[tor-dev] Hidden Services and IP address changes

Martin Florian florian at kit.edu
Thu May 21 11:16:05 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everyone,

I think I've found one or more bugs that appear when Tor clients
hosting HSes change their IP address during operation. I'm slightly
overwhelmed from reading the Tor source code and not sure how to best
fix them.

The central issue that I discovered can be reproduced like this
(assuming Tor clients A, B and C):
1. (Setup) A hosts the HS X and A, B and C are all booted up.
2. B connects to X - it works!
3. A changes its IP address.
4. B tries to talk to X again - doesn't work!
5. C tries to talk to X (for the first time) - works like a charm (so
X IS working)

I digged through the Tor log and source code and have now arrived at
following hypothesis for why this particular error happens:
- - after A changes its IP addresses, it never establishes a circuit to
the old RP with B again.
- - B, on the other hand, keeps trying to talk with A through that RP,
saying that it is an "Active rendezvous point". B never stops trying
to use that RP.

So, they appear to be two sides to this:
a) A not notifying B or the RP about its IP address change.
b) B not considering the possibility that the RP might not be active
anymore.

b) seems easier to fix. Some logic needs to be included for forgetting
about RPs that have failed once. I identified
connection_ap_expire_beginning() as one potential place to do this. Am
I on the right track? Is this a good idea? And how do I forget about
RPs? These are some of the questions I'm struggling with...

I should also probably open a bug report, but I thought I might first
ask for some advice here.

Thanks,
Martin

PS: Why this is important: HSes/Onion services running on mobile
devices will very often have to deal with IP address changes. I'm
thinking about applications like Briar or our own hacky attempts to
enable generic P2P application development on top of Tor hidden
services (https://github.com/kit-tm/PTP).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVXb5wAAoJEK5sDRyGnIFfbbYP/1gi6A/wZFhQfr6IRG4F1jBT
c2/euGqiLG1rrqh5inTzrSIrHU0cm6FBxrtfB4egUO8+saVouhDrsgVQIF/y7nK0
f754Bcx9w3/a9hDK3L0iUtsYguMMTPOeWeCCdAxblYZWhKF3bxu9qwVsNqtVUUIm
Oz1WLl4N++Pf9v09LRaDR7JaL9Ts7aJ3sEIWLjuntgEoS9sJaWmUjdVZZCjdWAOF
S2FM6O1SE2V8xiMFjFOEmabWYUigrVZu2qk9/XpWeMDeNNIT57URZ2R0gKxjxLEl
c5/+KawvSFGVKeoyTM+xys3UcO2IvnKxL43M2pocO5UX9TZv0iyrx1YRoTPEq3D5
HoOEX3Q0wlk6aJ3qqGFb2nNwr4n18k4IvdopCPkGvMBUuflcD77ug42k7TDEgXWD
yJqBfxQE8l+p7QZ+kpHajdSmMtKzdjbYyuA4l1/FUskHQfX1fg2WyHQSdZR9Dxni
GZJdnHOdN6f5T2lUVCuP4ZWlkHJ/HEPYWT7BOxRwyCbI6ViHZUIqJA8q1EPYGwP5
MOkSsx4diFS+RxAxb/vcudalOT8gIuszYsUImM1o2yzSpZ1faBuv1WCbdQ4qVcm8
XUrxSJCrX6qaY/ZxovWWnggYK9w2CgLDEHfeY39VRwLjDiOi85JWhGBvvtyGb84v
WJvzKA4thqQ+JQEsR24+
=JxdI
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list