[tor-dev] DEFAULT_ROUTE_LEN [was: Silly (or not so silly) question]

grarpamp grarpamp at gmail.com
Thu Jul 24 20:48:21 UTC 2014

On Wed, Jul 23, 2014 at 6:34 PM, Roger Dingledine <arma at mit.edu> wrote:
> On Wed, Jul 23, 2014 at 11:24:47PM +0100, Noel David Torres Taño wrote:
>> What would happen if a Tor node changes behaviour and uses four or five
>> relay steps instead of three?

At around DEFAULT_ROUTE_LEN 8 or above I get a lot of these, with
EXTEND being shown in various command locations, and no connectivity
to hidden services. Lower values or 4 or 5 probably work just fine but I
didn't bother testing more than a couple clearnet and onion circuits
since it's not yet a controller/config tunable and thus takes
edit/compile/run time. So even my test of 9 > 5 > 7 > 8 take with salt.
Don't know if this likely represent a bug to test more, or just timeouts...
the circuits that did work setup in times not feeling much more than
time/3*LEN. I'd suggest an undocumented tunable and unit test if
it's worth research/statistic/function_checking purpose.

relay_send_command_from_edge_(): Bug: Uh-oh.  We're sending a
RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on
that circuit. Commands sent before:

>> Would it enhance Tor's security?
> I assume you mean a Tor client?
> https://www.torproject.org/docs/faq#ChoosePathLength
>> Is it possible to relay Tor through a Tor connection? I mean using Tor
>> with its three steps to reach a Tor entry node to get three extra steps.
> Yes, it is possible. But it is currently considered a flaw, because it
> can be used to work around the 'infinite path length' defenses.
> http://freehaven.net/anonbib/#congestion-longpaths
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-infinite-circuits.txt
> https://trac.torproject.org/projects/tor/ticket/2667
>> Would that difficult correlation attacks?
> Defending against correlation attacks is an open research, so "maybe".
> But it's not clear how it would, since an adversary who can see or
> measure your first hop (on the first circuit) and also your last hop
> (on the last circuit) would still be in the right place to do the attack.

More information about the tor-dev mailing list