[tor-bugs] #28458 [Core Tor/sbws]: Stop resolving domains locally and stop using non-exits as 2nd hop

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 15 12:26:26 UTC 2018 

#28458: Stop resolving domains locally and stop using non-exits as 2nd hop
---------------------------+------------------------------
 Reporter:  juga           |          Owner:  juga
     Type:  defect         |         Status:  needs_review
 Priority:  Medium         |      Milestone:
Component:  Core Tor/sbws  |        Version:  sbws: 1.0.0
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------

Comment (by pastly):

 > sbws is trying to resolve the domain locally, which fails in many cases.

 Really? That seems like a problem. Is the system's resolver having issues?
 Should sbws cache good results it gets back?


 >  Even if it does not fail, the IP obtained won't be the same IP to which
 the exit will make the HTTP request.

 This **could** be the case, but isn't necessarily the case. For simple
 destinations (simple like a single webserver as opposed to complex like a
 CDN) it's most likely **not** the case that the IPs will be different.


 > When the domain resolution is failing, sbws try to choose other relay
 that does not have the exit flag. If it is not an exit, it will fail to
 make an HTTP request.

 If DNS fails [https://github.com/torproject/sbws/pull/288/files#diff-
 3b84dbf9a215f274316faeccffc94f21L180 line 180] then we go to the `else`
 block on line 186 where the "second hop" we pick there is an exit.

 So if we are trying to measure an exit and DNS fails, we treat the exit as
 a non-exit and find an exit to help measure it. This may not be ideal, but
 it works.

 I don't see what you see: I don't see where sbws chooses a non-exit and
 then tries to use it as the last hop in a circuit.

 Right now I don't like these changes and don't agree with merging them. I
 will also leave comments on the PR, but acknowledging/fixing just them
 does not mean I think the code is ready to be merged.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28458#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list