Bridges report unbelievable numbers of clients

[karsten]

During the evaluation of extra-info documents published by bridges it was
found that some bridges report unbelievable numbers of clients. As an
example, two subsequently published extra-info documents of the same bridge
look are as follows (* denotes removed parts). Here, the first extra-info
document is the first such document that was published by this bridge.

extra-info *
published 2008-10-28 17:20:32
geoip-start-time 2008-10-25 23:07:16
geoip-client-origins de=936,us=704,cn=664,it=288,fr=208,ru=192,gb=144,*

extra-info *
published 2008-10-29 09:20:33
geoip-start-time 2008-10-27 09:07:01
geoip-client-origins ae=8,bg=8,cn=8,cz=8,de=8,dk=8,es=8,hk=8,in=8,it=8,*

The same bridge was running as a relay before 2008-10-28 with the last
router descriptor published at around 2008-10-27 14:00:00.

A possible (and even likely) explanation for the high numbers of clients is
that these clients contacted the bridge back when it was running as a
relay. When being reconfigured to run as a bridge, the bridge did not clear
its geoip cache and counted the relay clients as bridge clients. Only when
clearing the cache on 2008-10-27 09:07:01, the relay clients were removed
from the cache.

A solution to the described problem is that bridges do not include geoip
information in their extra-info documents if they have published a router
descriptor within the past few days, e.g., 3 days. These 3 (or whatever
fits here) days ensure that clients do not know about the bridge as a relay
anymore, but only as a bridge. This prevents both overcounting and
unwantedly revealing information about relay usage.

There is another phenomenon of a bridge that publishes both router
descriptors and bridge descriptors at the same time. In fact, it's not
forbidden to set 'PublishServerDescriptor v2,v3,bridge'. However, this
defeats the point of counting only bridge clients and including them in
extra-info documents. Should this behavior be changed, so that nodes can
publish either router descriptors or bridge descriptors, but not both?

[Automatically added by flyspray2trac: Operating System: All]

[nickm]

Another option would seem to be clearing your geoip stats whenever you bridge status changes. (In case we ever read
from the geoip-stats file, we should have that file start including whether we were a bridge or not.)

[nickm]

Try out the branch "bug932_clear_on_status_change" in my public repository at ​git://git.torproject.org/~nickm/git/tor.git

It applies against maint-0.2.1.

Does it look like a sane solution here?

[nickm]

Fixed in 0.2.1 with fc091e8a96f2 .. 45171cd9e9cb .

[nickm]

flyspray2trac: bug closed.