Opened 2 years ago

Closed 19 months ago

Last modified 18 months ago

#15801 closed defect (fixed)

Relay with HSDir flag but no DirPort fail to respond to BEGIN_DIR

Reported by: dgoulet Owned by: dgoulet
Priority: Very High Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, 2016-bug-retrospective
Cc: s7r@…, thomaswhite@… Actual Points:
Parent ID: Points: medium
Reviewer: Sponsor: SponsorR

Description

Because of #14202, directory authorities now can assign HSDir flag to a relay without a DirPort. However, relays don't accept BEGIN_DIR cells if options->DirPort_set is set to 0 (see directory_permits_begindir_requests()).

This is very problematic right now because as I'm opening this bug, we currently have 4348 HSDir in the consensus but 1497 of them (34%) of them don't have a DirPort thus not working.

Unless all relay updates with the patch, this situation will continue thus we should maybe bring back the need for a DirPort to get the HSDir flag on the autority sides?

Child Tickets

TicketStatusOwnerSummaryComponent
#15849closedMake relay be directory server without a DirPortCore Tor/Tor
#15850closedDon't assign HSDir flag to relay that can't handle BEGIN_DIRCore Tor/Tor

Attachments (1)

hsdesc-fetches-unknown.png (37.5 KB) - added by dgoulet 2 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 2 years ago by nickm

Hm. It looks as though #1693 may not be as fixed as we had thought.

If that's how it goes, we need to stop handing out the HSDir flag to anything that isn't actually going to answer BEGIN_DIR.

We should also make it so stuff _does_ answer BEGIN_DIR if it's a relay, and start assigning HSDir to relays of the right version.

comment:2 Changed 2 years ago by dgoulet

I broke down the two issues here that need a fix. See child tickets.

comment:3 Changed 2 years ago by s7r

Cc: s7r@… added

comment:4 Changed 2 years ago by Cthulhu

Cc: thomaswhite@… added

Changed 2 years ago by dgoulet

Attachment: hsdesc-fetches-unknown.png added

comment:5 Changed 2 years ago by dgoulet

From Torperf logs, thanks to karsten for doing this graph, we can clearly see the issue being resolved. See the attached graph hsdesc-fetches-unknown.png.

comment:6 Changed 2 years ago by nickm

Status: newassigned

comment:7 Changed 2 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final

comment:8 Changed 2 years ago by nickm

Keywords: SponsorR removed
Sponsor: SponsorR

Bulk-replace SponsorR keyword with SponsorR sponsor field in Tor component.

comment:9 Changed 2 years ago by nickm

Points: medium

comment:10 Changed 20 months ago by teor

Severity: Normal
Status: assignedneeds_information

I strongly suspect this is fixed in #12538, as it makes all relays directory caches, and has them respond to BEGIN_DIR. (Unless they're bandwidth-constrained.)

Can someone check it works for HSDir functionality?

comment:11 in reply to:  10 Changed 20 months ago by dgoulet

Priority: HighVery High

Replying to teor:

I strongly suspect this is fixed in #12538, as it makes all relays directory caches, and has them respond to BEGIN_DIR. (Unless they're bandwidth-constrained.)

Can someone check it works for HSDir functionality?

This should be fixed yes. We have couple of relays already that are advertising tunnelled-dir-server for which they have the HSDir flag. No relay right now has _no_ DirPort and advertises this option so I've restarted my relay with master and disabled the DirPort. We'll see in 96 hours if this works out but I don't see how it shouldn't but we can be surprised! :)

Let's keep this ticket open until we really confirm that it's working in the network. Will close once I have a confirmation. Would be good also if someone can confirm as well.

comment:12 Changed 20 months ago by dgoulet

Owner: set to dgoulet
Status: needs_informationaccepted

comment:13 Changed 19 months ago by dgoulet

Resolution: fixed
Status: acceptedclosed

Ok I was confused 12 days ago apparently. We won't be able to confirmed it works in the tor network until most dirauth upgrade to 028.

However, I can confirm that relay with 028 do advertise tunnelled-dir-server. I have a relay without a DirPort running on 028 so once majority of dirauth migrate, I'll closely watch this to make sure it's working as expected. Closing for now and we'll reopen in case it goes south.

comment:14 Changed 18 months ago by nickm

Keywords: 2016-bug-retrospective added

Marking for bug retrospective based on Priority.

Note: See TracTickets for help on using tickets.