Connections drop on Tor 0.4.8.9

Patrick · November 25, 2023, 5:50am

In this case, Tor Generic Bug Reproduction is required.

Patrick · November 25, 2023, 5:50am

related:
Vanguards - Tor Anonymity Improvement chapter Log Analysis in Whonix wiki

Patrick · November 25, 2023, 6:13am

Confirmed. I was able to reproduce download issues using update-torbrowserand Tor Browser internal updater.

After a Tor version downgrade, these issues were fixed.

apparatius:

I can also see these messages in sys-whonix tor log when trying to connect to clearnet sites over sys-whonix:
[warn] Not attempting connection to [scrubbed]:80 because the network would reject it. Are you trying to send Tor traffic over Tor? This traffic can be harmful to the Tor network. If you really need it, try using a bridge as a workaround.

I wasn’t able to reproduce this. Something unrelated? Using a custom workstation with its own Tor or Tor Browser installed and Tor over Tor?

apparatius · November 25, 2023, 6:22am

This seems to be unrelated to this issue, I’m seeing these messages with tor 0.4.7.16-1 as well.
I’m not using custom workstation and there shouldn’t be any tor running in any qubes connected to sys-whonix.
I’ll try to check it to be sure.

Patrick · November 25, 2023, 6:23am

Please move the potentially unrelated issue to a separate forum thread if it’s still an issue.
(It can be linked from here if you think it’s related.)

Patrick · November 25, 2023, 6:26am

Due to the confirmed issue in this forum thread, I have removed the newer Tor version from deb.kicksecure.com. In other words, Whonix users who upgrade won’t receive the broken Tor version.

Users who already upgraded and are affected by this issue: Can downgrade the Tor version. This is now documented here: Tor Version Downgrade
Users who did not upgrade yet: Won’t be affected by this issue.

apparatius · November 25, 2023, 6:38am

I’ve checked this in debian-12-xfce based qube with firefox-esr and I don’t have this issue there:

ii  tor                                     0.4.8.9-1~d12.bookworm+1                amd64        anonymizing overlay network for TCP
ii  vanguards                               0.3.1-2.3                               all          Additional protections for Tor Onion Services

apparatius · November 25, 2023, 7:18am

After trying it one more time after rebooting the qube instead of restarting tor/vanguards services the issue occurred in this qube as well:

Nov 25 07:14:34 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:34 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 8 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:34 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:34 2023]: We force-closed circuit 8
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:56 2023]: We force-closed circuit 11
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)

So it seems to be a generic tor/vanguards bug.

Patrick · November 25, 2023, 7:28am

This needs to be reported to upstream, The Tor Project, the developers of Tor.

most likely here:
https://gitlab.torproject.org/tpo/core/tor/-/issues/new

Patrick · November 25, 2023, 7:28am

Also reproducible without vanguards installed?

apparatius · November 25, 2023, 7:34am

I can’t reproduce it without vanguards, the clearnet sites are not breaking.
I guess it needs to be reported to vanguards then.

Patrick · November 25, 2023, 7:37am

Yes.

Patrick · November 25, 2023, 8:13am

Is this only reproducible in Qubes-Whonix or also in Non-Qubes-Whonix (such as Whonix for VirtualBox)?

Is this only reproducible in Qubes Debian templates or also reproducible on real (non-Qubes) Debian?

Patrick · November 25, 2023, 8:45am

Reproducible in Whonix for VirtualBox too.

Weirdly, I couldn’t reproduce this issue on Debian (non-Qubes) yet.

In summary.

reproducible in:

Qubes-Whonix
Non-Qubes-Whonix
Qubes Debian

not reproducible in:

non-Qubes, real Debian

Patrick · November 25, 2023, 8:53am

Tor Project bug report:

vanguards bug report:

Patrick · November 25, 2023, 9:10am

Qubes bug report:

github.com/QubesOS/qubes-issues

Tor 0.4.8.9 broken in combination with vanguards in Qubes Debian templates

opened 09:10AM - 25 Nov 23 UTC

adrelanos

T: bug P: default

### Qubes OS release Qubes R4.2 ### Summary Downloads over Tor (with va…nguards enabled) get interrupted after a few seconds. This bug was introduced between Tor version `0.4.7.16-1` (from Debian `bookworm` security repository) and Tor version `0.4.8.9-1~d12.bookworm+1` (from `deb.torproject.org`). I am certain that I could pinpoint it to it. The issue is only reproducible if `vanguards` is installed. The older Tor version from Debian `bookworm` security repository version `0.4.7.16-1` does not have this issue. ### Steps to reproduce: 1. Get Qubes. 2. Use a Qubes Debian `bookworm` Template. 3. Enable `deb.torproject.org` 4. `sudo apt update` 5. `sudo apt install --no-install-recommends vanguards tor` 6. Edit `/etc/tor/vanguards.conf` and change `control_socket =` to `control_socket = /run/tor/control` ([related ticket](https://github.com/mikeperry-tor/vanguards/issues/47)) 7. `sudo systemctl enable vanguards` ([potential Debian bug not being enabled by default](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948975)) 8. `sudo systemctl restart tor@default` 9. `sudo systemctl restart vanguards` 10. (In App Qube) 11. `torsocks curl --fail --output /tmp/test.tar.xz https://dist.torproject.org/torbrowser/13.0.5/tor-browser-linux-x86_64-13.0.5.tar.xz` ### What is the current bug behavior? Connection drops after a bit of continued file downloads. torsocks curl --fail --output /tmp/test.tar.xz https://dist.torproject.org/torbrowser/13.0.5/tor-browser-linux-x86_64-13.0.5.tar.xz ``` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 3 107M 3 3624k 0 0 24100 0 1:17:51 0:02:34 1:15:17 29815 curl: (18) transfer closed with 108874640 bytes remaining to read zsh: exit 18 torsocks curl --fail --output /tmp/test.tar.xz ``` ### What is the expected behavior? No connection drops. ### Environment * Qubes R4.2 * Debian based App Qube * Tor version `0.4.8.9-1~d12.bookworm+1` * `deb.torproject.org` `bookworm` repository * vanguards version `0.3.1-2.3` from `packages.debian.org` Also reproducible in Qubes-Whonix and Non-Qubes-Whonix (Whonix for VirtualBox). I wasn't able to reproduce this yet on a real (non-Qubes) Debian `bookworm` yet. ### Additional information `sudo systemctl stop vanguards && sudo systemctl restart tor@default` fixes this issue. This shows that this issue is only happening if Tor is combined with vanguards. ### Tor bug Is this a Tor bug? Possibly, yes. Reported upstream: * https://gitlab.torproject.org/tpo/core/tor/-/issues/40892 * https://github.com/mikeperry-tor/vanguards/issues/100 Why am I reporting this against Qubes? Because in the past there was a similar Qubes bug: * https://github.com/QubesOS/qubes-issues/issues/2840 (a Qubes kernel upgrade randomly broke SSL connections) Since this issue is reproducible in VMs (Qubes Debian App Qube) and in VirtualBox (Whonix) but not reproducible on real (non-Qubes) Debian, this implies that this might be a Qubes specific issue. ### For issue tracking * cause by Whonix: no * except maybe if arguing vanguards should be installed but then still most likely no Whonix specific source code causing this * affects Qubes-Whonix yes:

apparatius · November 25, 2023, 9:19am

I’ve tested this in debian-12 VM in KVM and I can reproduce the issue.
Check if vanguards is running, the service is not enabled by default when it’s installed.
Also the issue seems to be occurring after some time will pass when you visit a few sites or wait a few minutes.

extraextra · November 25, 2023, 12:20pm

Maybe only VMs are causing this but hardware doesn’t?

tempest · November 26, 2023, 4:16pm

I can confirm that this is also an issue in KVM Whonix as well.