[tor-talk] tor as Onion Service (only) Wrote about "Requested exit point" in .log
Drew at FoundingDocuments.org
Drew at FoundingDocuments.org
Sun May 2 17:15:23 UTC 2021
> On May 2, 2021, at 4:14am, Roger Dingledine <arma at torproject.org> wrote:
>
> On Fri, Apr 30, 2021 at 07:16:08PM -0400, Drew at FoundingDocuments.org wrote:
>> Why would tor running as an onion service write this to its log?
>>
>> Apr 29 02:06:22.000 [warn] {APP} Requested exit point ???$1FINGER-PRINT-XYZ*??? is not known. Closing.
>
> It's just a terminology confusion. What Tor means is that it wanted to
> make a circuit whose last hop was XYZ, but it couldn't.
>
> Onion services make circuits like this when, for example, they want to
> upload your onion descriptor to particular HSDir relays -- the 'exit'
> is the HSDir it's trying to end its circuit at.
Excellent, thank you.
> Among other stuff, the torrc contains:
>> SOCKSPolicy reject *
>> SocksPort 0
>> ExitRelay 0
>> ExitPolicy reject *:*
>
> All of those are fine. I wonder why you have ExitRelay and ExitPolicy
> set if you don't have ORPort set though -- if there's no ORPort, you're
> not a relay, so then your exit policy doesn't matter.
It contained even more embarrassing stuff like
ExitPolicy reject *4:* # No IPv4 exits allowed
ExitPolicy reject *6:* # No IPv6 exits allowed
underneath the ExitPolicy reject *:* line.
That’s cruft from when I first started exploring tor’s configuration file. I studied the man page and put in things I was sure I wanted, then tested. I knew some line items were redundant but figured it wouldn’t hurt (based on docs), as well as leaving some vocab in front of me to help me memorize things. I’ve also been accused of being overly cautious at times.
In related news, I had another look at the man page a few months ago compared to a few years ago and I was very glad it got some love. I was just too new to start figuring out how to change it and send my opinions on how to improve it. Not that it was bad before, but now it’s even better! :-) And time for me to make another pass over it and my script that writes the torrc.
>> In case it???s related, I see about an hour earlier there was a large number of dirservers that rejected an HS descriptor as invalid. In the past I???d seen a line or two or three of similar [warn] {REND} errors, but near the time below, there were 40 such lines. All within the span on one minute; 32 rejected in one second. I don???t think I???d seen that many at once before.
>>
>> Apr 29 00:50:25.000 [warn] {REND} Uploading hidden service descriptor: http status 400 ("Invalid HS descriptor. Rejected.") response from dirserver [IPv4**]:9001. Malformed hidden service descriptor?
>
> Are you sure these are v3 onion services, and not v2 onion services?
I decided to skip v2 entirely since I was just starting out.
> You shouldn't be getting descriptor upload failures from v3 onion
> services.
Interesting.
More information about the tor-talk
mailing list