[tor-dev] Hidden Services and IP address changes

Nathan Freitas nathan at freitas.net
Thu May 21 13:04:21 UTC 2015

On Thu, May 21, 2015, at 07:16 AM, Martin Florian wrote:
> I think I've found one or more bugs that appear when Tor clients
> hosting HSes change their IP address during operation. I'm slightly
> overwhelmed from reading the Tor source code and not sure how to best
> fix them.

Thanks for bringing this up. I know Michael from Briar has definitely
focused on solving this at some point, and Yaron from the Thali Project
(who build this library:
https://github.com/thaliproject/Tor_Onion_Proxy_Library), as well. I've
been implementing an OnionShare-type app myself, and had hoped this was
solved by some recent changes, but it seems not, from your experience.

> The central issue that I discovered can be reproduced like this
> (assuming Tor clients A, B and C):
> 1. (Setup) A hosts the HS X and A, B and C are all booted up.
> 2. B connects to X - it works!
> 3. A changes its IP address.
> 4. B tries to talk to X again - doesn't work!
> 5. C tries to talk to X (for the first time) - works like a charm (so
> X IS working)
> I digged through the Tor log and source code and have now arrived at
> following hypothesis for why this particular error happens:
> - - after A changes its IP addresses, it never establishes a circuit to
> the old RP with B again.
> - - B, on the other hand, keeps trying to talk with A through that RP,
> saying that it is an "Active rendezvous point". B never stops trying
> to use that RP.

I wonder if B also was running a hidden service, if it would be possible
at the application level for A to tell B that it has changed IP
addresses, and then through some interaction with the Tor Control Port,
to fresh the RP?

> So, they appear to be two sides to this:
> a) A not notifying B or the RP about its IP address change.
> b) B not considering the possibility that the RP might not be active
> anymore.
> b) seems easier to fix. Some logic needs to be included for forgetting
> about RPs that have failed once. I identified
> connection_ap_expire_beginning() as one potential place to do this. Am
> I on the right track? Is this a good idea? And how do I forget about
> RPs? These are some of the questions I'm struggling with...
> I should also probably open a bug report, but I thought I might first
> ask for some advice here.

I think there is a bug report somewhere, but I am not sure the exact
number or state of it.

> PS: Why this is important: HSes/Onion services running on mobile
> devices will very often have to deal with IP address changes. I'm
> thinking about applications like Briar or our own hacky attempts to
> enable generic P2P application development on top of Tor hidden
> services (https://github.com/kit-tm/PTP).

Definitely an important topic.


More information about the tor-dev mailing list