[tor-bugs] #18548 [Tor]: Tor calling sandbox_getaddrinfo() delays bootstrap when no system DNS is available

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 14 18:53:45 UTC 2016 

#18548: Tor calling sandbox_getaddrinfo() delays bootstrap when no system DNS is
available
------------------------+--------------------------
     Reporter:  anonym  |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:
    Component:  Tor     |    Version:  Tor: 0.2.7.6
     Severity:  Normal  |   Keywords:  AffectsTails
Actual Points:          |  Parent ID:
       Points:          |   Reviewer:
      Sponsor:          |
------------------------+--------------------------
 On a Debian Jessie system with `tor` installed from `jessie-backports`
 (currently 0.2.7.6-1~bpo8+1), if I:

 * enable Tor's sandboxing, and
 * empty `/etc/resolv.conf`, and
 * restart Tor to make it bootstrap again,

 then I can see Tor doing nothing for exactly 10 seconds even before
 reporting `Bootstrapped 0%`. In the debug log I see:

 {{{
 Mar 14 19:30:20.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Mar 14 19:30:20.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Mar 14 19:30:20.000 [info] crypto_global_init(): NOT using OpenSSL engine
 support.
 Mar 14 19:30:20.000 [info] evaluate_evp_for_aes(): This version of OpenSSL
 has a known-good EVP counter-mode implementation. Using it.
 Mar 14 19:30:20.000 [info] sandbox_getaddrinfo(): (Sandbox) getaddrinfo
 succeeded.
 Mar 14 19:30:30.000 [info] sandbox_getaddrinfo(): (Sandbox) getaddrinfo
 failed.
 Mar 14 19:30:30.000 [info] sandbox_getaddrinfo(): (Sandbox) getaddrinfo
 succeeded.
 Mar 14 19:30:30.000 [notice] Bootstrapped 0%: Starting
 }}}

 As you can see there is an exact 10 second delay for the second call of
 `sandbox_getaddrinfo()`. Either using a "normal" system DNS resolver, or
 disabling Tor's sandboxing removes this delay. I say "normal" system DNS
 resolver, because using Tor's `DNSPort` doesn't work, as expected, but
 actually it makes the situation worse by increasing the delay to 20
 seconds for some reason. I imagine this is quite a common use case for the
 `DNSPort` option.

 For the record, this Tor bootstrap delay affects every boot of Tails
 (probably since we enabled Tor's sandboxing in Tails 1.2, 1½ years ago)
 and we have [https://labs.riseup.net/code/issues/10238 our own ticket] but
 it tracks other unrelated Tor bootstrapping issues as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18548>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list