On Sunday, 23 March 2025 00:05 John Crow wrote:
I really hope I don't have to copy paste it all given the amount of relays that I am currently running. Hopefully, nusenu will update the ansible repo to support it.
:-) Nusenu has not only implemented this in his ansible-relayor, but has also given hints during development: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/857#note_3164207
On Sat, Mar 22, 2025, at 2:55 PM, boldsuck via tor-relays wrote:
Yay, family key's are live: Implemented-In: Tor 0.4.9.1-alpha, Arti 1.4.1 https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/321-h appy-families.md
https://community.torproject.org/relay/setup/post-install/family-ids/ Copy the MyFamilyKey.secret_family_key file into the KeyDir of _every_ _one_ of your relay.
Oooh, damn it. No ansible. Happy copy pasting happy-families ;-)
On Sat, Mar 22, 2025, at 2:55 PM, boldsuck via tor-relays wrote:
Yay, family key's are live: Implemented-In: Tor 0.4.9.1-alpha
Note that the version number given there is wrong. tor 0.4.9.1-alpha does not include support for the new happy families feature.
0.4.9.2-alpha will probably be the first tor release with happy families support. This has been corrected on this page: https://community.torproject.org/relay/setup/post-install/family-ids/ but has not found its way to the proposal page yet.
Thanks to early adopters like toralf bugs in happy families are being reported and fixed.
I really hope I don't have to copy paste it all given the amount of relays that I am currently running. Hopefully, nusenu will update the ansible repo to support it.
:-) Nusenu has not only implemented this in his ansible-relayor, but has also given hints during development: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/857#note_3164207
The current implementation in tor does not support setting the path to the family key file. Which is a bit cumbersome for large operators because they need to copy the file for every tor instance (keys folder) instead of a single time for each server and a single torrc config line. This is less problematic for ansible-relayor than for operators doing it manually because we can automate that task in realyor, but the runtime will certainly increase significantly for large operators if we need to copy that file for every tor instance including setting permissions and so on.
I hope a torrc option for specifying the path to the key file is added before the first tor release with happy families is published to mitigate this overhead.
Here is the related gitlab issue for it: https://gitlab.torproject.org/tpo/core/tor/-/issues/41033
After this has been clarified/implemented (or rejected) an ansible-relayor release with happy families support will be implemented.
OrNetStats will also get Happy Families support but this depends on onionoo's support for Happy Families: https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40...
I found it surprising to learn from the proposal that the old MyFamily design makes up over 80% of microdescriptors size so this change has significant potential to decrease the bandwidth used for answering directory requests https://metrics.torproject.org/dirbytes.html but since both Family designs will co-exist for some time for backward compatibility reasons it will take some time before operators can remove there old MyFamily lines from their torrc config files.
kind regards, nusenu
On Sunday, 23 March 2025 10:37 nusenu via tor-relays wrote:
On Sat, Mar 22, 2025, at 2:55 PM, boldsuck via tor-relays wrote:
Yay, family key's are live: Implemented-In: Tor 0.4.9.1-alpha
Note that the version number given there is wrong. tor 0.4.9.1-alpha does not include support for the new happy families feature.
0.4.9.2-alpha will probably be the first tor release with happy families support. This has been corrected on this page: https://community.torproject.org/relay/setup/post-install/family-ids/ but has not found its way to the proposal page yet.
OK, thanks. With tor-nightly-main-* currently: 0.4.9.1-alpha-dev I was able to create the family key and id.
Thanks to early adopters like toralf bugs in happy families are being reported and fixed.
I really hope I don't have to copy paste it all given the amount of relays that I am currently running. Hopefully, nusenu will update the ansible repo to support it.
:-)
Nusenu has not only implemented this in his ansible-relayor, but has also given hints during development: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/857#note_31642 07
The current implementation in tor does not support setting the path to the family key file. Which is a bit cumbersome for large operators because they need to copy the file for every tor instance (keys folder) instead of a single time for each server and a single torrc config line. This is less problematic for ansible-relayor than for operators doing it manually because we can automate that task in realyor, but the runtime will certainly increase significantly for large operators if we need to copy that file for every tor instance including setting permissions and so on.
I hope a torrc option for specifying the path to the key file is added before the first tor release with happy families is published to mitigate this overhead.
Yes, I was also looking for the option to specify the path. Now it doesn't matter, for me. I copied the key in every tor instance and changed permissions. torrc config is only one file per server. I just have to comment out 'FamilyId' line with upcoming stable 0.4.9.n
BTW: I hope 0.4.9 finally includes 'ReevaluateExitPolicy' and 'DoSStreamCreation*' for exits, in addition to the family keys.
'ReevaluateExitPolicy' on restart breaks tens or hundreds of thousands of existing connections, and healthy relays lose the HsDir flag.
DoS and DDoS consume power and bandwidth. 'ReevaluateExitPolicy' on reload can, AFAIK, also help the relays before exits in the circuit.
Here is the related gitlab issue for it: https://gitlab.torproject.org/tpo/core/tor/-/issues/41033
After this has been clarified/implemented (or rejected) an ansible-relayor release with happy families support will be implemented.
OrNetStats will also get Happy Families support but this depends on onionoo's support for Happy Families: https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/4 0051
I found it surprising to learn from the proposal that the old MyFamily design makes up over 80% of microdescriptors size so this change has significant potential to decrease the bandwidth used for answering directory requests https://metrics.torproject.org/dirbytes.html but since both Family designs will co-exist for some time for backward compatibility reasons it will take some time before operators can remove there old MyFamily lines from their torrc config files.
kind regards, nusenu
tor-relays@lists.torproject.org
-
boldsuck -
lists@for-privacy.net
-
nusenu