Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
T
Tor
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,073
    • Issues 1,073
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 39
    • Merge Requests 39
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • Core
  • Tor
  • Issues
  • #40193

Closed
Open
Opened Nov 16, 2020 by Roger Dingledine@armaReporter

If I have two bridge lines with the same fingerprint, Tor only tries one of them

Start Tor configured with two bridges that have the same identity fingerprint:

$ src/app/tor usebridge 1 bridge "obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0" bridge "obfs4 [2a0c:4d80:42:702::1]:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0"

My Tor connects to the IPv4 address and successfully pulls down a descriptor:

Nov 16 14:41:25.866 [notice] new bridge descriptor 'dktoke' (fresh): $C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C~dktoke [jvQiwW4F56WErOOOEUDVkIOO65AYIAm8qy2z7oiSmD4] at 45.145.95.6

Then later it decides that it should use the IPv6 address instead:

Nov 16 14:41:26.163 [notice] Bridge 'dktoke' has both an IPv4 and an IPv6 address.  Will prefer using its IPv6 address ([2a0c:4d80:42:702::1]:27015) based on the configured Bridge address.

But since I don't have working ipv6, that new connect attempt fails:

Nov 16 14:41:37.179 [warn] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [2a0c:4d80:42:702::1]:27015 ID=jvQiwW4F56WErOOOEUDVkIOO65AYIAm8qy2z7oiSmD4 RSA_ID=C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C ("general SOCKS server failure")
Nov 16 14:41:38.209 [warn] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [2a0c:4d80:42:702::1]:27015 ID=jvQiwW4F56WErOOOEUDVkIOO65AYIAm8qy2z7oiSmD4 RSA_ID=C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C ("general SOCKS server failure")
Nov 16 14:41:39.171 [notice] Delaying directory fetches: No running bridges

And I am left with a disconnected Tor, when it clearly was able to use the IPv4 address, but it just chooses not to.

I found this bug because Tor Browser actually sets both of the above bridges when you ask to use the built-in obfs4 bridges, and Tor ends up ignoring the IPv4 one, even if it's the only one of the two which works -- which is probably not what the Tor Browser folks expected.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/core/tor#40193