[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30599 [Applications/Tor Browser]: Cloudflare alt-svc onions cause a different exit to be used at each request

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30599 [Applications/Tor Browser]: Cloudflare alt-svc onions cause a different exit to be used at each request
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 04 Jun 2019 12:23:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Jun 2019 08:23:31 -0400
In-reply-to: <052.6efb0f2096495205e1f9f26ae3fd26ff@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <052.6efb0f2096495205e1f9f26ae3fd26ff@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30599: Cloudflare alt-svc onions cause a different exit to be used at each request
--------------------------------------+--------------------------------
 Reporter:  cypherpunks2              |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #30024                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27-must
--------------------------------------+--------------------------------

Comment (by gk):

 I looked at this over the weekend and I think that's mostly an UI bug so
 far (see: comment:13:ticket:27590 for a similar observation). Once you
 load some thread, say, on `zerobin.net` what happens is that the Alt-Svc
 response header is processed and the mapping is created. A crucial part of
 that is validating it (see: AltSvcCache::UpdateAltServiceMapping) which
 means in the https:// case just establishing a connection to the alt-svc
 host. And the circuit display gets in turn updated with the client side
 rend circuit caused by that validation request. There is no actual content
 sent back and forth here as it takes the non-alt-svc route.

 Then when you post a comment what happens is that the validated host is
 used for fetching the busy.gif file and posting the actual content:
 {{{
 2019-06-04 11:15:39.316750 UTC - [10627:Main Thread]: D/nsHttp
 AltSvcCache::GetAltServiceMapping 0x7f009435c038
 key=https:zerobin.net:443:P:^privateBrowsingId=1&firstPartyDomain=zerobin.net
 existing=0x7f006be2c580 validated=1 ttl=86377
 2019-06-04 11:15:39.316760 UTC - [10627:Main Thread]: D/nsHttp
 nsHttpChannel 0x7f006b320000 Alt Service Mapping Found
 https://cflarenuttlfuyn7imozr4atzvfbiw3ezgbdjdldmdx7srterayaozid.onion:443
 [https:zerobin.net:443:P:^privateBrowsingId=1&firstPartyDomain=zerobin.net]
 2019-06-04 11:15:39.316827 UTC - [10627:Main Thread]: D/nsHttp
 nsHttpChannel 0x7f006b320000 Using connection info from altsvc mapping
 }}}
 But now you get another set of those .onions as hosts in response headers.
 If they are not seen before the first (while validation is ongoing
 validation of other alt-svc hosts in headers seems to be skipped) gets
 validated again, causing another set of HS related circuits created and
 thus the circuit display is updated again. And so on with further posts.

 It does not seem unreasonable to me to think about not updating the
 circuit display for validation requests as no part of the website got
 loaded over them. However, one could argue that showing everything
 *related* to the website load in the display is a thing we should do. We
 do it for other websites as well if there are requests caused but no
 content changes are done.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30599#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #30871 [Core Tor/Tor]: circuit_mark_for_close_(): Bug: Duplicate call to circuit_mark_for_close at ../src/feature/hs/hs_service.c:3166 (first at ../src/feature/hs/hs_service.c:2385)
Next by Author: [tor-bugs] #30817 [Core Tor/Tor]: Write a proposal for tor bootstrapping that works on slow links, but avoids slow relays
Previous by thread: Re: [tor-bugs] #24920 [Applications/Tor Browser]: TBA has tabs and private tabs, we only want private tabs
Next by thread: Re: [tor-bugs] #30599 [Applications/Tor Browser]: Cloudflare alt-svc onions cause a different exit to be used at each request
Index(es):
- Author
- Thread