[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Grrr...SafeLogging doesn't work in :-{

On Tue, Feb 10, 2009 at 12:22:57PM -0600, Scott Bennett wrote:
>      I think we need a quick patch for this one.  I just built and fired up
> with no changes to torrc from what I had already.  As soon
> as exit requests came in, I saw (at INFO-level logging) that IP addresses are
> now being logged as the exit connections are made, whereas in
> and earlier, the port numbers appeared, but the IP addresses had been scrubbed.
> I tried adding "SafeLogging 1" to torrc in case the default had somehow gotten
> changed, but that seemed to have no effect either.

Whoops. Thanks for the bug report. Karsten just fixed it in svn, and
the fix will be included in the next development release.

In general, production Tor relays should log at notice. Logging at info
will slow them down. Also, I think there might be other info-level logs
that aren't scrubbed properly -- we only made sure to do notice and warn
and err.

If somebody wants to walk through all the info-level logs and report
others that are likely to be problems, that'd be great.

>      Also, during the startup, four of the messages were:
> Feb 10 11:42:12.795 [info] trusted_dirs_load_certs_from_string(): Adding cached certificate for unrecognized directory authority with signing key 2A9EABF158D0D4BFFA6C4A8EDC84A4F6487FCE9B
> These certainly *look* alarming.  Is there a problem here, too?

Any log message that we think you should find alarming will be notice or
higher (usually warn or higher). Any log message that is info or lower
we do not think you should find alarming. How's that? :)

(I will grant that sometimes we screw up, so asking here isn't a crazy

Directory mirrors need to cache and serve v3 key certificates for v3
directory authorities they don't recognize. That's because we might add
a new v3 directory authority, and then clients would want to be able to
learn its key certs from mirrors (even mirrors who haven't upgraded yet)
in order to check signatures on the consensus.

So yes, I think that's working as intended.

All of that said, at some point we should teach clients to discard v3
certs from authorities they don't recognize. Otherwise they'll just sit
around in the cached-certs file taking up space. I'll put that on the
todo list.