[tor-bugs] #2511 [Tor Client]: Tor will use an unconfigured bridge if it was a configured bridge last time you ran Tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Feb 8 10:49:26 UTC 2011


#2511: Tor will use an unconfigured bridge if it was a configured bridge last time
you ran Tor
------------------------+---------------------------------------------------
 Reporter:  arma        |       Owner:                    
     Type:  defect      |      Status:  new               
 Priority:  normal      |   Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |     Version:                    
 Keywords:              |      Points:                    
   Parent:              |  
------------------------+---------------------------------------------------

Comment(by arma):

 This happens because we originally designed bridges to be robust ("work if
 you can no matter what"), rather than be precise ("use this bridge or
 don't work").

 The exact chain of events here is that we read in the bridge descriptor,
 read in our entry guards, and call entry_guard_set_status(). That sets all
 but the one of our entry guards to Down:
 {{{
   else if (options->UseBridges && (!node->ri ||
                                    node->ri->purpose !=
 ROUTER_PURPOSE_BRIDGE))
     *reason = "not a bridge";
 }}}
 but that one gets set as Up.

 Then various places like update_router_have_minimum_dir_info() call
 should_delay_dir_fetches(), which asks
 {{{
   if (options->UseBridges && !any_bridge_descriptors_known()) {
 }}}
 But that function just checks
 {{{
 any_bridge_descriptors_known(void)
 {
   tor_assert(get_options()->UseBridges);
   return choose_random_entry(NULL)!=NULL ? 1 : 0;
 }
 }}}
 and sure enough, there is an "up" entry guard.

 So we do a directory fetch to get the consensus and/or more descriptors
 from it that we don't have. In directory_get_from_dirserver() the
 directory mirror we'd chosen gets overwritten with our bridge:
 {{{
     if (options->UseBridges && type != BRIDGE_AUTHORITY) {
       /* want to ask a running bridge for which we have a descriptor. */
 }}}
 which is why it looks to all intents and purposes like that bridge is our
 configured bridge.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2511#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list