#27841: Close intro circuit after introduction has been completed --------------------------+---------------------------------- Reporter: asn | Owner: neel Type: defect | Status: new Priority: Medium | Milestone: Tor: unspecified Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs dos | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+---------------------------------- Changes (by asn):
* status: needs_information => new Comment: Replying to [comment:7 dgoulet]: > Yes client side we are fine. I think this ticket was more on the introduction point side? > > Now I just realized something that is maybe bad in v3 (not in v2). > > See `handle_introduce1()` (hs_intropoint.c). Notice at the end that we only close the circuit if we send a NACK but not a ACK. Actually, it should be the opposite! The reason is that if you ACK, then the client will close that circuits so instead of waiting for another round trip for the DESTROY cell, the IP can just send it after the ACK and the client will likely close it much faster. > > Now, why we shouldn't close with a NACK? Because, in case of a NACK, the client will use the same circuit to re-extend to a new IP. If the current IP is closing the circuits, that re-extend is most likely failing... So the whole "reextend on NACK" optimization is rendered useless by closing the circuit on NACK on the intro side. > > To summarize (all of this intro point side): > > * Close circuit on ACK > * Keep circuit on NACK. > > Thoughts? Hm, that's interesting. I think your suggestion makes sense! However, I think it would be great after we write this patch, we also test that this "reextend on NACK" optimization works as intended. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27841#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs