[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

bug with entry guards on 0.2.0.9-alpha

To: or-dev@xxxxxxxxxxxxx
Subject: bug with entry guards on 0.2.0.9-alpha
From: tor user <tor_user@xxxxxxxxx>
Date: Mon, 19 Nov 2007 20:14:27 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Mon, 19 Nov 2007 23:14:37 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=qL3GphTaRXG57lfklXj4iKvKcyiTo/VXkM3oIQhuWVnZm5Bj0AqlCGcQDDIcuPWmLISaXAhV9a/4kk7uco1u+tn10v1VCaIPU6KOttx20q0CkGkJ+Ebu7bEAK2MUfItyinDsAGyfdQ4uKK2RfIYfQJNVmD0e4CD/R1z4JEMsMcM=;
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

Greetings, 

I think I've found a bug with entry guard selection
starting with 0.2.0.9-alpha. The problem first appears
after revision 12038. 

My state file had 49 entry guards saved in it when I
happened to look earlier today. Thinking that was a
bit odd to have so many (it was only for the past
couple of months, and I don't use tor that often), I
did some testing to see what was happening. 

After poking at it a bit, starting with a clean ~/.tor
directory, it turned out that every time tor was
started, it would pick out more guards and add them.
The saved guards would always be marked as unlisted
initially (even if they weren't!), and new guards
would be used. 

It would build circuits with the new guards for a
while (about an hour) before noticing that the old
guards were actually up and switching back to using
them. That's probably not so good for anonymity. 

The behavior could be easily reproduced with default
settings. Each time tor was started and stopped, the
saved entry guard list would grow larger. 

Here's a snippet of a log file showing where tor is
failing to re-use entry guards that it saved on a
previous run only a few minutes earlier: 

Nov 19 20:45:03.730 [info] entry_guard_set_status():
Entry guard mehl
(13D31C1811B9A97FB2BE573E49543EAC668619AE) is
unlisted: marking as unusable.
Nov 19 20:45:03.730 [info]
entry_guards_compute_status(): Summary: Entry 'mehl'
is reachable, unusable and not live.
Nov 19 20:45:03.730 [info] entry_guard_set_status():
Entry guard clayman
(DA885246AA68E85698EA6A2585778942090C5AE9) is
unlisted: marking as unusable.
Nov 19 20:45:03.730 [info]
entry_guards_compute_status(): Summary: Entry
'clayman' is reachable, unusable and not live.
Nov 19 20:45:03.730 [info] entry_guard_set_status():
Entry guard h760662
(554EC782556A47590FB5B4DEFF56A5B52DB9CD59) is
unlisted: marking as unusable.
Nov 19 20:45:03.730 [info]
entry_guards_compute_status(): Summary: Entry
'h760662' is reachable, unusable and not live.
Nov 19 20:45:03.730 [info]
entry_guards_compute_status():     (0/3 entry guards
are usable/new)
Nov 19 20:45:03.730 [info] log_entry_guards(): mehl
(down made-contact),clayman (down
made-contact),h760662 (down made-contact)

All of the mentioned guards were actually listed, and
tor had made contact to them on the previous run. 

I tracked it back to revision 12038 where
routers_update_all_from_networkstatus() is called from
router_reload_consensus_networkstatus(). I don't know
what the function does, but commenting it out fixes
the problem and tor stops adding new guards at every
startup. 

There is probably a better fix than that, though. 

Here's a patch against 0.2.0.12-alpha with the above
change. 



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

Attachment: test2.patch
Description: 405555701-test2.patch

Follow-Ups:
- Re: bug with entry guards on 0.2.0.9-alpha
  - From: Roger Dingledine

Prev by Author: Re: Proposal for revised TLS handshake
Previous by thread: Re: FEATURE IDEA: Hidden Directory Authorities
Next by thread: Re: bug with entry guards on 0.2.0.9-alpha
Index(es):
- Author
- Thread