[tor-bugs] #25928 [- Select a component]: Summary: Single DA in sandbox vs. PDS_ALLOW_SELF flag

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 26 13:21:38 UTC 2018


#25928: Summary: Single DA in sandbox vs. PDS_ALLOW_SELF flag
--------------------------------------+--------------------
     Reporter:  somlo                 |      Owner:  (none)
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+--------------------
 I am running a TOR network simulation in a self-contained sandbox, and
 only
 really need a single node to act as Directory Authority. The configuration
 file looks as follows (the DA's fqdn is da.sandbox.local, and its IP is
 12.34.56.78):

 # common to all nodes:
 RunAsDaemon 1
 TestingTorNetwork 1
 UseDefaultFallbackDirs 0
 DataDirectory /var/lib/tor
 PidFile /var/lib/tor/pid
 Log info file /var/lib/tor/info.log
 SafeLogging 0
 DirAuthority orport=5000 v3ident=6542F7312EE19D39E9D389CCCB1DDD342A32E94D
 12.34.56.78:7000 1B494B7382C8C2D2D13FB0B5175B0B3A14E54D69

 # additionally, regular onion routers (incl. the DA):
 ORPort 5000

 # additionally, for the DA only:
 DirPort 7000
 Address da.sandbox.local
 OutboundBindAddress da.sandbox.local
 AuthoritativeDirectory 1
 V3AuthoritativeDirectory 1
 V3AuthVotingInterval 10
 V3AuthVoteDelay 2
 V3AuthDistDelay 2

 When I start the DA, I get lots of log entries (in /var/lib/tor/info.log)
 complaining about the absence of any reachable directory servers:

 [info] router_pick_dirserver_generic(): No dirservers are reachable.
 Trying them all again.
 [info] router_pick_directory_server():  No reachable router entries for
 dirservers. Trying them all again.
 [info] directory_pick_generic_dirserver(): No router found for consensus
 network-status fetch; falling back to dirserver list.

 While the single DA eventually appears to work properly, and publishes a
 consensus file containing itself as a router entry, these warnings keep
 showing up periodically in the log file on an ongoing basis.

 Once the DA publishes its initial one-entry consensus, I can start further
 ORs which are quickly added to the consensus, and any client nodes are
 easily able to build circuits and operate correctly in my sandbox network.

 In an attempt to silence the DA's dirserver reachability complaints I
 looked
 through the TOR sources, and found that a DA's ability to pick itself as
 its
 own directory server (in function router_pick_directory_server() in file
 src/or/routerlist.c) is controlled by the PDS_ALLOW_SELF flag.

 This flag was originally introduced in commit 02e7a83f9, and also appears
 in subsequent commits b87a7760e, 74c2bff78, and b3a690749. The latter two
 commits remove code that used to set the flag (haven't spent the time to
 figure out if this would have helped my single-DA scenario, though).

 Currently, there appears to be no code path that sets this flag, and also
 no way to request it to be set via the command line or configuration file.

 Would it make sense to assume the flag is *always* set (which would always
 allow a DA to pick itself as its own DA), or rather would it be better to
 provide some interface (config file entry) that allows setting the flag
 explicitly (maybe only in testing mode)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25928>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list