[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Potential regression when binding sockets to interface without default route



Hello,

On 9/19/2016 4:14 PM, René Mayrhofer wrote:
[SNIP]
> Problem: This worked nicely with Tor 0.2.5.12-1 on Debian Jessie. We
> upgraded about two weeks ago to 0.2.8.7-1 from the Tor apt repositories
> (mostly in response to
> https://blog.torproject.org/blog/tor-0287-released-important-fixes as a
> wakeup call that we were using old versions from Debian main). At first,
> it seemed to work well enough, but then the holidays came and we didn't
> actively watch it for the next week....
> Now with 0.2.8.7-1, the traffic sent to our node started declining until
> it vanished completely. After a bit of debugging and rolling back to
> 0.2.5.12-1 (which is now active on our node as of a few hours ago,
> slowly approaching the 200MBit/s again), it seems that we discovered a
> regression concerning the handling of sockets. I can best summarize it
> with the relevant torrc config options and startup log lines from both
> versions:
> 
> root@tor2 ~ # grep 193.171.202 /etc/tor/torrc
> ORPort 193.171.202.146:9001
> ORPort 193.171.202.146:443
> OutboundBindAddress 193.171.202.150
> DirPort 193.171.202.146:9030
> 

Yes this is an issue for how we guess Address in some cases. It was
initially reported here:

https://trac.torproject.org/projects/tor/ticket/13953

We made the first step towards fixing it (nice patch by teor) and now we
log a warning when the address we listen on does not match the one in
the descriptor, and the self test doesn't pass so descriptor is not
published at all.

We will fix this entirely in this ticket:
https://trac.torproject.org/projects/tor/ticket/19919

Where we will use the first explicit public IP address configured with
ORPort that we listen on as being Address.

I wanted to create a separate ticket for doing the same with
OutboundBindAddress (use the first explicit public IP address configured
with ORPort that we listen on as being OutboundBindAdress) -- but I see
in your setup this would not fix it anyway, so we will leave it aside
for the moment. I think OutboundBindAddress overwrites Address for
outgoing connections, so unless otherwise configured OutboundBindAddress
== Address.

Thanks for running Austria's fastest exit -- this rocks!

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev