[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #29786 [Core Tor/Tor]: Path bias circuits can still have cells pending
#29786: Path bias circuits can still have cells pending
------------------------------+--------------------
Reporter: mikeperry | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-hs
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
In #25773, we realized that half-closed connections need to be checked for
extra cells when the circuit has been switched to path bias testing. The
checks were added to the top of circuit_receive_relay_cell(), by calling
pathbias_check_probe_response() to check if the path bias probe was
correct, and if not, we call pathbias_count_valid_cells() to check if the
cell is from a previous half-closed connection.
In https://github.com/mikeperry-tor/vanguards/issues/37, we learned that
path bias circuits can still have a pending cell for onion services. In
particular, there can be outstanding cells for
RELAY_COMMAND_INTRO_ESTABLISHED, RELAY_COMMAND_RENDEZVOUS_ESTABLISHED, and
RELAY_COMMAND_INTRODUCE_ACK, depending on circuit type.
There's sloppy ways to fix this, which are easy (just hack
pathbias_count_valid_cells() to allow 1 cell for those circuit types) and
precise ways (actually track if the pending cell has been received or not
before and after path bias transition).
We should probably fix this the precise way, and just implement the hacky
workaround in vanguards for now.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29786>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs