[tor-bugs] #9206 [Tor]: 'Guard' flags only assigned to first nodes started in a private Tor network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 29 00:31:46 UTC 2013
#9206: 'Guard' flags only assigned to first nodes started in a private Tor network
-------------------------+-------------------------------------------------
Reporter: karsten | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-auth tor-relay simulation
Actual Points: | testing
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by robgjansen):
Replying to [comment:14 ln5]:
> Replying to [comment:13 robgjansen]:
> > We were at one point but it must have gotten removed. Should we be
using these? Would this allow us to specify guard flags?
>
> No. I'm asking because since getting guard depends not only on
(weighted) uptime, but also on whether you're Fast or not, which is
influenced by either bandwidth files or, if those are not present, what
the relays say themselves.
>
> My suggested solution, based on a Chutney use case, was to make relays
brag about high speed which in a network where dir auths don't have
bandwidth files will make them all Guards.
>
Doesn't this come with the unintended consequence of messing up path
selection in other ways?
> The reason that I dropped the "brute force solution" (forcing flags on
relays by configuring dir auths to just set the bloody flag, goddamit) is
that in Shadow, there seems to be no way of refer to a relay before the
network is started.
We can refer to them by domain name or nickname (the 'id' attribute of the
'node' element in the hosts.xml files), but you're correct that we cannot
refer to them by fingerprint because its dynamically generated.
> I wasn't pondering the idea of adding a dir auth configuration option
making _all_ relays Guards, Stable or whatever. Would that be useful to
you, Rob?
In my experience, the "start the relays that we want to get the guard flag
first" approach *usually* results in the correct relays getting the guard
flags. ATM, I don't see a clear benefit in other approaches that don't
*guarantee* correct assignment.
In testing mode, perhaps each relay could tell the dirauths which flags it
wanted, and the dirauth could just blindly agree. Though, the code
complexity is probably high, and I understand that this sort of feature
could be considered unclean and a nightmare to maintain. So, maybe the
'start the guards first' approach is good enough?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9206#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list