Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues, specifically very long latency. But this is the first time I hear of an issue like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and 154.35.175.225 is the new IP (current).
There are iptable rules forwarding the traffic from OLD IP to the new one for the clients that have not updated yet.
Are you running the latest version of tor software?
I'll be sure to keep an eye on this email and open a ticket as needed.
Thank you for reporting the issue and running a relay.
All the best, Sina
"Be the change that you wish to see in the world." - Mahatma Gandhi
----- On Oct 22, 2015, at 11:22 AM, Logforme m7527@abc.se wrote:
I run the relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34)
Saw this in yesterday's log file: Oct 22 03:17:55.000 [notice] Our IP Address has changed from 84.219.173.60 to 154.35.32.5; rebuilding descriptor (source: 154.35.175.225). Oct 22 03:17:55.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Oct 22 03:17:56.000 [notice] Performing bandwidth self-test...done. Oct 22 03:26:55.000 [notice] Our IP Address has changed from 154.35.32.5 to 84.219.173.60; rebuilding descriptor (source: 194.109.206.212).
84.219.173.60: <- My real IP address 154.35.32.5: faravahar.rabbani.jp <- No idea 154.35.175.225: faravahar.redteam.net <- Authority server 194.109.206.212: tor.dizum.com <- Better authority server
So if I read it right my relay asked the authority server Faravahar what my IP address is and got the wrong answer. 9 minutes later my relay asked another authority server and got the right answer. My relay show an uptime starting from this time and if the relay did a full restart it meant all the circuits got dropped? Inconvenient for users.
My relay have "restarted" like this a few times the last weeks (only Tor daemon "restarting", not the machine). Don't know if Faravahar is behind the other "restarts". This time I just caught it in the log file before it got archived.
Is this a know issue with Faravahar? If so, should it be fixed? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Aren't the iptables rules going to change the source address of the forwarded traffic to the IP of the old server, causing it to misreport IP addresses?
On Thu, Oct 22, 2015 at 1:38 PM, SiNA Rabbani sina@redteam.net wrote:
Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues, specifically very long latency. But this is the first time I hear of an issue like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and 154.35.175.225 is the new IP (current).
There are iptable rules forwarding the traffic from OLD IP to the new one for the clients that have not updated yet.
Are you running the latest version of tor software?
I'll be sure to keep an eye on this email and open a ticket as needed.
Thank you for reporting the issue and running a relay.
All the best, Sina
"Be the change that you wish to see in the world." - Mahatma Gandhi
----- On Oct 22, 2015, at 11:22 AM, Logforme m7527@abc.se wrote:
I run the relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34)
Saw this in yesterday's log file: Oct 22 03:17:55.000 [notice] Our IP Address has changed from 84.219.173.60 to 154.35.32.5; rebuilding descriptor (source: 154.35.175.225). Oct 22 03:17:55.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Oct 22 03:17:56.000 [notice] Performing bandwidth self-test...done. Oct 22 03:26:55.000 [notice] Our IP Address has changed from 154.35.32.5 to 84.219.173.60; rebuilding descriptor (source: 194.109.206.212).
84.219.173.60: <- My real IP address 154.35.32.5: faravahar.rabbani.jp <- No idea 154.35.175.225: faravahar.redteam.net <- Authority server 194.109.206.212: tor.dizum.com <- Better authority server
So if I read it right my relay asked the authority server Faravahar what my IP address is and got the wrong answer. 9 minutes later my relay asked another authority server and got the right answer. My relay show an uptime starting from this time and if the relay did a full restart it meant all the circuits got dropped? Inconvenient for users.
My relay have "restarted" like this a few times the last weeks (only Tor daemon "restarting", not the machine). Don't know if Faravahar is behind the other "restarts". This time I just caught it in the log file before it got archived.
Is this a know issue with Faravahar? If so, should it be fixed? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello, thank you for your prompt reply.
My relay runs version 0.2.6.10. I got version 0.2.7.3 on hold waiting for a good time to update. Do you think updating could help the issue?
Best regards
On 2015-10-22 20:38, SiNA Rabbani wrote:
Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues, specifically very long latency. But this is the first time I hear of an issue like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and 154.35.175.225 is the new IP (current).
There are iptable rules forwarding the traffic from OLD IP to the new one for the clients that have not updated yet.
Are you running the latest version of tor software?
I'll be sure to keep an eye on this email and open a ticket as needed.
Thank you for reporting the issue and running a relay.
All the best, Sina
"Be the change that you wish to see in the world." - Mahatma Gandhi
----- On Oct 22, 2015, at 11:22 AM, Logforme m7527@abc.se wrote:
I run the relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34)
Saw this in yesterday's log file: Oct 22 03:17:55.000 [notice] Our IP Address has changed from 84.219.173.60 to 154.35.32.5; rebuilding descriptor (source: 154.35.175.225). Oct 22 03:17:55.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Oct 22 03:17:56.000 [notice] Performing bandwidth self-test...done. Oct 22 03:26:55.000 [notice] Our IP Address has changed from 154.35.32.5 to 84.219.173.60; rebuilding descriptor (source: 194.109.206.212).
84.219.173.60: <- My real IP address 154.35.32.5: faravahar.rabbani.jp <- No idea 154.35.175.225: faravahar.redteam.net <- Authority server 194.109.206.212: tor.dizum.com <- Better authority server
So if I read it right my relay asked the authority server Faravahar what my IP address is and got the wrong answer. 9 minutes later my relay asked another authority server and got the right answer. My relay show an uptime starting from this time and if the relay did a full restart it meant all the circuits got dropped? Inconvenient for users.
My relay have "restarted" like this a few times the last weeks (only Tor daemon "restarting", not the machine). Don't know if Faravahar is behind the other "restarts". This time I just caught it in the log file before it got archived.
Is this a know issue with Faravahar? If so, should it be fixed? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Happened again tonight:
Nov 04 05:23:43.000 [notice] Our IP Address has changed from 84.219.173.60 to 185.99.185.61; rebuilding descriptor (source: 154.35.175.225). Nov 04 05:23:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Nov 04 05:23:43.000 [notice] Our IP Address has changed from 185.99.185.61 to 84.219.173.60; rebuilding descriptor (source: 154.35.175.225). Nov 04 05:23:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
84.219.173.60 <- My real IP address 185.99.185.61 <- Holland? 154.35.175.225 <- faravahar.redteam.net
Not even a second between getting the wrong IP and then getting the correct one back, but enough to restart the relay. After seeing this I upgraded to the latest version 0.2.7.4-rc and on the restart it again used Faravahar to (correctly) guess the IP:
Nov 04 07:47:49.000 [notice] Guessed our IP address as 84.219.173.60 (source: 154.35.175.225).
On 2015-10-22 20:38, SiNA Rabbani wrote:
Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues, specifically very long latency. But this is the first time I hear of an issue like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and 154.35.175.225 is the new IP (current).
There are iptable rules forwarding the traffic from OLD IP to the new one for the clients that have not updated yet.
Are you running the latest version of tor software?
I'll be sure to keep an eye on this email and open a ticket as needed.
On Wed, Nov 04, 2015 at 08:00:52AM +0100, Logforme wrote:
Happened again tonight:
Nov 04 05:23:43.000 [notice] Our IP Address has changed from 84.219.173.60 to 185.99.185.61; rebuilding descriptor (source: 154.35.175.225). Nov 04 05:23:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Nov 04 05:23:43.000 [notice] Our IP Address has changed from 185.99.185.61 to 84.219.173.60; rebuilding descriptor (source: 154.35.175.225). Nov 04 05:23:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
84.219.173.60 <- My real IP address 185.99.185.61 <- Holland? 154.35.175.225 <- faravahar.redteam.net
Not even a second between getting the wrong IP and then getting the correct one back, but enough to restart the relay. After seeing this I upgraded to the latest version 0.2.7.4-rc and on the restart it again used Faravahar to (correctly) guess the IP:
Nov 04 07:47:49.000 [notice] Guessed our IP address as 84.219.173.60 (source: 154.35.175.225).
Which version of Tor were you previously running? Have you seen these messages within the last few days, after you upgraded?
Thanks, Matt
On 9 Nov 2015, at 18:56, Matthew Finkel matthew.finkel@gmail.com wrote:
Which version of Tor were you previously running? Have you seen these messages within the last few days, after you upgraded?
Hi SiNA, Matthew,
I can reproduce some unusual behaviour from Faravahar simply using wget. It seems that a web cache in front of Faravahar's dirport might be misbehaving.
*Exit Notice - Reproducible Incorrect X-Your-Address-Is*
I just retrieved the Faravahar "exit notice" from a US AWS address, then a few seconds later made a query from an Australian home IP address.
Both queries returned the US AWS address in X-Your-Address-Is. (A previous query from the Australian address a few minutes beforehand had the correct address.)
I can reproduce this behaviour: whichever query starts first is the one whose IP address gets recorded.
