[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26300 [Core Tor/Tor]: Attempt by … to open a stream on first hop of circuit. Closing.



#26300: Attempt by … to open a stream on first hop of circuit. Closing.
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.3.6
 Severity:  Normal        |     Resolution:
 Keywords:  fast-fix      |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 One scenario where this could happen: that relay used to be a client or a
 bridge, so it made an unauthenticated connection to dgoulet's relay. Then
 it changed to becoming a relay, but it kept the original connection open.
 Then later somebody tried to extend through that connection, and dgoulet's
 relay freaked out because a request came from an unauthenticated channel.

 Suggested fix, option one: when we migrate from being a relay to a non-
 relay or back, we set the is_bad_for_new_circs flag on that channel, which
 will make us generate a new connection that authenticates the new way.

 Suggested fix, option two: when we're considering whether a given
 connection is suitable for the circuit we're trying to put on it, we check
 how we authenticated on that connection, and if we didn't authenticate
 using the way we want, that isn't an acceptable connection to use for
 handling that circuit. So in that scenario we'll end up launching a new
 connection, and authenticating it the way we want.

 I like option two because (a) it avoids the terrible situation where
 somebody toggles their tor to be a relay and not relay and relay and not
 relay and ... and they accumulate a growing set of connections, all with
 the is_bad_for_new_circs flag set. And Tim also had a reason for
 preferring option two. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26300#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs