Opened 4 years ago

Last modified 2 years ago

#14799 reopened defect

Make failure to create extrainfo an error?

Reported by: Sebastian Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay needs-decision
Cc: Actual Points:
Parent ID: Points: .1
Reviewer: Sponsor:

Description

Currently, we warn with LD_BUG if we couldn't create extrainfo, but we still upload the server descriptor. Can't we warn a bit more loudly and not upload the server descriptor or even assert that we can generate extrainfo?

Child Tickets

Change History (17)

comment:1 Changed 4 years ago by nickm

Hm. Why should this be a fatal error?

comment:2 Changed 4 years ago by Sebastian

I'm thinking that if we can generate a descriptor but not an ei document that that is a serious issue that results from an internal bug, meaning our state is weirdly corrupted. Maybe assert is going too far, but warning loudly and not publishing a server descriptor is justified?

comment:3 Changed 4 years ago by nickm

Maybe; we don't refuse to publish a descriptor because of any other kind of survivable internal bug, though. Is this one so different?

comment:4 Changed 4 years ago by Sebastian

I guess it's not so different. My thinking is that generating a descriptor and an extra-info descriptor should be considered to be a single operation that either completes or fails. I got into thinking about this when specifying the controller feature to return fresh descriptors to the control port and had to special-case the possibility that we couldn't generate an extra-info descriptor.

comment:5 Changed 4 years ago by nickm

Status: newassigned

comment:6 Changed 4 years ago by nickm

Resolution: not a bug
Status: assignedclosed

In the interest of robustness, I think this is a thing-not-to-do.

comment:7 Changed 4 years ago by Sebastian

Ok. I'm a bit sad about it because it makes the controller spec a bit trickier and we might just not have extrainfo docs for some relays, but it's not too big a deal. Thanks for following up on it.

comment:8 Changed 4 years ago by Sebastian

Resolution: not a bug
Status: closedreopened

Reopening, because as discussed on IRC, this doesn't have to be a crash. Failure to generate a descriptor isn't a fatal condition in current Tor, we just relatively silently don't upload a descriptor for that time. I think I'll also add some better logging for the errors cases so we notice if they happen.

comment:9 Changed 4 years ago by nickm

Keywords: 027-triaged-1-out added

Marking triaged-out items from first round of 0.2.7 triage.

comment:10 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???

comment:11 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:12 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:13 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:14 Changed 2 years ago by nickm

Keywords: 027-triaged-in added

comment:15 Changed 2 years ago by nickm

Keywords: 027-triaged-in removed

comment:16 Changed 2 years ago by nickm

Keywords: 027-triaged-1-out removed

comment:17 Changed 2 years ago by nickm

Keywords: tor-relay needs-decision added
Points: .1
Priority: MediumLow
Severity: Normal
Note: See TracTickets for help on using tickets.