Opened 3 years ago

Closed 7 months ago

#24932 closed defect (wontfix)

Onionoo should stop parsing untrusted descriptors

Reported by: teor Owned by: metrics-team
Priority: Low Milestone:
Component: Metrics/Onionoo Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Split off #22488.

Sometimes Onionoo will parse a descriptor that hasn't appeared in any consensus. Descriptors are not trusted until they are in a consensus. They might have the wrong details. This means that Onionoo can have the wrong details.

This is not a big deal. It just takes a bit more time for users to work out where the problem is. Sometimes the problem is on the directory authorities (example: #24864). And sometimes it is in the relay config.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by karsten

Indeed, this is worth considering.

Right now, we're parsing all descriptors and only keeping the one with highest publication time. And we're telling users in the specification when a piece of information comes from the latest known server descriptor vs. from a more authoritative source.

However, here's why this might be a bit trickier to implement than it seems: we're processing server descriptors and consensuses in separate streams, and we're not making any assumption on the order in which we process them. Right now we can immediately discard a server descriptor if we already processed a new server descriptor before. But if we want to keep the server descriptor that is last referenced from a consensus, we might end up keeping many, many server descriptors. Some relays are really busy publishing new descriptors, possibly due to bugs, so this is some data that we'd have to store. We might apply some heuristics when we can safely discard a server descriptor. But this is a bit messy.

If this is actually simpler than I'm thinking right now, let's collect ideas on this ticket. Otherwise, it's indeed a low-priority ticket that we should work on after closing all the higher-priority tickets.

Thanks for opening this ticket!

comment:2 Changed 7 months ago by karsten

Resolution: wontfix
Status: newclosed

Let's not do this. I can't think of an efficient way to only keep the latest server descriptor referenced from a consensus rather than simply keeping the most recent server descriptor. What we do right now is not wrong. Closing as wontfix, even though it was a nice idea. Sorry!

Note: See TracTickets for help on using tickets.