date:20190923

Re: [tor-relays] possible interference between sbws and a libressl relay

2019-09-23 Thread teor

> On 24 Sep 2019, at 03:27, Felix  wrote:
> 
>> Am 2019-09-23 um 1:59 AM schrieb teor:
>> 
>> We need some more information to diagnose the issue, and answer these
>> questions:
>> 
>> * Is this issue reproducible?
> 
> In my Freebsd monoculture, yes. 20 guard relays shared the same history:
> 
> Tor versions Tor 0.4.0.5, 0.4.1.2-alpha, 0.4.1.3-alpha, all on LibreSSL
> 2.9.2. Running guard since >1 month before they all lost guard flags
> between 2019-08-15 10pm and 2019-08-16 1am.

How do you know it's LibreSSL, and not simply restarting the relays?

>> * Are all tor clients affected?
> 
> They became middle relays so I expect no client will connect (besides
> onion services?). But they were pushing a lot of data as middles.

Here's what I meant:

Are all Tor instances having trouble connecting to your relays, or just
some of them?

You've answered the question below.

>> * If only some tor clients are affected, why are they affected?
> 
> No idea, sorry.
> 
>> * Are all bandwidth authorities affected, or just the ones running sbws?
> 
> Short: Torflow is ok, sbws not

That's not quite accurate.

> Consensus for a relay with Libressl 292
>  maatu. (!running, fast, !guard, bw ok)

The authority on maatuska appears to be affected.

>  moria1 (running,  fast,  guard, bw ok)
>  farav. (running,  fast,  guard, bw ok)
>  longc. (running, !fast, !guard, no bw)
>  bastet (running, !fast, !guard, no bw)

The bandwidth authority clients on longclaw and bastet are affected.

> All relays w/o 292 received quickly running and fast from all bw auths,
> later guard.

Ok, so it does have something to do with LibreSSL. But we don't know
why some other Tor instances are having trouble connecting: because
it's not only sbws clients which are failing, it's authorities as well.

>> * Are these issues actually instances of know sbws bugs?
> 
> I don't think so.

It doesn't seem so either. This seems like a LibreSSL / Tor bug, not an
sbws bug.

> For further testing I keep the relays like this:
> 
> All the relays are on the same dedicated server
> 
> now working ok:
> 79D9E66BB2FDBF25E846B635D8248FE1194CFD26 Tor 0.4.1.6, OpenSSL 1.1.1d
> ACBBB426CE1D0641A590BF1FC1CF05416FC0FF6F Tor 0.4.1.5, OpenSSL 1.0.2s
> 9F5068310818ED7C70B0BC4087AB55CB12CB4377 Tor 0.4.1.6, LibreSSL 3.0.0
> 8FA37B93397015B2BC5A525C908485260BE9F422 Tor 0.4.1.5, OpenSSL 1.0.2t
> 
> suffering:
> ED7F2BE5D2AC7FCF821A909E2486FFFB95D65272 Tor 0.4.1.3-alpha, LibreSSL 2.9.2
> 
> 
> 
> I hope that helps. Please tell me how I can support.

Maybe there is a bug in LibreSSL 2.9.2 ?
Or a bug between that version and other SSL libraries?

Can you reproduce this issue using Tor Browser connecting to your
relays? If so, what do you see in your Tor logs?

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] possible interference between sbws and a libressl relay

2019-09-23 Thread Felix



Am 2019-09-23 um 1:59 AM schrieb teor:

Hi,


Hi


We need some more information to diagnose the issue, and answer these
questions:



* Is this issue reproducible?


In my Freebsd monoculture, yes. 20 guard relays shared the same history:

Tor versions Tor 0.4.0.5, 0.4.1.2-alpha, 0.4.1.3-alpha, all on LibreSSL
2.9.2. Running guard since >1 month before they all lost guard flags
between 2019-08-15 10pm and 2019-08-16 1am.



* Are all tor clients affected?


They became middle relays so I expect no client will connect (besides
onion services?). But they were pushing a lot of data as middles.



* If only some tor clients are affected, why are they affected?


No idea, sorry.



* Are all bandwidth authorities affected, or just the ones running sbws?


Short: Torflow is ok, sbws not

Consensus for a relay with Libressl 292
  maatu. (!running, fast, !guard, bw ok)
  moria1 (running,  fast,  guard, bw ok)
  farav. (running,  fast,  guard, bw ok)
  longc. (running, !fast, !guard, no bw)
  bastet (running, !fast, !guard, no bw)

All relays w/o 292 received quickly running and fast from all bw auths,
later guard.



* Are these issues actually instances of know sbws bugs?


I don't think so.



For further testing I keep the relays like this:

All the relays are on the same dedicated server

now working ok:
79D9E66BB2FDBF25E846B635D8248FE1194CFD26 Tor 0.4.1.6, OpenSSL 1.1.1d
ACBBB426CE1D0641A590BF1FC1CF05416FC0FF6F Tor 0.4.1.5, OpenSSL 1.0.2s
9F5068310818ED7C70B0BC4087AB55CB12CB4377 Tor 0.4.1.6, LibreSSL 3.0.0
8FA37B93397015B2BC5A525C908485260BE9F422 Tor 0.4.1.5, OpenSSL 1.0.2t

suffering:
ED7F2BE5D2AC7FCF821A909E2486FFFB95D65272 Tor 0.4.1.3-alpha, LibreSSL 2.9.2



I hope that helps. Please tell me how I can support.


--
Cheers, Felix
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] possible interference between sbws and a libressl relay (was: Measuring the Accuracy of Tor Relays' Advertised Bandwidths)

2019-09-23 Thread Toralf Förster

On 9/21/19 4:11 PM, Toralf Förster wrote:
> I upgraded LibreSSL from 2.9.2 to 3.0.0 here at a stable Gentoo Linux
> and got immediately from all IPv6 capable BW authorties the
> "ReachableIPv6" flag back at both affected relays.

Today one of 2 affected relays got its Gurad flag back. The other relay
was converted from LibreSSL 2.9.2 to 3.0.0 half a day later - will check
tomorrow its status.

-- 
Toralf



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] possible interference between sbws and a libressl relay

Re: [tor-relays] possible interference between sbws and a libressl relay

Re: [tor-relays] possible interference between sbws and a libressl relay (was: Measuring the Accuracy of Tor Relays' Advertised Bandwidths)

3 matches

Site Navigation

Mail list logo

Footer information