Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by asn):

 Replying to [comment:21 nickm]:
 > Going to suggest "no backport" here. Any objections?

 Agreed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by nickm):

 Going to suggest "no backport" here. Any objections?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by dgoulet):

 * milestone:  Tor: 0.4.0.x-final => Tor: 0.3.4.x-final


Comment:

 Merged into 035 and master.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by asn):

 LGTM!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => merge_ready


Comment:

 Big thanks neel!

 ACK.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by neel):

 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by neel):

 A PR based on `maint-3.3` which includes your suggestions is here:
 https://github.com/torproject/tor/pull/487

 If you want it based on `master`, tell me and I can base the patch off
 that instead.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
-+-
 Reporter:  asn  |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs dos 033-backport, |  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => needs_revision
 * keywords:  tor-hs dos => tor-hs dos 033-backport, 034-backport


Comment:

 So this is a fix that probably applies back to 0.3.2.1-alpha I believe.
 Meaning the changes file is wrong and the branch should be based on
 maint-0.3.3 because I realized we are most likely to backport this fix
 since the re-extend optimization is busted.

 Now, on another note, I've discuss it with arma further on IRC and maybe
 actively closing the circuit is not ideal as in "we want to let the client
 decide what to do".

 Thus, it would simplify the patch, we just need to NOT close the circuit
 on NACK and that is it. We'll backport that fix.

 Sorry neel for the confusion. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by neel):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * milestone:  Tor: unspecified => Tor: 0.3.6.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by neel):

 PR is here: https://github.com/torproject/tor/pull/426

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * status:  new => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by asn):

 * status:  needs_information => new


Comment:

 Replying to [comment:7 dgoulet]:
 > Yes client side we are fine. I think this ticket was more on the
 introduction point side?
 >
 > Now I just realized something that is maybe bad in v3 (not in v2).
 >
 > See `handle_introduce1()` (hs_intropoint.c). Notice at the end that we
 only close the circuit if we send a NACK but not a ACK. Actually, it
 should be the opposite! The reason is that if you ACK, then the client
 will close that circuits so instead of waiting for another round trip for
 the DESTROY cell, the IP can just send it after the ACK and the client
 will likely close it much faster.
 >
 > Now, why we shouldn't close with a NACK? Because, in case of a NACK, the
 client will use the same circuit to re-extend to a new IP. If the current
 IP is closing the circuits, that re-extend is most likely failing... So
 the whole "reextend on NACK" optimization is rendered useless by closing
 the circuit on NACK on the intro side.
 >
 > To summarize (all of this intro point side):
 >
 > * Close circuit on ACK
 > * Keep circuit on NACK.
 >
 > Thoughts?

 Hm, that's interesting.

 I think your suggestion makes sense!

 However, I think it would be great after we write this patch, we also test
 that this "reextend on NACK" optimization works as intended.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+---
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by dgoulet):

 * cc: asn (added)
 * status:  assigned => needs_information


Comment:

 Yes client side we are fine. I think this ticket was more on the
 introduction point side?

 Now I just realized something that is maybe bad in v3 (not in v2).

 See `handle_introduce1()` (hs_intropoint.c). Notice at the end that we
 only close the circuit if we send a NACK but not a ACK. Actually, it
 should be the opposite! The reason is that if you ACK, then the client
 will close that circuits so instead of waiting for another round trip for
 the DESTROY cell, the IP can just send it after the ACK and the client
 will likely close it much faster.

 Now, why we shouldn't close with a NACK? Because, in case of a NACK, the
 client will use the same circuit to re-extend to a new IP. If the current
 IP is closing the circuits, that re-extend is most likely failing... So
 the whole "reextend on NACK" optimization is rendered useless by closing
 the circuit on NACK on the intro side.

 To summarize (all of this intro point side):

 * Close IP on ACK
 * Keep circuit on NACK.

 Thoughts?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by neel):

 Thanks for the feedback.

 I looked at `handle_introduce_ack_success()` and found this code:
 {{{
  end:
   /* We don't need the intro circuit anymore. It did what it had to do! */
   circuit_change_purpose(TO_CIRCUIT(intro_circ),
  CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
   circuit_mark_for_close(TO_CIRCUIT(intro_circ),
 END_CIRC_REASON_FINISHED);

   /* XXX: Close pending intro circuits we might have in parallel. */
   return;
 }}}

 Isn't this already being done after the first comment above (or in
 `handle_introduce_ack_success()`)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 Hey neel. I think that's not right. We want the service to keep its intro
 circuits open so that it receives multiple introductions through them.

 On the other hand, on the client-side, after the client completes the
 introduction with the service, we want the client to close the client-side
 part of the introduction circuit.

 So in `C <-> IP <-> HS` we want the link from `C` to `IP` to close after
 the introduction has been completed. Good luck! :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 Hey neel, currently stuck in post-meeting backlog. Will try to get to this
 late next week. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by neel):

 Never mind Comment 2. After reading rend-spec-v2.txt in torspec, I think
 it should be done in `hs_service_receive_intro_established()` instead. Is
 this correct?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by neel):

 Should I close the intro circuit once `INTRODUCE2` cells have been parsed
 and processed? If so, is `hs_circ_handle_introduce2()` a good place to
 close the intro circuits?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+--
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * status:  new => assigned
 * cc: neel (added)
 * owner:  (none) => neel


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs