[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24767 [Core Tor/Tor]: All relays are constantly connecting to down relays and failing over and over

#24767: All relays are constantly connecting to down relays and failing over and
over
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay, tor-dos, performance,     |  Actual Points:
  review-group-32, 033-must                      |
Parent ID:                                       |         Points:
 Reviewer:  asn, teor                            |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:23 dgoulet]:
 > Replying to [comment:22 teor]:
 > > There are two design issues here:
 > > * the HT implementation only uses 32 bit hashes on 64-bit LP64
 systems, like macOS and the BSDs, and 32-bit systems (split off into
 #25365)
 > > * the port is user-controlled, so it needs to be hashed before being
 combined with the other hashes
 >
 > What is the danger here? The length is fixed so what is the difference
 between "+= 42" or "+= h(42)" ?

 The hash needs to be unpredictable so that bad clients can't fill up one
 of your hash table buckets and cause your relay to slow down.
 Adding the raw port gives the client direct control over 16 bits of your
 hash result, which makes the hash table less secure.

 > > I fixed the port issue, and the compilation issues in my branch
 bug24767_033_02 on https://github.com/teor2345/tor.git
 >
 > For the hash fix, wouldn't it be more efficient to then combined addr +
 digest + port in a buffer and siphash that instead of doing 3 rounds of
 siphash?

 Hashing digest and port in a single buffer would be an easy win.
 Hashing an extra buffer as part of tor_addr_hash() would also be great,
 because it avoids combining hashes with +.
 But it would need a new argument to tor_addr_hash().
 And we could fix the other use of tor_addr_hash() at the same time.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24767#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs