[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29607 [Core Tor/Tor]: Denial of service on v2 onion service
#29607: Denial of service on v2 onion service
--------------------------+--------------------------
Reporter: pidgin | Owner: pidgin
Type: defect | Status: accepted
Priority: Immediate | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #25461 | Points:
Reviewer: | Sponsor:
--------------------------+--------------------------
Comment (by pidgin):
Here is a debug log for a tor process under 100% cpu with v2 onion
service. some info scrubbed.
created 4MB debug logfile per second.
-scrubbed-:27.000 [debug] relay_send_command_from_edge_(): delivering 14
cell forward.
-scrubbed-:27.000 [debug] relay_send_command_from_edge_(): Sending a
RELAY_EARLY cell; 5 remaining.
-scrubbed-:27.000 [debug] relay_encrypt_cell_outbound(): encrypting a
layer of the relay cell.
-scrubbed-:27.000 [debug] relay_encrypt_cell_outbound(): encrypting a
layer of the relay cell.
-scrubbed-:27.000 [debug] append_cell_to_circuit_queue(): Made a circuit
active.
-scrubbed-:27.000 [debug] connection_or_process_cells_from_inbuf(): 11:
starting, inbuf_datalen 1028 (0 pending in tls object).
-scrubbed-:27.000 [debug] channel_process_cell(): Processing incoming
cell_t 0x7ffcaedf5950 for channel 0x563a770113e0 (global ID 2)
-scrubbed-:27.000 [debug] circuit_get_by_circid_channel_impl():
circuit_get_by_circid_channel_impl() returning circuit 0x563a779c4eb0 for
circ_id 2380366636, channel ID 2 (0x563a770113e0)
-scrubbed-:27.000 [debug] circuit_receive_relay_cell(): Sending to origin.
-scrubbed-:27.000 [debug] connection_edge_process_relay_cell(): Now seen
10207 relay cells here (command 15, stream 0).
-scrubbed-:27.000 [debug] connection_edge_process_relay_cell(): Got an
extended cell! Yay.
-scrubbed-:27.000 [info] circuit_finish_handshake(): Finished building
circuit hop:
-scrubbed-:27.000 [info] internal circ (length 5, last hop $-scrubbed-):
$-scrubbed-(open) $scrubbed(open) $scrubbed(open) $Cscrubbed(closed)
$-scrubbed-(closed)
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=1541 evtype=2
reason=0 onehop=0
-scrubbed-:27.000 [debug] circuit_build_times_add_time(): Adding circuit
build time 22290
-scrubbed-:27.000 [debug] circuit_send_intermediate_onion_skin(): starting
to send subsequent skin.
-scrubbed-:27.000 [info] circuit_send_intermediate_onion_skin(): Sending
extend relay cell.
-scrubbed-:27.000 [debug] relay_send_command_from_edge_(): delivering 14
cell forward.
-scrubbed-:27.000 [debug] relay_send_command_from_edge_(): Sending a
RELAY_EARLY cell; 5 remaining.
-scrubbed-:27.000 [debug] relay_encrypt_cell_outbound(): encrypting a
layer of the relay cell.
-scrubbed-:27.000 [debug] relay_encrypt_cell_outbound(): encrypting a
layer of the relay cell.
-scrubbed-:27.000 [debug] relay_encrypt_cell_outbound(): encrypting a
layer of the relay cell.
-scrubbed-:27.000 [debug] append_cell_to_circuit_queue(): Made a circuit
active.
-scrubbed-:27.000 [debug] connection_or_process_cells_from_inbuf(): 11:
starting, inbuf_datalen 514 (0 pending in tls object).
-scrubbed-:27.000 [debug] channel_process_cell(): Processing incoming
cell_t 0x7ffcaedf5950 for channel 0x563a770113e0 (global ID 2)
-scrubbed-:27.000 [debug] circuit_get_by_circid_channel_impl():
circuit_get_by_circid_channel_impl() returning circuit 0x563a77524ad0 for
circ_id 3378515571, channel ID 2 (0x563a770113e0)
-scrubbed-:27.000 [debug] circuit_receive_relay_cell(): Sending to origin.
-scrubbed-:27.000 [debug] connection_edge_process_relay_cell(): Now seen
10208 relay cells here (command 35, stream 0).
-scrubbed-:27.000 [info] rend_service_receive_introduction(): Received
INTRODUCE2 cell for service "uuuuuuuuuuuuuuuuuuu" on circ 3378515571.
-scrubbed-:27.000 [debug] extend_info_from_node(): using YYYYYYYYYYYYYYY
for scrubbed
-scrubbed-:27.000 [info] extend_info_from_node(): Including Ed25519 ID for
$scrubbedscrubbed
-scrubbed-:27.000 [info] rep_hist_note_used_internal(): New port
prediction added. Will continue predictive circ building for 3003 more
seconds.
-scrubbed-:27.000 [debug] circuit_find_to_cannibalize(): Hunting for a
circ to cannibalize: purpose 17, uptime 0, capacity 1, internal 1
-scrubbed-:27.000 [debug] new_route_len(): Chosen route length 5 (6571
direct and 6571 indirect routers suitable).
-scrubbed-:27.000 [info] onion_pick_cpath_exit(): Using requested exit
node '$scrubbedscrubbed'
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is 0 long; we want 5
-scrubbed-:27.000 [info] select_primary_guard_for_circuit(): Selected
primary guard rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrriiiiiiiiiiiiiiiiiii
($-scrubbed-) for circuit.
-scrubbed-:27.000 [debug] extend_info_from_node(): using
XXXXXXXXXXXXXXzzzzzzzzzzzzzzzzzzzzzz for
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrriiiiiiiiiiiiiiiiiii
-scrubbed-:27.000 [info] extend_info_from_node(): Including Ed25519 ID for
$-scrubbed-~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrriiiiiiiiiiiiiiiiiii at
XXXXXXXXXXXXXX
-scrubbed-:27.000 [debug] onion_extend_cpath(): Chose router
$-scrubbed-~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrriiiiiiiiiiiiiiiiiii at
XXXXXXXXXXXXXX for hop #1 (exit is scrubbed)
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is 1 long; we want 5
-scrubbed-:27.000 [debug] choose_good_middle_server(): Contemplating
intermediate hop #2: random choice.
-scrubbed-:27.000 [debug] choose_good_middle_server(): Picking a sticky
node (cur_len = 1)
-scrubbed-:27.000 [debug] extend_info_from_node(): using
rrrrrrrrrrrrrrrrrrrrrrrrzzzzzzzzzzzzzzzzzzzzzz for araglaucogularis
-scrubbed-:27.000 [info] extend_info_from_node(): Including Ed25519 ID for
$scrubbed~scrubbed
-scrubbed-:27.000 [debug] onion_extend_cpath(): Chose router
$scrubbed~scrubbed for hop #2 (exit is scrubbed)
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is 2 long; we want 5
-scrubbed-:27.000 [debug] choose_good_middle_server(): Contemplating
intermediate hop #3: random choice.
-scrubbed-:27.000 [debug] choose_good_middle_server(): Picking a sticky
node (cur_len = 2)
-scrubbed-:27.000 [debug] extend_info_from_node(): using
scrubbed:kkkkkkkkkkkkkkkkkkkkkkkkkk for rrrrrrrrrrrrrrrrrrrrrrrrrrrr
-scrubbed-:27.000 [info] extend_info_from_node(): Including Ed25519 ID for
$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx~rrrrrrrrrrrrrrrrrrrrrrrrrrrr at scrubbed
-scrubbed-:27.000 [debug] onion_extend_cpath(): Chose router
$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx~rrrrrrrrrrrrrrrrrrrrrrrrrrrr at scrubbed
for hop #3 (exit is scrubbed)
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is 3 long; we want 5
-scrubbed-:27.000 [debug] choose_good_middle_server(): Contemplating
intermediate hop #4: random choice.
-scrubbed-:27.000 [debug] router_choose_random_node(): We found 5695
running nodes.
-scrubbed-:27.000 [debug] router_choose_random_node(): We removed 0
excludednodes, leaving 5695 nodes.
-scrubbed-:27.000 [debug] router_choose_random_node(): We removed 4
excludedsmartlist, leaving 5691 nodes.
-scrubbed-:27.000 [debug] compute_weighted_bandwidths(): Generated
weighted bandwidths for rule weight as middle node based on weights
Wg=0.400800 Wm=1.000000 We=0.000000 Wd=0.000000 with total bw
25389038256.000000
-scrubbed-:27.000 [debug] extend_info_from_node(): using
fffffffffffffffffffffffffffffff:kkkkkkkkkkkkkkkkkkkkkkkkkk for
wwwwwwwwwwwwwwwwwwwwww
-scrubbed-:27.000 [info] extend_info_from_node(): Including Ed25519 ID for
$ggggggggggggggggggggggggggggggggggg~wwwwwwwwwwwwwwwwwwwwww at
fffffffffffffffffffffffffffffff
-scrubbed-:27.000 [debug] onion_extend_cpath(): Chose router
$ggggggggggggggggggggggggggggggggggg~wwwwwwwwwwwwwwwwwwwwww at
fffffffffffffffffffffffffffffff for hop #4 (exit is scrubbed)
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is 4 long; we want 5
-scrubbed-:27.000 [debug] onion_extend_cpath(): Chose router
$scrubbedscrubbed for hop #5 (exit is scrubbed)
-scrubbed-:27.000 [debug] onion_extend_cpath(): Path is complete: 5 steps
long
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=2543 evtype=0
reason=0 onehop=0
-scrubbed-:27.000 [debug] circuit_handle_first_hop(): Looking for firsthop
'XXXXXXXXXXXXXXzzzzzzzzzzzzzzzzzzzzzz'
-scrubbed-:27.000 [debug] btc_event_rcvr(): CIRC gid=2543 chan=2 onehop=0
-scrubbed-:27.000 [debug] circuit_handle_first_hop(): Conn open.
Delivering first onion skin.
-scrubbed-:27.000 [debug] circuit_send_first_onion_skin(): First skin;
sending create cell.
-scrubbed-:27.000 [debug] circuit_get_by_circid_channel_impl():
circuit_get_by_circid_channel_impl() found nothing for circ_id 3035601791,
channel ID 2 (0x563a770113e0)
-scrubbed-:27.000 [debug] circuit_deliver_create_cell(): Chosen circID
3035601791.
-scrubbed-:27.000 [debug] circuitmux_attach_circuit(): Attaching circuit
3035601791 on channel 2 to cmux 0x563a770079d0
-scrubbed-:27.000 [debug] append_cell_to_circuit_queue(): Made a circuit
active.
-scrubbed-:27.000 [debug] btc_state_rcvr(): CIRC gid=2543 state=0 onehop=0
-scrubbed-:27.000 [info] circuit_send_first_onion_skin(): First hop:
finished sending CREATE cell to
'$-scrubbed-~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrriiiiiiiiiiiiiiiiiii at
XXXXXXXXXXXXXX'
-scrubbed-:27.000 [info] rend_service_receive_introduction(): Accepted
intro; launching circuit to [scrubbed] (cookie 2E7D742C) for service
uuuuuuuuuuuuuuuuuuu.
-scrubbed-:27.000 [debug] connection_or_process_cells_from_inbuf(): 11:
starting, inbuf_datalen 0 (0 pending in tls object).
-scrubbed-:27.000 [debug] conn_read_callback(): socket 10 wants to read.
-scrubbed-:27.000 [debug] connection_buf_read_from_socket(): 10: starting,
inbuf_datalen 0 (0 pending in tls object). at_most 16448.
-scrubbed-:27.000 [debug] connection_buf_read_from_socket(): After TLS
read of 1028: 1057 read, 0 written
-scrubbed-:27.000 [debug] connection_or_process_cells_from_inbuf(): 10:
starting, inbuf_datalen 1028 (0 pending in tls object).
-scrubbed-:27.000 [debug] channel_process_cell(): Processing incoming
cell_t 0x7ffcaedf5950 for channel 0x563a76ffd020 (global ID 1)
-scrubbed-:27.000 [debug] circuit_get_by_circid_channel_impl():
circuit_get_by_circid_channel_impl() returning circuit 0x563a773f5cd0 for
circ_id 3703046038, channel ID 1 (0x563a76ffd020)
-scrubbed-:27.000 [debug] circuit_receive_relay_cell(): Sending to origin.
-scrubbed-:27.000 [debug] connection_edge_process_relay_cell(): Now seen
10209 relay cells here (command 15, stream 0).
-scrubbed-:27.000 [debug] connection_edge_process_relay_cell(): Got an
extended cell! Yay.
-scrubbed-:27.000 [info] circuit_finish_handshake(): Finished building
circuit hop:
-scrubbed-:27.000 [info] internal circ (length 5, last hop
wwwwwwwwwwwwwwwwwwwwww): $hhhhhhhhhhhhhhhhhhhhhhhhh(open)
eeeeeeeeeeeeeeeeeeeeeeeee(open) nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn(open)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv(open)
lllllllllllllllllllllllllllllllllllllllll(open)
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=1023 evtype=2
reason=0 onehop=0
-scrubbed-:27.000 [info] entry_guards_note_guard_success(): Recorded
success for primary confirmed guard madtrixz01
($hhhhhhhhhhhhhhhhhhhhhhhhh)
-scrubbed-:27.000 [debug] btc_state_rcvr(): CIRC gid=1023 state=4 onehop=0
-scrubbed-:27.000 [info] circuit_build_no_more_hops(): circuit built!
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=1023 evtype=1
reason=0 onehop=0
-scrubbed-:27.000 [info] rend_service_rendezvous_has_opened(): Done
building circuit 3703046038 to rendezvous with cookie A9ADDEC1 for service
uuuuuuuuuuuuuuuuuuu96EB1FD02A5(open) nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn(open)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv(open)
lllllllllllllllllllllllllllllllllllllllll(open)
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=1023 evtype=2
reason=0 onehop=0
-scrubbed-:27.000 [info] entry_guards_note_guard_success(): Recorded
success for primary confirmed guard madtrixz01
($hhhhhhhhhhhhhhhhhhhhhhhhh)
-scrubbed-:27.000 [debug] btc_state_rcvr(): CIRC gid=1023 state=4 onehop=0
-scrubbed-:27.000 [info] circuit_build_no_more_hops(): circuit built!
-scrubbed-:27.000 [debug] btc_cevent_rcvr(): CIRC gid=1023 evtype=1
reason=0 onehop=0
-scrubbed-:27.000 [info] rend_service_rendezvous_has_opened(): Done
building circuit 3703046038 to rendezvous with cookie A9ADDEC1 for service
uuuuuuuuuuuuuuuuuuu
-scrubbed-:27.000 [info] internal circ (length 5):
$hhhhhhhhhhhhhhhhhhhhhhhhh(open) eeeeeeeeeeeeeeeeeeeeeeeee(open)
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn(open)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv(open)
lllllllllllllllllllllllllllllllllllllllll(open)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29607#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs