[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Why is my bridge not publishing statistics?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Why is my bridge not publishing statistics?
From: Roger Dingledine <arma@xxxxxxx>
Date: Sat, 6 May 2017 03:41:28 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 06 May 2017 03:42:43 -0400
In-reply-to: <20170505233052.2m33ewo6c5c6ueoh@bamsoftware.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20170505233052.2m33ewo6c5c6ueoh@bamsoftware.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Fri, May 05, 2017 at 04:30:52PM -0700, David Fifield wrote:
> But if it's the case that an unreachable ORPort causes descriptors not
> to be uploaded, then why do the default obfs4 bridges appear in Atlas?

Tor relays (and bridges) test their reachability by making circuits
that loop back to themselves, and they consider themselves reachable
when an incoming connection sends a create cell (see the end of
onionskin_answer()).

You might think that these two actions are more connected, i.e. that
it needs to be one of the loop circuits that sends the create cell,
but no, they're completely disconnected. So the relay (or bridge)
can launch all the loop circuits it wants, and they can all fail, but
if something causes an incoming connection that sends a create cell,
it will happily conclude that it's reachable.

So it's likely that the reason the default bridges are publishing to
the bridge authority is because somebody used them via obfs4, at which
point they decided they were reachable, at which point they decided it
was cool to publish.

You're right that this is a fragile situation. Maybe we should recommend
that if you firewall your ORPort, you also set "AssumeReachable 1"
in your torrc?

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Why is my bridge not publishing statistics?
  - From: David Fifield

References:
- [tor-dev] Why is my bridge not publishing statistics?
  - From: David Fifield

Prev by Author: Re: [tor-dev] onionoo.tpo hardly reachable
Next by Author: Re: [tor-dev] Open topics of prop247: Defending Against Guard Discovery Attacks using Vanguards
Previous by thread: [tor-dev] Why is my bridge not publishing statistics?
Next by thread: Re: [tor-dev] Why is my bridge not publishing statistics?
Index(es):
- Author
- Thread