[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17377: {} add proposal 156 from mwenge, Tracking blocked ports on the (tor/trunk/doc/spec/proposals)
Author: arma
Date: 2008-11-23 19:53:19 -0500 (Sun, 23 Nov 2008)
New Revision: 17377
Added:
tor/trunk/doc/spec/proposals/156-tracking-blocked-ports.txt
Log:
add proposal 156 from mwenge, Tracking blocked ports on the client side
Added: tor/trunk/doc/spec/proposals/156-tracking-blocked-ports.txt
===================================================================
--- tor/trunk/doc/spec/proposals/156-tracking-blocked-ports.txt (rev 0)
+++ tor/trunk/doc/spec/proposals/156-tracking-blocked-ports.txt 2008-11-24 00:53:19 UTC (rev 17377)
@@ -0,0 +1,529 @@
+Filename: 156-tracking-blocked-ports.txt
+Title: Tracking blocked ports on the client side
+Version: $Revision$
+Last-Modified: $Date$
+Author: Robert Hogan
+Created: 14-Oct-2008
+Status: Open
+Target: 0.2.?
+
+Motivation:
+Tor clients that are behind extremely restrictive firewalls can end up
+waiting a while for their first successful OR connection to a node on the
+network. Worse, the more restrictive their firewall the more susceptible
+they are to an attacker guessing their entry nodes. Tor routers that
+are behind extremely restrictive firewalls can only offer a limited,
+'partitioned' service to other routers and clients on the network. Exit
+nodes behind extremely restrictive firewalls may advertise ports that they
+are actually not able to connect to, wasting network resources in circuit
+constructions that are doomed to fail at the last hop on first use.
+
+Proposal:
+
+When a client attempts to connect to an entry guard it should avoid
+further attempts on ports that fail once until it has connected to at
+least one entry guard successfully. (Maybe it should wait for more than
+one failure to reduce the skew on the first node selection.) Thereafter
+it should select entry guards regardless of port and warn the user if
+it observes that connections to a given port have failed every multiple
+of 5 times without success or since the last success.
+
+Tor should warn the operators of exit, middleman and entry nodes if it
+observes that connections to a given port have failed a multiple of 5
+times without success or since the last success. If attempts on a port
+fail 20 or more times without or since success, Tor should add the port
+to a 'blocked-ports' entry in its descriptor's extra-info. Some thought
+needs to be given to what the authorities might do with this information.
+
+Related TODO item:
+ "- Automatically determine what ports are reachable and start using
+ those, if circuits aren't working and it's a pattern we
+ recognize ("port 443 worked once and port 9001 keeps not
+ working")."
+
+
+I've had a go at implementing all of this in the attached.
+
+Addendum:
+Just a note on the patch, storing the digest of each router that uses the port
+is a bit of a memory hog, and its only real purpose is to provide a count of
+routers using that port when warning the user. That could be achieved when
+warning the user by iterating through the routerlist instead.
+
+Index: src/or/connection_or.c
+===================================================================
+--- src/or/connection_or.c (revision 17104)
++++ src/or/connection_or.c (working copy)
+@@ -502,6 +502,9 @@
+ connection_or_connect_failed(or_connection_t *conn,
+ int reason, const char *msg)
+ {
++ if ((reason == END_OR_CONN_REASON_NO_ROUTE) ||
++ (reason == END_OR_CONN_REASON_REFUSED))
++ or_port_hist_failure(conn->identity_digest,TO_CONN(conn)->port);
+ control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, reason);
+ if (!authdir_mode_tests_reachability(get_options()))
+ control_event_bootstrap_problem(msg, reason);
+@@ -580,6 +583,7 @@
+ /* already marked for close */
+ return NULL;
+ }
++
+ return conn;
+ }
+
+@@ -909,6 +913,7 @@
+ control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED, 0);
+
+ if (started_here) {
++ or_port_hist_success(TO_CONN(conn)->port);
+ rep_hist_note_connect_succeeded(conn->identity_digest, now);
+ if (entry_guard_register_connect_status(conn->identity_digest,
+ 1, now) < 0) {
+Index: src/or/rephist.c
+===================================================================
+--- src/or/rephist.c (revision 17104)
++++ src/or/rephist.c (working copy)
+@@ -18,6 +18,7 @@
+ static void bw_arrays_init(void);
+ static void predicted_ports_init(void);
+ static void hs_usage_init(void);
++static void or_port_hist_init(void);
+
+ /** Total number of bytes currently allocated in fields used by rephist.c. */
+ uint64_t rephist_total_alloc=0;
+@@ -89,6 +90,25 @@
+ digestmap_t *link_history_map;
+ } or_history_t;
+
++/** or_port_hist_t contains our router/client's knowledge of
++ all OR ports offered on the network, and how many servers with each port we
++ have succeeded or failed to connect to. */
++typedef struct {
++ /** The port this entry is tracking. */
++ uint16_t or_port;
++ /** Have we ever connected to this port on another OR?. */
++ unsigned int success:1;
++ /** The ORs using this port. */
++ digestmap_t *ids;
++ /** The ORs using this port we have failed to connect to. */
++ digestmap_t *failure_ids;
++ /** Are we excluding ORs with this port during entry selection?*/
++ unsigned int excluded;
++} or_port_hist_t;
++
++static unsigned int still_searching = 0;
++static smartlist_t *or_port_hists;
++
+ /** When did we last multiply all routers' weighted_run_length and
+ * total_run_weights by STABILITY_ALPHA? */
+ static time_t stability_last_downrated = 0;
+@@ -164,6 +184,16 @@
+ tor_free(hist);
+ }
+
++/** Helper: free storage held by a single OR port history entry. */
++static void
++or_port_hist_free(or_port_hist_t *p)
++{
++ tor_assert(p);
++ digestmap_free(p->ids,NULL);
++ digestmap_free(p->failure_ids,NULL);
++ tor_free(p);
++}
++
+ /** Update an or_history_t object <b>hist</b> so that its uptime/downtime
+ * count is up-to-date as of <b>when</b>.
+ */
+@@ -1639,7 +1669,7 @@
+ tmp_time = smartlist_get(predicted_ports_times, i);
+ if (*tmp_time + PREDICTED_CIRCS_RELEVANCE_TIME < now) {
+ tmp_port = smartlist_get(predicted_ports_list, i);
+- log_debug(LD_CIRC, "Expiring predicted port %d", *tmp_port);
++ log_debug(LD_HIST, "Expiring predicted port %d", *tmp_port);
+ smartlist_del(predicted_ports_list, i);
+ smartlist_del(predicted_ports_times, i);
+ rephist_total_alloc -= sizeof(uint16_t)+sizeof(time_t);
+@@ -1821,6 +1851,12 @@
+ tor_free(last_stability_doc);
+ built_last_stability_doc_at = 0;
+ predicted_ports_free();
++ if (or_port_hists) {
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, p,
++ or_port_hist_free(p));
++ smartlist_free(or_port_hists);
++ or_port_hists = NULL;
++ }
+ }
+
+ /****************** hidden service usage statistics ******************/
+@@ -2356,3 +2392,225 @@
+ tor_free(fname);
+ }
+
++/** Create a new entry in the port tracking cache for the or_port in
++ * <b>ri</b>. */
++void
++or_port_hist_new(const routerinfo_t *ri)
++{
