[tor-bugs] #8864 [Tor]: Hidden service: Suddenly the service does not respond to new connections (INTRODUCE2 cell on intro circ with no corresponding rend_intro_point_t)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 15 17:37:20 UTC 2014
#8864: Hidden service: Suddenly the service does not respond to new connections
(INTRODUCE2 cell on intro circ with no corresponding rend_intro_point_t)
------------------------+---------------------------------------------
Reporter: reiam | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.3.25
Resolution: | Keywords: tor-hs 023-backport 025-triaged
Actual Points: | Parent ID:
Points: |
------------------------+---------------------------------------------
Comment (by dgoulet):
Replying to [comment:19 asn]:
> Replying to [comment:7 rransom]:
> > The `if (!node || !intro_circ) {` block in `rend_services_introduce`
should be an `if (!intro_circ) {` block only. If `node` is `NULL` and
`intro_circ` is not, the client probably wants to (emit a log message and)
close `intro_circ`.
>
> Hm, that might be a good idea. IIUC, in the case where the IP is not in
the consensus anymore, the problem is that even though the
`rend_intro_point_t` gets freed, the `intro_circ` stays up and can be used
by clients. So a client with an old consensus will use that node and send
an `INTRODUCE2` cell down the circuit that will trigger this warning.
>
> This seeeeeems plausible. However, I'm not sure if it's what causes the
problem in `20130515115701.rar`. The weird thing there is that the log
message appears only a few seconds after the IPs get picked.
Hrm, seems there is actually almost 3 minutes before seeing the first
error message for this bad circuit 58471.
{{{
May 15 11:53:07.000 [info] rend_service_intro_has_opened(): Established
circuit 58471 as introduction point for service <servicename>
May 15 11:53:07.000 [info] rend_service_intro_established(): Received
INTRO_ESTABLISHED cell on circuit 58471 for service <servicename>
May 15 11:56:36.000 [info] rend_service_introduce(): Received INTRODUCE2
cell for service "<servicename>" on circ 58471.
May 15 11:56:36.000 [warn] rend_service_introduce(): Bug: Internal error:
Got an INTRODUCE2 cell on an intro circ (for service "<servicename>") with
no corresponding rend_intro_point_t.
}}}
Fun fact, same goes for the other bad circuit (33837), almost 3 minutes
also:
{{{
May 15 11:53:06.000 [info] rend_service_intro_has_opened(): Established
circuit 33837 as introduction point for service <servicename>
May 15 11:53:07.000 [info] rend_service_intro_established(): Received
INTRO_ESTABLISHED cell on circuit 33837 for service <servicename>
May 15 11:56:30.000 [info] rend_service_introduce(): Received INTRODUCE2
cell for service "<servicename>" on circ 33837.
May 15 11:56:30.000 [warn] rend_service_introduce(): Bug: Internal error:
Got an INTRODUCE2 cell on an intro circ (for service "<servicename>") with
no corresponding rend_intro_point_t.
}}}
Where the good valid circuit (33835) sees the first cell ~30 seconds
later:
{{{
May 15 11:53:06.000 [info] rend_service_intro_has_opened(): Established
circuit 33835 as introduction point for service <servicename>
May 15 11:53:07.000 [info] rend_service_intro_established(): Received
INTRO_ESTABLISHED cell on circuit 33835 for service <servicename>
May 15 11:53:42.000 [info] rend_service_introduce(): Received INTRODUCE2
cell for service "<servicename>" on circ 33835.
}}}
So a ~3 minutes delay, it might be possible that the intro point node was
removed from the consensus. I also think that {{{if (!node || !intro_circ)
{}}} is wrong here. The node might have disapeared from the list but the
intro circuit could still be "valid" thus it should be marked as closed if
the node is NULL.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8864#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list