Opened 6 years ago

Closed 5 years ago

#8183 closed defect (worksforme)

arm shows client ip addresses on connection page

Reported by: torland Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On the connections page arm shows all incoming and outgoing connections. For connections that exit, the target ip address is scrubbed. For incoming client connections my arm version 1.4.5.0 shows the Tor client ip address. I thought to remember me that they were scrubbed in the past. Am I wrong?

torland

Child Tickets

Change History (9)

comment:1 Changed 6 years ago by atagar

For incoming client connections my arm version 1.4.5.0 shows the Tor client ip address. I thought to remember me that they were scrubbed in the past. Am I wrong?

It should be, but maybe there's something about those connections or your relay that's confusing arm. If you're a bridge or guard and the connection can't be matched to a tor relay then they should be scrubbed...

https://gitweb.torproject.org/arm.git/blob/HEAD:/src/cli/connections/connEntry.py#l348

comment:2 Changed 6 years ago by torland

It seems to me that as long as the Guard flag is not set for a relay, arm does not scrubb IP addresses of incoming connections.

comment:3 Changed 6 years ago by atagar

Are you a bridge? If not, and you lack the guard flag, then why would incoming connections be from non-relays?

comment:4 Changed 6 years ago by torland

No I am running relays. At the moment I am seeing around 4000 inbound connections on one of the relays. For the majority of these connection arm does not show a fingerprint or a name. They might be bridges but it seems to me to many bridges. So I assume it to be clients. Am I wrong?

comment:5 Changed 6 years ago by torland

I forgot to say that at the moment the relay does not have the guard flag. If the above mentioned connection are no client connection I am wondering what they are.

comment:6 Changed 6 years ago by atagar

Hmm, for a moment I thought this might be additional fallout from the microdescriptor switch but 'is client' detection is based on network status documents so that's not it. You're right that does seem high for bridges but I'm at a loss for what else it could be right now.

I'd suggest asking Nick or Roger if they have any ideas about why, as a non-guard, you'd have 4000 inbound connections from locations not in the public tor network. Also, please spot check a few of those IPs in Atlas to make sure that this isn't an issue with caching or stale descriptors.

comment:7 Changed 6 years ago by torland

I checked a bunch of these IPs in Atlas. They are all unknown to Atlas.

comment:8 in reply to:  3 Changed 6 years ago by arma

Replying to atagar:

Are you a bridge? If not, and you lack the guard flag, then why would incoming connections be from non-relays?

Clients connect to Tor relays to ask directory questions, without regard for whether they have the Guard flag.

comment:9 Changed 5 years ago by torland

Resolution: worksforme
Status: newclosed
Note: See TracTickets for help on using tickets.