[tor-bugs] #21446 [Core Tor/Tor]: Number of Introduction Points for a (SingleOnion?) HS seems variable, or degrades with time

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 2 02:43:20 UTC 2017 

#21446: Number of Introduction Points for a (SingleOnion?) HS seems variable, or
degrades with time
--------------------------+------------------------------------
 Reporter:  alecmuffett   |          Owner:
     Type:  defect        |         Status:  needs_information
 Priority:  Medium        |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.9.9
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Just to clarify: are these descriptors created using OnionBalance, or
 using Tor?

 Here's what I think is happening:

 '''Issue 1: 5 minute delay before intro circuits are checked'''

 When a hidden service starts, rend_consider_services_intro_points() builds
 `HiddenServiceNumIntroductionPoints + NUM_INTRO_POINTS_EXTRA` introduction
 points.

 When `HiddenServiceNumIntroductionPoints` is between 8 and 10, this means
 that when rend_consider_services_intro_points() next runs, it checks if it
 has built more than MAX_INTRO_CIRCS_PER_PERIOD (10), and then ignores this
 service for INTRO_CIRC_RETRY_PERIOD (5 minutes). Only then will it check
 any of the circuits for failure.

 A similar issue can happen when the number of circuits opened over 5
 minutes due to retries, failures (node down), and expiries exceeds 10.
 There can be up to 3 retries if a node is in the consensus, but refusing
 connections.

 Expiry is triggered after an intro point handles
 INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS (16384). If you have a million
 monthly users, you could be rotating introduction points on the order of
 every hour (they expire after 18-24 hours anyway).

 This bug and the scale of your site exacerbate the next issue:

 '''Issue 2: Intro point count can become stale'''

 Just before a hidden service descriptor is rebuilt,
 rend_consider_services_upload() checks if there are enough intro points
 using count_established_intro_points(). This uses circuit_established,
 which is set in rend_service_intro_established(), and cleared in
 rend_consider_services_intro_points(). Due to the first issue, clearing
 this flag can take up to 5 minutes.

 rend_consider_services_upload() then calls
 rend_service_update_descriptor(), which does the descriptor update. It
 uses find_intro_circuit(), which checks for *current* intro circuits
 before adding them to the descriptor, rather than using
 circuit_established.

 '''Further Questions'''

 I wonder whether your service is failing a lot of connections: that could
 make the above issues worse.

 I also wonder whether the load your service places on some intro points
 makes them start dropping connections. This would cause an increased
 number of retries.

 I wonder if we should delay between retries, rather than trying at 0, 1, 2
 seconds, then giving up.

 And I'd still like to see those logs.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21446#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list