[tor-bugs] #9206 [Tor]: 'Guard' flags only assigned to first nodes started in a private Tor network

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 4 06:38:50 UTC 2013

#9206: 'Guard' flags only assigned to first nodes started in a private Tor network
 Reporter:  karsten  |          Owner:     
     Type:  defect   |         Status:  new
 Priority:  normal   |      Milestone:     
Component:  Tor      |        Version:     
 Keywords:           |         Parent:     
   Points:           |   Actualpoints:     
 Rob identified a problem with 'Guard' flags only assigned to the first
 nodes that are started in a private Tor network.  This was originally
 opened as a [https://github.com/shadow/shadow/issues/146 Shadow issue],
 but we decided to move it to Tor's Trac, because it seems like a general
 issue.  Pasting from the Shadow issue here with some minor cleaning up, so
 that it's easier to follow the discussion:

 robgjansen opened this issue a day ago

 In our example scallion topologies, only exit nodes seem to be getting the
 'Guard' flag. Does this have something to do with the order in which we
 boot nodes? Or is there a change that Tor should make when
 TestingTorNetwork is enabled?

 Here is the code in Tor from src/or/dirserv.c that computes
 whether or not a node gets the guard flag.

   if (node->is_fast &&
       ((options->AuthDirGuardBWGuarantee &&
         routerbw >= options->AuthDirGuardBWGuarantee) ||
        routerbw >= MIN(guard_bandwidth_including_exits,
                        guard_bandwidth_excluding_exits)) &&
       is_router_version_good_for_possible_guard(ri->platform)) {
     long tk = rep_hist_get_weighted_time_known(
                                       node->identity, now);
     double wfu = rep_hist_get_weighted_fractional_uptime(
                                       node->identity, now);
     rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
   } else {
     rs->is_possible_guard = 0;

 robgjansen commented a day ago

 Its due to the fact that the weighted fractional uptime and weighted time
 known is used to determine guard status, since its weighted relative to
 the population. This means whichever nodes were started first will get the
 guard flag for the most part.

 I just ran an experiment to verify this: after swapping the start times of
 some exits and nonexits, the nonexits were in fact getting the guard flag
 and the exits were not.

 robgjansen commented a day ago

 @kloesing can we get a config option that allows us to adjust this, and
 only when in TestingTorNetwork mode?

 I think config options for each of these would be helpful:

  *  we assume all nodes were brought up at the same time for purposes of
 this calculation
  *  tighter control over who gets the guard flag - the ability to specify,
 for each node, if that node should get the flag or not

 robgjansen commented a day ago

 A hackish workaround is to start the relays that we want to have the guard
 flag before the rest of the relays, and hope they get assigned properly.

 kloesing commented 19 hours ago

 Nice find! But do you mind if we move this issue to Tor's Trac? This issue
 likely affects Chutney as well, and I bet Nick has an opinion on this.

 robgjansen commented 19 hours ago

 That sounds great. I'm going to leave this ticket open to remind myself
 that I'll need to incorporate whatever solution we decide on Tor's trac
 into our scallion examples.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9206>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list