[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: UseEntryGuards=0 overwrites EntryNodes
Am Mittwoch, den 07.01.2009, 02:35 -0600 schrieb Scott Bennett:
> On Tue, 06 Jan 2009 17:30:57 +0100 Dominik Sandjaja <dominik@xxxxxxxxxx>
> >It seems as if UseEntryGuards=0 overwrites StrictEntryNodes and
> >Is this behavior intentional? As I understood it, UseEntryGuards should
> >have lower priority than EntryNodes + StrictEntryNodes. If all is
> >configured, the guards should be picked from the EntryNodes. Especially,
> >as commodore64 even appears in the cached-descriptors file.
> Huh. Interesting. Your interpretation is completely different from
> mine, so I just reread the tor man page, and I now see that it is indeed
> unclear. My interpretation was that UseEntryGuards would simply enable
> or disable the feature of using entry guards at all. Also, I understood
> that EntryNodes and StrictEntryNodes would only have any effect if the
> entry guards feature were enabled. EntryNodes serves as a recommended
> list of nodes to use as first hop relays, but the man page is unclear as
> to whether EntryNodes has any effect at all when UseEntryGuards is disabled.
that is exactly the problem. As you see, it leaves too much room for
> EntryNodes serves as the exclusive list of nodes to use for first hops
> when StrictEntryNodes is enabled, but it's not clear what is supposed to
> happen when it is enabled but no EntryNodes list is provided. Also, the
> man page fails to note whether those relays listed in EntryNodes will only
> be used if the directory authorities list them with the Guard flag or,
> alternatively, EntryNodes provides a list to be used without any connection
> to the Guard flag from the authorities.
> So try turning UseEntryGuards back on while leaving the other two
> statements untouched. My guess is that that should do what you want.
I did this:
> >If UseEntryGuards = 1 (default), I don't get a connection (commodore64
> >is no guard yet):
> >Jan 06 17:26:23.816 [warn] Failed to find node for hop 0 of our path.
> >Discarding this circuit.
> >Jan 06 17:26:23.816 [info] onion_populate_cpath(): Generating cpath hop
Then, the UseEntryGuards is obeyed, as well as the StrictEntryNodes,
but no connection can be made due to none of the nodes in EntryNodes is
flagged as guard (yet). I will try to turn off the guard-check in the
tor source and use that modified version, but nevertheless, the issue
on how the options are handled should be clarified.
> But this brings up another issue. I recently noticed a recurring
> problem of broken connections part of the way through retrieval of image
> files from one web site. The breakages only seemed to occur when a certain
> high data rate relay was in the route selected by tor, so I added that
> relay's name to ExcludeNodes. Unfortunately, that relay was already listed
> as an entry guard in tor's state file, and tor appears not to take action
> on the newly "excluded" node in response to a SIGHUP after the change was
> made to torrc. I am temporarily blocking with outbound packets to the
> apparently offending relay by means of pf, but that's a very ugly kluge I'd
> rather not have to use. But I'm wondering whether removing those lines
> from the state file just before the next time I start tor will allow tor
> to exclude that node from future routes. My relay has been up without
> other obvious troubles for nearly a month, and its version is recent enough
> that I'm not inclined to restart it anytime soon unless some outside force
> intervenes (e.g., failure of network connection, extended power outage, etc.),
> but I really would like to know how to get tor to obey what I tell it in
As above, this seems to be an issue with how the options are
treated/interpreted. Again, clarification would be nice.
Thanks for the answer!