#13837: Mitigate guard discovery by pinning middle node -------------------------------------------------+------------------------- Reporter: asn | Owner: | mikeperry Type: defect | Status: | needs_revision Priority: Medium | Milestone: Tor: | 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, tor-guard, guard-discovery- | Actual Points: prop247-controller | Parent ID: #9001 | Points: Reviewer: asn | Sponsor: | SponsorV-can -------------------------------------------------+-------------------------
Comment (by mikeperry): Replying to [comment:30 mikeperry]: > Replying to [comment:28 asn]: > > I encountered some annoying failures during testing this which I reported here: https://oniongit.eu/mikeperry/tor/commit/7e962536f2d89ab0e2b8dd8821503ed66bd115ac#note_1804 > > I am pretty sure this is two separate bugs that are orthogonal to this code: > > First, we are failing to find a second or third hop for the path because you specified an IP network mask in HSLayer2Guards and HSLayer3Guards. It seems that routersets have a bug/quirk in their network mask handling. See routerset_contains(). They only return "true" for address range checks if the match REJECTED the specified address. If I change that routerset_contains() check to return true if the match is ACCEPTED, the very same netmasks suddenly work. However, if I just patch that routerset_contains function, disparate things that use routersets like excludenodes and exitpolicies suddenly break (in fact, about 12 unittests fail when I change this). Phew, it is not this complicated. routerset_contains() is just written confusingly. It turns out that the /16 restriction is still in effect, so when you specified the same /16 for Layer2 and Layer3 guards, that was actually invalid. I will just work on fixups to make sure we don't blame the entry guard for this. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13837#comment:31> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs