[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Stream Reasons and "suspects" vs "actual" failures



Ok, I've written all the infrastructure into my scanner to separate
circuit and stream failures into "suspects" and "actual" failure
points (along with some other nifty updates for content scanning). 

The idea, as I mentioned in a previous post, is to have the "actual"
list be created on the assumption that there are no malicious nodes
and only count stats for nodes that (under this assumption) we are
sure caused the failure, where as the "suspects" list will equally
blame everyone who could have possibly caused a failure, maliciously
or even just by bug.

For circuits it works like this: For the "actual" list, when a circuit
fails to extend, it must have happened because the node it attempted
to extend to is messed up. However, the "suspects" list blames
everyone involved so far in that circuit, on the assumption that any
of them could have caused the failure (either maliciously or perhaps
just due to some weird cell lossage).

I'm now trying to decide which stream reasons I should blame on the
exit versus which I should blame on every node in the circuit. The
source is kind of hard to follow w/ this.. at a guess I'm thinking
that exit-specific reasons are everything except: HIBERNATING, MISC,
TIMEOUT, TORPROTOCOL, DESTROY, and DONE (no error?). Any others?

Conversely, are there any exceptions for the "suspects" list where we
can say for sure that a specific node is at fault no matter what for a
particular failure reason, for either circuits or streams?


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs