[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1

Thus spake Roger Dingledine (arma@xxxxxxx):

> On Sun, Aug 27, 2006 at 10:49:46PM -0500, Mike Perry wrote:
> > An interface to suck a signature-verified directory out of Tor via the
> > control-port or some other means would also be nice.
> I noticed from your earlier statement that you're using the v1 directory
> format. This is obsolete, and any v1 directories you may run across
> will likely not contain complete information anymore (this includes the
> output of the scripts at serifos, which haven't been upgraded yet). See
> http://tor.eff.org/svn/trunk/doc/dir-spec.txt for the v2 format
> (introduced in Tor 0.1.1.x), which involves fetching network-statuses
> and server descriptors independently.

Gah. I just assumed that hitting a 0.1.1.x dir server at the tor
directory url (eg http://moria.mit.edu:9031/tor/) pulled down the
complete v2 directory version, and the rest of the spec governed
proccess for updates.. This is not the case? They /have/ to be
feteched sepately based on the network status or they may be

> If you want your Tor controller to have up to date descriptors and
> network statuses, you can

Wow so this is exactly what I meant.. Heh. Completely didn't see it in
the control port spec. 

> 1) Read them out of the $datadir yourself, from "cached-routers*" and
> "cached-status/*"
> 2) Listen for "newdesc" events, and ask us why there is no "newstatus"
> event. (Good point, I've just put that on the todo list.)
> 3) Send "getinfo desc/all-recent" and "getinfo network-status". This
> won't give you the full set of network-status strings though.
> 4) Turn on your dirport and send "getinfo dir/status/all" and
> "getinfo dir/server/all".
> Personally, I would go for #4. Note that for any of these, you may want
> to set your FetchUselessDescriptors torrc variable (see man page).

Why is it that getinfo desc/all-recent and getinfo network-status is
different than the dir/status/all, dir/server/all messages? Shouldn't
they converge to the same thing once the client has been running long
enough to download all the routers it sees in network-status?

Is there any reason I would want to try to use a Useless descriptor? I
assumed Useless (starts with ! in network status, right?) meant

> > Ok, I will consider rewriting it for this python interface. Have to
> > learn python first, which has been on my TODO list for some time, so
> > hopefully it will happen. I would guess the directory notification
> > interface won't appear for a while in Tor either, so I probably have
> > time. When 0.1.2 stabilizes?
> Yep. Especially if you help us figure out what interface you want. :)

Hrmm. I definitely have to run this thing for a while first.. Lots of
assurance issues with actually having it inform the dirservers about a
bad node, especially with this Privoxy noise randomly being inserted
on the wire. Suppose using just plain socks will cut that out, but
then I have to worry about remote-resolution issues. I'm sure there
are other gems waiting to be discovered as well that may or may not
change what knowledge and what logic sits where. 

I imagine the biggest problem is the fact that malicious nodes have
the option of being bad infrequently enough that it could be mistaken
for transient failure.

Mike Perry
Mad Computer Scientist
fscked.org evil labs