[tor-bugs] #12595 [Tor]: Think of better data structures for guard nodes

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 23 17:49:10 UTC 2014 

#12595: Think of better data structures for guard nodes
------------------------+--------------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-guard
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by asn):

 Replying to [comment:3 asn]:
 > - As a further point to the paragraph above, I uploaded an image of 3
 >   different possible entry guard lists:
 >   https://people.torproject.org/~asn/guards2/entry_guard_list.jpg
 >
 >   With the current code, and if NumDirectoryGuards was 3, from the
 >   first entry guard list we would select a directory guard between
 >   (entry2, entry4, entry6). On the second list, we would select
 >   between (entry1, entry4, entry6).  On the third list, the worst case
 >   scenario, we would select between (entry4, entry5, ...).
 >
 >   I'd argue that we should strongly prefer the *top* directory guard
 >   every time, and only move to the lower ones if the top one doesn't
 >   give us what we want.
 >

 My point here was that `NumEntryGuards` and `NumDirectoryGuards` probably
 does not work the way people expect it to work.

 In the current code, `NumDirectoryGuards` (and `NumEntryGuards`) being `3`
 means that Tor needs to have `3` choices when picking a entry/directory
 guard. This means, that Tor will go as deep as needed in the guard list
 till it gets 3 nodes that satisfy the circuit requirements. This means
 that Tor might pick between the first, the second and the 25th entry
 guard, if the circuit requirements are such. This is what causes #12466.

 OTOH, when '''I''' think of "Tor has 3 entry guards", I'm thinking that
 Tor will try its best to push traffic through one of three static nodes;
 but this is not what the current behavior does. To do that, we would need
 to have a concept of "primary guards" (maybe the top 3 guards in the guard
 list), and Tor would have to make sure that all traffic (including
 directory traffic) can be pushed through one of those 3 guards.

 All these concepts are hairy and weird. Moving to a single entry/directory
 guard will simplify the logic here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12595#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list