[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #7691 [Tor]: Path bias code should probe unusable circuits
#7691: Path bias code should probe unusable circuits
-----------------------------+----------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: MikePerry201212 | Parent:
Points: | Actualpoints:
-----------------------------+----------------------------------------------
There are a couple of cases where the path bias "use" accounting from
#7440 can run into issues. In particular, circuits used in attempts to
connect to unresponsive external hosts are indistinguishable from
malicious failure. Also, cannibalized circuits have a similar problem, in
that they are technically immediately "dirty" but they are actually
unused.
So the plan is to issue a probe RELAY_BEGIN cell upon circuit close to an
internal address such as 0.a.b.c:25. This will cause well-behaved exit
nodes to kick us an EXITPOLICY RELAY_END cell back, which we can then use
to declare the circuit as functional, avoiding the path bias false
positive.
For some additional best-practice checks, we should perhaps locally track
the a.b.c tuple for each probe to ensure it is the same in the response
(yes, the IP is echoed, but not the port), and we should ensure no other
unexpected/corrupted RELAY cells arrive on that same circuit, otherwise we
should close it and mark it failed. Hopefully this latter property is
already always enforced. If not, we should probably enforce it while we're
at it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7691>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs