Skip to content
Snippets Groups Projects
New look: Off

DirPort reachability test inconsistency when only "DirPort x.x.x.x:x NoAdvertise" configured

    • Closed (moved) Issue created by starlight @starlight

    If relay starts with only NoAdvertise DirPorts configured, bootstrapping fails the relay's descriptor is never published:

    Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
.
.
.
Opening Control listener on x.x.x.y:r
Opening OR listener on x.x.x.x:o
Opening Directory listener on x.x.x.y:d
.
.
.
Bootstrapped 80%: Connecting to the Tor network
Bootstrapped 85%: Finishing handshake with first hop
Bootstrapped 90%: Establishing a Tor circuit
Tor has successfully opened a circuit. Looks like client functionality is working.
Bootstrapped 100%: Done
Now checking whether ORPort x.x.x.x:o is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Self-testing indicates your ORPort is reachable from the outside. Excellent.
Performing bandwidth self-test...done.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Your server (x.x.x.x:0) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
    ORPort x.x.x.x:o
DirPort x.x.x.y:d NoAdvertise
ControlPort x.x.x.y:r
    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • starlight changed milestone to %Tor: unspecified

      changed milestone to %Tor: unspecified

    • starlight added component::core tor/tor milestone::Tor: unspecified parent::13112 priority::medium severity::normal status::new type::defect version::tor unspecified labels

      added component::core tor/tor milestone::Tor: unspecified parent::13112 priority::medium severity::normal status::new type::defect version::tor unspecified labels

    • T
      teor @teor ·

      You removed the log line where the relay guesses its own IPv4 address. Since self-testing to the ORPort was successful, I'm going to assume that it guessed x.x.x.x. You might want to set "Address x.x.x.x" if x.x.x.y is also a public IP address. (I'm guessing it's not, because you have a control port on it.)

      It looks like Tor isn't launching the DirPort self-test, but it is waiting for the DirPort self-test to be successful before it publishes. Oops!

      Does this config work with Tor 0.3.3? Does it work with Tor 0.2.9? (If it does, we must fix this regression before 0.3.4 stable. If it has been a bug for a long time, maybe it can wait.)

      I would normally ask "Does this config work if you don't set NoAdvertise on the DirPort?" But the config probably won't work, because the relay will either guess x.x.x.x or x.x.x.y as its address, so one of the ORPort or DirPort checks will fail.

      Does this config work if you set "DirPort x.x.x.x:d"? Does this config fail if you set "DirPort x.x.x.x:d NoAdvertise"?

      Does this config work if you don't set a DirPort?

      Trac:
      Keywords: N/A deleted, 034-must-maybe, regression-maybe added
      Summary: DirPort reachabality test incorrectly tried when only "DirPort x.x.x.x:x NoAdvertise" configured to DirPort reachability test inconsistency when only "DirPort x.x.x.x:x NoAdvertise" configured
      Description: If relay starts with only NoAdvertise DirPorts configured, bootstrapping fails:

      Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
.
.
.
Opening Control listener on x.x.x.y:r
Opening OR listener on x.x.x.x:o
Opening Directory listener on x.x.x.y:d
.
.
.
Bootstrapped 80%: Connecting to the Tor network
Bootstrapped 85%: Finishing handshake with first hop
Bootstrapped 90%: Establishing a Tor circuit
Tor has successfully opened a circuit. Looks like client functionality is working.
Bootstrapped 100%: Done
Now checking whether ORPort x.x.x.x:o is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Self-testing indicates your ORPort is reachable from the outside. Excellent.
Performing bandwidth self-test...done.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Your server (x.x.x.x:0) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      ORPort x.x.x.x:o
DirPort x.x.x.y:d NoAdvertise
ControlPort x.x.x.y:r

      to

      If relay starts with only NoAdvertise DirPorts configured, bootstrapping fails the relay's descriptor is never published:

      Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
.
.
.
Opening Control listener on x.x.x.y:r
Opening OR listener on x.x.x.x:o
Opening Directory listener on x.x.x.y:d
.
.
.
Bootstrapped 80%: Connecting to the Tor network
Bootstrapped 85%: Finishing handshake with first hop
Bootstrapped 90%: Establishing a Tor circuit
Tor has successfully opened a circuit. Looks like client functionality is working.
Bootstrapped 100%: Done
Now checking whether ORPort x.x.x.x:o is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Self-testing indicates your ORPort is reachable from the outside. Excellent.
Performing bandwidth self-test...done.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
Your server (x.x.x.x:0) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
      ORPort x.x.x.x:o
DirPort x.x.x.y:d NoAdvertise
ControlPort x.x.x.y:r

      Milestone: N/A to Tor: 0.3.4.x-final
      Status: new to needs_information

    • S
      starlight @starlight ·
      Author

      relay does not guess it's own address:

      Address x.x.x.x
OutboundBindAddress x.x.x.x
ORPort x.x.x.x:o
DirPort x.x.x.y:d NoAdvertise
ControlPort x.x.x.y:r

      apologies, didn't think all the boot lines were needed, unabridged:

      Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
This version is not a stable Tor release. Expect more bugs than usual.
Read configuration file "/home/tor/torrc".
Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Scheduler type KIST has been enabled.
Opening Control listener on x.x.x.y:r
Opening OR listener on x.x.x.x:o
Opening Directory listener on x.x.x.y:d
Parsing GEOIP IPv4 file ./geoip.
Parsing GEOIP IPv6 file ./geoip6.
Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Your Tor server's identity key fingerprint is 'Unnamed XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
Bootstrapped 0%: Starting
Starting with guard context "default"
I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Bootstrapped 45%: Asking for relay descriptors
I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6476, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6476, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
Bootstrapped 50%: Loading relay descriptors
Bootstrapped 55%: Loading relay descriptors
Bootstrapped 60%: Loading relay descriptors
Bootstrapped 65%: Loading relay descriptors
Bootstrapped 70%: Loading relay descriptors
Bootstrapped 75%: Loading relay descriptors
Bootstrapped 80%: Connecting to the Tor network
Bootstrapped 85%: Finishing handshake with first hop
Bootstrapped 90%: Establishing a Tor circuit
Tor has successfully opened a circuit. Looks like client functionality is working.
Bootstrapped 100%: Done
Now checking whether ORPort x.x.x.x:o is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 4 times
Self-testing indicates your ORPort is reachable from the outside. Excellent.
Performing bandwidth self-test...done.
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 17 times
last message repeated 5 times
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 11 times
last message repeated 11 times
last message repeated 3 times
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 11 times
last message repeated 10 times
last message repeated 10 times
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 9 times
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 11 times
last message repeated 11 times
last message repeated 7 times
Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not known. Closing.
last message repeated 11 times
last message repeated 11 times
last message repeated 11 times
last message repeated 11 times
last message repeated 10 times
last message repeated 10 times
last message repeated 10 times
Your server (x.x.x.x:0) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Opening Directory listener on x.x.x.x:80
Catching signal TERM, exiting cleanly.
    • S
      starlight @starlight ·
      Author

      Replying to teor:

      You removed the log line where the relay guesses its own IPv4 address. Since self-testing to the ORPort was successful, I'm going to assume that it guessed x.x.x.x. You might want to set "Address x.x.x.x" if x.x.x.y is also a public IP address. (I'm guessing it's not, because you have a control port on it.)

      Did have Address set. Unabridged output posted next above.

      It looks like Tor isn't launching the DirPort self-test, but it is waiting for the DirPort self-test to be successful before it publishes. Oops!

      Does this config work with Tor 0.3.3?

      No idea, did not try it. Only just thought of trying this due to some DirPort abuse activity. Tor-Relays: https://lists.torproject.org/pipermail/tor-relays/2018-May/015253.html

      Does it work with Tor 0.2.9? (If it does, we must fix this regression before 0.3.4 stable. If it has been a bug for a long time, maybe it can wait.)

      Doubt it but don't know. Worked around the abuse with a rate-limit and don't need a backport, but this seems like a useful config for the future.

      I would normally ask "Does this config work if you don't set NoAdvertise on the DirPort?" But the config probably won't work, because the relay will either guess x.x.x.x or x.x.x.y as its address, so one of the ORPort or DirPort checks will fail.

      Does work, running now. Explicit Address config from the get-go.

      Does this config work if you set "DirPort x.x.x.x:d"? Does this config fail if you set "DirPort x.x.x.x:d NoAdvertise"?

      With the above two, yes does work but with x.x.x.y as the NoAdvertise address. Have been configuring an inside-network DirPort awhile now for some scripts that utilize consensus documents.

      Does this config work if you don't set a DirPort?

      Probably, but didn't try that. Standard default setup, right?

    • T
      teor @teor ·

      We still need to answer these questions to prioritise this ticket:

      Does this config work with Tor 0.3.3? Does it work with Tor 0.2.9? (If it does, we must fix this regression before 0.3.4 stable. If it has been a bug for a long time, maybe it can wait.)

      The following minimal config should reproduce this issue:

      tor DirPort "9030 NoAdvertise"
    • S
      starlight @starlight ·
      Author

      A quick review of 0.3.4 code reveals the bug appears subtle, and likely to be present in prior releases.

      The flag DirPort_set in or.h determines whether DirPort self-checking should occur. The test-circuit launch is attempted but results in "exit point is not known" because the NoAdvertise address is a non-routable address and/or because it does not match the relay descriptor public addresses, is not present in the descriptor.

      DirPort_set does not consider NoAdvertise. For this to work correctly some logic examining NoAdvertise is required and none is evident.

    • S
      starlight @starlight ·
      Author

      For emphasis:

      Appears this bug require a non-routeable and/or non-reachable NoAdvertise DirPort address. If the NoAdvertise address is reachable the test might succeed.

    • T
      teor @teor ·

      Ok, then this is not a regression, because it has been around for a few releases. (Probably since 0.2.8 or 0.2.9 when the code was rewritten.)

      Here is a workaround:

      • run a separate Tor process with "DirPort x NoAdvertise"
      • if you have trouble with #23693 (moved) or similar errors, run a separate tor process with "DirPort x ORPort y PublishServerDescriptor 0"

      Trac:
      Version: Tor: 0.3.4.1-alpha to Tor: unspecified
      Status: needs_information to new
      Milestone: Tor: 0.3.4.x-final to Tor: unspecified
      Keywords: 034-must-maybe, regression-maybe deleted, N/A added

    • toralf
      toralf @toralf ·

      FWIW I got a similar warning at a stable Debian with a Tor relay 0.3.3.9 configured as a bridge.

    • T
      teor @teor ·

      We might have some code that fixes this issue in #13112 (moved).

      Trac:
      Parent: N/A to #13112 (moved)

    • Trac moved to tpo/core/tor#26136 (closed)

      moved to tpo/core/tor#26136 (closed)

    Please register or sign in to reply