[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17178 [Tor]: Rendezvous Single Onion Services: One-Hop Intro Point and Rendezvous
#17178: Rendezvous Single Onion Services: One-Hop Intro Point and Rendezvous
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: enhancement | Status:
Priority: High | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: 028-triaged, tor-hs, | Version:
TorCoreTeam201602 | Resolution:
Parent ID: | Actual Points:
Sponsor: SponsorU | Points: large
-------------------------------------------------+-------------------------
Changes (by teor):
* status: needs_revision => needs_review
Comment:
Please see my branch feature-17178-rsos:
Added 5de1055acb37f9a448ef6e769a5587c9d00441e7 as a fixup for
f519c356a17afec8dd732ec2e46315c5576283d0:
Make tor_addr_is_multicast accessible in address.h.
Replying to [comment:38 dgoulet]:
> commit ce251ea5e7d98a8e46079f2733006f8e718717d8
>
> * This should be a `static const char *`. It's not required but imo we
should use type as much as we can which is much more helpful on the
compiler side.
>
> {{{
> #define RSOS_POISON_FNAME "non_anonymous_hidden_service_rsos"
> }}}
>
> If you really don't want to, that's fine but the `tor_asprintf` doesn't
need to use `%s` for it. Same for `PATH_SEPARATOR`. (`tor_asprintf(&fname,
"%s" PATH_SEPARATOR ...)`)
Fixed in 30969ca2abec80ebacb585767a88915a53293c01.
> * Nitpick: You can use `tor_free(poison_fname);` once after
`file_status()` is called. Avoid two of them.
Fixed in 30969ca2abec80ebacb585767a88915a53293c01.
> commit ff63c64c9cdebb7ea50354a3e72cb57758f9f939
>
> * Hrm that commit simply return 0. Can't we flag the HS that it's
actually in RSOS mode? By that I mean, can we have two ephemeral HS, one
in RSOS and the other one not ?
No, we decided that was a bad design, as the non-anonymous RSOS could
expose the anonymous HS.
Whenever RSOS is set, it applies to all configured services.
> commit 1e0b54feb5629eb85e9b365db684e1df8073a516
>
> * `rend_allow_direct_connection()` comment mentions: "Returns true in
Tor2web and RSOS modes.". But the code return 1 if one of them is enabled,
not both. So I'm guessing typo here.
One of the glorious ambiguities of English. I meant: "Returns true in
Tor2web mode and returns true in RSOS mode."
Fixed in 70f44487b8ecdeef09681f02068ac30b6643a0e5.
> commit 80a041b9740fa69126f40ddc1c8bba9555c8a08b
>
> * In `rend_client_get_random_intro_impl()`, this is added:
> {{{
> - new_extend_info = extend_info_from_node(node, 0);
> + new_extend_info = extend_info_from_node(node,
> +
rend_allow_direct_connection(options));
> }}}
>
> This is somehow worrying me. I get the Tor2Web mode but what if I use
my HS server as a client, I loose anonymity? Am I seeing that right?
>
> Same goes in `find_rp_for_intro()`, if the HS is somehow compiled with
`NON_ANONYMOUS_MODE_ENABLED` (Tor2Web), it goes to the RP/IP with one hop?
I think that you're right, if you use a Tor2web client with a HS, or run a
standard tor client as a RSOS, you lose anonymity.
So let's prevent that. See bae2a4de61d6d440840411fb992ffc72ad04c660.
For the record, these code changes only control how the node's address is
selected.
(In #17840, we change extend_info_from_node() to select addresses based on
ReachableAddresses, ClientUseIPv4/6 and ClientPreferIPv6OR/DirPort.)
It's the code like this that makes the connections one-hop:
{{{
if (rend_allow_direct_connection(options)) {
flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL;
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17178#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs