Opened 11 years ago

Closed 8 years ago

Last modified 7 years ago

#968 closed defect (fixed)

Directory authority in private Tor network doesn't publish consensus

Reported by: karsten Owned by: Sebastian
Priority: Low Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: easy
Cc: karsten, nickm, Sebastian, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by karsten)

Under certain circumstances a single directory authority in a private Tor
network does not manage to publish a consensus. For some reason the
directory adds itself to the list of trusted directory authorities *twice*.
The result is that it thinks there are 2 directories and that a single
vote is not enough to publish a consensus.

The directory triggers the following warning:

Index: src/or/routerlist.c
--- src/or/routerlist.c (revision 19258)
+++ src/or/routerlist.c (working copy)
@@ -3706,6 +3706,18 @@

hostname = tor_strdup(address);


+ SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent, {
+ if (ent->v3_identity_digest &&
+ !memcmp(v3_auth_digest, ent->v3_identity_digest, DIGEST_LEN))
+ log_warn(LD_CONFIG, "We already have a directory with the same "
+ "v3 identity digest %s, address %s, OR port %d, and Dir port %d. "
+ "Now we try to add one with address %s, OR port %d, and Dir port %d. "
+ "Something is wrong here!",
+ hex_str(ent->v3_identity_digest, DIGEST_LEN),
+ ent->address, ent->or_port, ent->dir_port,
+ hostname, or_port, dir_port);
+ });

ent = tor_malloc_zero(sizeof(trusted_dir_server_t));
ent->nickname = nickname ? tor_strdup(nickname) : NULL;
ent->address = hostname;

A workaround is to add a return statement to that loop. But it would be
better to find out why the directory adds itself to the list twice.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (11)

comment:1 Changed 10 years ago by Sebastian

Is this still a problem? How can one reproduce the bug?

comment:2 Changed 10 years ago by arma

I'm curious too. Karsten?

comment:3 Changed 9 years ago by karsten

Description: modified (diff)

I didn't encounter this problem again, nor do I know off the top of my head how to reproduce the problem.

comment:4 Changed 9 years ago by nickm

The only way I can see to hit this easily is by having a duplicate entry in your configuration Or, maybe, copying your digest into the configuration wrong?

Still, adding a basic check for duplicates to add_trusted_dir_server() seems like it couldn't hurt if you still think that's worthwhile. Just checking for whether the identity already exists could be good enough.

comment:5 Changed 9 years ago by Sebastian

Keywords: easy added

Yeah, it's really easy to reproduce with a duplicated dirserver line in the torrc. Providing a wrong digest didn't cause it for me. Since this is a configuration error in a private network, I don't think fixing it will be important, but if someone wants to look at tor code this can be a good start

comment:6 Changed 9 years ago by nickm

Milestone: Tor: 0.2.3.x-final

Somebody should really add the check code here; it will indeed be easy.

comment:7 Changed 9 years ago by karsten

I cannot reproduce the problem easily, mostly because I haven't run a private Tor network in ages. Sebastian, can I assign this task to you?

comment:8 Changed 9 years ago by karsten

This might be a fine test case for our shiny new integration tester. Or rather, we should keep in mind that we might want to test things like this in the future.

comment:9 Changed 9 years ago by karsten

Owner: changed from karsten to Sebastian
Status: newassigned

comment:10 Changed 8 years ago by nickm

Resolution: Nonefixed
Status: assignedclosed

So, it seems we can no longer reproduce this, and it isn't showing up in anybody's integration tests. I'm closing it as fixed for now.

comment:11 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.