Onion address contact via clearnet on i2p grid

[meejah]

User "Arch" in IRC reports that their tahoe-lafs + i2p client is sending clearnet DNS requests for a particular .onion address when configured to use i2p.

They have not installed the Tor libraries.

Regardless of how the client learned about an onion address, it shouldn't be contacting it via clearnet, ever. In fact, tahoe-lafs shouldn't do _any_ clearnet traffic when configured to use i2p or tor (or both).

[meejah]

Okay, I believe I see what is happening here:

• One of the I2P Introducers announces an onion service
• This should be fine -- but it is using pb://.... to do so, and not pb+tor://.... as I _believe_ the code expects

However, regardless of "errors" by a node operator trying to announce tor-available onion services, we could look at the hint and see that there is a ".onion" in it, which we know will fail on clearnet routing.

[meejah]

The logic traces to ​https://github.com/tahoe-lafs/tahoe-lafs/blob/master/src/allmydata/storage/http_client.py#L358 if anyone wants to explore further.

In my WebUI for the I2P-enabled client, I see the rather inscrutable error:

 failure: [Failure instance: Traceback: <class 'allmydata.util.deferredutil.MultiFailure'>: /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:912:errback /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:980:_startRunCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:1074:_runCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:1960:_gotResultInlineCallbacks --- <exception caught here> --- /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:2010:_inlineCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/python/failure.py:549:throwExceptionIntoGenerator /home/meejah/work/leastauthority/src/tahoe-lafs/src/allmydata/storage_client.py:1351:_pick_server_and_get_version /home/meejah/work/leastauthority/src/tahoe-lafs/src/allmydata/storage_client.py:1341:get_istorage_server ]

[meejah]

Relevant to possible solutions on this bug: ​https://mastodon.social/@lattera@bsd.network/113194088225944540

[meejah]

we could look at the hint and see that there is a ".onion" in it, which we know will fail on clearnet routing.

Actually, this makes anyone trying "transparently proxy over Tor" fail -- because in such a scenario, the "clearnet" is really Tor and you _do_ want these requests to go out.

The "true" fix here is twofold I think:

• there is an I2P node operator with a misconfigured Tor announcement
• the tahoe software should be able to detect the above (in non-transparent-proxy cases) and show a warning or error to that user directly