++ or_port_hist_t *result;
++ const char *id=ri->cache_info.identity_digest;
++
++ if (!or_port_hists)
++ or_port_hist_init();
++
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ /* Cope with routers that change their advertised OR port or are
++ dropped from the networkstatus. We don't discard the failures of
++ dropped routers because they are still valid when counting
++ consecutive failures on a port.*/
++ if (digestmap_get(tp->ids, id) && (tp->or_port != ri->or_port)) {
++ digestmap_remove(tp->ids, id);
++ }
++ if (tp->or_port == ri->or_port) {
++ if (!(digestmap_get(tp->ids, id)))
++ digestmap_set(tp->ids, id, (void*)1);
++ return;
++ }
++ });
++
++ result = tor_malloc_zero(sizeof(or_port_hist_t));
++ result->or_port=ri->or_port;
++ result->success=0;
++ result->ids=digestmap_new();
++ digestmap_set(result->ids, id, (void*)1);
++ result->failure_ids=digestmap_new();
++ result->excluded=0;
++ smartlist_add(or_port_hists, result);
++}
++
++/** Create the port tracking cache. */
++/*XXX: need to call this when we rebuild/update our network status */
++static void
++or_port_hist_init(void)
++{
++ routerlist_t *rl = router_get_routerlist();
++
++ if (!or_port_hists)
++ or_port_hists=smartlist_create();
++
++ if (rl && rl->routers) {
++ SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri,
++ {
++ or_port_hist_new(ri);
++ });
++ }
++}
++
++#define NOT_BLOCKED 0
++#define FAILURES_OBSERVED 1
++#define POSSIBLY_BLOCKED 5
++#define PROBABLY_BLOCKED 10
++/** Return the list of blocked ports for our router's extra-info.*/
++char *
++or_port_hist_get_blocked_ports(void)
++{
++ char blocked_ports[2048];
++ char *bp;
++
++ tor_snprintf(blocked_ports,sizeof(blocked_ports),"blocked-ports");
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ if (digestmap_size(tp->failure_ids) >= PROBABLY_BLOCKED)
++ tor_snprintf(blocked_ports+strlen(blocked_ports),
++ sizeof(blocked_ports)," %u,",tp->or_port);
++ });
++ if (strlen(blocked_ports) == 13)
++ return NULL;
++ bp=tor_strdup(blocked_ports);
++ bp[strlen(bp)-1]='\n';
++ bp[strlen(bp)]='\0';
++ return bp;
++}
++
++/** Revert to client-only mode if we have seen to many failures on a port or
++ * range of ports.*/
++static void
++or_port_hist_report_block(unsigned int min_severity)
++{
++ or_options_t *options=get_options();
++ char failures_observed[2048],possibly_blocked[2048],probably_blocked[2048];
++ char port[1024];
++
++ memset(failures_observed,0,sizeof(failures_observed));
++ memset(possibly_blocked,0,sizeof(possibly_blocked));
++ memset(probably_blocked,0,sizeof(probably_blocked));
++
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ unsigned int failures = digestmap_size(tp->failure_ids);
++ if (failures >= min_severity) {
++ tor_snprintf(port, sizeof(port), " %u (%u failures %s out of %u on the"
++ " network)",tp->or_port,failures,
++ (!tp->success)?"and no successes": "since last success",
++ digestmap_size(tp->ids));
++ if (failures >= PROBABLY_BLOCKED) {
++ strlcat(probably_blocked, port, sizeof(probably_blocked));
++ } else if (failures >= POSSIBLY_BLOCKED)
++ strlcat(possibly_blocked, port, sizeof(possibly_blocked));
++ else if (failures >= FAILURES_OBSERVED)
++ strlcat(failures_observed, port, sizeof(failures_observed));
++ }
++ });
++
++ log_warn(LD_HIST,"%s%s%s%s%s%s%s%s",
++ server_mode(options) &&
++ ((min_severity==FAILURES_OBSERVED) || strlen(probably_blocked))?
++ "You should consider disabling your Tor server.":"",
++ (min_severity==FAILURES_OBSERVED)?
++ "Tor appears to be blocked from connecting to a range of ports "
++ "with the result that it cannot connect to one tenth of the Tor "
++ "network. ":"",
++ strlen(failures_observed)?
++ "Tor has observed failures on the following ports: ":"",
++ failures_observed,
++ strlen(possibly_blocked)?
++ "Tor is possibly blocked on the following ports: ":"",
++ possibly_blocked,
++ strlen(probably_blocked)?
++ "Tor is almost certainly blocked on the following ports: ":"",
++ probably_blocked);
++
++}
++
++/** Record the success of our connection to <b>digest</b>'s
++ * OR port. */
++void
++or_port_hist_success(uint16_t or_port)
++{
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ if (tp->or_port != or_port)
++ continue;
++ /*Reset our failure stats so we can notice if this port ever gets
++ blocked again.*/
++ tp->success=1;
++ if (digestmap_size(tp->failure_ids)) {
++ digestmap_free(tp->failure_ids,NULL);
++ tp->failure_ids=digestmap_new();
++ }
++ if (still_searching) {
++ still_searching=0;
++ SMARTLIST_FOREACH(or_port_hists,or_port_hist_t *,t,t->excluded=0;);
++ }
++ return;
++ });
++}
++/** Record the failure of our connection to <b>digest</b>'s
++ * OR port. Warn, exclude the port from future entry guard selection, or
++ * add port to blocked-ports in our server's extra-info as appropriate. */
++void
++or_port_hist_failure(const char *digest, uint16_t or_port)
++{
++ int total_failures=0, ports_excluded=0, report_block=0;
++ int total_routers=smartlist_len(router_get_routerlist()->routers);
++
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ ports_excluded += tp->excluded;
++ total_failures+=digestmap_size(tp->failure_ids);
++ if (tp->or_port != or_port)
++ continue;
++ /* We're only interested in unique failures */
++ if (digestmap_get(tp->failure_ids, digest))
++ return;
++
++ total_failures++;
++ digestmap_set(tp->failure_ids, digest, (void*)1);
++ if (still_searching && !tp->success) {
++ tp->excluded=1;
++ ports_excluded++;
++ }
++ if ((digestmap_size(tp->ids) >= POSSIBLY_BLOCKED) &&
++ !(digestmap_size(tp->failure_ids) % POSSIBLY_BLOCKED))
++ report_block=POSSIBLY_BLOCKED;
++ });
++
++ if (total_failures >= (int)(total_routers/10))
++ or_port_hist_report_block(FAILURES_OBSERVED);
++ else if (report_block)
++ or_port_hist_report_block(report_block);
++
++ if (ports_excluded >= smartlist_len(or_port_hists)) {
++ log_warn(LD_HIST,"During entry node selection Tor tried every port "
++ "offered on the network on at least one server "
++ "and didn't manage a single "
++ "successful connection. This suggests you are behind an "
++ "extremely restrictive firewall. Tor will keep trying to find "
++ "a reachable entry node.");
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp, tp->excluded=0;);
++ }
++}
++
++/** Add any ports marked as excluded in or_port_hist_t to <b>rt</b> */
++void
++or_port_hist_exclude(routerset_t *rt)
++{
++ SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
++ {
++ char portpolicy[9];
++ if (tp->excluded) {
++ tor_snprintf(portpolicy,sizeof(portpolicy),"*:%u", tp->or_port);
++ log_warn(LD_HIST,"Port %u may be blocked, excluding it temporarily "
++ "from entry guard selection.", tp->or_port);
++ routerset_parse(rt, portpolicy, "Ports");
++ }
++ });
++}
++
++/** Allow the exclusion of ports during our search for an entry node. */
++void
++or_port_hist_search_again(void)
++{
++ still_searching=1;
++}
+Index: src/or/or.h
+===================================================================
+--- src/or/or.h (revision 17104)
++++ src/or/or.h (working copy)
+@@ -3864,6 +3864,13 @@
+ int any_predicted_circuits(time_t now);
+ int rep_hist_circbuilding_dormant(time_t now);
+
++void or_port_hist_failure(const char *digest, uint16_t or_port);
++void or_port_hist_success(uint16_t or_port);
++void or_port_hist_new(const routerinfo_t *ri);
++void or_port_hist_exclude(routerset_t *rt);
++void or_port_hist_search_again(void);
++char *or_port_hist_get_blocked_ports(void);
++
+ /** Possible public/private key operations in Tor: used to keep track of where
+ * we're spending our time. */
+ typedef enum {
