[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17857 [Core Tor/Tor]: Create a consensus param to disable (netflow) padding if RSOS is enabled



#17857: Create a consensus param to disable (netflow) padding if RSOS is enabled
-------------------------------+------------------------------------
 Reporter:  teor               |          Owner:  mikeperry
     Type:  enhancement        |         Status:  needs_revision
 Priority:  Medium             |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor       |        Version:
 Severity:  Normal             |     Resolution:
 Keywords:  rsos, sos, tor-hs  |  Actual Points:
Parent ID:                     |         Points:  1
 Reviewer:                     |        Sponsor:
-------------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:22 mikeperry]:
 > Ok, I actually used the torrc options so we can turn these off
 independently.


 T1. Please use rend_service_allow_non_anonymous_connection(): it does
 consistency checks on HiddenServiceNonAnonymousMode and
 HiddenServiceSingleHopMode. (Also, those options are only referenced
 directly in config.c and rendservice.c, and the tests, let's keep it that
 way.)

 T2. And use rend_client_allow_non_anonymous_connection(), it does
 consistency checks on NON_ANONYMOUS_MODE_ENABLED and Tor2webMode.

 T3. There's duplicate code like this in two different locations for single
 onion and Tor2web:
 * `networkstatus_get_param(NULL, "nf_pad_tor2web", 1, 0, 1)`
 Please use an abstraction function, so that the defaults are set in one
 place.

 Some other things to be aware of:
 * if a Tor2web client is using Tor2webRendezvousPoints, it will directly
 connect to just a few nodes for the rendezvous step (unless they go down).
 So Tor2web rendezvous padding is config-dependent. And the stats on it may
 be high on just a few relays.
 * this code unconditionally disables padding for every Tor2web or single
 onion circuit, even if that circuit is a multi-hop circuit. That's
 probably ok, because Tor2web makes single hop connections even to HSDirs
 (which is a denial of service risk), and Single Onion Services disables
 EntryNodes even on its 3-hop HSDir connections.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17857#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs