[tor-bugs] #22689 [Core Tor/Tor]: hs: Stop rend and intro points being used as single hop proxies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 28 18:33:47 UTC 2018
#22689: hs: Stop rend and intro points being used as single hop proxies
--------------------------+------------------------------------
Reporter: teor | Owner: dgoulet
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: relay-safety | Actual Points:
Parent ID: #17945 | Points: 0.5
Reviewer: teor | Sponsor:
--------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:17 teor]:
> Replying to [comment:16 teor]:
> > v2 Intro:
> >
> > v2 Tor2web will extend to another intro point, and then succeed
because it's no longer a single hop path.
>
> The client will only extend if it thinks that the service isn't
connected to the intro point.
> So maybe we shouldn't close intro circuits, but we should force them to
extend instead?
In theory, just a NACK received by the client will make it reuse the
circuit and re-extend. See `handle_introduce_ack()`. This patch makes the
intro return `HS_CELL_INTRO_ACK_NORELAY` which triggers a re-extend. Same
goes for v2 in `rend_client_introduction_acked()`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22689#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list