Opened 6 years ago

Last modified 4 months ago

#7281 new enhancement

Bandwidth auths should publish average and weighted onionskin failure rates

Reported by: mikeperry Owned by:
Priority: Low Milestone:
Component: Core Tor/Torflow Version:
Severity: Normal Keywords: privcount
Cc: aagbsn@…, juga Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


While testing for path bias rates, I've noticed that the onionskin failure rate in the network can vary as much as +/- 30% in the matter of a few hours. This is rather insane.

We should publish statistics on this failure rate over time somehow. This might be a metrics task, but if the bandwidth auths do it, we can have them set consensus parameters for the path bias code to decide on how loudly to scream and when (see Proposal 209).

For that, I think I want network-wide averages, as well as consensus-bandwidth weighted averages. The path bias levels should be set using consensus-bandwidth weighted values.

See also #5457, but I don't think we should do that anymore, based on how easy it seems to be to cause onionskin overload.

Child Tickets

Change History (15)

comment:1 Changed 6 years ago by mikeperry

FYI: This requires the bw auths upgrading to a tor client that supports #7039 to get actual REASON=RESOURCELIMIT reason codes back as opposed to REASON=INTERNAL. However, we can just assume all first-hop circuit failures with open orconns are onionskin failures to start.

comment:2 Changed 6 years ago by mikeperry

I think the way we want to do this is simple multiplication. Assuming the bw auth ambient failure really is an accurate measurement of the network-wide failure rate, then the adversary needs to fail 1.0-c/n of the *remaining* successful circuits in order to capture those routes.

Therefore, if the bandwidth auths publish a weighted circuit success rate as wcirc_success, the dirauths can just multiply the initial path bias numbers by this wcirc_success value to get new values for the consensus parameters pb_noticepct, pb_warnpct, and pb_extremepct.

comment:3 Changed 6 years ago by mikeperry

As an alternative, see #7509.

comment:4 Changed 6 years ago by mikeperry

FYI: The fixes for #7157 mean we only have to measure onionskin success rates for exit nodes, not the whole network.

comment:5 Changed 4 years ago by aagbsn

Cc: aagbsn@… added

comment:6 Changed 16 months ago by teor

Severity: Blocker

We probably won't implement this in torflow, see #13630 for a replacement.

comment:7 Changed 16 months ago by teor

Priority: HighMedium
Severity: BlockerNormal

Priorities and Severities in torflow are meaningless, setting them all to Medium/Normal.

comment:8 Changed 16 months ago by teor

Owner: aagbsn deleted
Status: newassigned

aagbsn was the default owner, unassigning

comment:9 Changed 15 months ago by teor

Status: assignednew

Mark all tickets that are assigned to nobody as "new".

comment:10 Changed 11 months ago by juga

Cc: juga added

comment:11 Changed 11 months ago by juga

Parent ID: #545625925

comment:12 Changed 11 months ago by juga

Parent ID: 25925#25925

comment:13 in reply to:  6 Changed 10 months ago by juga

Replying to teor:

We probably won't implement this in torflow, see #13630 for a replacement.

Since currently the directory authorities do not use circuit failure information generated by Torflow, what would be the idea on how to solve this ticket?

comment:14 Changed 10 months ago by teor

Priority: MediumLow

We do not need this feature to replace torflow with sbws.

It is ok if we don't implement it.
If you want to implement it, please do not spend more than half a day doing it.

comment:15 Changed 4 months ago by teor

Keywords: privcount added
Parent ID: #25925

This is a relay statistics task, not a bandwidth authority task

Note: See TracTickets for help on using tickets.