[tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 1 04:46:11 UTC 2018
#25870: Fix vanguard restrictions
--------------------------+------------------------------------
Reporter: mikeperry | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #25546 | Points:
Reviewer: asn | Sponsor:
--------------------------+------------------------------------
Comment (by mikeperry):
Replying to [comment:12 asn]:
> Replying to [comment:11 mikeperry]:
> > Ok I edited the commit message to clarify that A - B - A is for sub-
paths. I also added a commit for Property 6. Otherwise asn's commits are
taken as-is.
> >
> > https://oniongit.eu/mikeperry/tor/commits/bug25870_v2
> >
> > Leaving as needs_review for asn to have a look at the last commit on
that branch, which does the refactoring he asked for on IRC, and gives us
"strong" property 6.
>
> Sounds good. Please check my branch `bug25870_rebase` which tidies up
the _v2
> branch a bit by squashing a few commits and giving a more logical flow.
Feel
> free to not use if you don't like it. Check the diff between
`bug25870_rebase`
> and `bug25870_v2` to see that the diff is just comments.
If you like this better I'm fine with it. I pushed a version to
mikeperry/bug25870_rebase that resets the author on the commits that lost
it during your rebase.
> BTW, should we use `DEFAULT_ROUTE_LEN+1` in the latest commit? What
happens in
> the case of even longer RP/IP/HSDir circuits that could occur because of
> cannibalization? e.g. I remember that Tor clients extend failed IP
circuits by
> one hop to connect to the next IP, this means that those circuits can
end up
> being more than 5 hops.
I think the current code is what we want. It checks cur_len, which is not
the desired length, but the current position in the circuit construction.
So when we cannibalize a circuit to add another hop, it will be cur_len =
5/6/more. The guard node will already have been allowed in the 4th
position (and in the IP/RP). We could consider adding cases to allow those
additional positions to also be the guard... I am not sure if that
matters/is worth it though?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25870#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list