Opened 9 months ago

Closed 9 months ago

#22032 closed defect (fixed)

[warn] Hidden service fn3xxgdv5skhtza2 launched 0 intro points in the last 3193 seconds (delayed). Intro circuit launches are limited to 8 per 300 seconds.

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs
Cc: teor Actual Points:
Parent ID: Points: 0.1
Reviewer: Sponsor: SponsorR-can

Description

Running Tor 0.3.1.0-alpha-dev (git-b081a7ed21ae729f), as a client with a random hidden service I configured and then forgot about.

(there isn't a trac version of Tor for 0.3.1.0-alpha-dev?)

My tor got bit by #21969 (and who knows, maybe others):

Apr 20 21:12:20.069 [notice] Our directory information is no longer up-to-date enough to build circuits: We're missing descriptors for some of our primary entry guards
Apr 20 21:12:20.069 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for some of our primary entry guards
Apr 20 21:12:20.799 [notice] We now have enough directory information to build circuits.
Apr 20 22:02:03.592 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Apr 20 22:02:03.592 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.

and then when it came back, it told me:

Apr 20 22:02:04.208 [warn] Hidden service fn3xxgdv5skhtza2 launched 0 intro points in the last 3193 seconds (delayed). Intro circuit launches are limited to 8 per 300 seconds.
Apr 20 22:02:04.208 [warn] Service configured in "/tmp/hidden_service/":
Apr 20 22:02:04.208 [warn]   Intro point 0 at InFlames: circuit is open
Apr 20 22:02:04.208 [warn]   Intro point 1 at wulfspider2: circuit is open
Apr 20 22:02:04.208 [warn]   Intro point 2 at rortor1: circuit is open

Last I checked, 0 was a lot less than 8. Why the warning?

Child Tickets

Change History (5)

comment:1 Changed 9 months ago by dgoulet

Keywords: tor-hs added
Milestone: Tor: 0.3.1.x-final
Sponsor: SponsorR-can
Status: newneeds_information
Version: Tor: unspecified

I bet you got this before? (at warn level):

    log_fn(severity, LD_REND, "Hidden service %s wanted %d intro points, but "
           "descriptor was updated with %d instead.",

The fact that we see launched [...] in the log means that exceeded_limit = 0 because of:

  int exceeded_limit = (service->n_intro_circuits_launched >=
                        rend_max_intro_circs_per_period(
                                              service->n_intro_points_wanted));

And to be getting those warning you got you either have the log above or get in through which can't be true because of the above:

    } else if (service->n_intro_circuits_launched >=
               rend_max_intro_circs_per_period(
                                      service->n_intro_points_wanted)) {
      /* We have failed too many times in this period; wait for the next
       * one before we try to initiate any more connections. */
      rend_log_intro_limit(service, LOG_WARN);
      continue;
    }

The log above that you probably got would indicate how many intro points your service wanted which then would help debugging this.

comment:2 Changed 9 months ago by dgoulet

Status: needs_informationnew

On IRC, armadev mentions that he doesn't get that log line I expected.

comment:3 Changed 9 months ago by dgoulet

Points: 0.1
Status: newneeds_review

Ok scratch the above. So the issue is that we dump logs at every 5 minutes at info level now (introduced in c34411d9cb not yet released). That is fine.

However, rend_log_intro_limit() has this snippet that upgrades the log to warning:

  int exceeded_elapsed = (intro_period_elapsed > INTRO_CIRC_RETRY_PERIOD +
                          INTRO_CIRC_RETRY_PERIOD_SLOP);
  if (exceeded_elapsed) {
    severity = LOG_WARN;
  }

We shouldn't do that if we have not exceeded the limit of circuit creation in the first place (exceeded_limit). Exceeding the elapsed retry period is fine and actually expected sometimes because "network down" for instance.

See branch bug22032_031_01.

comment:4 Changed 9 months ago by asn

Cc: teor added

comment:5 Changed 9 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

makes sense; merging.

Note: See TracTickets for help on using tickets.