[tor-bugs] #17592 [Tor]: Clean up connection timeout logic

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 12 22:02:23 UTC 2015


#17592: Clean up connection timeout logic
---------------------------+--------------------------------
     Reporter:  mikeperry  |      Owner:  mikeperry
         Type:  defect     |     Status:  new
     Priority:  Medium     |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor        |    Version:
     Severity:  Normal     |   Keywords:
Actual Points:             |  Parent ID:  #16861
       Points:             |    Sponsor:
---------------------------+--------------------------------
 In #6799, it was decided to keep TLS connections open for a random amount
 of time after they are idle, to defend against an attack that used
 internal Tor network connectivity information to determine Guard nodes
 (Slides:
 https://www.cryptolux.org/images/8/85/ESORICS-2012-Presentation-2.pdf
 Paper: https://eprint.iacr.org/2012/432.pdf).

 Unfortunately, this logic (in connection_or_set_canonical()) is kind of a
 mess. Relays and clients are treated the same, and client connections are
 also kept alive for an additional hour by predictive circuit building even
 when otherwise idle, where as relays are not.

 If we treat relays and clients separately for this timeout, we could
 reduce total client keep-alive time significantly (down to 30 minutes or
 so), and significantly increase relay connection lifetime. This should
 result in reduced total connection counts on relays, with better defenses
 against Torscan.

 This is also needed in order to put reasonable bounds on padding overhead
 in #16861 for mobile clients. Furthermore, aside from the wieners running
 middle relays behind junky home routers who will whine about connection
 overflow, having a more well-connected Tor network is a good idea for many
 reasons (not just Torscan).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17592>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list