Skip to content

Clients should predict that their stream will be refused for trying to reenter, and decline to try

We're doing a bunch of tickets now for 0.4.5-and-backport that make exit relays check if a given stream is trying to re-enter Tor. Those are good and worthwhile.

The next step after that would be for clients to do the same calculation, and not even attempt the stream if it's probably going to fail.

That is, clients should check the consensus param, and predict how the exit relay will respond, and just fail the stream right there if the exit relay is going to fail it.

There are several benefits to doing the check at the client side too:

  • it will reduce load on the network, and clients will get their failure faster for this case (probably a trivial amount in practice, but hey)

  • it will take care of some of the unfortunate side effects of refusing it at the exit, like right now we're on track to send back a CONNECTREFUSED reason which will cause the client to mark that circuit as unusable for future streams, which isn't really appropriate or needed and might even leak something

  • we have a chance to give the client a more useful log message, which could be really useful for the people who are doing "tor inside tor" and suddenly things start breaking and they don't know why.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information