[tor-bugs] #13837 [Core Tor/Tor]: Mitigate guard discovery by pinning middle node

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 3 21:34:16 UTC 2017 

#13837: Mitigate guard discovery by pinning middle node
------------------------------------------------+--------------------------
 Reporter:  asn                                 |          Owner:
                                                |  mikeperry
     Type:  defect                              |         Status:  assigned
 Priority:  Medium                              |      Milestone:  Tor:
                                                |  unspecified
Component:  Core Tor/Tor                        |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tor-hs, tor-guard, guard-discovery  |  Actual Points:
Parent ID:  #9001                               |         Points:
 Reviewer:                                      |        Sponsor:
                                                |  SponsorV-can
------------------------------------------------+--------------------------

Comment (by mikeperry):

 Replying to [comment:12 asn]:
 > Replying to [comment:11 mikeperry]:
 > > Just FYI - I updated asn's branch to current origin/master and renamed
 the option to HSLayer2Guards. It also now applies to all HS circuit
 purpose types (not just rends).
 > >
 > > New branch location is mikeperry/prop247_torrc-rebased.
 > >
 > > Adding HSLayer3Guards next. After that, we can play with stem +
 onionperf.
 >
 > Sounds good. Took a look at the code and looks reasonable. WRT to:
 >
 > {{{
 >  * XXX: Hrmm.. HSDIR fetches might be CIRCUIT_PURPOSE_C_GENRAL.. How do
 >  * we differentiate those?
 > }}}
 > perhaps you can check for the `rend_data` field on the
 `origin_circuit_t` if you have access to that.

 I don't yet. What I did instead was to set a special purpose for HSDIR
 fetches. Was tricky, but seems to work. I pushed a couple of commits for
 this and am now testing it with stem.

 Also, I noticed that because this patch disables cannibalization, it makes
 building predicted circuits for hidden services pointless. We also need to
 alter circuit_predict_and_launch_new() to build the correct purpose
 breakdown for the HS purposes we need for prediction to do anything for us
 here... This might impact performance of the prototype. Bleh.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13837#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list