(): circuit built!
Sep 04 23:54:01.000 [info] pathbias_count_success(): Got success count 192/186 for guard ndn00a=80CC45020AC1073A767DB5D038A31ED50D56F869
Sep 04 23:54:01.000 [notice] pathbias_count_success(): Bug: Unexpectedly high circuit_successes (192/186) for guard ndn00a=80CC45020AC1073A767DB5D038A31ED50D56F869
Sep 04 23:54:01.000 [debug] new_route_len(): Chosen route length 3 (11/11 routers suitable).
Sep 04 23:54:01.000 [info] choose_good_exit_server_general(): Found 0 servers that might support 0/1 pending connections.
Sep 04 23:54:01.000 [info] choose_good_exit_server_general(): We couldn't find any live, fast routers; falling back to list of all routers.
Sep 04 23:54:01.000 [info] choose_good_exit_server_general(): Found 0 servers that might support 0/1 pending connections.
Sep 04 23:54:01.000 [notice] All routers are down or won't exit -- choosing a doomed exit at random.

Child Tickets

Change History (14)

comment:1 Changed 7 years ago by ln5

And oh, the same url but http instead of https _does_ work.

comment:2 Changed 7 years ago by arma

Hm. And this is repeatable?

And all the relays have the same exit policy?

comment:3 in reply to:  2 Changed 7 years ago by ln5

Replying to arma:

Hm. And this is repeatable?

Over and over again.

And all the relays have the same exit policy?

The two I'm testing, yes.

Hmm. Forgot to mention I'm running the client with a single 'ExitNodes
<nick>'. That's probably why some lists are so empty. Maybe this is
not such a realistic example.

comment:4 Changed 7 years ago by rransom

Does this bug go away if you specify the exit node by fingerprint instead?

comment:5 in reply to:  4 Changed 7 years ago by ln5

Replying to rransom:

Does this bug go away if you specify the exit node by fingerprint instead?

No, it's the same.

comment:6 in reply to:  description ; Changed 7 years ago by rransom

Replying to ln5:

Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout_worker(): Circuit build measurement period of 60000ms is more than twice the maximum build time we have ever observed. Capping it to 2150ms.
Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout(): Set buildtimeout to low value 487.234426ms. Setting to 1500ms
Sep 04 23:54:01.000 [info] circuit_build_times_set_timeout(): Set circuit build timeout to 2s (1500.000000ms, 2150.000000ms, Xm: 270, a: 2.726366, r: 0.000000) based on 1000 circuit times

Oh, it's #3443. Try turning off adaptive CBT (LearnCircuitBuildTimeout 0 and, because Tor's man page is bullshit, CircuitBuildTimeout 60).

comment:7 in reply to:  6 ; Changed 7 years ago by arma

Replying to rransom:

Oh, it's #3443. Try turning off adaptive CBT (LearnCircuitBuildTimeout 0 and, because Tor's man page is bullshit, CircuitBuildTimeout 60).

It shouldn't be #3443 -- the relay works on port 80, but not 443.

That said, it would be nice to do what rransom suggests to rule it out (or confirm it).

comment:8 in reply to:  7 Changed 7 years ago by ln5

Replying to arma:

That said, it would be nice to do what rransom suggests to rule it out (or confirm it).

Tested. No change.

comment:9 Changed 7 years ago by nickm

Milestone: Tor: 0.2.4.x-final

comment:10 Changed 7 years ago by nickm

Keywords: tor-client added

comment:11 Changed 7 years ago by nickm

Component: Tor ClientTor

comment:12 Changed 7 years ago by rransom

Probably a duplicate of #7192.

comment:13 Changed 7 years ago by nickm

Cc: ln5 added
Status: newneeds_information

Good point; I think you're right.

ln5: did the fix for #7192 make this better? Please close this one if so.

comment:14 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_informationclosed

Closing on the theory that this is probably #7192. Please reopen if not.

Note: See TracTickets for help on using tickets.