[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25347 [Core Tor/Tor]: Tor stops building circuits, and doesn't start when it has enough directory information



#25347: Tor stops building circuits, and doesn't start when it has enough directory
information
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  asn
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.0.6
 Severity:  Normal                               |     Resolution:
 Keywords:  031-backport, 032-backport,          |  Actual Points:
  033-must, tor-guard, tor-client, tbb-          |
  usability-website, tbb-needs,                  |
  033-triage-20180320, 033-included-20180320     |
Parent ID:  #21969                               |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mikeperry):

 Replying to [comment:28 asn]:
 > Replying to [comment:25 mikeperry]:
 > > A couple comments here:
 > >
 > > 1. We already treat non-destroy failures at the guard as rotate-away
 failures in circuit_build_failed(). Note that there is an explicit check
 to not blame the guard if circ->base_.received_destroy is set. If we
 remove that check in circuit_build_failed(), we should not need asn's
 patch, as the behavior would then be equivalent (or actually a superset,
 since it would cover all destroy reasons). (I think this is what arma
 meant in his point H?). This would be a simpler patch.
 > >
 >
 > Seems like a reasonable plan. Let's proceed like that.

 Ok. Note that after talking to arma, I decided to file #25705. In that
 refactor I could also fix this issue. I guess it depends on if we want to
 backport that.

 > > 2. Roger's point G is scary. I like the solution in E, though, and I
 think it actually fixes G. I would implement E by setting an is_predicted
 flag in circuit_predict_and_launch_new(), and then check that flag in
 select_entry_guard_for_circuit() to completely ignore the is_reachable
 status there if it is set. Then if any of those predicted circuits
 succeed, entry_guards_node_success() will get called, which will clear the
 is_uneachable flag and allow us to resume using the guard. For guards that
 fail only a non-zero but small portion of their circuits, this should
 allow us to keep using them rather than rotating away. I am a fan of this
 plan, and could write a patch for it if we like it.
 > >
 >
 > Hmm, I can see how the solution of E can help with G, by making Alice
 try her primary guards more aggressively in cases of predicted circuits,
 but if Alice is a busy hidden service (like Roger describes in E) most of
 her circs are not gonna be predicted.

 But a client/service will always keep building predicted circuits such
 that it has 3 of each type available. This means even a busy hidden
 service will keep making predicted circuits, which, any time they succeed,
 will reset the fact that the guard is reachable for use by other circuits.
 So, so long as some circuits are succeeding through that guard, the
 service should keep going back to it fairly quickly.

 > Furthermore, I wonder if it can completely address the problem in
 actually ''mischievous'' scenarios, where the adversary overloads all 3
 primary guards of Alice (targeting them using guard discovery attacks) to
 make her switch to other guards in her sampled set.

 This case is tricky. I am not sure what to do with predicted circuits if
 all primary guards get into the unreachable state. One option is to toss a
 coin and pick primary vs sampled for predicted circuits, if all primary
 are down.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25347#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs