Opened at 2024-09-13T21:36:18Z
Last modified at 2024-09-24T21:07:27Z
#4108 new defect
Onion address contact via clearnet on i2p grid
Reported by: | meejah | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | undecided |
Component: | code-network | Version: | n/a |
Keywords: | Cc: | ||
Launchpad Bug: |
Description
User "Arch" in IRC reports that their tahoe-lafs + i2p client is sending clearnet DNS requests for a particular .onion address when configured to use i2p.
They have not installed the Tor libraries.
Regardless of how the client learned about an onion address, it shouldn't be contacting it via clearnet, ever. In fact, tahoe-lafs shouldn't do _any_ clearnet traffic when configured to use i2p or tor (or both).
Change History (4)
comment:1 Changed at 2024-09-24T01:35:02Z by meejah
comment:2 Changed at 2024-09-24T01:36:56Z by meejah
The logic traces to https://github.com/tahoe-lafs/tahoe-lafs/blob/master/src/allmydata/storage/http_client.py#L358 if anyone wants to explore further.
In my WebUI for the I2P-enabled client, I see the rather inscrutable error:
`
failure: [Failure instance: Traceback: <class 'allmydata.util.deferredutil.MultiFailure?'>: /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:912:errback /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:980:_startRunCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:1074:_runCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:1960:_gotResultInlineCallbacks --- <exception caught here> --- /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/internet/defer.py:2010:_inlineCallbacks /home/meejah/work/leastauthority/src/tahoe-lafs/venv/lib/python3.11/site-packages/twisted/python/failure.py:549:throwExceptionIntoGenerator /home/meejah/work/leastauthority/src/tahoe-lafs/src/allmydata/storage_client.py:1351:_pick_server_and_get_version /home/meejah/work/leastauthority/src/tahoe-lafs/src/allmydata/storage_client.py:1341:get_istorage_server ]`
comment:3 Changed at 2024-09-24T19:57:21Z by meejah
Relevant to possible solutions on this bug: https://mastodon.social/@lattera@bsd.network/113194088225944540
comment:4 Changed at 2024-09-24T21:07:27Z by meejah
we could look at the hint and see that there is a ".onion" in it, which we know will fail on clearnet routing.
Actually, this makes anyone trying "transparently proxy over Tor" fail -- because in such a scenario, the "clearnet" is really Tor and you _do_ want these requests to go out.
The "true" fix here is twofold I think:
- there is an I2P node operator with a misconfigured Tor announcement
- the tahoe software should be able to detect the above (in non-transparent-proxy cases) and show a warning or error to that user directly
Okay, I believe I see what is happening here:
However, regardless of "errors" by a node operator trying to announce tor-available onion services, we could look at the hint and see that there is a ".onion" in it, which we know will fail on clearnet routing.