Opened 16 months ago

Closed 3 months ago

Last modified 3 months ago

#27946 closed defect (fixed)

"ExitRelay 0" ignored if config files are in include directories

Reported by: toralf Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.3.5.2-alpha
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This

%include /etc/tor/torrc.d/

ExitRelay 0
IPv6Exit 0

seems not to work if there'S a file in /etc/tor/torrc.d/ containing

ExitRelay 1
IPv6Exit 1

Child Tickets

Change History (6)

comment:1 Changed 16 months ago by nickm

When I try this, Tor says:

Oct 06 14:16:56.061 [warn] Option 'ExitRelay' used more than once; all but the last value will be ignored.
Oct 06 14:16:56.061 [warn] Option 'IPv6Exit' used more than once; all but the last value will be ignored.

and it appears not to try to be an exit relay. Do you see that too?

If so/if not, what behavior are you seeing, and in what way does it not work?

comment:2 Changed 16 months ago by dgoulet

Milestone: Tor: unspecified
Status: newneeds_information

comment:3 Changed 16 months ago by dgoulet

Summary: "ExitRealay 0" ignored if config files are in include directories"ExitRelay 0" ignored if config files are in include directories

comment:4 Changed 16 months ago by toralf

Hhm, when I restart that relay, then it works as expected.
When I just change the config value from 1 to 0 and reload the relay (kill -1), then the existing exit connections will stay.
So maybe just a false expectation at my side about the behaviour.

comment:5 Changed 3 months ago by teor

Resolution: fixed
Status: needs_informationclosed

We recently fixed a config include bug in #31408. Let us know if this issue happens again with a version that has the #31408 fix.

comment:6 in reply to:  4 Changed 3 months ago by arma

Replying to toralf:

When I [...] reload the relay (kill -1), then the existing exit connections will stay.
So maybe just a false expectation at my side about the behaviour.

Right, Tor doesn't close existing exit connections when you change your exit policy. In fact, it doesn't even close existing OR connections if you turn your ORPort to 0 (turning into just a client). The configuration options are about what you'll allow from now on, not about going through and closing all the existing conns that are not compatible ("could not have been created") with your new config.

Note: See TracTickets for help on using tickets.