[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6799 [Tor]: Don't expire unused relay-to-relay TLS conns so quickly
#6799: Don't expire unused relay-to-relay TLS conns so quickly
-------------------------+-------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay anonymity-attack
Actual Points: | 025-triaged 024-backport andrea-review-0255
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by arma):
Looks plausible to me too. I've never fully grokked our is_canonical stuff
(for example, how often in practice do we end up with two conns, each of
which has one side thinking it's canonical?), but it looks like we're
setting it as intended here.
To be clear, if one side runs the new code and one side runs the old code,
then the old-code side will still close the connections at the earlier
schedule?
And even if both sides are upgraded, then it isn't actually uniformly
distributed between 15 and 22.5 minutes, since it will close first for
whichever side chose the lower number? (This is fine, I just want to make
sure I'm understanding it.)
I'd feel more comfortable here if somebody bumped up the severity of the
{{{
log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
}}}
line and then ran a network for a while in chutney, to confirm that things
act roughly as we expect them to. But failing that, hey, what could go
wrong.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6799#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs