[tor-bugs] #23603 [Core Tor/Tor]: hs: Cleanup race between circuit close and free with the HS circuitmap

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 2 18:34:02 UTC 2017


#23603: hs: Cleanup race between circuit close and free with the HS circuitmap
--------------------------+------------------------------------
 Reporter:  dgoulet       |          Owner:  dgoulet
     Type:  defect        |         Status:  needs_revision
 Priority:  High          |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by dgoulet):

 Indeed. The `circuit_retries` is really about "How many time have used
 this IP to build a circuit" regardless of success or fail. Even if the
 circuit was taken down 5 min later, we still count that as a "try".

 Apart from all the numerous issues with this behavior, one of the bug here
 is that we reach 3 try which is not above the limit of 4, so we open a new
 circuit and `circuit_retries == 4` which makes us clean it up the second
 after because we've reached our max...

 We should:

 1. Allow the circuit creation up to 3 tries.
 2. Deny circuit creation at > 3 and clean it up at > 3.

 Kind of tricky here, so I think the easiest way to do that is that if
 circuit_retries is 3 and we want to launch, ++ it and deny the launch.

 OR we only cleanup the intro point if it doesn't have a circuit
 established and the counter has reached the max? (Which is what v2 does,
 cleanups only if it realizes that the retry has reached the max and the
 last circuit is gone thus a retry is soon about to be launched).

 If you have a more elegant solution, I'm all ears?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23603#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list