Subsequent queries get the same IP address for several tens of seconds afterwards.
I'm using: wget --save-headers http://154.35.175.225/
The headers I see look like:
HTTP/1.0 200 OK Age: 976 Date: Mon, 09 Nov 2015 08:35:20 GMT Expires: Mon, 09 Nov 2015 08:55:20 GMT Connection: Keep-Alive ETag: "KXJDGONEHLPTLKVYRY" Content-Type: text/html X-Your-Address-Is: <not my IP address> Content-Encoding: identity Content-Length: 38126
*Directory Documents - Once-Off Header Corruption*
This caching behaviour isn't reproducible with the actual documents, but I did see one instance of corrupted headers: * Content-Length is misspelt Xontent-Length, * Connection and ETag are present, but they're not typically present in the headers of other directory documents from Faravahar. * Expires is in the location it would typically be in for the exit notice (after Date), not the directory documents (last, after Content-Encoding)
wget --save-headers http://154.35.175.225/tor/status-vote/current/consensus-ns
HTTP/1.0 200 OK Age: 975 Date: Mon, 09 Nov 2015 08:43:32 GMT Expires: Mon, 09 Nov 2015 09:00:00 GMT Xontent-Length: Connection: Close ETag: "KXJDGONEHLSKRWTYRY" Content-Type: text/plain X-Your-Address-Is: 180.200.153.214 Content-Encoding: identity
The second download with exactly the same URL did not contain [C|X]ontent-Length, Connection, or ETag.
It's probably worth mentioning that similar queries to other directory authorities do not show the same behaviour.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On Mon, Nov 09, 2015 at 08:04:55PM +1100, Tim Wilson-Brown - teor wrote:
On 9 Nov 2015, at 18:56, Matthew Finkel matthew.finkel@gmail.com wrote:
Which version of Tor were you previously running? Have you seen these messages within the last few days, after you upgraded?
Hi SiNA, Matthew,
I can reproduce some unusual behaviour from Faravahar simply using wget. It seems that a web cache in front of Faravahar's dirport might be misbehaving.
For some reason I can't reproduce your results, but I agree that what you saw and what the various tor log snippets show does seem to point towards a kind of frontend caching proxy. This is unfortunate, but I don't see a way for the dirauth code to make a mistake like this, and we'd expect other authories would show the same symptoms if that was the case, as well.
- Matt
On 9 Nov 2015, at 20:31, Matthew Finkel matthew.finkel@gmail.com wrote:
On Mon, Nov 09, 2015 at 08:04:55PM +1100, Tim Wilson-Brown - teor wrote:
On 9 Nov 2015, at 18:56, Matthew Finkel matthew.finkel@gmail.com wrote:
Which version of Tor were you previously running? Have you seen these messages within the last few days, after you upgraded?
Hi SiNA, Matthew,
I can reproduce some unusual behaviour from Faravahar simply using wget. It seems that a web cache in front of Faravahar's dirport might be misbehaving.
For some reason I can't reproduce your results, but I agree that what you saw and what the various tor log snippets show does seem to point towards a kind of frontend caching proxy. This is unfortunate, but I don't see a way for the dirauth code to make a mistake like this, and we'd expect other authories would show the same symptoms if that was the case, as well.
I am happy to provide files exhibiting these issues if needed.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On Mon, Nov 09, 2015 at 08:04:55PM +1100, Tim Wilson-Brown - teor wrote:
Subsequent queries get the same IP address for several tens of seconds afterwards.
Woah. Are we setting the Expires: http header in our Tor answer based on how long we think the *payload* will remain valid, and the proxy in the middle is caching both the payload and the headers for that time?
--Roger
On 9 Nov 2015, at 20:45, Roger Dingledine <arma@mit.edu mailto:arma@mit.edu> wrote:
On Mon, Nov 09, 2015 at 08:04:55PM +1100, Tim Wilson-Brown - teor wrote:
Subsequent queries get the same IP address for several tens of seconds afterwards.
Woah. Are we setting the Expires: http header in our Tor answer based on how long we think the *payload* will remain valid, and the proxy in the middle is caching both the payload and the headers for that time?
That's what most caches do with unknown headers: cache them for the same period as the payload.
