[tor-bugs] #6799 [Tor]: Don't expire unused relay-to-relay TLS conns so quickly
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 15 09:33:40 UTC 2014
#6799: Don't expire unused relay-to-relay TLS conns so quickly
-------------------------+-------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay anonymity-attack
Actual Points: | 025-triaged 024-backport andrea-review-0255
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by arma):
Looks plausible to me too. I've never fully grokked our is_canonical stuff
(for example, how often in practice do we end up with two conns, each of
which has one side thinking it's canonical?), but it looks like we're
setting it as intended here.
To be clear, if one side runs the new code and one side runs the old code,
then the old-code side will still close the connections at the earlier
schedule?
And even if both sides are upgraded, then it isn't actually uniformly
distributed between 15 and 22.5 minutes, since it will close first for
whichever side chose the lower number? (This is fine, I just want to make
sure I'm understanding it.)
I'd feel more comfortable here if somebody bumped up the severity of the
{{{
log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
}}}
line and then ran a network for a while in chutney, to confirm that things
act roughly as we expect them to. But failing that, hey, what could go
wrong.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6799#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list