[tor-bugs] #30599 [Applications/Tor Browser]: Cloudflare alt-svc onions cause a different exit to be used at each request

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 4 12:23:21 UTC 2019 

#30599: Cloudflare alt-svc onions cause a different exit to be used at each request
--------------------------------------+--------------------------------
 Reporter:  cypherpunks2              |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #30024                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27-must
--------------------------------------+--------------------------------

Comment (by gk):

 I looked at this over the weekend and I think that's mostly an UI bug so
 far (see: comment:13:ticket:27590 for a similar observation). Once you
 load some thread, say, on `zerobin.net` what happens is that the Alt-Svc
 response header is processed and the mapping is created. A crucial part of
 that is validating it (see: AltSvcCache::UpdateAltServiceMapping) which
 means in the ​https:// case just establishing a connection to the alt-svc
 host. And the circuit display gets in turn updated with the client side
 rend circuit caused by that validation request. There is no actual content
 sent back and forth here as it takes the non-alt-svc route.

 Then when you post a comment what happens is that the validated host is
 used for fetching the busy.gif file and posting the actual content:
 {{{
 2019-06-04 11:15:39.316750 UTC - [10627:Main Thread]: D/nsHttp
 AltSvcCache::GetAltServiceMapping 0x7f009435c038
 key=https:zerobin.net:443:P:^privateBrowsingId=1&firstPartyDomain=zerobin.net
 existing=0x7f006be2c580 validated=1 ttl=86377
 2019-06-04 11:15:39.316760 UTC - [10627:Main Thread]: D/nsHttp
 nsHttpChannel 0x7f006b320000 Alt Service Mapping Found
 https://cflarenuttlfuyn7imozr4atzvfbiw3ezgbdjdldmdx7srterayaozid.onion:443
 [https:zerobin.net:443:P:^privateBrowsingId=1&firstPartyDomain=zerobin.net]
 2019-06-04 11:15:39.316827 UTC - [10627:Main Thread]: D/nsHttp
 nsHttpChannel 0x7f006b320000 Using connection info from altsvc mapping
 }}}
 But now you get another set of those .onions as hosts in response headers.
 If they are not seen before the first (while validation is ongoing
 validation of other alt-svc hosts in headers seems to be skipped) gets
 validated again, causing another set of HS related circuits created and
 thus the circuit display is updated again. And so on with further posts.

 It does not seem unreasonable to me to think about not updating the
 circuit display for validation requests as no part of the website got
 loaded over them. However, one could argue that showing everything
 *related* to the website load in the display is a thing we should do. We
 do it for other websites as well if there are requests caused but no
 content changes are done.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30599#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list