Opened 5 years ago

Last modified 19 months ago

#10542 new defect

Bug when certificate expired: Generated a networkstatus consensus we couldn't parse.

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth dont-do-that-then usability logging
Cc: ln5, Sebastian Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Jan 02 17:55:01.575 [notice] Time to compute a consensus.
Jan 02 17:55:01.592 [info] networkstatus_compute_consensus(): Generating consens
us using method 17.
Jan 02 17:55:01.784 [notice] Computed bandwidth weights for Case 3be (E scarce, 
Wee=1, Wmd == Wgd) with v10: G=6270726 M=1646308 E=887962 D=4408384 T=13213380
Jan 02 17:55:01.846 [warn] ID on signature on network-status vote does not match
 any declared directory source.
Jan 02 17:55:01.879 [info] dump_desc(): Unable to parse descriptor of type v3 ne
tworkstatus. See file unparseable-desc in data directory for details.
Jan 02 17:55:01.880 [err] networkstatus_compute_consensus(): Bug: Generated a ne
tworkstatus consensus we couldn't parse.
Jan 02 17:55:01.884 [warn] Couldn't generate a ns consensus at all!
Jan 02 17:55:01.885 [info] networkstatus_compute_consensus(): Generating consens
us using method 17.
Jan 02 17:55:02.078 [notice] Computed bandwidth weights for Case 3be (E scarce, 
Wee=1, Wmd == Wgd) with v10: G=6270726 M=1646308 E=887962 D=4408384 T=13213380
Jan 02 17:55:02.140 [warn] ID on signature on network-status vote does not match
 any declared directory source.
Jan 02 17:55:02.140 [err] networkstatus_compute_consensus(): Bug: Generated a ne
tworkstatus consensus we couldn't parse.
Jan 02 17:55:02.145 [warn] Couldn't generate a microdesc consensus at all!
Jan 02 17:55:02.145 [warn] Couldn't generate any consensus flavors at all.

Happens when my authority cert has expired.

Bug 1 is that it says Bug: but it happens. Bug 2 is that it's severity [err] but Tor doesn't die.

Child Tickets

Change History (13)

comment:1 Changed 5 years ago by karsten

Cc: ln5 Sebastian added

What did moria1 say five minutes earlier when it generated its vote, when it uploaded it to the other authorities, and 2:30 minutes earlier when the other authorities asked for its vote? Can you post the logs from that time, too?

What did the other authorities say? Can somebody please post notice-level logs of that time?

Agreed about the two bugs, though they seem to only affect moria1's own internal logging, not the voting process: nobody accepted moria1's vote nor included it in the consensus. (At least there are no votes from moria1 in the metrics archives between 2014-01-02 10:00 UTC to 2014-01-03 00:00 UTC, and the consensuses from that time contain neither moria1's dir-source line nor directory-signature.) That's good. I wonder if we should specify this any further in dir-spec.txt than:

   Authorities MUST generate a new signing key and corresponding
   certificate before the key expires.

comment:2 Changed 5 years ago by karsten

(Or maybe we need info-level logs from the other authorities.)

comment:3 Changed 5 years ago by ln5

First, what time is that? Does moria1 run with UTC-5? If so, we're talking about the 2014-01-02 23:00 UTC consensus.

maatuska started missing votes from moria1 for the 2014-01-02 11:00 UTC consensus.
Logs in UTC+1:

Jan 02 11:52:31.000 [notice] Time to fetch any votes that we're missing.
Jan 02 11:52:31.000 [notice] We're missing votes from 1 authorities (D586D18309DED4CD6D57C18FDB97EFA96D330566). Asking every other authority for a copy.
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '194.109.206.212:80' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '212.112.245.170:80' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '86.59.21.38:80' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '193.23.244.244:80' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '154.35.32.5:80' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '128.31.0.34:9131' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:31.000 [warn] Received http status code 404 ("Not found") from server '208.83.223.34:443' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".
Jan 02 11:52:32.000 [warn] Received http status code 404 ("Not found") from server '76.73.17.194:9030' while fetching "/tor/status-vote/next/D586D18309DED4CD6D57C18FDB97EFA96D330566.z".

The same happened for the next consensuses up to and including the 2014-01-03 01:00 UTC one. 2:30 minutes later I see a signature from moria1. Logs in UTC+1:

Jan 03 01:55:02.000 [notice] Got a signature from 128.31.0.34. Adding it to the pending consensus.
Jan 03 01:55:02.000 [notice] Added a signature for moria1 from 128.31.0.34.

As for the 2014-01-02 23:00 UTC consensus, the presumed one where moria1's certificate expired, I see nothing out of the ordinary, at notice level.

comment:4 in reply to:  3 ; Changed 5 years ago by karsten

Replying to ln5:

Thanks, this all looks plausible. I'd like to specify this behavior in dir-spec.txt, but it might take me a bit until I can do that. Can you keep a copy of these logs (January 2 and 3) just in case I have further questions? It will never be as easy as it is now to witness this situation, mostly because the spec says that it MUST NOT happen. (Thanks!)

comment:5 in reply to:  4 Changed 5 years ago by ln5

Replying to karsten:

Can you keep a copy of these logs (January 2 and 3) just in case I have further questions?

Done.

comment:6 in reply to:  description Changed 5 years ago by nickm

Replying to arma:

Bug 1 is that it says Bug: but it happens.

Well, 90% of the time it's a bug when this happens. I guess that we could refrain from generating a vote when our cert is expired? That could be a fix.

Bug 2 is that it's severity [err] but Tor doesn't die.

Changing the severity to [warn] would be fine.

comment:7 in reply to:  1 Changed 5 years ago by nickm

Replying to karsten:

[...]

   Authorities MUST generate a new signing key and corresponding
   certificate before the key expires.

Probably this is the wrong language; we want to say that authority operators need to do this, and RFC2119-words are used for describing the operations of computers, not people.

comment:8 Changed 5 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.???

Triage: Deferring from 0.2.5. "Doctor, doctor, it hurts when I do this!"

comment:9 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:10 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:11 Changed 19 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:12 Changed 19 months ago by dgoulet

Keywords: tor-dirauth added; tor-auth removed

Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth

comment:13 Changed 19 months ago by nickm

Keywords: dont-do-that-then usability logging added
Severity: Normal
Summary: Bug: Generated a networkstatus consensus we couldn't parse.Bug when certificate expired: Generated a networkstatus consensus we couldn't parse.
Note: See TracTickets for help on using tickets.