HTTP 1.0 is silent on whether headers should be cached - it just says content should be cached. http://www.w3.org/Protocols/HTTP/1.0/spec.html#Expires
HTTP 1.1 specifies that headers are cached along with content, except for a few headers that don't get cached. (It also specifies that "not-modified" and similar responses replace headers from the original response. But I doubt that's relevant here.) https://tools.ietf.org/html/rfc7234
For HTTP 1.1 compliant caches, Tor can specifically indicate that X-Your-IP-Address-Is is a hop-by-hop header by using a the "Connection" header like this: Connection: close X-Your-IP-Address-Is ("close" indicates that Tor doesn't support persistent connections.) This would cause the X-Your-IP-Address-Is header to not ever be sent out by the cache, not even on the first connection. If Tor sees the IP address of the cache, this is what we want. But if it sees the IP address of the relay, we want the first response to have the X-Your-IP-Address-Is header, and any cached responses to not have it (see below). https://tools.ietf.org/html/rfc7230#section-6.1
Alternately, we could use: Cache-Control: no-cache="X-Your-IP-Address-Is" This is interpreted as a request not to cache the header at all, or, if the no-cache="<header-name>" feature is not supported, it's generally interpreted as a request not to cache the entire document. (This also causes the cache to attempt to revalidate the header, which might not be what we want, as Tor might not support cache revalidation.) https://tools.ietf.org/html/rfc7234#section-5.2.2
These are HTTP 1.1 features, but Tor provides a HTTP 1.0 response. HTTP 1.1 caches are supposed to handle headers by applying the HTTP 1.1 rules, regardless of the version of the response.
For HTTP 1.0 compliant caches, Tor can disable caching: Pragma: no-cache (This will also disable caching for HTTP 1.1 caches unless we provide a more generous Cache-Control header, like the one above.) https://tools.ietf.org/html/rfc7234#section-5.4
If we disable caching, this will put more load on Faravahar. But at least we'll get correct behaviour.
If we remove the header, some relays might not be able to find their IP address as quickly. (Do we believe IP addresses from other relays, or just the authorities?)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 9 Nov 2015, at 23:02, teor teor2345@gmail.com wrote:
On 9 Nov 2015, at 20:45, Roger Dingledine <arma@mit.edu mailto:arma@mit.edu> wrote:
On Mon, Nov 09, 2015 at 08:04:55PM +1100, Tim Wilson-Brown - teor wrote:
Subsequent queries get the same IP address for several tens of seconds afterwards.
Woah. Are we setting the Expires: http header in our Tor answer based on how long we think the *payload* will remain valid, and the proxy in the middle is caching both the payload and the headers for that time?
That's what most caches do with unknown headers: cache them for the same period as the payload.
I've logged Trac ticket #17605 to see if we can tell caches not to cache the X-Your-IP-Address-Is header. https://trac.torproject.org/projects/tor/ticket/17605
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 2015-11-09 08:56, Matthew Finkel wrote:
On Wed, Nov 04, 2015 at 08:00:52AM +0100, Logforme wrote:
After seeing this I upgraded to the latest version 0.2.7.4-rc and on the restart it again used Faravahar to (correctly) guess the IP:
Nov 04 07:47:49.000 [notice] Guessed our IP address as 84.219.173.60 (source: 154.35.175.225).
Which version of Tor were you previously running? Have you seen these messages within the last few days, after you upgraded?
Sorry about not replying, I have been on vacation. It seems the issue has an explanation already (caching) but here's my answer for completeness:
Previously I was running version 0.2.6.10 from what was then the latest Debian wheezy tor-experimental package. As I wrote above I upgraded to the (at the time) latest wheezy tor-experimental, 0.2.7.4-rc. During my vacation the relay have not restarted, 22 days uptime at the moment, so I assume the IP address has not fluctuated.
These messages only happened rarely, weeks apart. I have only seen Faravahar giving the wrong IP, not any other Auth server.
On 23 Oct 2015, at 05:38, SiNA Rabbani sina@redteam.net wrote:
Dear Relay Operator,
I am the operator of Faravahar, It has been having some network issues, specifically very long latency. But this is the first time I hear of an issue like this.
154.35.32.5 is Faravahr's older IP addresses which was replaced with and 154.35.175.225 is the new IP (current).
There are iptable rules forwarding the traffic from OLD IP to the new one for the clients that have not updated yet.
SiNA,
Have the forwarding rules been disabled?
When I try to fetch from the old IP address, it times out: wget http://154.35.32.5/
But the same query to the new address works: wget http://154.35.32.5/
This happens from both an Australian and US IP address (neither of which are Tor relays, if it matters).
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays@lists.torproject.org
-
Logforme -
Matthew Finkel -
Nicholas Suan -
Roger Dingledine -
SiNA Rabbani -
teor -
Tim Wilson-Brown - teor