+Index: src/or/routerparse.c
+===================================================================
+--- src/or/routerparse.c (revision 17104)
++++ src/or/routerparse.c (working copy)
+@@ -1401,6 +1401,8 @@
+ goto err;
+ }
+
++ or_port_hist_new(router);
++
+ if (!router->platform) {
+ router->platform = tor_strdup("<unknown>");
+ }
+Index: src/or/router.c
+===================================================================
+--- src/or/router.c (revision 17104)
++++ src/or/router.c (working copy)
+@@ -1818,6 +1818,7 @@
+ char published[ISO_TIME_LEN+1];
+ char digest[DIGEST_LEN];
+ char *bandwidth_usage;
++ char *blocked_ports;
+ int result;
+ size_t len;
+
+@@ -1825,7 +1826,6 @@
+ extrainfo->cache_info.identity_digest, DIGEST_LEN);
+ format_iso_time(published, extrainfo->cache_info.published_on);
+ bandwidth_usage = rep_hist_get_bandwidth_lines(1);
+-
+ result = tor_snprintf(s, maxlen,
+ "extra-info %s %s\n"
+ "published %s\n%s",
+@@ -1835,6 +1835,16 @@
+ if (result<0)
+ return -1;
+
++ blocked_ports = or_port_hist_get_blocked_ports();
++ if (blocked_ports) {
++ result = tor_snprintf(s+strlen(s), maxlen-strlen(s),
++ "%s",
++ blocked_ports);
++ tor_free(blocked_ports);
++ if (result<0)
++ return -1;
++ }
++
+ if (should_record_bridge_info(options)) {
+ static time_t last_purged_at = 0;
+ char *geoip_summary;
+Index: src/or/circuitbuild.c
+===================================================================
+--- src/or/circuitbuild.c (revision 17104)
++++ src/or/circuitbuild.c (working copy)
+@@ -62,6 +62,7 @@
+
+ static void entry_guards_changed(void);
+ static time_t start_of_month(time_t when);
++static int num_live_entry_guards(void);
+
+ /** Iterate over values of circ_id, starting from conn-\>next_circ_id,
+ * and with the high bit specified by conn-\>circ_id_type, until we get
+@@ -1627,12 +1628,14 @@
+ smartlist_t *excluded;
+ or_options_t *options = get_options();
+ router_crn_flags_t flags = 0;
++ routerset_t *_ExcludeNodes;
+
+ if (state && options->UseEntryGuards &&
+ (purpose != CIRCUIT_PURPOSE_TESTING || options->BridgeRelay)) {
+ return choose_random_entry(state);
+ }
+
++ _ExcludeNodes = routerset_new();
+ excluded = smartlist_create();
+
+ if (state && (r = build_state_get_exit_router(state))) {
+@@ -1670,12 +1673,18 @@
+ if (options->_AllowInvalid & ALLOW_INVALID_ENTRY)
+ flags |= CRN_ALLOW_INVALID;
+
++ if (options->ExcludeNodes)
++ routerset_union(_ExcludeNodes,options->ExcludeNodes);
++
++ or_port_hist_exclude(_ExcludeNodes);
++
+ choice = router_choose_random_node(
+ NULL,
+ excluded,
+- options->ExcludeNodes,
++ _ExcludeNodes,
+ flags);
+ smartlist_free(excluded);
++ routerset_free(_ExcludeNodes);
+ return choice;
+ }
+
+@@ -2727,6 +2736,7 @@
+ entry_guards_update_state(or_state_t *state)
+ {
+ config_line_t **next, *line;
++ unsigned int have_reachable_entry=0;
+ if (! entry_guards_dirty)
+ return;
+
+@@ -2740,6 +2750,7 @@
+ char dbuf[HEX_DIGEST_LEN+1];
+ if (!e->made_contact)
+ continue; /* don't write this one to disk */
++ have_reachable_entry=1;
+ *next = line = tor_malloc_zero(sizeof(config_line_t));
+ line->key = tor_strdup("EntryGuard");
+ line->value = tor_malloc(HEX_DIGEST_LEN+MAX_NICKNAME_LEN+2);
+@@ -2785,6 +2796,11 @@
+ if (!get_options()->AvoidDiskWrites)
+ or_state_mark_dirty(get_or_state(), 0);
+ entry_guards_dirty = 0;
++
++ /* XXX: Is this the place to decide that we no longer have any reachable
++ guards? */
++ if (!have_reachable_entry)
++ or_port_hist_search_again();
+ }
+
+ /** If <b>question</b> is the string "entry-guards", then dump
+
Property changes on: tor/trunk/doc/spec/proposals/156-tracking-blocked-ports.txt
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Name: svn:eol-style
+ native