Opened 12 years ago

Last modified 7 years ago

#534 closed defect (Implemented)

tor clients stop working if one v3 authority goes away for 3 hours

Reported by: arma Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.9-alpha
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If one of the v3 authorities goes away, clients that use the v3 consensus
will fail to have a live one, and will refuse to build circuits.

We should make clients tolerate this by using an older consensus if they've
got it. I think "at most 24 hours old" is a fine estimate -- not so high
that it will point to useless descriptors, and not so low that a bit of
downtime on the part of the authorities will be a killer.

Of course, this comes with an anonymity downside: the directory mirrors
can try to trick you into using an old consensus. Perhaps if we get an old
consensus then we should go straight to an authority for the next try (or
after a few tries), and then consider any one we get from an authority to
be safe?

When there are 10 authorities and it becomes clear that a majority of them
never vanish, we should then consider removing this feature, since the
anonymity risk will then outweigh the "it works" benefit. But for now, I
think 0.2.0.9-alpha clients will be much happier having this feature.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (5)

comment:1 Changed 12 years ago by nickm

I think the right fix for this is indeed "get more v3 authorities." We could do a short-term
fix by adding code to networkstatus_get_live_consensus() to treat a consensus as live if its valid-until
time is not _too_ far in the past. That would be easy.

comment:2 Changed 12 years ago by arma

Yes, let's do that.

(But make sure it doesn't break any "I'll call get_live_consensus() to see
if I need to fetch a new one now" code, if any. :)

comment:3 Changed 12 years ago by nickm

Actually, looking at the calls to networkstatus_get_live_consensus(), I think the only ones we
want to change are the ones in routerlist.c that cover which descriptors to download and whether
we have enough info to build circuits. I've adding a new function to cover exactly those: see r12167.

comment:4 Changed 12 years ago by nickm

flyspray2trac: bug closed.
I'm calling this fixed for now.

comment:5 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.