Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  nickm-merge, asn-merge, tor-dos, |  Actual Points:  0.4
  tor2web, tor-hs, network-team-roadmap-july |
Parent ID:  #24962   | Points:  0.1
 Reviewer:  teor |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  nickm-merge, asn-merge, tor-dos, |  Actual Points:  0.4
  tor2web, tor-hs, network-team-roadmap-july |
Parent ID:  #24962   | Points:  0.1
 Reviewer:  teor |Sponsor:
 |  Sponsor27-must
-+-
Changes (by teor):

 * keywords:  tor-dos, tor2web, tor-hs, network-team-roadmap-july =>
 nickm-merge, asn-merge, tor-dos, tor2web, tor-hs, network-team-
 roadmap-july
 * status:  needs_review => merge_ready


Comment:

 Looks good to me!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-dos, tor2web, tor-hs, network-   |  Actual Points:  0.4
  team-roadmap-july  |
Parent ID:  #24962   | Points:  0.1
 Reviewer:  teor |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * reviewer:  asn => teor


Comment:

 I'm officially passing this over to teor as discussed in net team meeting.
 Tim please feel free to pass me any of your review tickets. Cheers.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-dos, tor2web, tor-hs, network-   |  Actual Points:  0.4
  team-roadmap-july  |
Parent ID:  #24962   | Points:  0.1
 Reviewer:  asn  |Sponsor:
 |  Sponsor27-must
-+-
Changes (by gaba):

 * keywords:  tor-dos, tor2web, tor-hs => tor-dos, tor2web, tor-hs, network-
 team-roadmap-july


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by teor):

 Replying to [comment:19 asn]:
 > I added some comment to the PR but I feel like I don't know enough about
 the conn/circuit subsystem to be able to review this effectively, given
 its reachability conseuqences in case of bug. Perhaps I can pass this to
 someone else (like Nick or Tim) next week?

 I can do the review. I wrote the code that this function is based on.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by teor):

 Replying to [comment:18 dgoulet]:
 > Replying to [comment:17 teor]:
 > > Do we need to check for "marked for close" on the circuit or channel
 as well?
 >
 > I'm not entirely sure actually... If the circuit or channel is closed,
 the descriptor will never be sent back. But if the edge connection is
 closed, then we sorta need to also deny the request even though it is not
 really suppose to happen...
 >
 > Thoughts?

 Let's do the closed and mark for closed checks, but BUG() if they ever
 happen?
 Then we can switch the ones that do happen to info logs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by asn):

 I added some comment to the PR but I feel like I don't know enough about
 the conn/circuit subsystem to be able to review this effectively, given
 its reachability conseuqences in case of bug. Perhaps I can pass this to
 someone else (like Nick or Tim) next week?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by dgoulet):

 Replying to [comment:17 teor]:
 > Do we need to check for "marked for close" on the circuit or channel as
 well?

 I'm not entirely sure actually... If the circuit or channel is closed, the
 descriptor will never be sent back. But if the edge connection is closed,
 then we sorta need to also deny the request even though it is not really
 suppose to happen...

 Thoughts?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by teor):

 Do we need to check for "marked for close" on the circuit or channel as
 well?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.4
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+
Changes (by dgoulet):

 * status:  needs_revision => needs_review
 * actualpoints:  0.1 => 0.4


Comment:

 Thanks teor!

 I've almost redid the entire branch so I just rebased-squashed to latest
 master and force push the PR. It needs the review to start from the
 beginning. Unit tests and chutney tests pass.

 Branch: `ticket24964_042_01`
 PR: ​https://github.com/torproject/tor/pull/1122

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by teor):

 Replying to [comment:14 dgoulet]:
 > Ok turns out that a unit test needed more love to pass the "connection
 is anonymous" test added by this branch.
 >
 > HOWEVER, it highlighted a problem with the approach.
 >
 > The `linked_conn` onto a directory connection is always of type EXIT.
 I'm going back to the point where I do not know how to get the
 or_connection_t that the dir_connection_t is coming from...

 BEGINDIR connections are dir connections, linked to an exit stream, which
 is on an OR circuit, which is on an OR connection.

 So you have to walk a few more links:
 * dir connection to edge connection via linked_conn
 * edge connection to OR circuit via on_circuit
 * OR circuit to OR connection via p_chan

 Here's some code I wrote a little while ago, that walks the links with all
 the appropriate checks:
 https://github.com/teor2345/tor-
 old/commit/10290066c8ee6b4aa40ec048222fdd4f572ef8d9#diff-
 c56fd972333216da3bb1852bcc89f57dR1587

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by dgoulet):

 Ok turns out that a unit test needed more love to pass the "connection is
 anonymous" test added by this branch.

 HOWEVER, it highlighted a problem with the approach.

 The `linked_conn` onto a directory connection is always of type EXIT. I'm
 going back to the point where I do not know how to get the or_connection_t
 that the dir_connection_t is coming from...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+

Comment (by teor):

 Replying to [comment:12 asn]:
 > Code looks good to me, and this is not something that I consider
 unittestable, but I'd really appreciate good real-life testing. Have we
 tested this in the real network or chutney? It would be great to verify
 that descriptor uploads/downloads work just fine with client/HS/single-HS.

 We can use "make test-network-all", or merge this branch with #29280, and
 Travis will run chutney to check client, HS, and single onion services.
 We should also check the tor logs in chutney, because sometimes bugs show
 up there was warnings.

 > Also travis seems broken.

 And Appveyor didn't even run.
 I closed and re-opened the pull request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:  asn   |Sponsor:  Sponsor27-must
--+
Changes (by asn):

 * status:  needs_review => needs_revision


Comment:

 Code looks good to me, and this is not something that I consider
 unittestable, but I'd really appreciate good real-life testing. Have we
 tested this in the real network or chutney? It would be great to verify
 that descriptor uploads/downloads work just fine with client/HS/single-HS.

 Marking as needs_revision while waiting for reply.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+
Changes (by dgoulet):

 * status:  needs_revision => needs_review


Comment:

 After discussion with teor on IRC, it appears the patch are good.

 Reason is that a single onion service will always 3-hop to the HSDir. Thus
 anything not authenticating on the directory connection channel means it
 is not a public relay.

 The goal of this is also to not allow C -> Bridge -> HSDir.

 > Maybe I missed it, but, is there something specific we're aiming to fix
 with this patch? Or is this just completeness from the earlier "stop
 allowing single-hop anything" changes?

 To answer your question Roger, completeness yes. Point is to close down
 any access to HS component in a single hop fashion to both remove load on
 the network but also stop very early any single hop clients instead of
 stopping them at the rendezvous point only.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by dgoulet):

 Replying to [comment:7 arma]:
 > Replying to [comment:6 teor]:
 > > We could check that the previous hop is a relay in the consensus.
 > > If we do that check. then a small number of HSDir requests will fail,
 and the client will try another HSDir with another circuit.
 >
 > Careful there! That might be true for client requests (doing a GET), but
 it will be less true for service requests (doing a POST).

 This checks if the previous channel is client or not. That is
 unauthenticated. If the link is unauthenticated, then it is denied.

 The case of a service posting a descriptor will always work as long as the
 service does it through relays in consensus or not. If I'm not mistaken
 (?), all public relays will authenticate.

 The case of the client trying to go around that check with a relay not in
 the consensus I believe will still authenticate on the link? Unless it is
 a bridge?

 What am I missing here?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by arma):

 Maybe I missed it, but, is there something specific we're aiming to fix
 with this patch? Or is this just completeness from the earlier "stop
 allowing single-hop anything" changes?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by arma):

 Replying to [comment:6 teor]:
 > We could check that the previous hop is a relay in the consensus.
 > If we do that check. then a small number of HSDir requests will fail,
 and the client will try another HSDir with another circuit.

 Careful there! That might be true for client requests (doing a GET), but
 it will be less true for service requests (doing a POST).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 This code will allow HSDir connections from relays that are not in the
 consensus.
 So an attacker could configure their client/onion service as an
 unpublished relay to pass this check.
 (I'm not sure if tor2web mode supports a relay on the same instance, but I
 think it probably does.)
 Do we want to allow this workaround?

 We could check that the previous hop is a relay in the consensus.
 If we do that check. then a small number of HSDir requests will fail, and
 the client will try another HSDir with another circuit.
 Do we want to pay this cost?

 What do you think the beast tradeoff is?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+
Changes (by dgoulet):

 * status:  accepted => needs_review
 * actualpoints:   => 0.1


Comment:

 Branch: `ticket24964_042_01`
 PR: https://github.com/torproject/tor/pull/1122

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by dgoulet):

 This one... I have honestly no idea how to pull this off with our current
 tor code.

 Problem is that when the `GET` requests comes in for the descriptor, we
 only learn what it is in the directory connection layer which doesn't have
 any clue about the circuit.

 I've tried to take the approach we use with `edge_connection_t` where we
 put the circuit pointer in it (`on_circuit`) but since the directory
 request code is called from the connection read callback, there is no
 access to the circuit at that level either...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir (was: dos: Add an option to block tor2web requests at the HSDir)

[Tor Bug Tracker & Wiki]

#24964: dos: Block single hop client at the HSDir
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:
Parent ID:  #24962| Points:  0.1
 Reviewer:|Sponsor:  Sponsor27-must
--+
Changes (by dgoulet):

 * status:  new => accepted
 * points:   => 0.1
 * sponsor:   => Sponsor27-must
 * milestone:  Tor: unspecified => Tor: 0.4.2.x-final
 * owner:  (none) => dgoulet


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs