[tor-bugs] #21969 [Core Tor/Tor]: We're missing descriptors for some of our primary entry guards

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 22 10:36:54 UTC 2017 

#21969: We're missing descriptors for some of our primary entry guards
-----------------------------------+------------------------------------
 Reporter:  asn                    |          Owner:  asn
     Type:  defect                 |         Status:  assigned
 Priority:  High                   |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor           |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  tor-guard, tor-bridge  |  Actual Points:
Parent ID:                         |         Points:  1.5
 Reviewer:                         |        Sponsor:  SponsorU
-----------------------------------+------------------------------------

Comment (by asn):

 Replying to [comment:25 asn]:
 > Discussed comment:24 with Nick on IRC. He points out that primary guards
 need to be listed on the consensus, and hence the top half of the
 suggested comment:24 fix is not valid anymore. Nick suggests that to fix
 the bridge case of comment:24 we can check the `is_reachable` field of the
 bridge guard, and ignore it if it's not reachable and missing a
 descriptor.
 >
 > Still waiting for pathological logs from s7r/alec to learn more.

 I think the bridges-case approach where we check `is_reachable` before
 counting a guard towards the "needs descriptor" block is possible.
 However, with the current codebase it's not as easy as checking
 `is_reachable` at the time of
 `guard_selection_have_enough_dir_info_to_build_circuits()`.

 That's because we don't actually notify the guard subsystem when a bridge
 descriptor fetch fails. And that's because in
 `launch_direct_bridge_descriptor_fetch()` we never set the `guard_state`
 on the directory request, so `entry_guard_chan_failed()` doesn't update
 the guard state when the fail happens.

 Seems like the correct bridges-side fix here involves the following two
 steps:
 1) Add guard_state to bridge descriptor directory request in
 `launch_direct_bridge_descriptor_fetch()`.
 2) Don't count unreachable primary bridges towards the
 `guard_selection_have_enough_dir_info_to_build_circuits()` descriptor
 block limit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21969#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list