[tor-bugs] #25928 [- Select a component]: Summary: Single DA in sandbox vs. PDS_ALLOW_SELF flag
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 26 13:21:38 UTC 2018
#25928: Summary: Single DA in sandbox vs. PDS_ALLOW_SELF flag
--------------------------------------+--------------------
Reporter: somlo | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
I am running a TOR network simulation in a self-contained sandbox, and
only
really need a single node to act as Directory Authority. The configuration
file looks as follows (the DA's fqdn is da.sandbox.local, and its IP is
12.34.56.78):
# common to all nodes:
RunAsDaemon 1
TestingTorNetwork 1
UseDefaultFallbackDirs 0
DataDirectory /var/lib/tor
PidFile /var/lib/tor/pid
Log info file /var/lib/tor/info.log
SafeLogging 0
DirAuthority orport=5000 v3ident=6542F7312EE19D39E9D389CCCB1DDD342A32E94D
12.34.56.78:7000 1B494B7382C8C2D2D13FB0B5175B0B3A14E54D69
# additionally, regular onion routers (incl. the DA):
ORPort 5000
# additionally, for the DA only:
DirPort 7000
Address da.sandbox.local
OutboundBindAddress da.sandbox.local
AuthoritativeDirectory 1
V3AuthoritativeDirectory 1
V3AuthVotingInterval 10
V3AuthVoteDelay 2
V3AuthDistDelay 2
When I start the DA, I get lots of log entries (in /var/lib/tor/info.log)
complaining about the absence of any reachable directory servers:
[info] router_pick_dirserver_generic(): No dirservers are reachable.
Trying them all again.
[info] router_pick_directory_server(): No reachable router entries for
dirservers. Trying them all again.
[info] directory_pick_generic_dirserver(): No router found for consensus
network-status fetch; falling back to dirserver list.
While the single DA eventually appears to work properly, and publishes a
consensus file containing itself as a router entry, these warnings keep
showing up periodically in the log file on an ongoing basis.
Once the DA publishes its initial one-entry consensus, I can start further
ORs which are quickly added to the consensus, and any client nodes are
easily able to build circuits and operate correctly in my sandbox network.
In an attempt to silence the DA's dirserver reachability complaints I
looked
through the TOR sources, and found that a DA's ability to pick itself as
its
own directory server (in function router_pick_directory_server() in file
src/or/routerlist.c) is controlled by the PDS_ALLOW_SELF flag.
This flag was originally introduced in commit 02e7a83f9, and also appears
in subsequent commits b87a7760e, 74c2bff78, and b3a690749. The latter two
commits remove code that used to set the flag (haven't spent the time to
figure out if this would have helped my single-DA scenario, though).
Currently, there appears to be no code path that sets this flag, and also
no way to request it to be set via the command line or configuration file.
Would it make sense to assume the flag is *always* set (which would always
allow a DA to pick itself as its own DA), or rather would it be better to
provide some interface (config file entry) that allows setting the flag
explicitly (maybe only in testing mode)?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25928>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list