DEFAULT_ROUTE_LEN [was: Silly (or not so silly) question]
On Wed, Jul 23, 2014 at 6:34 PM, Roger Dingledine <arma@mit.edu> wrote:
On Wed, Jul 23, 2014 at 11:24:47PM +0100, Noel David Torres Taño wrote:
What would happen if a Tor node changes behaviour and uses four or five relay steps instead of three?
At around DEFAULT_ROUTE_LEN 8 or above I get a lot of these, with EXTEND being shown in various command locations, and no connectivity to hidden services. Lower values or 4 or 5 probably work just fine but I didn't bother testing more than a couple clearnet and onion circuits since it's not yet a controller/config tunable and thus takes edit/compile/run time. So even my test of 9 > 5 > 7 > 8 take with salt. Don't know if this likely represent a bug to test more, or just timeouts... the circuits that did work setup in times not feeling much more than time/3*LEN. I'd suggest an undocumented tunable and unit test if it's worth research/statistic/function_checking purpose. relay_send_command_from_edge_(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: (unrecognized),(unrecognized),(unrecognized),(unrecognized),EXTEND,EXTEND,(unrecognized)
Would it enhance Tor's security?
I assume you mean a Tor client?
https://www.torproject.org/docs/faq#ChoosePathLength
Is it possible to relay Tor through a Tor connection? I mean using Tor with its three steps to reach a Tor entry node to get three extra steps.
Yes, it is possible. But it is currently considered a flaw, because it can be used to work around the 'infinite path length' defenses. http://freehaven.net/anonbib/#congestion-longpaths https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-inf... https://trac.torproject.org/projects/tor/ticket/2667
Would that difficult correlation attacks?
Defending against correlation attacks is an open research, so "maybe". But it's not clear how it would, since an adversary who can see or measure your first hop (on the first circuit) and also your last hop (on the last circuit) would still be in the right place to do the attack.
On Thu, 24 Jul 2014 16:48:21 -0400 grarpamp <grarpamp@gmail.com> wrote:
On Wed, Jul 23, 2014 at 6:34 PM, Roger Dingledine <arma@mit.edu> wrote:
On Wed, Jul 23, 2014 at 11:24:47PM +0100, Noel David Torres Taño wrote:
What would happen if a Tor node changes behaviour and uses four or five relay steps instead of three?
At around DEFAULT_ROUTE_LEN 8 or above I get a lot of these, with EXTEND being shown in various command locations, and no connectivity to hidden services. Lower values or 4 or 5 probably work just fine but I didn't bother testing more than a couple clearnet and onion circuits since it's not yet a controller/config tunable and thus takes edit/compile/run time. So even my test of 9 > 5 > 7 > 8 take with salt. Don't know if this likely represent a bug to test more, or just timeouts... the circuits that did work setup in times not feeling much more than time/3*LEN. I'd suggest an undocumented tunable and unit test if it's worth research/statistic/function_checking purpose.
relay_send_command_from_edge_(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: (unrecognized),(unrecognized),(unrecognized),(unrecognized),EXTEND,EXTEND,(unrecognized)
This is working exactly as specified, and despite the error message, is not a Bug. The number of hops each circuit can extend to is limited by the number of RELAY_EARLY cells allowed per circuit (8), as EXTENDs that are not contained in RELAY_EARLY are dropped. Roger linked prop 110, but this is also documented in the tor-spec (section 5.6). Regards, -- Yawning Angel
participants (2)
-
grarpamp -
Yawning Angel