[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection

Subject: Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 24 Nov 2015 02:26:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 23 Nov 2015 21:26:57 -0500
In-reply-to: <049.9b547bf776b3f3775098640c9c4bf781@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.9b547bf776b3f3775098640c9c4bf781@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17604: Try to use only one canonical connection
-----------------------+------------------------------
 Reporter:  mikeperry  |          Owner:  mikeperry
     Type:  defect     |         Status:  needs_review
 Priority:  Medium     |      Milestone:
Component:  Tor        |        Version:
 Severity:  Normal     |     Resolution:
 Keywords:             |  Actual Points:
Parent ID:  #16861     |         Points:
  Sponsor:             |
-----------------------+------------------------------

Comment (by teor):

 This patch looks good overall.

 Just a few questions:

 channel_check_for_duplicates() says:
 {{{
 This function is similar to connection_or_set_bad_connections(),
 and probably could be adapted to replace it, if it was modified to
 actually
 take action on any of these connections.
 }}}
 Are we waiting to see what it logs before using it to replace
 connection_or_set_bad_connections()?

 Replying to [comment:4 mikeperry]:
 > Oh, it also turns out that we're already vulnerable to the attack in
 comment:1, because all a rogue node has to do is list its rogue address in
 its NETINFO cells, and it gets marked canonical. It is only non-canonical
 connections that get their real_addr checked by
 channel_tls_matches_target_method(). Do we care about that? I did not
 change that behavior in this patch at all. I merely noted the issue with
 an XXX in the source.

 Can we check real_addr for all connections?
 Will it take a long time to code up?
 Does it impact performance?

 And a nitpick:

 In check_canonical_channels_callback:
 * I think public_server_mode(options) is the standard way of saying
 `!options->BridgeRelay && server_mode(options)`. I think they do the same
 thing, but it might be worth checking.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17604#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
Next by Author: Re: [tor-bugs] #17663 [Tor]: Add SHA512 support in crypto.c
Previous by thread: Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
Next by thread: [tor-bugs] #17605 [Tor]: Tell caches to remove X-Your-IP-Address-Is from Tor Directory documents
Index(es):
- Author
- Thread