[tor-bugs] #18483 [Core Tor/Tor]: Clients should always tunnel connections, and never fall back to a DirPort

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 4 01:19:29 UTC 2016 

#18483: Clients should always tunnel connections, and never fall back to a DirPort
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  enhancement                          |         Status:
 Priority:  Medium                               |  needs_review
Component:  Core Tor/Tor                         |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  must-fix-before-028-rc,              |        Version:
  CoreTorTeam201605                              |     Resolution:
Parent ID:  #18809                               |  Actual Points:  2 hours
 Reviewer:                                       |         Points:  small
                                                 |        Sponsor:  None
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:  must-fix-before-028-rc, CoreTorTeam201605, TorCoreTeam201605
     => must-fix-before-028-rc, CoreTorTeam201605


Comment:

 I split #18483, #18921, and #18929 into three separate branches for 0.2.8,
 and a branch for 0.2.9.
 Please see feature18483-028 on https://github.com/teor2345/tor.git for
 this issue.
 feature18483-028 depends on bug18921 and bug18929-v2. It needs to be
 merged to 0.2.8.
 I split off a branch which contains cosmetic changes only into #18962.

 Replying to
 [https://trac.torproject.org/projects/tor/ticket/18921#comment:9 nickm
 from #18921]:
 > Initial Questions:
 >   * e726459eaf57ffe98c36730af58287229c9531d6: Are we really really sure
 that every possible case of the big complicated function
 directory_fetches_from_authorities() should be replaced with
 !directory_must_use_begindir() ?

 Calling this NM1.

 e726459eaf57ffe98c36730af58287229c9531d6 is Make clients always use
 begindir for directory requests.
 After the split, it is 0de9faa402bebc98a58c9f65149e72e598926184 in
 feature18483-028. The code is unchanged from the original commit.

 This function determines whether one-hop connections use a DirPort or
 begindir over ORPort.

 Previously, our logic was "if connecting to an authority, don't use
 begindir".
 (Perhaps this was to reduce load? If so, the fallback directories feature
 should reduce load on the authorities, more than enough to compensate for
 the increased load from begindir. Also, some relays will not use begindir
 now, when they used to before.)

 Now, our logic is, "if you are a client, or hidden service, or bridge, use
 begindir".

 Here are the cases from directory_fetches_from_authorities, and how they
 change:
 * FetchDirInfoEarly
   * changes clients to use begindir
   * previously, anything with FetchDirInfoEarly 1 used DirPort, which is
 bad for clients
   * now, clients with FetchDirInfoEarly will use begindir, which is what
 we want
   * now, relays with FetchDirInfoEarly will use DirPort, which is also
 what we want
 * BridgeRelay
   * stays the same
   * unchanged, bridge relays will continue to use begindir
 * server_mode() and don't know our address
   * stays the same
   * previously, relays without an IP address used DirPort to get an IP
 address
   * now, all relays will use DirPort (including relays without an IP
 address)
 * !dir_server_mode(options) && !refuseunknown
   * changes some relays to use DirPort
   * previously, non-directory non-exits used to use begindir
   * now, all relays will use DirPort (including non-directory non-exit
 relays)
   * now, all clients will use begindir
 * !server_mode(options) || !advertised_server_mode()
   * changes some relays to use DirPort
   * previously, non-servers or non-advertised servers used to use begindir
   * now, all public servers will use DirPort
   * now, all clients and bridges will use begindir
 * !router_get_my_routerinfo || (!supports_tunnelled_dir_requests &&
 !refuseunknown)
   * changes some relays to use DirPort
   * previously, tors without descriptors (clients), and non-directory non-
 exits used to use begindir
   * now, all relays will use DirPort (including non-directory non-exit
 relays)
   * now, all clients will use begindir
 * default
   * stays the same
   * previously, directories and exits used to use DirPort
   * now, all relays will use DirPort (including directories and exits)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18483#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list