[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed
#27841: Close intro circuit after introduction has been completed
--------------------------+-----------------------------------
Reporter: asn | Owner: neel
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs dos | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-----------------------------------
Changes (by dgoulet):
* cc: asn (added)
* status: assigned => needs_information
Comment:
Yes client side we are fine. I think this ticket was more on the
introduction point side?
Now I just realized something that is maybe bad in v3 (not in v2).
See `handle_introduce1()` (hs_intropoint.c). Notice at the end that we
only close the circuit if we send a NACK but not a ACK. Actually, it
should be the opposite! The reason is that if you ACK, then the client
will close that circuits so instead of waiting for another round trip for
the DESTROY cell, the IP can just send it after the ACK and the client
will likely close it much faster.
Now, why we shouldn't close with a NACK? Because, in case of a NACK, the
client will use the same circuit to re-extend to a new IP. If the current
IP is closing the circuits, that re-extend is most likely failing... So
the whole "reextend on NACK" optimization is rendered useless by closing
the circuit on NACK on the intro side.
To summarize (all of this intro point side):
* Close IP on ACK
* Keep circuit on NACK.
Thoughts?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27841#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs