tor-dev

tor-dev@lists.torproject.org

3581 discussions

Hidden services performance
by Petter Solberg 23 May '13

23 May '13

Hi. We are two master thesis students at the Norwegian University of Science and Technology (NTNU) which is looking into the performance of hidden services. We have already set up 19 physical Linux servers connected by gigabit Ethernet to be able to benchmark hidden services in a private tor network. We have also some public servers that we plan to utilize ( https://atlas.torproject.org/#search/disasterTor ). This mail is to inform you of our work and a request for ideas in where some bottlenecks are and if someone have done some previous research before. Without any modifications to Tor we have been able to have a throughput of 180Mb/s through a single hidden service. If you have some Ideas or a comment. Please reply. Regards Petter Solberg (pettso AT stud.ntnu.no ) & Bram Bezem ( bezem AT stud.ntnu.mo )

2 1

[Fwd: Welcome to the "tor-dev" mailing list]
by bones44x6013＠tormail.org 22 May '13

22 May '13

Hello again, Now that after several hours of work, we have come full circle back to the same email address I used for my original contacting you? I was not allowed to contact you through this address because I was not a registered user of this system? Now that I am a registered user of this system, I still have the same questions for you...Is this your most secure form of communication and is it safe for me to send you this information via a MS word document here through this email? This information should only be viewed by top Tor Developers and Management it is not meant for general discussion or a general discussion board viewing. This is the reason for my asking again about this again. I am providing you with a new technique for the secure communications of bridge address network locations. This method is proven and will work for you. Bones44 ---------------------------- Original Message ---------------------------- Subject: Welcome to the "tor-dev" mailing list From: tor-dev-request(a)lists.torproject.org Date: Wed, May 22, 2013 4:25 pm To: bones44x6013(a)tormail.org -------------------------------------------------------------------------- Welcome to the tor-dev(a)lists.torproject.org mailing list! To post to this list, send your email to: tor-dev(a)lists.torproject.org General information about the mailing list is at: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: https://lists.torproject.org/cgi-bin/mailman/options/tor-dev/bones44x6013%4… You can also make such adjustments via email by sending a message to: tor-dev-request(a)lists.torproject.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: zenuokna Normally, Mailman will remind you of your lists.torproject.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you.

2 1

Move RecommendedTBBVersions from check.torproject.org to www.torproject.org
by Micah Lee 22 May '13

22 May '13

I just opened a ticket for this: https://trac.torproject.org/projects/tor/ticket/8940 Right now the way to check for the current TBB version is by loading https://check.torproject.org/RecommendedTBBVersions. It would be really helpful if there were a way to check the current version of TBB from a URL at https://www.torproject.org/. The main website has a .onion address, and all of the Tor mirrors listed at https://www.torproject.org/getinvolved/mirrors.html.en are mirrors of the main site, not check. So if you want to only use the hidden service or only use a mirror (because *.torproject.org is blocked on your network), there's no way to easily know the current recommended version. -- Micah Lee @micahflee

1 0

building from source in a 64-bit windows environment..
by not me 20 May '13

20 May '13

Hi, It seems fairly self-evident that tor hasn't been build for 64-bit windows and questionable whether it's ever been built in an environment that doesn't utilize mingw. There are literally hundreds of thousands of warnings about integer truncation, at least some of which seem somewhat problematic (64-bit pointer being stored in a 32-bit integer (why?! why?!)), a small amount of signed/unsigned comparisons or sign extensions, and a bunch of calls to functions without including the proper header files or using the correct function name ('open()' vs '_open()' without including io.h) and so on. This of course is ignoring all the calls to str{,n}cpy/{v,}s{,n}printf/etc and posix function names long since deprecated (fileno() vs _fileno()) and so on. Errors relating to MSVC finally including a stdint header (cstdint) and typedef's for intptr_t not producing the right size primitive, etc. I realize that many/most/all of the developers here are going to see no problem with using mingw, but if you spend some time looking underneath the hood and reviewing the code generated by mingw v. msvc both in terms of security features and general performance, I can't feel that its a prudent or responsible choice to produce anything under windows using GNUs development tools. So I'd prefer to just eliminate all such 'fixes'. Moving to 32-bit isn't an option either, I'd have to switch out far too many dependencies that frankly are a bit more important, and well I need 64-bit for some aspects and it's only been a decade since AMD released their first 64-bit chip. So, has anyone out there successfully built tor with a 64-bit msvc, and if so, you don't happen to have a list of voodoo tricks you performed or a diff or similar? Thanks.

6 22

RFC patch: systemd socket activation
by Marti Raudsepp 20 May '13

20 May '13

Hi list, The attached patch implements support for systemd socket activation. For people who don't know what that is: systemd is an "init" system for Linux. Socket activation means that systemd binds all the sockets in advance, and only spawns Tor once somebody attempts to connect. More information here: http://0pointer.de/blog/projects/socket-activation.html I rarely use Tor, so there's no reason to have it running all the time (wasting battery on my laptop), but it's also annoying to launch it manually every time. Socket activation is ideal for this use case. There are 3 changes to the startup process: 1. Before loading the configuration, Tor identifies all sockets passed in by systemd and creates pending_socket_t objects. I considered reusing connection_t, but that seemed to require way more modification to the code. 2. After parsing configuration, when Tor would otherwise create new listeners, it first tries to match up the address/port to existing pending sockets. If a pending socket does not match, it opens a new one as usual. 3. After configuration parsing is done, Tor closes all remaining unmatched systemd sockets and logs a warning for each one. This infrastructure can also be used to support "launch-on-demand" with launchd on OS X, but I have no experience with that. Known problems: * TCP and UDP sockets work, but Unix sockets are not currently yet implemented. * It's impossible to support hibernation as is for systemd sockets -- the systemd daemon still keeps a reference to the listener socket even after we close it, and it's impossible to re-bind the port later. * Closing unmatched sockets is a bad idea for the same reason: systemd still keeps it open and connections hang forever. Perhaps a better solution is to keep the socket and simply reject all connections, ditto hibernating connections? I have added the source of sd-daemon.c into Tor -- it's easier to manage this way and we don't introduce any new library dependencies (it's 804 LoC total). This approach is also encouraged by systemd itself. The code turns into a no-op when built on Windows. Full patch is attached, also available as individual commits from my GitHub clone (branch "systemd"): https://github.com/intgr/tor/tree/systemd Regards, Marti

3 4

Re: [tor-dev] Questions pertaining to client to directory authority
by Jon Smithe 20 May '13

20 May '13

Hello, I receive a daily digest, so I am replying to everything at once. > http, https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt > > section 1 line 184 "All directory information is uploaded and > downloaded with HTTP." > > If you search through the document for http, you will find most of the > uris and related info youre looking for. Well look at that, thank you. That's what I get for skimming a bit too much. > From: Roger Dingledine <arma(a)mit.edu> > To: tor-dev(a)lists.torproject.org > Subject: Re: [tor-dev] Questions pertaining to client to directory > authority communications > Message-ID: <20130519212036.GK31806(a)moria.seul.org> > Content-Type: text/plain; charset=us-ascii [...] > Yeah -- I'm afraid there's a lot to learn at this point. Perhaps when > you figure out the bootstrapping process to your satisfaction, you'll > write up a summary and then we can correct it as needed and have a better > answer for the next person? As pointed out above, I missed some things while reading the specifications, I hadn't quite made it to the bottom of the 3rd version of the directory spec, which is where all the URIs are and is largely what I was looking for. Piecing together all of the URIs and their exact contexts through the code was proving to be daunting, although surprisingly I got most of what I was looking for correctly. Either way, assuming I feel like I understand things well enough to explain them at some point, I would think at least throwing together some type of flow diagram would be fairly painless and I imagine others would indeed benefit from it. For anyone reading this in the interim, I actually found starting with the v1 specification and working towards the v3 was beneficial. I imagine a lot is outdated, but it somehow managed to make me take note of other things I had missed in the v3 spec. > Each directory authority actually has two ports baked into Tor. E.g., > "moria1 orport=9101 no-v2 " > "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " > "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", > > has 9131 as its DirPort (answering naked http requests), and 9101 as > its ORPort (doing the Tor TLS handshake). Note that clients by default > connect to the ORPort and then tunnel their http request through it > (see the 'begindir' relay cell command), both for authentication and to > prevent simple DPI-based blocking. Aha, so I imagine with moria1 the issue is that I'm connecting directly to port 9131 instead of tunneling it through the ORPort. I just retested to make sure I hadn't lost my mind and indeed directly connecting to port 9131 eventually just returns a single byte ('\0'). This seems to be the case with turtles as well, however the other authorities that serve the dirport over the traditional HTTP port (80) seem to not have this authentication/DPI evasion behavior. > That's for asking v2 directory questions, not v3. > > We disabled it because of > https://trac.torproject.org/projects/tor/ticket/6783 I suspected that might be the case. Thanks for the answer. > Building what basically amounts to a botnet of old Tors, all clamoring > for obsolete directory information, has certainly proved a learning > experience. :) I can imagine you've had a few headaches over the lifetime of the project :) > Try the v3 protocol, not the v2 protocol. > > I just made > https://trac.torproject.org/projects/tor/ticket/8913 > > > (tor26 does have the no-v2 flag set which might be the issue?) > > (Hm? No it doesn't.) Indeed you are correct, I must have gotten the lines crossed while reading them somewhere and mixed it up with another of the authorities. Either way, despite my criss-cross, my hinting suspicion was correct: trying to speak v2 to v3 servers (off-hand I'm not positive which authority I was connected to when I tested/wrote that) > I think the specs do a pretty good job of explaining what is supported, > but as you say they don't specify how you should use the protocol. > > Some of that is in path-spec.txt. Indeed, I spoke too soon > But see also https://trac.torproject.org/projects/tor/ticket/7106 I will be mindful of this as I progress, it's quite evident by all of the various measurements tor takes that there is a lot of care in the behavior of the various components. . > > I have other questions about aspects of the protocol, but I will mostly > > save those until I understand the basic blocks of it better. But to > > exemplify somewhat, it does seem that the introduction of guard nodes would > > cause an inverse of desired effect; there appears to be about 1000-1100 > > guard nodes versus a several thousand relays, and about 800-900 exit nodes > > so it would seem that mitigating the attack where an attacker controlled C > > number of nodes is essentially pointless as one would only need to control > > a set number of guard and exit nodes and can more or less ignore the relays > > in between, so whereas you needed say C/N nodes previously, one would only > > need Cg/Ng (Cg controlled guards / Ng Number of guards). > > It seems you're leaving out Ce/Ne, and/or assuming that the adversary > controls/observes the destination also. Well I was more assuming that any adversary that could inject enough guard nodes would also be able to inject 'enough' exit nodes, as my understanding is that this is an actual flag they control directly. > I agree that the guard notion is counterintuitive, and also it's not > perfect, but I think it's way better than not doing it. I've not had a chance to read the links you provided, so I am still speaking from my relatively feeble comprehension, but essentially it seems like the guards more or less condense the number of entry points to the network? Whereas there are thousands of potential relays that could be used as an entry point, there is about a thousand guard nodes. So, and again I am probably not entirely comprehending something, but it seems that we've just made the requisite value for C smaller? (Again assuming that anyone who could get a large volume of relays of any kind could reasonably also control a large volume of exit nodes) > You might like http://freehaven.net/anonbib/#ccs07-doa > (though it doesn't come with analysis of the guard design, and there's > still some debate about how the guard design changes things). > You might also like Mike Perry's work on Path Bias detection. See > https://trac.torproject.org/projects/tor/ticket/5458 and also look > in the changelog for the string "Bias". Will do, thanks! > 1 guard is better than 3 guards in this respect. But both 1 and 3 are > way better than 0. While I agree with this notion, I guess what I am asking is: 'are 3 guard nodes better than X generic entry nodes for values of X that are significantly larger than 3' (pure example. obviously there is more than 3 guard nodes). As I'm understanding things, the concept was introduced to combat the problem discussed in path-spec.txt section 5 (C/N^2), but it seems like the introduction of guard nodes, because there are so much fewer of them than regular relays and because they are guaranteed to be an entry point into the network in essence just makes the value of N smaller and thus the number of C required to mount at least half of the attack smaller. More over it also removes the 'guess work' as intermediate relays between the guard and exit more or less become irrelevant? Rephrased, does converting the problem to C/N instead of C/N^2 still hold true if in the process we make the values of N and thus C significantly smaller, at what point does C/N^2 present a better probability? I'll read more, I am obviously missing something. Thanks a lot for the links and information. Jon

1 0

Questions pertaining to client to directory authority communications
by Jon Smithe 19 May '13

19 May '13

Hello! I have been reading through the various tor specifications trying to understand how this all works, so please forgive any ignorance of the protocol on my part. There seems to be a fair amount of gaps about specifically how various communications take place; for instance if we consider the very beginning of the communication chain, Directory Authorities, we have the dir-spec.txt file which outlines rather well what type of information can be retrieved from the directories, but not what communication protocol is actually being used. It appears that the usage of HTTP is fairly inherent, but this seems like it is only a partial answer as only some of the trusted authorities seem to speak HTTP on the address & port combination compiled into tor, moreover at least some of the authorities do not appear to implement the specification entirely. For instance, the trusted authority at MIT, 'morial' is listening on port 9131, however attempting to retrieve the network status document from it via a GET request to /tor/status/all.z results in no output at all. I would assume if this was a matter of needing to connect via SSL that I would receive an error due to a bad handshake, but I get nothing back. This holds true for at least one of the other trusted authorities listening on a non-HTTP related port (turtles). So for those servers, exactly what protocol is being used and is it documented anywhere other than the source code? Then, for instance, if we connect to 'tor26', which does respond to HTTP requests and attempt to retrieve a v2 network status document via the /tor/status/all.z URI, we receive a 404 although it appears the document that should exist there exists on other URIs, it's not entirely clear if this is just outdated code, specific to particular versions of the protocol (tor26 does have the no-v2 flag set which might be the issue?) or what exactly. So the question is, are there accurate specifications anywhere that focus not only on the semantics of cryptography and rationale behind certain choices but also the specifics of how exactly the protocol works or am I 'stuck' with reading the source code? I suspect that it is the later, so my question would be is there anyplace where the control flow is somewhat documented? (As the flow is somewhat disjointed at least in part to the way libevent works and other such aspects that make it difficult to parse if you're not familiar already with how everything is interconnected). I have other questions about aspects of the protocol, but I will mostly save those until I understand the basic blocks of it better. But to exemplify somewhat, it does seem that the introduction of guard nodes would cause an inverse of desired effect; there appears to be about 1000-1100 guard nodes versus a several thousand relays, and about 800-900 exit nodes so it would seem that mitigating the attack where an attacker controlled C number of nodes is essentially pointless as one would only need to control a set number of guard and exit nodes and can more or less ignore the relays in between, so whereas you needed say C/N nodes previously, one would only need Cg/Ng (Cg controlled guards / Ng Number of guards). If we then factor in that it seems possible that a guard or relay can essentially indirectly control the route a circuit takes through the network by continually causing cell extensions to fail for all relays and exit nodes that they do not control, then the value for Cg would seem to not need to be overly large or at least not approach the values of C or Cg (C/N or Cg/Ng). This seems incredibly reasonable for attackers that have state level resources (What is 1,000 computers to China? Iran? ...the United States?) and because the algorithm for selecting guards appears to be based entirely on stability and bandwidth; metrics we can expect a government to have plenty of on hand. I understand that rotation is supposed to ease this somewhat, but at least according to the academic paper out of Waterloo that Roger co-authored, it would appear that this actually facilitates the compromise of more clients than eases the problem, with the most secure (in the lab) situation being a single guard. (I understand that in practice this will not be realistic as it creates a bottle-neck in a variety of ways, e.g. firewalls and DDoS). I suspect many of the questions I have will be answered as I better familiarize myself with the protocol, so of the few I've enumerated, they can be thought of exemplifications that I expect will hash themselves out as I progress through the source and specifications. Thanks a lot! Jon

3 2

Your server has not managed to confirm that its ORPort is reachable
by Christian Kujau 19 May '13

19 May '13

Hi, I had to reboot my bridge for a (Ubuntu) kernel upgrade but now it cannot confirm that the ORPort is accessible: May 17 20:20:36.000 [notice] Tor 0.2.4.12-alpha (git-a1bb0df9be95ce7a) opening log file. May 17 20:20:36.000 [notice] Not disabling debugger attaching for unprivileged users. May 17 20:20:36.000 [notice] Your Tor server's identity key fingerprint is '...' May 17 20:20:36.000 [notice] Configured hibernation. This interval began at 2013-05-13 10:00:00; the scheduled wake-up time was 2013-05-13 10:00:00; we expect to exhaust our quota for this interval around 2013-05-20 10:00:00; the next interval begins at 2013-05-20 10:00:00 (all times local) May 17 20:20:36.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. May 17 20:20:37.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. May 17 20:20:37.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. May 17 20:20:40.000 [notice] We now have enough directory information to build circuits. May 17 20:20:40.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 17 20:20:41.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. May 17 20:20:41.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 17 20:20:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:30001' May 17 20:20:42.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:20001' May 17 20:20:43.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 17 20:20:43.000 [notice] Bootstrapped 100%: Done. May 17 20:20:43.000 [notice] Guessed our IP address as ... (source: ...). May 17 20:40:43.000 [warn] Your server (...:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I have not changed my tor configuration (honest! :-)) and Tor 0.2.4.12-alpha (from deb.torproject.org) was running fine before. This particular bridge is running inside an Amazon EC2 instance and I can reach port 9001 from the outside: $ nc -w1 -vnz xx.18.xx.xxx 9001 Connection to xx.18.xx.xxx 9001 port [tcp/*] succeeded! And I can see that request on the bridge when tcpdump'ing :9001, so it's not a network issue. I'm not sure what "/etc/hosts" should have to do with it, but I haven't modified this either. I'm strace'ing the tor process now to see what it's doing but couldn't find anything suspicious so far. Any thoughts? Christian. -- BOFH excuse #139: UBNC (user brain not connected)

2 3

Tor Browser source tarball not available
by Jamie Nguyen 15 May '13

15 May '13

Hi, the source at this link is missing: https://www.torproject.org/dist/torbrowser/tor-browser-2.3.25-8-src.tar.gz I'd be very grateful if someone could upload it please. Kind regards, -- Jamie Nguyen

1 0

Status of Torouter project
by Griffin Boyce 14 May '13

14 May '13

Hello all, So I'm part of a team working on wireless mesh, and Torouter has come up a few times this week. Is it actively being developed? Given the state of the roadmap [1], I'd sort of assumed it was inactive or on hiatus, but others had heard differently. thanks, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: saint(a)jabber.ccc.de

4 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev