[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] UseEntryGuards: 0?



Thanks for the quick reply Roger!

First question: what do you mean by false positives? That is, is the
monitor script telling you that it's down but actually every time
you try manually it works? If that's what's happening, it sounds like
there's a bug or mis-design in the monitoring approach, and that's worth
tracking down.

> 20 onion services are monitored by the host, sometimes 1 - 4 services
are reported down, the rest seems to be fine. Therefore I assume tor on the host
to be generally fine as well. I can open the reported onion services from my laptop
without problems, so tor on the machines running the services also seems to work.

Before using the prometheus exporter I did the checks using old school
nagios check-tcp[1] plugin in combination with torify and these issues already
occured there.

Whereas if the problem is that actually the onion service is unreliable
and not always reachable, then it sounds like a *true* positive from
the monitor.

So probably it's "half true". The services are reachable, but not via every route
in the tor network, in this case not via the route the monitoring host is taking.
What surprises me is the fact that this occurs even with a hold timer of 1h in
alertmanager.

If they are true positives, I think it sounds like a great idea to do an
experiment where you switch to UseEntryGuards 0 for the services where
you don't mind having their location known. Let us know if it improves
things. :)

Rolled it out and will report back.

We also spoke in the past of having an 'onion service health monitor',
which would help to pinpoint *which phase* of the connection is failing,
and I continue to think that would be really valuable but we never quite
got there. See e.g.
https://gitlab.torproject.org/tpo/network-health/metrics/analysis/-/issues/13209
https://gitlab.torproject.org/tpo/core/tor/-/issues/28841

something like that would be really great!

ciao
f.

[1] https://www.monitoring-plugins.org/doc/man/check_tcp.html
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk