156-tracking-blocked-ports.txt 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529
  1. Filename: 156-tracking-blocked-ports.txt
  2. Title: Tracking blocked ports on the client side
  3. Version: $Revision$
  4. Last-Modified: $Date$
  5. Author: Robert Hogan
  6. Created: 14-Oct-2008
  7. Status: Open
  8. Target: 0.2.?
  9. Motivation:
  10. Tor clients that are behind extremely restrictive firewalls can end up
  11. waiting a while for their first successful OR connection to a node on the
  12. network. Worse, the more restrictive their firewall the more susceptible
  13. they are to an attacker guessing their entry nodes. Tor routers that
  14. are behind extremely restrictive firewalls can only offer a limited,
  15. 'partitioned' service to other routers and clients on the network. Exit
  16. nodes behind extremely restrictive firewalls may advertise ports that they
  17. are actually not able to connect to, wasting network resources in circuit
  18. constructions that are doomed to fail at the last hop on first use.
  19. Proposal:
  20. When a client attempts to connect to an entry guard it should avoid
  21. further attempts on ports that fail once until it has connected to at
  22. least one entry guard successfully. (Maybe it should wait for more than
  23. one failure to reduce the skew on the first node selection.) Thereafter
  24. it should select entry guards regardless of port and warn the user if
  25. it observes that connections to a given port have failed every multiple
  26. of 5 times without success or since the last success.
  27. Tor should warn the operators of exit, middleman and entry nodes if it
  28. observes that connections to a given port have failed a multiple of 5
  29. times without success or since the last success. If attempts on a port
  30. fail 20 or more times without or since success, Tor should add the port
  31. to a 'blocked-ports' entry in its descriptor's extra-info. Some thought
  32. needs to be given to what the authorities might do with this information.
  33. Related TODO item:
  34. "- Automatically determine what ports are reachable and start using
  35. those, if circuits aren't working and it's a pattern we
  36. recognize ("port 443 worked once and port 9001 keeps not
  37. working")."
  38. I've had a go at implementing all of this in the attached.
  39. Addendum:
  40. Just a note on the patch, storing the digest of each router that uses the port
  41. is a bit of a memory hog, and its only real purpose is to provide a count of
  42. routers using that port when warning the user. That could be achieved when
  43. warning the user by iterating through the routerlist instead.
  44. Index: src/or/connection_or.c
  45. ===================================================================
  46. --- src/or/connection_or.c (revision 17104)
  47. +++ src/or/connection_or.c (working copy)
  48. @@ -502,6 +502,9 @@
  49. connection_or_connect_failed(or_connection_t *conn,
  50. int reason, const char *msg)
  51. {
  52. + if ((reason == END_OR_CONN_REASON_NO_ROUTE) ||
  53. + (reason == END_OR_CONN_REASON_REFUSED))
  54. + or_port_hist_failure(conn->identity_digest,TO_CONN(conn)->port);
  55. control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, reason);
  56. if (!authdir_mode_tests_reachability(get_options()))
  57. control_event_bootstrap_problem(msg, reason);
  58. @@ -580,6 +583,7 @@
  59. /* already marked for close */
  60. return NULL;
  61. }
  62. +
  63. return conn;
  64. }
  65. @@ -909,6 +913,7 @@
  66. control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED, 0);
  67. if (started_here) {
  68. + or_port_hist_success(TO_CONN(conn)->port);
  69. rep_hist_note_connect_succeeded(conn->identity_digest, now);
  70. if (entry_guard_register_connect_status(conn->identity_digest,
  71. 1, now) < 0) {
  72. Index: src/or/rephist.c
  73. ===================================================================
  74. --- src/or/rephist.c (revision 17104)
  75. +++ src/or/rephist.c (working copy)
  76. @@ -18,6 +18,7 @@
  77. static void bw_arrays_init(void);
  78. static void predicted_ports_init(void);
  79. static void hs_usage_init(void);
  80. +static void or_port_hist_init(void);
  81. /** Total number of bytes currently allocated in fields used by rephist.c. */
  82. uint64_t rephist_total_alloc=0;
  83. @@ -89,6 +90,25 @@
  84. digestmap_t *link_history_map;
  85. } or_history_t;
  86. +/** or_port_hist_t contains our router/client's knowledge of
  87. + all OR ports offered on the network, and how many servers with each port we
  88. + have succeeded or failed to connect to. */
  89. +typedef struct {
  90. + /** The port this entry is tracking. */
  91. + uint16_t or_port;
  92. + /** Have we ever connected to this port on another OR?. */
  93. + unsigned int success:1;
  94. + /** The ORs using this port. */
  95. + digestmap_t *ids;
  96. + /** The ORs using this port we have failed to connect to. */
  97. + digestmap_t *failure_ids;
  98. + /** Are we excluding ORs with this port during entry selection?*/
  99. + unsigned int excluded;
  100. +} or_port_hist_t;
  101. +
  102. +static unsigned int still_searching = 0;
  103. +static smartlist_t *or_port_hists;
  104. +
  105. /** When did we last multiply all routers' weighted_run_length and
  106. * total_run_weights by STABILITY_ALPHA? */
  107. static time_t stability_last_downrated = 0;
  108. @@ -164,6 +184,16 @@
  109. tor_free(hist);
  110. }
  111. +/** Helper: free storage held by a single OR port history entry. */
  112. +static void
  113. +or_port_hist_free(or_port_hist_t *p)
  114. +{
  115. + tor_assert(p);
  116. + digestmap_free(p->ids,NULL);
  117. + digestmap_free(p->failure_ids,NULL);
  118. + tor_free(p);
  119. +}
  120. +
  121. /** Update an or_history_t object <b>hist</b> so that its uptime/downtime
  122. * count is up-to-date as of <b>when</b>.
  123. */
  124. @@ -1639,7 +1669,7 @@
  125. tmp_time = smartlist_get(predicted_ports_times, i);
  126. if (*tmp_time + PREDICTED_CIRCS_RELEVANCE_TIME < now) {
  127. tmp_port = smartlist_get(predicted_ports_list, i);
  128. - log_debug(LD_CIRC, "Expiring predicted port %d", *tmp_port);
  129. + log_debug(LD_HIST, "Expiring predicted port %d", *tmp_port);
  130. smartlist_del(predicted_ports_list, i);
  131. smartlist_del(predicted_ports_times, i);
  132. rephist_total_alloc -= sizeof(uint16_t)+sizeof(time_t);
  133. @@ -1821,6 +1851,12 @@
  134. tor_free(last_stability_doc);
  135. built_last_stability_doc_at = 0;
  136. predicted_ports_free();
  137. + if (or_port_hists) {
  138. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, p,
  139. + or_port_hist_free(p));
  140. + smartlist_free(or_port_hists);
  141. + or_port_hists = NULL;
  142. + }
  143. }
  144. /****************** hidden service usage statistics ******************/
  145. @@ -2356,3 +2392,225 @@
  146. tor_free(fname);
  147. }
  148. +/** Create a new entry in the port tracking cache for the or_port in
  149. + * <b>ri</b>. */
  150. +void
  151. +or_port_hist_new(const routerinfo_t *ri)
  152. +{
  153. + or_port_hist_t *result;
  154. + const char *id=ri->cache_info.identity_digest;
  155. +
  156. + if (!or_port_hists)
  157. + or_port_hist_init();
  158. +
  159. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  160. + {
  161. + /* Cope with routers that change their advertised OR port or are
  162. + dropped from the networkstatus. We don't discard the failures of
  163. + dropped routers because they are still valid when counting
  164. + consecutive failures on a port.*/
  165. + if (digestmap_get(tp->ids, id) && (tp->or_port != ri->or_port)) {
  166. + digestmap_remove(tp->ids, id);
  167. + }
  168. + if (tp->or_port == ri->or_port) {
  169. + if (!(digestmap_get(tp->ids, id)))
  170. + digestmap_set(tp->ids, id, (void*)1);
  171. + return;
  172. + }
  173. + });
  174. +
  175. + result = tor_malloc_zero(sizeof(or_port_hist_t));
  176. + result->or_port=ri->or_port;
  177. + result->success=0;
  178. + result->ids=digestmap_new();
  179. + digestmap_set(result->ids, id, (void*)1);
  180. + result->failure_ids=digestmap_new();
  181. + result->excluded=0;
  182. + smartlist_add(or_port_hists, result);
  183. +}
  184. +
  185. +/** Create the port tracking cache. */
  186. +/*XXX: need to call this when we rebuild/update our network status */
  187. +static void
  188. +or_port_hist_init(void)
  189. +{
  190. + routerlist_t *rl = router_get_routerlist();
  191. +
  192. + if (!or_port_hists)
  193. + or_port_hists=smartlist_create();
  194. +
  195. + if (rl && rl->routers) {
  196. + SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri,
  197. + {
  198. + or_port_hist_new(ri);
  199. + });
  200. + }
  201. +}
  202. +
  203. +#define NOT_BLOCKED 0
  204. +#define FAILURES_OBSERVED 1
  205. +#define POSSIBLY_BLOCKED 5
  206. +#define PROBABLY_BLOCKED 10
  207. +/** Return the list of blocked ports for our router's extra-info.*/
  208. +char *
  209. +or_port_hist_get_blocked_ports(void)
  210. +{
  211. + char blocked_ports[2048];
  212. + char *bp;
  213. +
  214. + tor_snprintf(blocked_ports,sizeof(blocked_ports),"blocked-ports");
  215. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  216. + {
  217. + if (digestmap_size(tp->failure_ids) >= PROBABLY_BLOCKED)
  218. + tor_snprintf(blocked_ports+strlen(blocked_ports),
  219. + sizeof(blocked_ports)," %u,",tp->or_port);
  220. + });
  221. + if (strlen(blocked_ports) == 13)
  222. + return NULL;
  223. + bp=tor_strdup(blocked_ports);
  224. + bp[strlen(bp)-1]='\n';
  225. + bp[strlen(bp)]='\0';
  226. + return bp;
  227. +}
  228. +
  229. +/** Revert to client-only mode if we have seen to many failures on a port or
  230. + * range of ports.*/
  231. +static void
  232. +or_port_hist_report_block(unsigned int min_severity)
  233. +{
  234. + or_options_t *options=get_options();
  235. + char failures_observed[2048],possibly_blocked[2048],probably_blocked[2048];
  236. + char port[1024];
  237. +
  238. + memset(failures_observed,0,sizeof(failures_observed));
  239. + memset(possibly_blocked,0,sizeof(possibly_blocked));
  240. + memset(probably_blocked,0,sizeof(probably_blocked));
  241. +
  242. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  243. + {
  244. + unsigned int failures = digestmap_size(tp->failure_ids);
  245. + if (failures >= min_severity) {
  246. + tor_snprintf(port, sizeof(port), " %u (%u failures %s out of %u on the"
  247. + " network)",tp->or_port,failures,
  248. + (!tp->success)?"and no successes": "since last success",
  249. + digestmap_size(tp->ids));
  250. + if (failures >= PROBABLY_BLOCKED) {
  251. + strlcat(probably_blocked, port, sizeof(probably_blocked));
  252. + } else if (failures >= POSSIBLY_BLOCKED)
  253. + strlcat(possibly_blocked, port, sizeof(possibly_blocked));
  254. + else if (failures >= FAILURES_OBSERVED)
  255. + strlcat(failures_observed, port, sizeof(failures_observed));
  256. + }
  257. + });
  258. +
  259. + log_warn(LD_HIST,"%s%s%s%s%s%s%s%s",
  260. + server_mode(options) &&
  261. + ((min_severity==FAILURES_OBSERVED) || strlen(probably_blocked))?
  262. + "You should consider disabling your Tor server.":"",
  263. + (min_severity==FAILURES_OBSERVED)?
  264. + "Tor appears to be blocked from connecting to a range of ports "
  265. + "with the result that it cannot connect to one tenth of the Tor "
  266. + "network. ":"",
  267. + strlen(failures_observed)?
  268. + "Tor has observed failures on the following ports: ":"",
  269. + failures_observed,
  270. + strlen(possibly_blocked)?
  271. + "Tor is possibly blocked on the following ports: ":"",
  272. + possibly_blocked,
  273. + strlen(probably_blocked)?
  274. + "Tor is almost certainly blocked on the following ports: ":"",
  275. + probably_blocked);
  276. +
  277. +}
  278. +
  279. +/** Record the success of our connection to <b>digest</b>'s
  280. + * OR port. */
  281. +void
  282. +or_port_hist_success(uint16_t or_port)
  283. +{
  284. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  285. + {
  286. + if (tp->or_port != or_port)
  287. + continue;
  288. + /*Reset our failure stats so we can notice if this port ever gets
  289. + blocked again.*/
  290. + tp->success=1;
  291. + if (digestmap_size(tp->failure_ids)) {
  292. + digestmap_free(tp->failure_ids,NULL);
  293. + tp->failure_ids=digestmap_new();
  294. + }
  295. + if (still_searching) {
  296. + still_searching=0;
  297. + SMARTLIST_FOREACH(or_port_hists,or_port_hist_t *,t,t->excluded=0;);
  298. + }
  299. + return;
  300. + });
  301. +}
  302. +/** Record the failure of our connection to <b>digest</b>'s
  303. + * OR port. Warn, exclude the port from future entry guard selection, or
  304. + * add port to blocked-ports in our server's extra-info as appropriate. */
  305. +void
  306. +or_port_hist_failure(const char *digest, uint16_t or_port)
  307. +{
  308. + int total_failures=0, ports_excluded=0, report_block=0;
  309. + int total_routers=smartlist_len(router_get_routerlist()->routers);
  310. +
  311. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  312. + {
  313. + ports_excluded += tp->excluded;
  314. + total_failures+=digestmap_size(tp->failure_ids);
  315. + if (tp->or_port != or_port)
  316. + continue;
  317. + /* We're only interested in unique failures */
  318. + if (digestmap_get(tp->failure_ids, digest))
  319. + return;
  320. +
  321. + total_failures++;
  322. + digestmap_set(tp->failure_ids, digest, (void*)1);
  323. + if (still_searching && !tp->success) {
  324. + tp->excluded=1;
  325. + ports_excluded++;
  326. + }
  327. + if ((digestmap_size(tp->ids) >= POSSIBLY_BLOCKED) &&
  328. + !(digestmap_size(tp->failure_ids) % POSSIBLY_BLOCKED))
  329. + report_block=POSSIBLY_BLOCKED;
  330. + });
  331. +
  332. + if (total_failures >= (int)(total_routers/10))
  333. + or_port_hist_report_block(FAILURES_OBSERVED);
  334. + else if (report_block)
  335. + or_port_hist_report_block(report_block);
  336. +
  337. + if (ports_excluded >= smartlist_len(or_port_hists)) {
  338. + log_warn(LD_HIST,"During entry node selection Tor tried every port "
  339. + "offered on the network on at least one server "
  340. + "and didn't manage a single "
  341. + "successful connection. This suggests you are behind an "
  342. + "extremely restrictive firewall. Tor will keep trying to find "
  343. + "a reachable entry node.");
  344. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp, tp->excluded=0;);
  345. + }
  346. +}
  347. +
  348. +/** Add any ports marked as excluded in or_port_hist_t to <b>rt</b> */
  349. +void
  350. +or_port_hist_exclude(routerset_t *rt)
  351. +{
  352. + SMARTLIST_FOREACH(or_port_hists, or_port_hist_t *, tp,
  353. + {
  354. + char portpolicy[9];
  355. + if (tp->excluded) {
  356. + tor_snprintf(portpolicy,sizeof(portpolicy),"*:%u", tp->or_port);
  357. + log_warn(LD_HIST,"Port %u may be blocked, excluding it temporarily "
  358. + "from entry guard selection.", tp->or_port);
  359. + routerset_parse(rt, portpolicy, "Ports");
  360. + }
  361. + });
  362. +}
  363. +
  364. +/** Allow the exclusion of ports during our search for an entry node. */
  365. +void
  366. +or_port_hist_search_again(void)
  367. +{
  368. + still_searching=1;
  369. +}
  370. Index: src/or/or.h
  371. ===================================================================
  372. --- src/or/or.h (revision 17104)
  373. +++ src/or/or.h (working copy)
  374. @@ -3864,6 +3864,13 @@
  375. int any_predicted_circuits(time_t now);
  376. int rep_hist_circbuilding_dormant(time_t now);
  377. +void or_port_hist_failure(const char *digest, uint16_t or_port);
  378. +void or_port_hist_success(uint16_t or_port);
  379. +void or_port_hist_new(const routerinfo_t *ri);
  380. +void or_port_hist_exclude(routerset_t *rt);
  381. +void or_port_hist_search_again(void);
  382. +char *or_port_hist_get_blocked_ports(void);
  383. +
  384. /** Possible public/private key operations in Tor: used to keep track of where
  385. * we're spending our time. */
  386. typedef enum {
  387. Index: src/or/routerparse.c
  388. ===================================================================
  389. --- src/or/routerparse.c (revision 17104)
  390. +++ src/or/routerparse.c (working copy)
  391. @@ -1401,6 +1401,8 @@
  392. goto err;
  393. }
  394. + or_port_hist_new(router);
  395. +
  396. if (!router->platform) {
  397. router->platform = tor_strdup("<unknown>");
  398. }
  399. Index: src/or/router.c
  400. ===================================================================
  401. --- src/or/router.c (revision 17104)
  402. +++ src/or/router.c (working copy)
  403. @@ -1818,6 +1818,7 @@
  404. char published[ISO_TIME_LEN+1];
  405. char digest[DIGEST_LEN];
  406. char *bandwidth_usage;
  407. + char *blocked_ports;
  408. int result;
  409. size_t len;
  410. @@ -1825,7 +1826,6 @@
  411. extrainfo->cache_info.identity_digest, DIGEST_LEN);
  412. format_iso_time(published, extrainfo->cache_info.published_on);
  413. bandwidth_usage = rep_hist_get_bandwidth_lines(1);
  414. -
  415. result = tor_snprintf(s, maxlen,
  416. "extra-info %s %s\n"
  417. "published %s\n%s",
  418. @@ -1835,6 +1835,16 @@
  419. if (result<0)
  420. return -1;
  421. + blocked_ports = or_port_hist_get_blocked_ports();
  422. + if (blocked_ports) {
  423. + result = tor_snprintf(s+strlen(s), maxlen-strlen(s),
  424. + "%s",
  425. + blocked_ports);
  426. + tor_free(blocked_ports);
  427. + if (result<0)
  428. + return -1;
  429. + }
  430. +
  431. if (should_record_bridge_info(options)) {
  432. static time_t last_purged_at = 0;
  433. char *geoip_summary;
  434. Index: src/or/circuitbuild.c
  435. ===================================================================
  436. --- src/or/circuitbuild.c (revision 17104)
  437. +++ src/or/circuitbuild.c (working copy)
  438. @@ -62,6 +62,7 @@
  439. static void entry_guards_changed(void);
  440. static time_t start_of_month(time_t when);
  441. +static int num_live_entry_guards(void);
  442. /** Iterate over values of circ_id, starting from conn-\>next_circ_id,
  443. * and with the high bit specified by conn-\>circ_id_type, until we get
  444. @@ -1627,12 +1628,14 @@
  445. smartlist_t *excluded;
  446. or_options_t *options = get_options();
  447. router_crn_flags_t flags = 0;
  448. + routerset_t *_ExcludeNodes;
  449. if (state && options->UseEntryGuards &&
  450. (purpose != CIRCUIT_PURPOSE_TESTING || options->BridgeRelay)) {
  451. return choose_random_entry(state);
  452. }
  453. + _ExcludeNodes = routerset_new();
  454. excluded = smartlist_create();
  455. if (state && (r = build_state_get_exit_router(state))) {
  456. @@ -1670,12 +1673,18 @@
  457. if (options->_AllowInvalid & ALLOW_INVALID_ENTRY)
  458. flags |= CRN_ALLOW_INVALID;
  459. + if (options->ExcludeNodes)
  460. + routerset_union(_ExcludeNodes,options->ExcludeNodes);
  461. +
  462. + or_port_hist_exclude(_ExcludeNodes);
  463. +
  464. choice = router_choose_random_node(
  465. NULL,
  466. excluded,
  467. - options->ExcludeNodes,
  468. + _ExcludeNodes,
  469. flags);
  470. smartlist_free(excluded);
  471. + routerset_free(_ExcludeNodes);
  472. return choice;
  473. }
  474. @@ -2727,6 +2736,7 @@
  475. entry_guards_update_state(or_state_t *state)
  476. {
  477. config_line_t **next, *line;
  478. + unsigned int have_reachable_entry=0;
  479. if (! entry_guards_dirty)
  480. return;
  481. @@ -2740,6 +2750,7 @@
  482. char dbuf[HEX_DIGEST_LEN+1];
  483. if (!e->made_contact)
  484. continue; /* don't write this one to disk */
  485. + have_reachable_entry=1;
  486. *next = line = tor_malloc_zero(sizeof(config_line_t));
  487. line->key = tor_strdup("EntryGuard");
  488. line->value = tor_malloc(HEX_DIGEST_LEN+MAX_NICKNAME_LEN+2);
  489. @@ -2785,6 +2796,11 @@
  490. if (!get_options()->AvoidDiskWrites)
  491. or_state_mark_dirty(get_or_state(), 0);
  492. entry_guards_dirty = 0;
  493. +
  494. + /* XXX: Is this the place to decide that we no longer have any reachable
  495. + guards? */
  496. + if (!have_reachable_entry)
  497. + or_port_hist_search_again();
  498. }
  499. /** If <b>question</b> is the string "entry-guards", then dump