[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] UseEntryGuards: 0?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] UseEntryGuards: 0?
From: Fran <fatal@xxxxxxxxxxx>
Date: Sun, 15 Aug 2021 21:48:55 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 15 Aug 2021 22:53:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h= content-transfer-encoding:content-language:content-type :content-type:in-reply-to:mime-version:date:date:message-id:from :from:references:subject:subject:received; s=mail20150812; t= 1629056937; bh=i+u3cnUFgG1lqpkk7DlihvYTfJmQ+6dXSPV5pN4xk8s=; b=e +gYv7syWjKo4+oQmH3o7Uq5XWz/EKd4tAPDvONTQXiJ/AAkeuUYFrjCPTs4UYU35 Wr7Rw2bFYwXKeVZGRXScphY1mD7ded2FZwI1T5BYx24iqCkwSzPeTh4mLJrkFFYn tAl3HjJu2UzJu/cgAWs4INj0BhvDjH6jMj/Hakvy0XGSm7+9lhYNm1xyrVGa8pPV fbH3DLtGxtttdt4qKFthM6CJUc/nKRs3U+Wa2gZvdS3iaDrXtOtaVsU+txIBVPxH xCpmA6oPc45ZTIwHphhFaA9Agu7DrX9RVBJHcMVd499EsvLuj2nseRmRQibans+E 0wxc4UvnsJhnCo/zpy+jA==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1629056941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i+u3cnUFgG1lqpkk7DlihvYTfJmQ+6dXSPV5pN4xk8s=; b=CJZEtxI1AwFzJmdb3Jj/OuisdsihlOTNWYmXbYvf3UQPjihGtbaCFqjHnpXqfuPFUZeJ73 XaKzROnP8KjTtExTghN1H2/xWC1m7l2hMd9vsRXkxpAkHRYmx2LuXlvOhWVfeYa/ouiGeH wb9cXxutxFWV5sc7o7qkzLBSLGOF1//izVe2Eh5/9C5sx/JdoEGgvhRTZEYmir5vreLuaZ u8DWOmuaPBtO7F+YObkrt6xUmsvfBaqFHbAyxrI3bq6C+oKOcgRvBsKWqv9uWmdRnq36gt FuuIKZshIAoTl4tci2Nc9s3iFkuGm6MbdF2h26aiXn/rsX17fFrr9FUk8MNJ8w==
In-reply-to: <20210815184400.GM33373@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <0dba9598-b8af-aa3e-7d0f-6dff8377f57c@mailbox.org> <20210815184400.GM33373@moria.seul.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Thanks for the quick reply Roger!

First question: what do you mean by false positives? That is, is the
monitor script telling you that it's down but actually every time
you try manually it works? If that's what's happening, it sounds like
there's a bug or mis-design in the monitoring approach, and that's worth
tracking down.


> 20 onion services are monitored by the host, sometimes 1 - 4 services
are reported down, the rest seems to be fine. Therefore I assume tor on the host
to be generally fine as well. I can open the reported onion services from my laptop
without problems, so tor on the machines running the services also seems to work.

Before using the prometheus exporter I did the checks using old school
nagios check-tcp[1] plugin in combination with torify and these issues already
occured there.

Whereas if the problem is that actually the onion service is unreliable
and not always reachable, then it sounds like a *true* positive from
the monitor.


So probably it's "half true". The services are reachable, but not via every route
in the tor network, in this case not via the route the monitoring host is taking.
What surprises me is the fact that this occurs even with a hold timer of 1h in
alertmanager.

If they are true positives, I think it sounds like a great idea to do an
experiment where you switch to UseEntryGuards 0 for the services where
you don't mind having their location known. Let us know if it improves
things. :)


Rolled it out and will report back.

We also spoke in the past of having an 'onion service health monitor',
which would help to pinpoint *which phase* of the connection is failing,
and I continue to think that would be really valuable but we never quite
got there. See e.g.
https://gitlab.torproject.org/tpo/network-health/metrics/analysis/-/issues/13209
https://gitlab.torproject.org/tpo/core/tor/-/issues/28841


something like that would be really great!

ciao
f.

[1] https://www.monitoring-plugins.org/doc/man/check_tcp.html
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] UseEntryGuards: 0?
  - From: Fran
- Re: [tor-talk] UseEntryGuards: 0?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] How does TBB manage downloaded files (e.g. PDFs)?
Next by Author: [tor-talk] UseEntryGuards: 0?
Previous by thread: Re: [tor-talk] UseEntryGuards: 0?
Next by thread: Re: [tor-talk] UseEntryGuards: 0?
Index(es):
- Author
- Thread