Opened 2 years ago

Last modified 16 months ago

#22204 new defect

I can't list a relay in my EntryNodes if it doesn't have the Guard flag

Reported by: arma Owned by: nickm
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.3.0.6
Severity: Normal Keywords: regression, 032-unreached
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In the past, I could do

src/or/tor entrynodes moria1

and voila, I would begin using my Tor with moria1 as my entry node.

In the new world order, post prop#271 I assume, I instead get this complaint:

May 08 20:27:42.394 [warn] Your configuration excludes 100% of all possible guards. That's likely to make you stand out from the rest of the world.
May 08 20:27:42.394 [notice] Starting with guard context "restricted"
May 08 20:27:42.405 [notice] Bootstrapped 80%: Connecting to the Tor network
May 08 20:27:43.425 [warn] Failed to find node for hop 0 of our path. Discarding this circuit.

and then I never bootstrap.

This is clearly a regression. Is it intentional, and I should go read guard-spec.txt for why, or is it accidental?

Child Tickets

Change History (11)

comment:1 Changed 2 years ago by nickm

Keywords: 030-backport regression added
Milestone: Tor: 0.3.1.x-final

Not intentional, but wow, that's not the greatest idea.

comment:2 Changed 2 years ago by nickm

Owner: set to nickm
Status: newaccepted

comment:3 Changed 2 years ago by nickm

So, hm. This seemed easy to change, but I think it's actually a bit tricky. See, when somebody says "EntryNodes {de}", they probably should only get guard-flagged relays. But when somebody says "EntryNodes $fp1,$fp2" they probably want $fp1 and $fp2 whether they are guards or not.

One way we could resolve this is, if the EntryNodes line contains _only_ fingerprints, we build the {GUARDS} set from the EntryNodes directly. In this case we'd want to force use of the "restricted" set, or possible a new "enumerated" set.

But either way, this is more than a quick fix.

comment:4 Changed 2 years ago by acceleraTor

you may Want To Look into entrynodes.c around@
node_is_possible_guard
GS_TYPE_RESTRICTED

Last edited 2 years ago by acceleraTor (previous) (diff)

comment:5 Changed 2 years ago by arma

Another potentially helpful building block is how routerset_contains returns 4 in the case we care about here, and 2 for the {de} case.

comment:6 Changed 2 years ago by nickm

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

comment:7 Changed 20 months ago by nickm

Keywords: 032-unreached added
Milestone: Tor: 0.3.2.x-finalTor: unspecified

Mark a large number of tickets that I do not think we will do for 0.3.2.

comment:8 Changed 18 months ago by tmwu26

Status: acceptedneeds_revision

Having the same issues on latest verison of TBB.

comment:9 Changed 18 months ago by tmwu26

Priority: MediumHigh

comment:10 Changed 18 months ago by nickm

Status: needs_revisionnew

("needs_revision" is for tickets where there is a patch, but the patch needs to be changed.)

comment:11 Changed 16 months ago by nickm

Keywords: 030-backport removed

Remove 030-backport from all open tickets that have it: 0.3.0 is now deprecated.

Note: See TracTickets for help on using tickets.