Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17604: Try to use only one canonical connection
-----------------------+------------------------------
 Reporter:  mikeperry  |          Owner:  mikeperry
     Type:  defect     |         Status:  needs_review
 Priority:  Medium     |      Milestone:
Component:  Tor        |        Version:
 Severity:  Normal     |     Resolution:
 Keywords:             |  Actual Points:
Parent ID:  #16861     |         Points:
  Sponsor:             |
-----------------------+------------------------------

Comment (by teor):

 Replying to [comment:7 mikeperry]:
 > Replying to [comment:5 teor]:
 > > Replying to [comment:4 mikeperry]:
 > > > Oh, it also turns out that we're already vulnerable to the attack in
 comment:1, because all a rogue node has to do is list its rogue address in
 its NETINFO cells, and it gets marked canonical. It is only non-canonical
 connections that get their real_addr checked by
 channel_tls_matches_target_method(). Do we care about that? I did not
 change that behavior in this patch at all. I merely noted the issue with
 an XXX in the source.
 > >
 > > Can we check real_addr for all connections?
 > > Will it take a long time to code up?
 > > Does it impact performance?
 >
 > I think the main problem is that if we don't allow this netinfo
 mechanism, we need to find a different way for IPv6 connections to become
 'canonical'. If we do care about this (and maybe we do), I think it should
 probably be a different ticket to change this behavior. The right way to
 do it probably means checking that the netinfo cell stuff matches at least
 *something* from the descriptor. But maybe that will have other issues?
 Nick or Andrea probably need to chime in on that topic.

 I'm working on IPv6 client support at the moment. These sort of
 complexities are one of the reasons I don't even want to touch the IPv6
 server code.

 > > And a nitpick:
 > >
 > > In check_canonical_channels_callback:
 > > * I think public_server_mode(options) is the standard way of saying
 `!options->BridgeRelay && server_mode(options)`. I think they do the same
 thing, but it might be worth checking.
 >
 > Fixed in another fixup commit.

 The fixups all look good.

 Are we going to merge this? (Pending comment from Nick or Andrea on
 canonical IPv6 connections.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17604#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs