On 24 Sep 2019, at 03:27, Felix zwiebel@quantentunnel.de wrote:
Am 2019-09-23 um 1:59 AM schrieb teor:
We need some more information to diagnose the issue, and answer these questions:
- Is this issue reproducible?
In my Freebsd monoculture, yes. 20 guard relays shared the same history:
Tor versions Tor 0.4.0.5, 0.4.1.2-alpha, 0.4.1.3-alpha, all on LibreSSL 2.9.2. Running guard since >1 month before they all lost guard flags between 2019-08-15 10pm and 2019-08-16 1am.
How do you know it's LibreSSL, and not simply restarting the relays?
- Are all tor clients affected?
They became middle relays so I expect no client will connect (besides onion services?). But they were pushing a lot of data as middles.
Here's what I meant:
Are all Tor instances having trouble connecting to your relays, or just some of them?
You've answered the question below.
- If only some tor clients are affected, why are they affected?
No idea, sorry.
- Are all bandwidth authorities affected, or just the ones running sbws?
Short: Torflow is ok, sbws not
That's not quite accurate.
Consensus for a relay with Libressl 292 maatu. (!running, fast, !guard, bw ok)
The authority on maatuska appears to be affected.
moria1 (running, fast, guard, bw ok) farav. (running, fast, guard, bw ok) longc. (running, !fast, !guard, no bw) bastet (running, !fast, !guard, no bw)
The bandwidth authority clients on longclaw and bastet are affected.
All relays w/o 292 received quickly running and fast from all bw auths, later guard.
Ok, so it does have something to do with LibreSSL. But we don't know why some other Tor instances are having trouble connecting: because it's not only sbws clients which are failing, it's authorities as well.
- Are these issues actually instances of know sbws bugs?
I don't think so.
It doesn't seem so either. This seems like a LibreSSL / Tor bug, not an sbws bug.
For further testing I keep the relays like this:
All the relays are on the same dedicated server
now working ok: 79D9E66BB2FDBF25E846B635D8248FE1194CFD26 Tor 0.4.1.6, OpenSSL 1.1.1d ACBBB426CE1D0641A590BF1FC1CF05416FC0FF6F Tor 0.4.1.5, OpenSSL 1.0.2s 9F5068310818ED7C70B0BC4087AB55CB12CB4377 Tor 0.4.1.6, LibreSSL 3.0.0 8FA37B93397015B2BC5A525C908485260BE9F422 Tor 0.4.1.5, OpenSSL 1.0.2t
suffering: ED7F2BE5D2AC7FCF821A909E2486FFFB95D65272 Tor 0.4.1.3-alpha, LibreSSL 2.9.2
I hope that helps. Please tell me how I can support.
Maybe there is a bug in LibreSSL 2.9.2 ? Or a bug between that version and other SSL libraries?
Can you reproduce this issue using Tor Browser connecting to your relays? If so, what do you see in your Tor logs?
T